BuerLoader Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Oś czasu

Język

en38
de2

Kraj

us4
ru2
ch2
gb2

Aktorzy

Buer1
Emotet1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined22
Peer-to-Peer Software4
Hardware Driver Software2
File Transfer Software2
Multimedia Processing Software2

Sprzedawca

Thomson10
Not Defined4
Mirmay2
NVIDIA2
FileZilla2

Produkt

Thomson TCW71010
Mirmay Secure Private Browser 2
Mirmay File Manager2
NVIDIA Graphics Drivers2
FileZilla Server2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1TRENDnet TEW-811DRU httpd security.asp memory corruption7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.04CVE-2023-0613
2laravel privilege escalation4.13.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001600.06CVE-2022-2870
3Huawei SXXX VRP MPLS LSP Ping information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000960.04CVE-2014-8570
4Apache Commons Text Variable Interpolation privilege escalation8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.971500.04CVE-2022-42889
5Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001040.06CVE-2022-30209
6Alkacon OpenCms cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004340.03CVE-2005-4294
7Microsoft Internet Explorer Embedded Content cross site scripting6.36.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.823400.03CVE-2005-3312
8Mozilla Firefox String nieznana luka4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.002020.04CVE-2005-2602
9Netegrity SiteMinder Login smpwservicescgi.exe Redirect5.45.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000720.07CVE-2005-10001
10Dreambox DM500 Web Server privilege escalation7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.025060.04CVE-2008-3936
11D-Link DIR URL Filter privilege escalation5.35.1$25k-$100k$0-$5kHighOfficial Fix0.022650.02CVE-2008-4133
12Pro2col Stingray FTS cross site scripting5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000870.14CVE-2008-10001
13FFmpeg denial of service7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001860.00CVE-2012-2805
14Netgear WGR614 Authentication Code weak authentication4.94.9$5k-$25k$0-$5kNot DefinedNot Defined0.000780.05CVE-2012-6340
15NVIDIA Graphics Drivers registry memory corruption7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2012-0951
16DD-WRT Web Interface cross site request forgery7.56.9$0-$5k$0-$5kUnprovenNot Defined0.003120.03CVE-2012-6297
17Dell SonicWall Secure Remote Access Appliance editBookmark cross site request forgery6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.018020.00CVE-2015-2248
18FileZilla Server PORT privilege escalation4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.25CVE-2015-10003
19Kiddoware Kids Place Home Button Protection denial of service5.45.3$0-$5k$0-$5kHighOfficial Fix0.000420.14CVE-2015-10002
20uTorrent memory corruption6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.05CVE-2018-25042

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
1104.248.83.13BuerLoader2022-08-10verifiedWysoki
2XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxxxxxx2022-06-11verifiedWysoki

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
2T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
4TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveWysoki
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
7TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveWysoki
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/backups/predictiveMedium
2File/cgi-bin/editBookmarkpredictiveWysoki
3File/goform/RgDdnspredictiveWysoki
4File/goform/RgDhcppredictiveWysoki
5File/xxxxxx/xxxxxxxxxxxxpredictiveWysoki
6File/xxxxxx/xxxxxxpredictiveWysoki
7File/xxxxxx/xxxxxxxxxx.xxxpredictiveWysoki
8File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveWysoki
9File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
10File/xxxxxxxx/xxxxxxxx.xxxpredictiveWysoki
11Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveWysoki
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxx/xxxxxx/xxxxxx/xxxxxxxxpredictiveWysoki
14ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveWysoki
15ArgumentxxxxxxxxxxxxpredictiveMedium
16Argumentxxxxxx_xxx_xxpredictiveWysoki
17Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveWysoki
18ArgumentxxpredictiveNiski
19ArgumentxxxxxpredictiveNiski
20ArgumentxxxxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveWysoki
22ArgumentxxxxxxpredictiveNiski
23Argumentxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxpredictiveWysoki
24ArgumentxxxxxxxxpredictiveMedium
25Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveWysoki
26Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveWysoki
27Network Portxxx/xxxxxpredictiveMedium
28Network Portxxx/xxxxxpredictiveMedium
29Network Portxxx xxxxxx xxxxpredictiveWysoki

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you need the next level of professionalism?

Upgrade your account now!