Buhtrap Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Język

en	104
ru	12
de	10
zh	4

Kraj

ru	114
us	12
ga	2
ag	2

Aktorzy

Buhtrap	5
Gamaredon	2
Shuckworm	1
DCRat	1
Rig Exploit Kit	1

Wysiłek

Rodzaj

Not Defined	48
Operating System	14
Content Management System	6
E-Commerce Management Software	4
Security Testing Software	4

Sprzedawca

Not Defined	36
Microsoft	12
Linux	4
PortSwigger	4
HP	4

Produkt

Microsoft Windows	6
Linux Kernel	4
Apple Mac OS X	4
EspoCRM	2
LeviStudioU	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Siemens SIMATIC HMI United Comfort Panel weak authentication	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00874	0.00	CVE-2020-15787
2	Microsoft Windows Advanced Local Procedure Call Privilege Escalation	9.2	8.7	$25k-$100k	$5k-$25k	Functional	Official Fix	0.00683	0.02	CVE-2023-21674
3	Microsoft Windows Kernel Privilege Escalation	7.2	6.5	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00053	0.00	CVE-2022-21881
4	Microsoft Windows SMB Witness Service privilege escalation	8.8	8.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00120	0.00	CVE-2023-21549
5	Microsoft SQL Server Privilege Escalation	8.1	7.4	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00043	0.05	CVE-2022-23276
6	Select2 cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00094	0.04	CVE-2016-10744
7	HP 3PAR Service Processor SP information disclosure	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00110	0.00	CVE-2015-5443
8	Oracle Java SE/Java SE Embedded Deployment memory corruption	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01195	0.03	CVE-2013-5788
9	WooCommerce PayU India Payment Gateway Plugin Purchase Price privilege escalation	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00114	0.05	CVE-2019-14978
10	WooCommerce Instamojo Payment Gateway Plugin Purchase amount Price privilege escalation	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	0.00	CVE-2019-14977
11	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.13	CVE-2017-0055
12	Apache HTTP Server smbvalid/smbval authensmb memory corruption	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00133	0.02	CVE-1999-1237
13	Netgate pfSense XML File config.xml restore_rrddata privilege escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.45928	0.01	CVE-2023-27253
14	Joomla Webservice Endpoint privilege escalation	5.4	5.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.95214	0.00	CVE-2023-23752
15	Lars Ellingsen Guestserver guestbook.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00169	0.09	CVE-2005-4222
16	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.95	CVE-2007-0354
17	Cloudflare WARP Client warp-cli Subcommand privilege escalation	7.7	7.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2022-2225
18	Siemens SIMATIC PCS 7/SIMATIC S7-PM/SIMATIC STEP 7 V5 privilege escalation	9.2	9.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00084	0.02	CVE-2023-25910
19	Next.js next.config.js privilege escalation	5.1	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00118	0.02	CVE-2022-23646
20	Linux Kernel memory corruption	5.9	5.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2011-1477

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	5.63.159.32	5-63-159-32.cloudvps.regruhosting.ru	Buhtrap	2020-12-23	verified	Wysoki
2	37.140.195.165	console.teonet.cloud	Buhtrap	2020-12-23	verified	Wysoki
3	37.143.12.190	hosted-by.ihc.ru	Buhtrap	2020-12-23	verified	Wysoki
4	XX.XXX.XXX.XX		Xxxxxxx	2019-03-25	verified	Wysoki
5	XXX.XXX.XXX.XXX	xxxx.xxxxxxxxx.xxxxx	Xxxxxxx	2020-12-23	verified	Wysoki
6	XXX.XX.XX.XX	xxx-xx-xx-xx.xxx.xxx.xxxxxxxxxxxx.xx	Xxxxxxx	2020-12-23	verified	Wysoki
7	XXX.XXX.XX.XXX	xxxxxx.xxx.xxxxxxxxx.xx	Xxxxxxx	2020-12-23	verified	Wysoki
8	XXX.XX.XX.XXX	xxxxxxxxx.xx	Xxxxxxx	2020-12-23	verified	Wysoki
9	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxx.xxx.xxxxxxxxxxxx.xx	Xxxxxxx	2020-12-23	verified	Wysoki
10	XXX.XXX.XXX.XXX		Xxxxxxx	2020-12-23	verified	Wysoki
11	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx.xxx	Xxxxxxx	2019-03-25	verified	Wysoki

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	T1059	CWE-94	Argument Injection	predictive	Wysoki
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Wysoki
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	Wysoki
7	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Wysoki
8	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
9	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
10	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Wysoki
11	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
12	TXXXX	CWE-XXX	Xxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
13	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
14	TXXXX.XXX	CWE-XXX	Xxxxxxxxxxxx	predictive	Wysoki
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
16	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
17	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Wysoki

IOA - Indicator of Attack (80)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/objects/getImageMP4.php	predictive	Wysoki
2	File	/payu/icpcheckout/	predictive	Wysoki
3	File	/uncpath/	predictive	Medium
4	File	adclick.php	predictive	Medium
5	File	admin.php	predictive	Medium
6	File	adrotate.pm	predictive	Medium
7	File	article.php	predictive	Medium
8	File	asn1fix_retrieve.c	predictive	Wysoki
9	File	bigsam_guestbook.php	predictive	Wysoki
10	File	xxxxx.xxx	predictive	Medium
11	File	xxxx/xxx/.../xxxxxx	predictive	Wysoki
12	File	xxxxxxxx.xxx	predictive	Medium
13	File	xxxxx.xxx	predictive	Medium
14	File	xxxxxx.xxx	predictive	Medium
15	File	xxxxxxx.xxxx	predictive	Medium
16	File	xxxxxx.xxx	predictive	Medium
17	File	xx/xx_xxxxxxx.xxx	predictive	Wysoki
18	File	xxxxxxxx.xxx	predictive	Medium
19	File	xxxxxxx/xxxx/xxxxxx/xxxxxxx.x	predictive	Wysoki
20	File	xxxxx.xxx	predictive	Medium
21	File	xxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxx	predictive	Wysoki
22	File	xxxxxxx.xxx	predictive	Medium
23	File	xxxxxxxxx.xxx	predictive	Wysoki
24	File	xxx/xxxxxx.xxx	predictive	Wysoki
25	File	xxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxx	predictive	Wysoki
26	File	xxxxxxx/xxxxxxxxxxxxx.xxxx	predictive	Wysoki
27	File	xxxx_xxxx.xxx	predictive	Wysoki
28	File	xxxxxxxx.xxx	predictive	Medium
29	File	xxx/xxxx/xxxx_xxxx.x	predictive	Wysoki
30	File	xxxx.xxxxxx.xx	predictive	Wysoki
31	File	xxx/xxxxx.xxxx	predictive	Wysoki
32	File	xxxxxxx.xxx	predictive	Medium
33	File	xxxx.xxx	predictive	Medium
34	File	xxxxxxx.xxx	predictive	Medium
35	File	xxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxx	predictive	Wysoki
36	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Wysoki
37	File	xxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxx	predictive	Wysoki
38	File	xxxxxxx-xxxxxxx.xxx	predictive	Wysoki
39	File	xx/xx/xxxxxxxxx_xxxxxxxxxxx.xxx	predictive	Wysoki
40	File	xxxx.xxx	predictive	Medium
41	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Wysoki
42	File	xxxxxxxxxxxx.xxx	predictive	Wysoki
43	File	xxx.xxxxxxxx.xxx	predictive	Wysoki
44	File	xxxxxxxx.xxx	predictive	Medium
45	File	_xxxxxxxxx_xxxxxx_xxxxx___.xxx	predictive	Wysoki
46	Library	xxxxxx.xxx	predictive	Medium
47	Library	xxxxxxxx.xxx.xxx	predictive	Wysoki
48	Argument	xxxxxxxxx	predictive	Medium
49	Argument	xxxxxxxx	predictive	Medium
50	Argument	xxxxxx	predictive	Niski
51	Argument	xxx_xxx	predictive	Niski
52	Argument	xxx	predictive	Niski
53	Argument	xxx_xx	predictive	Niski
54	Argument	xxx	predictive	Niski
55	Argument	xxxx_xx	predictive	Niski
56	Argument	xxxxxxx	predictive	Niski
57	Argument	xxxx	predictive	Niski
58	Argument	xxxxxxxx	predictive	Medium
59	Argument	xxxxxxxxx->xxxxxxxxx	predictive	Wysoki
60	Argument	xx	predictive	Niski
61	Argument	xxxx_xx	predictive	Niski
62	Argument	xxx	predictive	Niski
63	Argument	xx	predictive	Niski
64	Argument	xxxxxxxxxxxxxxxx	predictive	Wysoki
65	Argument	xxxxxx/xxxxxx_xxxxxx	predictive	Wysoki
66	Argument	xxxxxx	predictive	Niski
67	Argument	xxx	predictive	Niski
68	Argument	xxxx	predictive	Niski
69	Argument	xxxxxxx	predictive	Niski
70	Argument	xxx	predictive	Niski
71	Argument	xxxxx	predictive	Niski
72	Argument	xxx	predictive	Niski
73	Argument	xxxxxx	predictive	Niski
74	Argument	xxxxxxxx	predictive	Medium
75	Argument	xxxxxxxx	predictive	Medium
76	Argument	xxxxxxxx/xxxx	predictive	Wysoki
77	Argument	xxxxxxxx:xxxxxxxx	predictive	Wysoki
78	Input Value	xxx[…]	predictive	Medium
79	Input Value	xxxxxxxxx:xxxxxxxx	predictive	Wysoki
80	Network Port	xxx	predictive	Niski

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Might our Artificial Intelligence support you?

Check our Alexa App!