Brunhilda Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Idioma

en	18
fr	4

País

us	6
fr	4

Actores

Brunhilda	3
MuddyWater	1
RedLine	1
FTP Info Stealer	1
FIN7	1

Interesse

Tipo

Operating System	6
Content Management System	4
Web Browser	4
Not Defined	2
Cloud Software	2

Fabricante

Microsoft	8
Not Defined	6
Joomla	2
IBM	2
HP	2

Produto

Microsoft Windows	4
Joomla CMS	2
Microsoft Internet Explorer	2
Bottle	2
IBM Kenexa LCMS Premier on Cloud	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	VICIdial vicidial.php Roteiro Cruzado de Sítios	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.04	CVE-2021-35377
2	tinc VPN net_packet.c receive_tcppacket Excesso de tampão	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.05468	0.02	CVE-2013-1428
3	Joomla CMS File Upload media.php direitos alargados	6.3	6.0	$5k-$25k	$0-$5k	High	Official Fix	0.78471	0.04	CVE-2013-5576
4	Microsoft .NET Framework Array Copy Excesso de tampão	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.24098	0.04	CVE-2015-2504
5	Bottle Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00690	0.03	CVE-2022-31799
6	Solar appScreener License direitos alargados	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00221	0.00	CVE-2022-24449
7	Caddy X.509 Certificate Divulgação de Informação	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00138	0.00	CVE-2018-19148
8	Drupal Phar Stream Wrapper direitos alargados	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.92709	0.02	CVE-2019-6339
9	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
10	Microsoft Windows PowerShell direitos alargados	6.3	5.7	$25k-$100k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.00
11	HP HP-UX FTP Server direitos alargados	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
12	Microsoft Windows VHD Driver File direitos alargados	6.1	5.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00051	0.00	CVE-2016-7224
13	Microsoft Edge direitos alargados	3.1	3.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.06567	0.00	CVE-2016-3274
14	NASM Netwide Assembler preproc.c tokenize Excesso de tampão	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00059	0.00	CVE-2018-8881
15	windows-selenium-chromedriver Download Encriptação fraca	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.00	CVE-2016-10687
16	QEMU NVM Express Controller Emulator Divulgação de Informação	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.02	CVE-2018-16847
17	HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server Reflected Roteiro Cruzado de Sítios	5.2	5.2	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2019-6323
18	Microsoft Windows Physical Installation direitos alargados	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00248	0.00	CVE-2018-8592
19	IBM Kenexa LCMS Premier on Cloud direitos alargados	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2016-5949
20	Microsoft Internet Explorer Divulgação de Informação	4.8	4.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.89073	0.00	CVE-2016-3267

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	45.142.212.216	vm324137.pq.hosting	Brunhilda	31/05/2021	verified	Alto
2	95.142.40.68	vm482228.eurodir.ru	Brunhilda	31/05/2021	verified	Alto
3	185.177.92.213	ip-185-177-92-213.ah-server.com	Brunhilda	31/05/2021	verified	Alto
4	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
5	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
6	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
7	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
8	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
9	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
10	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
11	XXX.XXX.XX.XXX		Xxxxxxxxx	31/05/2021	verified	Alto
12	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto
13	XXX.XX.XXX.XXX	xxxxxxxxxx-x.xxx-xxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/agc/vicidial.php	predictive	Alto
2	File	administrator/components/com_media/helpers/media.php	predictive	Alto
3	File	xxx/xxxxxxx.x	predictive	Alto
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
5	File	xxx_xxxxxx.x	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!