Brushaloader Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (60)

Idioma

en	46
de	6
pl	4
it	2
fr	2

País

us	48
ir	6
cn	2

Actores

Brushaloader	7
Xtreme RAT	1
Gootkit	1
ISFB	1
Gozi	1

Interesse

Tipo

Not Defined	14
SCADA Software	4
Web Server	4
iOS App Software	2
Smartwatch Operating System	2

Fabricante

Not Defined	14
Siemens	4
Microsoft	4
Readdle	2
MGB	2

Produto

Devilz Clanportal	4
Microsoft IIS	4
Readdle Documents App	2
Siemens SIMATIC Drive Controller	2
Siemens SIMATIC ET 200SP Open Controller CPU 1515S ...	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.70	CVE-2010-0966
3	DZCP deV!L`z Clanportal browser.php Divulgação de Informação	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	1.23	CVE-2007-1167
4	Siemens SIMATIC Drive Controller Service Port 102 Excesso de tampão	7.3	7.1	$5k-$25k	$5k-$25k	Not Defined	Workaround	0.00526	0.02	CVE-2020-15782
5	Siemens SIMATIC S7-1200 PLC Excesso de tampão	7.5	7.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00261	0.02	CVE-2013-0700
6	Devilz Clanportal File Upload vulnerabilidade desconhecida	5.3	4.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05362	0.07	CVE-2006-6338
7	MGB OpenSource Guestbook email.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	1.36	CVE-2007-0354
8	nginx direitos alargados	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.72	CVE-2020-12440
9	PHP Proxy Fraca autenticação	6.4	5.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03470	0.00	CVE-2018-19458
10	Apple watchOS Font Remote Code Execution	7.0	6.9	$0-$5k	$0-$5k	High	Official Fix	0.00073	0.07	CVE-2023-41990
11	Filebrowser Falsificação de Pedido Cross Site	6.9	6.4	$0-$5k	$0-$5k	Functional	Official Fix	0.00701	0.03	CVE-2021-46398
12	cURL SOCKS5 Proxy Excesso de tampão	4.6	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00319	0.02	CVE-2023-38545
13	Phplinkdirectory PHP Link Directory conf_users_edit.php Falsificação de Pedido Cross Site	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00526	0.04	CVE-2011-0643
14	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.32
15	Xoops URL Filter index.php Redirect	6.6	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00062	0.04	CVE-2017-12138
16	PHP phpinfo Roteiro Cruzado de Sítios	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.04	CVE-2007-1287
17	Digium Asterisk SDP Negotiation res_pjsip_session.c Negação de Serviço	5.1	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00193	0.00	CVE-2021-26906
18	Siemens SIMATIC S7-300 PN/SIMATIC S7-400 PN direitos alargados	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00373	0.02	CVE-2016-9158
19	BloodHound GenericAll.jsx direitos alargados	7.9	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00537	0.02	CVE-2021-3210
20	Microsoft IIS direitos alargados	9.9	9.9	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.08875	0.04	CVE-2010-1256

IOC - Indicator of Compromise (40)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	64.110.25.146	webmail.jqluvhost.net	Brushaloader	12/04/2022	verified	Alto
2	64.110.25.147	webmail.jqluvhost.net	Brushaloader	12/04/2022	verified	Alto
3	64.110.25.148	xaeoi7a.npermit.top	Brushaloader	12/04/2022	verified	Alto
4	64.110.25.150	webmail.jqluvhost.net	Brushaloader	12/04/2022	verified	Alto
5	64.110.25.151	moiu0ae.lplaced.top	Brushaloader	12/04/2022	verified	Alto
6	64.110.25.152	h2iuode.hairrestoredfast.top	Brushaloader	12/04/2022	verified	Alto
7	64.110.25.153	vaxoiu5.shadego.top	Brushaloader	12/04/2022	verified	Alto
8	64.110.25.154	nae2oiu.sidedgo.top	Brushaloader	12/04/2022	verified	Alto
9	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
10	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
11	XXX.XXX.XXX.XX		Xxxxxxxxxxxx	12/04/2022	verified	Alto
12	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
13	XXX.XXX.XX.XXX		Xxxxxxxxxxxx	12/04/2022	verified	Alto
14	XXX.X.XX.XXX	xxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
15	XXX.X.XX.XXX	xxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
16	XXX.X.XX.XX	xxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
17	XXX.X.XX.XX	xxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
18	XXX.X.XX.XX	xxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
19	XXX.X.XX.XX	xxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
20	XXX.X.XX.XX	xxx-x-xx-xx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
21	XXX.X.XXX.XXX	xxxx.xxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
22	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
23	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
24	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
25	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
26	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
27	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
28	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
29	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
30	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
31	XXX.X.XXX.XXX	xxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
32	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
33	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
34	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
35	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
36	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
37	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
38	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
39	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto
40	XXX.X.XXX.XXX	xxx-x-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxxx	12/04/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/forum/away.php	predictive	Alto
2	File	/horde/util/go.php	predictive	Alto
3	File	/modules/profile/index.php	predictive	Alto
4	File	admin/conf_users_edit.php	predictive	Alto
5	File	xxxxxxx_xxx.xxx	predictive	Alto
6	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx/xxxxxxxxxx/xxxxxxxxxx.xxx	predictive	Alto
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
8	File	xxxxx.xxx	predictive	Médio
9	File	xxxx.xxx	predictive	Médio
10	File	xxx/xxxxxx.xxx	predictive	Alto
11	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
12	File	xxxxx.xxx	predictive	Médio
13	File	xxxxx.xxx?x=xxxx://	predictive	Alto
14	File	xxxx/xxxxxx/xxxxx.xxx	predictive	Alto
15	File	xxxx/xxxxxxxxxxx-xxxxxx-xxxxx.xxx	predictive	Alto
16	File	xxx_xxxx.xxx	predictive	Médio
17	File	xxxxxxxx.xxx	predictive	Médio
18	File	xxx_xxxxx_xxxxxxx.x	predictive	Alto
19	Argument	xxxxxx	predictive	Baixo
20	Argument	xxxxxxxx	predictive	Médio
21	Argument	xxxxxxx	predictive	Baixo
22	Argument	xxxx	predictive	Baixo
23	Argument	xxxx_xxxxx	predictive	Médio
24	Argument	xx	predictive	Baixo
25	Argument	xxxxxxxx	predictive	Médio
26	Argument	xxxx_xxxx	predictive	Médio
27	Argument	xxx	predictive	Baixo
28	Network Port	xxx/xx	predictive	Baixo

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!