BuerLoader Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Временная шкала

Язык

en38
ar2

Страна

us4
ru2
ch2
ar2

Акторы

Emotet1
Buer1

Деятельность

Интерес

Временная шкала

Тип

Not Defined22
Peer-to-Peer Software6
Hardware Driver Software2
JavaScript Library2
Web Browser2

Поставщик

Not Defined10
Thomson8
TRENDnet2
Mirmay2
NVIDIA2

Продукт

Thomson TCW7108
uTorrent6
TRENDnet TEW-811DRU2
Mirmay Secure Private Browser 2
Mirmay File Manager2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1TRENDnet TEW-811DRU httpd security.asp повреждение памяти7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00137CVE-2023-0613
2laravel эскалация привилегий4.13.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00160CVE-2022-2870
3Huawei SXXX VRP MPLS LSP Ping раскрытие информации5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00096CVE-2014-8570
4Apache Commons Text Variable Interpolation эскалация привилегий8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.96829CVE-2022-42889
5Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.00107CVE-2022-30209
6Alkacon OpenCms межсайтовый скриптинг6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00434CVE-2005-4294
7Microsoft Internet Explorer Embedded Content межсайтовый скриптинг6.36.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.82340CVE-2005-3312
8Mozilla Firefox String неизвестная уязвимость4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.030.00202CVE-2005-2602
9Netegrity SiteMinder Login smpwservicescgi.exe Redirect5.45.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00072CVE-2005-10001
10Dreambox DM500 Web Server эскалация привилегий7.56.8$25k-$100k$0-$5kProof-of-ConceptWorkaround0.040.02506CVE-2008-3936
11D-Link DIR URL Filter эскалация привилегий5.35.1$25k-$100k$0-$5kHighOfficial Fix0.000.02265CVE-2008-4133
12Pro2col Stingray FTS межсайтовый скриптинг5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.00087CVE-2008-10001
13FFmpeg отказ в обслуживании7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00186CVE-2012-2805
14Netgear WGR614 Authentication Code слабая аутентификация4.94.9$5k-$25k$0-$5kNot DefinedNot Defined0.030.00078CVE-2012-6340
15NVIDIA Graphics Drivers registry повреждение памяти7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.180.00044CVE-2012-0951
16DD-WRT Web Interface неизвестная уязвимость7.56.9$0-$5k$0-$5kUnprovenNot Defined0.040.00312CVE-2012-6297
17Dell SonicWall Secure Remote Access Appliance editBookmark неизвестная уязвимость6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.01589CVE-2015-2248
18FileZilla Server PORT эскалация привилегий4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00052CVE-2015-10003
19Kiddoware Kids Place Home Button Protection отказ в обслуживании5.45.3$0-$5k$0-$5kHighOfficial Fix0.060.00042CVE-2015-10002
20uTorrent повреждение памяти6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00250CVE-2018-25042

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
1104.248.83.13BuerLoader10.08.2022verifiedВысокий
2XXX.XX.XXX.XXXxxx.xxxxxxx.xxxXxxxxxxxxx11.06.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
2T1059CWE-94Argument InjectionpredictiveВысокий
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
7TXXXX.XXXCWE-XXXXxxxxxxxpredictiveВысокий
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/backups/predictiveСредний
2File/cgi-bin/editBookmarkpredictiveВысокий
3File/goform/RgDdnspredictiveВысокий
4File/goform/RgDhcppredictiveВысокий
5File/xxxxxx/xxxxxxxxxxxxpredictiveВысокий
6File/xxxxxx/xxxxxxpredictiveВысокий
7File/xxxxxx/xxxxxxxxxx.xxxpredictiveВысокий
8File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveВысокий
9File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
10File/xxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
11Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveВысокий
12Filexxxxxxx.xxxpredictiveСредний
13Filexxxx/xxxxxx/xxxxxx/xxxxxxxxpredictiveВысокий
14ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveВысокий
15ArgumentxxxxxxxxxxxxpredictiveСредний
16Argumentxxxxxx_xxx_xxpredictiveВысокий
17Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveВысокий
18ArgumentxxpredictiveНизкий
19ArgumentxxxxxpredictiveНизкий
20ArgumentxxxxxxxxxxxpredictiveСредний
21ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveВысокий
22ArgumentxxxxxxpredictiveНизкий
23Argumentxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxpredictiveВысокий
24ArgumentxxxxxxxxpredictiveСредний
25Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveВысокий
26Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveВысокий
27Network Portxxx/xxxxxpredictiveСредний
28Network Portxxx/xxxxxpredictiveСредний
29Network Portxxx xxxxxx xxxxpredictiveВысокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!