Brunhilda Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Lang

en	20
fr	2

Land

us	10
ru	2
fr	2

Skådespelare

Brunhilda	4
Cobalt Strike	2
Meterpreter	1
MuddyWater	1
RedLine	1

Intressera

Typ

Not Defined	8
Programming Language Software	2
Virtualization Software	2
Content Management System	2
Cloud Software	2

Säljare

Not Defined	12
Microsoft	6
Solar	2
IBM	2

Produkt

Microsoft .NET Framework	2
VICIdial	2
QEMU	2
Solar appScreener	2
Drupal	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	VICIdial vicidial.php cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.04	CVE-2021-35377
2	tinc VPN net_packet.c receive_tcppacket minneskorruption	6.3	6.0	$0-$5k	$0-$5k	High	Official Fix	0.05468	0.02	CVE-2013-1428
3	Joomla CMS File Upload media.php privilegier eskalering	6.3	6.0	$5k-$25k	$0-$5k	High	Official Fix	0.78471	0.04	CVE-2013-5576
4	Microsoft .NET Framework Array Copy minneskorruption	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.24098	0.02	CVE-2015-2504
5	Bottle Privilege Escalation	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00690	0.03	CVE-2022-31799
6	Solar appScreener License privilegier eskalering	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00221	0.00	CVE-2022-24449
7	Caddy X.509 Certificate informationsgivning	4.5	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00138	0.00	CVE-2018-19148
8	Drupal Phar Stream Wrapper privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.92709	0.02	CVE-2019-6339
9	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
10	Microsoft Windows PowerShell privilegier eskalering	6.3	5.7	$25k-$100k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.00
11	HP HP-UX FTP Server privilegier eskalering	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
12	Microsoft Windows VHD Driver File privilegier eskalering	6.1	5.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00051	0.00	CVE-2016-7224
13	Microsoft Edge privilegier eskalering	3.1	3.0	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.06567	0.00	CVE-2016-3274
14	NASM Netwide Assembler preproc.c tokenize minneskorruption	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00059	0.00	CVE-2018-8881
15	windows-selenium-chromedriver Download svag kryptering	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00173	0.00	CVE-2016-10687
16	QEMU NVM Express Controller Emulator informationsgivning	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00062	0.02	CVE-2018-16847
17	HP Color LaserJet Pro M280-M281 Multifunction Printer Embedded Web Server Reflected cross site scripting	5.2	5.2	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2019-6323
18	Microsoft Windows Physical Installation privilegier eskalering	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00248	0.00	CVE-2018-8592
19	IBM Kenexa LCMS Premier on Cloud privilegier eskalering	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2016-5949
20	Microsoft Internet Explorer informationsgivning	4.8	4.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.89073	0.00	CVE-2016-3267

IOC - Indicator of Compromise (13)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	45.142.212.216	vm324137.pq.hosting	Brunhilda	31/05/2021	verified	Hög
2	95.142.40.68	vm482228.eurodir.ru	Brunhilda	31/05/2021	verified	Hög
3	185.177.92.213	ip-185-177-92-213.ah-server.com	Brunhilda	31/05/2021	verified	Hög
4	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Hög
5	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Hög
6	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Hög
7	XXX.XXX.XX.XX	xx-xxx-xxx-xx-xx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Hög
8	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Hög
9	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Hög
10	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Hög
11	XXX.XXX.XX.XXX		Xxxxxxxxx	31/05/2021	verified	Hög
12	XXX.XXX.XX.XXX	xx-xxx-xxx-xx-xxx.xx-xxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Hög
13	XXX.XX.XXX.XXX	xxxxxxxxxx-x.xxx-xxxxxxx.xxx	Xxxxxxxxx	31/05/2021	verified	Hög

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1059	CWE-94	Argument Injection	predictive	Hög
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Hög
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/agc/vicidial.php	predictive	Hög
2	File	administrator/components/com_media/helpers/media.php	predictive	Hög
3	File	xxx/xxxxxxx.x	predictive	Hög
4	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
5	File	xxx_xxxxxx.x	predictive	Medium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!