Butterfly Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (412)

Tidslinje

Lang

en362
es16
de16
fr8
it4

Land

nl234
us120
es8
ru6
cn6

Skådespelare

Butterfly4
Charming Kitten1
Mylobot1
Dorkbot1
APT281

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined130
Content Management System38
Web Server22
WordPress Plugin14
Web Browser12

Säljare

Not Defined150
Microsoft18
Apache16
QNAP10
Mozilla8

Produkt

WordPress12
nginx8
Apache HTTP Server8
Mozilla Firefox8
Joomla CMS8

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1nginx privilegier eskalering6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.67CVE-2020-12440
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.29CVE-2017-0055
3MGB OpenSource Guestbook email.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.013021.57CVE-2007-0354
4Vunet VU Web Visitor Analyst redir.asp sql injektion7.37.1$0-$5k$0-$5kHighWorkaround0.001190.10CVE-2010-2338
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.20
6Microsoft IIS IP/Domain Restriction privilegier eskalering6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.24CVE-2014-4078
7Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.04CVE-2020-1927
8MidiCart PHP Shopping Cart item_show.php sql injektion6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
9ProFTPD mod_sftp/mod_sftp_pam kbdint.c resp_count förnekande av tjänsten7.57.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.019800.02CVE-2013-4359
10MikroTik RouterOS SMB minneskorruption8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.880650.02CVE-2018-7445
11DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.19CVE-2010-0966
12nginx HTTP/2 förnekande av tjänsten6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.029740.04CVE-2018-16844
13Hospital Management System search.php sql injektion7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.001400.00CVE-2022-48120
14CKFinder File Name privilegier eskalering7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001550.09CVE-2019-15862
15sitepress-multilingual-cms Plugin class-wp-installer.php förfalskning på begäran över webbplatsen6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005790.04CVE-2020-10568
16WordPress sql injektion6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
17Apache Tomcat JSP File privilegier eskalering7.77.5$5k-$25k$0-$5kHighOfficial Fix0.975330.38CVE-2017-12617
18Apache Tomcat CORS Filter Cache Poisoning svag autentisering5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.002760.06CVE-2017-7674
19Omron PLC CS/PLC CJ/PLC NJ Brute Force informationsgivning6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.002130.04CVE-2019-18261
20Pegasus Imaging ImagXpress ActiveX Control pegasusimaging.activex.thumnailxpress1.dll compactfile kataloggenomgång4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.832600.06CVE-2007-5320

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
146.165.237.75Butterfly24/12/2020verifiedHög
2XX.XXX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxXxxxxxxxx24/12/2020verifiedHög
3XXX.XXX.XXX.XXxxxxxxxx24/12/2020verifiedHög
4XXX.XX.X.XXXxxx-xx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxxx24/12/2020verifiedHög

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-19, CWE-20, CWE-59, CWE-61, CWE-73, CWE-119, CWE-120, CWE-122, CWE-125, CWE-134, CWE-189, CWE-190, CWE-191, CWE-266, CWE-285, CWE-287, CWE-290, CWE-306, CWE-345, CWE-352, CWE-362, CWE-385, CWE-388, CWE-399, CWE-400, CWE-404, CWE-415, CWE-416, CWE-441, CWE-444, CWE-476, CWE-502, CWE-590, CWE-610, CWE-611, CWE-613, CWE-693, CWE-787, CWE-835, CWE-862, CWE-863, CWE-908, CWE-918Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3T1040CAPEC-102CWE-310, CWE-319Authentication Bypass by Capture-replaypredictiveHög
4T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath ExpressionspredictiveHög
5T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveHög
6TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
8TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
11TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
12TXXXXCAPEC-0CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
13TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
14TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
15TXXXX.XXXCAPEC-10CWE-XX, CWE-XXX, CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHög
16TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
17TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
18TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHög
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
20TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
21TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (183)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/admin/broadcast.phppredictiveHög
2File/admin/sysmon.phppredictiveHög
3File/cgi-bin/webviewer_login_pagepredictiveHög
4File/ecrirepredictiveLåg
5File/forum/away.phppredictiveHög
6File/getcfg.phppredictiveMedium
7File/MicroStrategyWS/happyaxis.jsppredictiveHög
8File/owa/auth/logon.aspxpredictiveHög
9File/proc/ioportspredictiveHög
10File/search.phppredictiveMedium
11File/services/details.asppredictiveHög
12File/tmppredictiveLåg
13File/uncpath/predictiveMedium
14File/Upload.ashxpredictiveMedium
15File/usr/sbin/suexecpredictiveHög
16File/var/tmp/sess_*predictiveHög
17File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHög
18Fileactivateuser.aspxpredictiveHög
19Fileadclick.phppredictiveMedium
20Fileadmin/killsourcepredictiveHög
21Fileadmin/orion.extfeedbackform_efbf_forms.phppredictiveHög
22Filexxxx-xxxx.xpredictiveMedium
23Filexxx/xxx/xxxxxxx.xpredictiveHög
24Filexxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxxxxxx.xxxpredictiveHög
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxx/xxxx/x_xxx.xpredictiveHög
29Filexxxx/xxxxxxx/xxxxxxxxpredictiveHög
30Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxx.xxxpredictiveHög
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxx/xxx/xxxxxpredictiveHög
35Filexxxxx.xxxpredictiveMedium
36Filexxxx.xxxpredictiveMedium
37Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHög
38Filexxxxxxx.xxxpredictiveMedium
39Filexxx_xxxx.xpredictiveMedium
40Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHög
41Filexx/xxxxx/xxxxxx.xpredictiveHög
42Filexxx/xxxxxxxx.xxxpredictiveHög
43Filexxx/xxxxxx.xxxpredictiveHög
44Filexxxxxxx/xxxxx/xxx_xxxx.xpredictiveHög
45Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictiveHög
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxxx/xxxxx/xxx_xxx/xxxx.xxxpredictiveHög
48Filexxxxx.xxxxxxx.xxxpredictiveHög
49Filexxxx_xxxx.xxxpredictiveHög
50Filexxxxxxxx/xxxxxxxxxpredictiveHög
51Filexxx?xxxx.xxxpredictiveMedium
52Filexxxxxx.xpredictiveMedium
53Filexxxxxx-xxx.xxpredictiveHög
54Filexxxxx.xxxpredictiveMedium
55Filexxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxx_xxx_xxxxxx.xpredictiveHög
58Filexxx_xxxxx_xxxx.xpredictiveHög
59FilexxxxxxpredictiveLåg
60Filexxxxxxxx_xxxxxx.xxxpredictiveHög
61Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHög
62Filexxxxxxxx.xxxpredictiveMedium
63Filexxx.xxxpredictiveLåg
64Filexxxxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxxxxxx.xxxpredictiveHög
67Filexxx_xxxxxx/xxxxxx/xxxxxxxxxxxxpredictiveHög
68Filexxxxxxx.xxxpredictiveMedium
69Filexxxxx.xxxpredictiveMedium
70Filexxxxxxxxxx.xxxpredictiveHög
71Filexxxx.xxxpredictiveMedium
72Filexxx.xpredictiveLåg
73Filexxxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHög
74Filexxxxxxxx.xxxpredictiveMedium
75Filexxxx-xxxxxx.xpredictiveHög
76Filexxxx.xxxpredictiveMedium
77Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHög
78Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
79Filexxxxx-xxxx.xxxpredictiveHög
80Filexxxxxxxxxxxxxxx.xxxpredictiveHög
81Filexxxxxxxxx.xxxpredictiveHög
82Filexx.xxxpredictiveLåg
83Filexxxxxx.xxxpredictiveMedium
84Filexxxxxxxx.xxxpredictiveMedium
85Filexxxx/xxxxxxxxx.xpredictiveHög
86Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHög
87Filexxxxxxxxxxxxxxxxx.xxxpredictiveHög
88Filexxxx-xxx-xxxxx-xxxxx.xxxpredictiveHög
89Filexxxx.xxxpredictiveMedium
90Filexxxxxxxxx-xxxpredictiveHög
91Filexxxxxx/xxxxxxxxxxxxx.xxxpredictiveHög
92Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHög
93Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxxxxxxx-xpredictiveHög
94Filexx-xxxxxxx/xxxxxxxpredictiveHög
95Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHög
96Filexxxxxxxxx.xxxpredictiveHög
97Filexxxxxx.xxxpredictiveMedium
98Filexxxx/xxxx_xxx_xxxxxx.xpredictiveHög
99File_xxxxxx.xxxpredictiveMedium
100Libraryxxxxxxxx.xxxpredictiveMedium
101Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHög
102Libraryxxx/xxxxxxx-xxxxxxxxx-x.x.x.xxxpredictiveHög
103Libraryxxxxxxx/xxx/xxxxxxxxxxxx.xxxpredictiveHög
104Libraryxxxxxxxxxxxxxx.xxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHög
105Libraryxxxxxxx.xxxpredictiveMedium
106Argument-xpredictiveLåg
107Argumentxxx_xxxxpredictiveMedium
108ArgumentxxxxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxxxxxxxpredictiveHög
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxxxxxpredictiveLåg
112ArgumentxxxpredictiveLåg
113Argumentxxx_xxpredictiveLåg
114ArgumentxxxxxxxpredictiveLåg
115ArgumentxxxpredictiveLåg
116ArgumentxxxpredictiveLåg
117Argumentxxxx_xxpredictiveLåg
118Argumentxxxxxxx/xxxxxxpredictiveHög
119Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveHög
120ArgumentxxxxxpredictiveLåg
121ArgumentxxxxxxxxxxpredictiveMedium
122ArgumentxxxxxxpredictiveLåg
123ArgumentxxxxpredictiveLåg
124Argumentxxxxx_xxxpredictiveMedium
125ArgumentxxxxxxpredictiveLåg
126Argumentxxxxxxxxx->xxxxxxxxxpredictiveHög
127ArgumentxxxxpredictiveLåg
128ArgumentxxxxxxxxxpredictiveMedium
129ArgumentxxxxpredictiveLåg
130ArgumentxxpredictiveLåg
131ArgumentxxxxxxxpredictiveLåg
132ArgumentxxxxxxpredictiveLåg
133Argumentxxxx_xxpredictiveLåg
134Argumentxxxx_xxxxxx_xxxxx/xxxx_xxxxxx_xxxx_xxxxxxpredictiveHög
135Argumentxxxx_xxxx/xxxxxpredictiveHög
136ArgumentxxxxxpredictiveLåg
137ArgumentxxxpredictiveLåg
138Argumentxx[xxxx]predictiveMedium
139ArgumentxxxxpredictiveLåg
140ArgumentxxpredictiveLåg
141Argumentxxxxx/xxpredictiveMedium
142Argumentxxxxx/xxxxxxpredictiveMedium
143ArgumentxxxxxxxpredictiveLåg
144ArgumentxxxxpredictiveLåg
145ArgumentxxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxpredictiveMedium
147ArgumentxxxxxxpredictiveLåg
148ArgumentxxxxpredictiveLåg
149ArgumentxxxxpredictiveLåg
150ArgumentxxxxxxpredictiveLåg
151ArgumentxxxxxxpredictiveLåg
152ArgumentxxxxxxxxpredictiveMedium
153Argumentxxxxxxx_xxpredictiveMedium
154ArgumentxxxxxxpredictiveLåg
155ArgumentxxxpredictiveLåg
156ArgumentxxpredictiveLåg
157ArgumentxxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxxxpredictiveMedium
159ArgumentxxxxpredictiveLåg
160Argumentxxxx_xxpredictiveLåg
161ArgumentxxxpredictiveLåg
162ArgumentxxxxxxxxpredictiveMedium
163Argumentxxxxxxxx/xxxxxxxxpredictiveHög
164Argumentx-xxxxxxxxx-xxxpredictiveHög
165Argumentx-xxxxxxxxx-xxxxpredictiveHög
166Input Value%xxx%xxxxxxxxx%xxxxxxx(x)>%xxpredictiveHög
167Input Value.%xx.../.%xx.../predictiveHög
168Input Value..\..\xxx.xxxxxxpredictiveHög
169Input Value/xxxx.xxxpredictiveMedium
170Input ValuexxxxpredictiveLåg
171Input Value</xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHög
172Input ValuexxxxxpredictiveLåg
173Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHög
174Input Valuexxxxxxxxx' xxx 'x'='xpredictiveHög
175Input Valuexxx?xxxx.xxxpredictiveMedium
176Input Valuexxxx:xxxxxxpredictiveMedium
177Input Value\xpredictiveLåg
178Patternxxxxxxx-xxxxxxxxxxx|xx| xxxx-xxxxpredictiveHög
179Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHög
180Network Portxxxx xxxxpredictiveMedium
181Network Portxxx/xx (xxx)predictiveMedium
182Network Portxxx/xxxxpredictiveMedium
183Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!