Buer 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (346)

时间轴

语言

en340
de4
zh2

国家/地区

us232
at82
gb2
ru2
ch2

演员

Buer5
IcedID2
Cobalt Strike1
PhotoLoader1
Locky1

活动

利益

时间轴

类型

Not Defined56
Operating System48
Web Browser34
Smartphone Operating System18
Document Reader Software16

供应商

Microsoft56
Not Defined48
Apple40
Apache14
Foxit14

产品

Microsoft Windows26
Apple iOS16
Foxit Reader14
Linux Kernel14
Apple Safari12

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k计算HighWorkaround0.020160.02CVE-2007-1192
2Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.00CVE-2020-1927
3SAP Solution Manager 权限升级9.49.4$5k-$25k$0-$5kHighNot Defined0.974390.05CVE-2020-6207
4Cisco IP Phone Discovery Protocol 权限升级8.88.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2020-3111
5EOS Camera Picture Transfer Protocol 内存损坏8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.006720.00CVE-2019-6000
6Linux Kernel USB Device technisat-usb2.c 信息公开8.58.5$5k-$25k$5k-$25kNot DefinedOfficial Fix0.007130.03CVE-2019-15505
7Microsoft Windows JET Database Engine 内存损坏7.37.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.015230.02CVE-2019-1358
8Dell EMC iDRAC6 Web-based Diagnostics Console 权限升级7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001100.00CVE-2018-1212
9Tenable Nessus Reflected 跨网站脚本5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001100.02CVE-2019-3961
10DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.14CVE-2010-0966
11PHP Blowfish Hash password_verify Remote Code Execution6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000500.16CVE-2023-0567
12PHP SOAP HTTP Digest Authentication php_http.c php_random_bytes_throw 信息公开2.62.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.02CVE-2023-3247
13TRENDnet TEW-811DRU httpd security.asp 内存损坏7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001370.06CVE-2023-0613
14Ubuntu Linux overlayfs ovl_copy_up_meta_inode_data 权限升级7.87.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000420.04CVE-2023-32629
15laravel 权限升级4.13.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001600.06CVE-2022-2870
16Huawei SXXX VRP MPLS LSP Ping 信息公开5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000960.06CVE-2014-8570
17WordPress SQL注入6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
18nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.71CVE-2020-12440
19Apache Commons Text Variable Interpolation 权限升级8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.971500.04CVE-2022-42889
20Alkacon OpenCms 跨网站脚本6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.004340.03CVE-2005-4294

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1142.93.102.244dev.dotyeti.comBuer2021-08-23verified
2XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxx2020-12-16verified
3XXX.XXX.XXX.XXXxxx2021-08-23verified
4XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxx2021-08-23verified
5XXX.XXX.XXX.XXXxxxx.xxxxxxx.xxxxxxxxxxxx.xxxXxxx2021-08-23verified

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/backups/predictive
2File/cgi-bin/admin/testserver.cgipredictive
3File/cgi-bin/editBookmarkpredictive
4File/dev/kvmpredictive
5File/goform/RgDdnspredictive
6File/goform/RgDhcppredictive
7File/goform/RGFirewallELpredictive
8File/goform/RgTimepredictive
9File/goform/RgUrlBlock.asppredictive
10File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictive
11File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictive
12File/xxxxxxxx/xxxxxxxx.xxxpredictive
13File/xx-xxxxx/xxxxx-xxxx.xxxpredictive
14Filexxx_xxxxxxx.xxxpredictive
15Filexxxxx/xxxxxx-xxxxxx.xxxpredictive
16Filexxxx/xxxxxxx/xxxxxx/xxxx_xxxxxx.xpredictive
17Filexxxxxxx.xxxpredictive
18Filexxxxxx.xpredictive
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
20Filexxxxxxx/xxxxx/xxx/xxx-xxx/xxxxxxxxx-xxxx.xpredictive
21Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxxxx_xxx.xpredictive
22Filexxxxxxx/xxx/xxx/xxxxx.xpredictive
23Filexxxxxxx/xxx/xxxxxxxx/xxx/xxx_xxx_xxx.xpredictive
24Filexxx/xxxx/xxx_xxxx.xpredictive
25Filexxxxx/xxxxxxxxxx.xxxpredictive
26Filexxx/xxxx_xxxx.xpredictive
27Filexxxx/xxxxxxx.xpredictive
28Filexxxx/xxxxxxx.xpredictive
29Filexxx/xxxxxx.xxxpredictive
30Filexxxxxxx/xxxxx/xxxxxx/xxxx.xpredictive
31Filexxxxxx/xxxxx/xxxxx.xpredictive
32Filexxxxxxxxxx.xxxpredictive
33Filexxx_xxxxx_xxxx.xpredictive
34Filexxx/xxx/xxxx.xpredictive
35Filexxxx/xxxxxx/xxxxxx/xxxxxxxxpredictive
36Filexxxxxxxxxx.xxxpredictive
37Filexxxxxxxxpredictive
38Filexxxxxxxxx.xxxpredictive
39Filexxxxxxpredictive
40Libraryxxxxxx.xxxxxxx.xxxxxxxpredictive
41Libraryxxxxx.xxxpredictive
42Libraryxxxxxxxx/xxx/xxxx/xxx/xxxxxx/xxxxxx.xpredictive
43Argument--xxxxxpredictive
44Argumentxxxxxxxxpredictive
45Argumentxxxxxxxxxxxxxxxxxxxxxxxpredictive
46Argumentxxxxxx[xxxxx_xxxxxxxxx]predictive
47Argumentxxxxxxxxxxxxpredictive
48Argumentxxxxxx_xxx_xxpredictive
49Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictive
50Argumentxxxxpredictive
51Argumentxxpredictive
52Argumentxxxxxxxxxxxxpredictive
53Argumentxxxxx_xxxxxxx_xxxxpredictive
54Argumentxxxxxpredictive
55Argumentxxxxxxxxxxxpredictive
56Argumentxxxxxxxxpredictive
57Argumentxxxxxxxxxxxpredictive
58Argumentxxxxxxxxxxxxxxxxxxxxpredictive
59Argumentxxxxxxpredictive
60Argumentxxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxpredictive
61Argumentxxxpredictive
62Argumentxxxxxxxxpredictive
63Argumentxxxxxxxxpredictive
64Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictive
65Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictive
66Input Valuexxxxxxxxxxpredictive
67Network Portxxx/xxxxxpredictive
68Network Portxxx/xxxxxpredictive
69Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!