BuerLoader 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

语言

en	38
ar	2

国家/地区

us	4
ar	2
ch	2

演员

Buer	1

利益

类型

Not Defined	22
Peer-to-Peer Software	4
Multimedia Processing Software	2
Content Management System	2
JavaScript Library	2

供应商

Not Defined	14
Thomson	4
XOOPS	2
Huawei	2
Mirmay	2

产品

uTorrent	4
Thomson TCW710	4
FFmpeg	2
Airfield Online	2
XOOPS Article module	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	TRENDnet TEW-811DRU httpd security.asp 内存损坏	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00137	0.03	CVE-2023-0613
2	laravel 权限升级	4.1	3.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00160	0.21	CVE-2022-2870
3	Huawei SXXX VRP MPLS LSP Ping 信息公开	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00096	0.02	CVE-2014-8570
4	Apache Commons Text Variable Interpolation 权限升级	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.97150	0.00	CVE-2022-42889
5	Microsoft Windows IIS Remote Code Execution	7.6	7.0	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00104	0.06	CVE-2022-30209
6	Alkacon OpenCms 跨网站脚本	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00434	0.00	CVE-2005-4294
7	Microsoft Internet Explorer Embedded Content 跨网站脚本	6.3	6.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.82340	0.03	CVE-2005-3312
8	Mozilla Firefox String 未知漏洞	4.3	4.1	$25k-$100k	$0-$5k	Proof-of-Concept	Unavailable	0.00202	0.03	CVE-2005-2602
9	Netegrity SiteMinder Login smpwservicescgi.exe Redirect	5.4	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00072	0.07	CVE-2005-10001
10	Dreambox DM500 Web Server 权限升级	7.5	6.8	$25k-$100k	$0-$5k	Proof-of-Concept	Workaround	0.02506	0.04	CVE-2008-3936
11	D-Link DIR URL Filter 权限升级	5.3	5.1	$25k-$100k	$0-$5k	High	Official Fix	0.02265	0.02	CVE-2008-4133
12	Pro2col Stingray FTS 跨网站脚本	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00087	0.07	CVE-2008-10001
13	FFmpeg 拒绝服务	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00186	0.02	CVE-2012-2805
14	Netgear WGR614 Authentication Code 弱身份验证	4.9	4.9	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00078	0.03	CVE-2012-6340
15	NVIDIA Graphics Drivers registry 内存损坏	7.2	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.02	CVE-2012-0951
16	DD-WRT Web Interface 跨网站请求伪造	7.5	6.9	$0-$5k	$0-$5k	Unproven	Not Defined	0.00312	0.02	CVE-2012-6297
17	Dell SonicWall Secure Remote Access Appliance editBookmark 跨网站请求伪造	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01802	0.00	CVE-2015-2248
18	FileZilla Server PORT 权限升级	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.09	CVE-2015-10003
19	Kiddoware Kids Place Home Button Protection 拒绝服务	5.4	5.3	$0-$5k	$0-$5k	High	Official Fix	0.00042	0.03	CVE-2015-10002
20	uTorrent 内存损坏	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00250	0.04	CVE-2018-25042

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	104.248.83.13		BuerLoader		2022-08-10	verified	高
2	XXX.XX.XXX.XXX	xxx.xxxxxxx.xxx	Xxxxxxxxxx		2022-06-11	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
2	T1059	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/backups/	predictive	中
2	File	/cgi-bin/editBookmark	predictive	高
3	File	/goform/RgDdns	predictive	高
4	File	/goform/RgDhcp	predictive	高
5	File	/xxxxxx/xxxxxxxxxxxx	predictive	高
6	File	/xxxxxx/xxxxxx	predictive	高
7	File	/xxxxxx/xxxxxxxxxx.xxx	predictive	高
8	File	/xxxxxx/xxxxxxxxxxxxxxxxxx	predictive	高
9	File	/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
10	File	/xxxxxxxx/xxxxxxxx.xxx	predictive	高
11	File	xxxxx/xxxxxx-xxxxxx.xxx	predictive	高
12	File	xxxxxxx.xxx	predictive	中
13	File	xxxx/xxxxxx/xxxxxx/xxxxxxxx	predictive	高
14	Argument	xxxxxxxxxxxxxxxxxxxxxxx	predictive	高
15	Argument	xxxxxxxxxxxx	predictive	中
16	Argument	xxxxxx_xxx_xx	predictive	高
17	Argument	xxxxxxxxxxxx/xxxxxxxxxxxxxx	predictive	高
18	Argument	xx	predictive	低
19	Argument	xxxxx	predictive	低
20	Argument	xxxxxxxxxxx	predictive	中
21	Argument	xxxxxxxxxxxxxxxxxxxx	predictive	高
22	Argument	xxxxxx	predictive	低
23	Argument	xxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxx	predictive	高
24	Argument	xxxxxxxx	predictive	中
25	Input Value	<xxxxxx>xxxxx(x)</xxxxxx>	predictive	高
26	Input Value	><xxxxxx>xxxxx(x)</xxxxxx>	predictive	高
27	Network Port	xxx/xxxxx	predictive	中
28	Network Port	xxx/xxxxx	predictive	中
29	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!