Bushido Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh	18
en	10
ru	4

Country

au	12
cn	12
us	6
ru	2

Actors

Bushido	4
Cobalt Strike	3
Mirai	1
Ursnif	1
Azorult	1

Activities

Interest

Timeline

Type

Not Defined	12
Operating System	4
Router Operating System	4
Firewall Software	2
WordPress Plugin	2

Vendor

Not Defined	10
Atlassian	4
Linux	4
Untangle	2
DrayTek	2

Product

Linux Kernel	4
Untangle NG Firewall	2
Ilohamail	2
Atlassian Confluence Server	2
Atlassian Confluence Data Center	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	xerial SQLite JDBC URL temp file	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00465	0.02	CVE-2023-32697
2	Untangle NG Firewall injection	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00177	0.04	CVE-2019-18647
3	Forminator Plugin unrestricted upload	8.5	8.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.07202	0.00	CVE-2023-4596
4	Keycloak mTLS Authentication certificate validation	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00086	0.04	CVE-2023-2422
5	ActiveNews Manager default.asp sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
6	Atlassian JIRA Server/Data Center Velocity Template code injection	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00142	0.01	CVE-2022-36799
7	GitLab Community Edition/Enterprise Edition GraphQL Endpoint permission assignment	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00091	0.00	CVE-2023-2478
8	Linux Kernel xgene-hwmon.c xgene_hwmon_remove use after free	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2023-1855
9	Linux Kernel XFS Subsystem out-of-bounds	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.05	CVE-2023-2124
10	H2 Console JDBC URL Privilege Escalation	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03650	0.00	CVE-2022-23221
11	Moodle Shibboleth Authentication Plugin session fixiation	7.7	7.7	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00388	0.00	CVE-2021-36394
12	MyBatis PageHelper sql injection	5.0	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00599	0.05	CVE-2022-28111
13	HelpSystems Cobalt Strike cross site scripting	4.8	4.7	$0-$5k	$0-$5k	High	Official Fix	0.00767	0.04	CVE-2022-39197
14	Apollo apollo-configservice missing authentication	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.04	CVE-2023-25570
15	pfSense pfBlockerNG HTTP Header os command injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96793	0.03	CVE-2022-31814
16	DrayTek Vigor3900/Vigor2960/Vigor300B out-of-bounds write	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00336	0.00	CVE-2020-14473
17	DrayTek Vigor2960 mainfunction.cgi toLogin2FA os command injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04154	0.05	CVE-2020-19664
18	Apache HTTP Server printenv.pl ap_send_error_response cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00256	0.04	CVE-2000-1205
19	Backdoor.Win32.Netbus.12 Service Port 12345 information disclosure	5.3	4.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.03
20	Kentico CMS File Upload unrestricted upload	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00249	0.00	CVE-2018-19453

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	6.43.51.17		Bushido	10/27/2018	verified	High
2	XX.XX.XX.XXX	xxxx.xxxxxxxxxx.xx	Xxxxxxx	10/27/2018	verified	High
3	XX.XX.XXX.XXX	xxxxxx.xx	Xxxxxxx	10/27/2018	verified	High
4	XXX.XX.XX.XXX	xxxxxx.xx	Xxxxxxx	10/27/2018	verified	High
5	XXX.XX.XXX.X		Xxxxxxx	10/27/2018	verified	High

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
2	T1059	CAPEC-137	CWE-88, CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
8	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	comments/feed	predictive	High
2	File	default.asp	predictive	Medium
3	File	xxxxxxx/xxxxx/xxxxx-xxxxx.x	predictive	High
4	File	xxxxxxxxxxxx.xxx	predictive	High
5	File	xxxxxxxx.xx	predictive	Medium
6	File	xxxxxxx.x	predictive	Medium
7	Argument	xxxxxxx	predictive	Low
8	Argument	xxxx	predictive	Low
9	Argument	xxxx	predictive	Low
10	Argument	xxxxxxx	predictive	Low
11	Argument	xxxx	predictive	Low
12	Argument	xxxxxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!