BlackByte 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (271)

タイムライン

言語

en246
ru16
de4
fr4
zh2

国・地域

us54
cn28
ru10
fr8
gb2

アクター

RedLine Stealer3
Cobalt Strike3
BlackByte2
CredStealer1
TeamTNT1

アクティビティ

関心

タイムライン

タイプ

Not Defined96
Operating System18
WordPress Plugin16
Web Browser14
Cloud Software10

ベンダー

Not Defined74
Google10
Apache8
Apple8
Linux6

製品

Google Chrome10
Linux Kernel6
Apple macOS6
MediaTek MT67894
MediaTek MT68354

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.15CVE-2010-0966
3WoltLab Burning Book addentry.php SQLインジェクション7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.03CVE-2006-5509
4ownCloud index.php ディレクトリトラバーサル7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007490.00CVE-2014-4929
5Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash 特権昇格6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
6Cyr to Lat Plugin SQLインジェクション6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2022-4290
7SourceCodester Food Ordering System PHP File ajax.php 特権昇格7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.003070.00CVE-2023-24646
8Linux Kernel capsule-loader.c メモリ破損4.64.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2022-40307
9HPE Onboard Administrator Reflected クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.04CVE-2020-7132
10Linux Kernel dm_exception_table_exit サービス拒否5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2024-35805
11xwikisas macro-pdfviewer PDF Viewer Macro 情報の漏洩6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-30263
12Moises Heberle WooCommerce Bookings Calendar Plugin クロスサイトスクリプティング5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
13Foxit PDF Reader AcroForm メモリ破損7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
14Tenda AC10 SetStaticRouteCfg fromSetRouteStatic メモリ破損8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.07CVE-2024-2581
15MediaTek MT8798 Lk メモリ破損6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-20022
16Kofax Power PDF PNG File Parser 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2024-27336
17Linux Kernel ASPM pci_set_power_state_locked サービス拒否4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2024-26605
18Elementor Plugin 特権昇格5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000440.07CVE-2024-24934
19IBM Security Access Manager Container DSC Server サービス拒否6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2023-31006
20WP Recipe Maker Plugin クロスサイトスクリプティング5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.02CVE-2024-0382

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.9.148.114BlackByte2022年02月15日verified
2XXX.XX.X.XXxxxx.xxxxxxx.xxxXxxxxxxxx2022年07月29日verified
3XXX.XXX.XX.XXXXxxxxxxxx2023年07月07日verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-425Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/ajax.php?action=read_msgpredictive
2File/debug/pprofpredictive
3File/desktop_app/file.ajax.php?action=uploadfilepredictive
4File/envpredictive
5File/fos/admin/ajax.phppredictive
6File/goform/SetNetControlListpredictive
7File/goform/SetStaticRouteCfgpredictive
8File/server-statuspredictive
9File/src/chatbotapp/chatWindow.javapredictive
10Fileaddentry.phppredictive
11Filexxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictive
12Filexxxxx/xxxxx-xxx-xxxxx-xxxxx.xxxpredictive
13Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictive
14Filexxxxxxxxxxxx/xxxxx/xxxx/predictive
15Filexxxxx.xxxpredictive
16Filexxx_xx_xxx_xxx.xxxpredictive
17Filexxx.xpredictive
18Filexxxpredictive
19Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictive
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
21Filexxxxxxx/xxxxxxxx/xxx/xxxxxxx-xxxxxx.xpredictive
22Filexxxxxxx/xxx/xxx-xx.xpredictive
23Filexxx_xxxx.xpredictive
24Filexxxxx_xxxxxxxx.xxxxpredictive
25Filexxx/xxxxx.xxxxxpredictive
26Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictive
27Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
28Filexxxxxx.xxxpredictive
29Filexxx/xxxxxx.xxxpredictive
30Filexxxxxxx/xxxxx.xxx.xxxpredictive
31Filexxxxx.xxxpredictive
32Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictive
33Filexx_xxxxx.xpredictive
34Filexxxxx_xxxxx.xpredictive
35Filexxxxxx/xxx/xxxxxxxx.xpredictive
36Filexxxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictive
40Filexxx_xxxx.xxxpredictive
41Filexxxxxxxxxxx-xxxx.xxpredictive
42Filexxxxxxxxx/xxxxx.xxxxxpredictive
43Filexxxxx/xxxxx.xxxxxpredictive
44Filexxxxxxx.xpredictive
45Filexxxxxxxx-x.xxpredictive
46Filexxxxxxxxxxxxx.xxxpredictive
47Filexxxxxx-xxxxxx.xxxpredictive
48Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictive
49Filexxx.xpredictive
50Filexxxxxxxxxxxxxxxxpredictive
51Filexxxxxxxx_xxxxxx_xxxxx.xxxpredictive
52Filexxx-xxxxxxx-xxx.xxpredictive
53Filexxxxxxx.xpredictive
54Filexxx.xxxpredictive
55Filexx-xxxxx-xxxxxx.xxxpredictive
56File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictive
57Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictive
58Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictive
59Libraryxxxxxxx.xxxpredictive
60Libraryxxxxx.xxxpredictive
61Libraryxxxxxxxxxxxxx.xxx)predictive
62Argumentxxxxxxpredictive
63Argumentxxxpredictive
64Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
65Argumentxxxxxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentx:\xxxxxxx\xpredictive
68Argumentxxxxx_xxxxpredictive
69Argumentxxxxx_xxpredictive
70Argumentxxxxxxxxpredictive
71Argumentxxxxxxxxxxxxxxxxxpredictive
72Argumentxxxxxxxpredictive
73Argumentxxx_xxxpredictive
74Argumentxxxxpredictive
75Argumentxxxxpredictive
76Argumentxxxx_xxxxxpredictive
77Argumentxxxxxpredictive
78Argumentxxxxxx_xxxpredictive
79Argumentxxxxpredictive
80Argumentxxpredictive
81Argumentxxxxxxxpredictive
82Argumentxxxxpredictive
83Argumentxxxxpredictive
84Argumentxxxxxxxpredictive
85Argumentx_xxxxpredictive
86Argumentxxxxxx/xxxxxx_xxxxxxpredictive
87Argumentxxxpredictive
88Argumentxxxxxpredictive
89Argumentxxxxxxxxxxxpredictive
90Argumentxxpredictive
91Argumentxxxxxxpredictive
92Argumentx-xxxxxxxxx-xxxxpredictive
93Input Value//xxx//xxxxxxx.xxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!