BlackLotus 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (92)

タイムライン

言語

en74
ru8
sv4
de2
ar2

国・地域

us22
gb12
ru8
ch2
hu2

アクター

BlackLotus3
Rhadamanthys1
IcedID1
Bashlite1
Mikey1

アクティビティ

関心

タイムライン

タイプ

Not Defined46
Multimedia Processing Software12
Content Management System8
Medical Device Software4
Groupware Software4

ベンダー

Not Defined40
GE4
SevOne4
Fortinet4
Klapp4

製品

FFmpeg12
GE Voluson S84
SevOne Network Management System4
Demokratian4
Klapp App4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DrayTek Vigor/Vigor3910 wlogin.cgi メモリ破損9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.09CVE-2022-32548
2WordPress Meta Field 弱い認証4.84.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001010.04CVE-2020-4050
3WordPress SQLインジェクション6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.14CVE-2022-21664
4Apple iOS WebKit 特権昇格6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.002790.05CVE-2022-42856
5RageFrame2 Image Crop クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-30880
6heyewei JFinalCMS Custom Data Page SQLインジェクション4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-2568
7SourceCodester Computer Inventory System update-computer.php クロスサイトスクリプティング3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-2068
8code-projects Online Book System Product.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-3001
9Bdtask Multi-Store Inventory Management System クロスサイトスクリプティング2.42.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-2997
10Linux Kernel BPF r8152.c intr_callback サービス拒否6.06.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.005010.03CVE-2022-3594
11EVE-NG Lab クロスサイトスクリプティング2.42.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000550.06CVE-2024-2391
12libexpat XML_ExternalEntityParserCreate XML External Entity5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.07CVE-2024-28757
13NAS4Free exec.php 特権昇格6.36.3$0-$5k$0-$5kHighNot Defined0.473730.04CVE-2013-3631
14y_project RuoYi filterKeyword サービス拒否4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000580.06CVE-2023-3163
15jeecg-boot qurestSql SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.113110.37CVE-2023-1454
16Hikvision Intercom Broadcasting System ping.php 特権昇格7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.901600.05CVE-2023-6895
17MediaTek MT9980 メモリ破損5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-20047
18MediaTek MT9011/MT9022/MT9618/MT9649/MT9653 OPTEE メモリ破損5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.05CVE-2023-20808
19VMware Cloud Director Privilege Escalation7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.002520.03CVE-2022-22966

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1104.21.22.185BlackLotus2024年03月05日verified
2XXX.XX.XXX.XXXXxxxxxxxxx2024年03月05日verified
3XXX.XXX.XXX.XXXXxxxxxxxxx2024年03月05日verified
4XXX.XXX.XX.XXXXxxxxxxxxx2024年03月05日verified
5XXX.XXX.XXX.XXXxxxxxx-xx-xxxxxxxxxxxxxx.xxxxx.xxx.xxXxxxxxxxxx2024年03月05日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-37, CWE-425Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3TXXXXCAPEC-242CWE-XXXxxxxxxx Xxxxxxxxxpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (48)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/?ajax-request=jnewspredictive
2File/about.phppredictive
3File/admin/div_data/delete?divId=9predictive
4File/admin/sign/outpredictive
5File/cardo/apipredictive
6File/cgi-bin/wlogin.cgipredictive
7File/xxxxxxxxxxxxxx/xx_xxxxx.xxx?xxxxxx_xxxx=xxxxxxx&xxxxxxxx_xxxx=xxxxxxx&xxxxxxx_xxx=xxx_xxxxxxxxpredictive
8File/xxxxxxxx/xxxxxx-xxxxxxxx.xxxpredictive
9File/xxxxx.xxxpredictive
10File/xxxx.xxxpredictive
11File/xxxx_xxxxx.xxx?xxxx=x&xxxxxxxxxxx=xx-xxxxx&xxx=/xxxxxxxxxxxxxx/xxxx.xxxpredictive
12File/xxxxxxxxxxxxx.xxxxpredictive
13File/xxxxxxx.xxxpredictive
14File/xxx/xxxx.xxxpredictive
15File/xxxxxxx.xxxpredictive
16File/xxxxxxx.xxxpredictive
17File/xxxxx-xxx/xxxxx.xxxpredictive
18File/xxx/xxxx/_xxxxxxxx/xxxxxxxxxxxxx.xxx.xxxpredictive
19Filexxxxxxx_xxx/xxxxxx_xxxxxx.xxxpredictive
20Filexxxxxx.xxxpredictive
21Filexxxxxxx=xxxxxxxxxx&xxxx=xxxx&xxxxxxxxxxxxx=/predictive
22Filexxxxxxx/xxx/xxx/xxxxx.xpredictive
23Filexxxx.xxxpredictive
24Filexxxxxxx/xxxxxxxx.xxxpredictive
25Filexx/xxxxxxx.xpredictive
26Filexxxxxxxx/xxxxxxxxxpredictive
27Filexxxxxxxxxx/xxxxxx.xpredictive
28Filexxxxxxxxxx/xxxx.xpredictive
29Filexxxxxxxxxx/xxxxxxxxxxx.xpredictive
30Filexxxxxxxxxx/xxxxx.xpredictive
31Filexxxxxxxxxx/xxxx.xpredictive
32Filexxxxxxxxxx.xxxpredictive
33Filexxxxx.xpredictive
34Argumentxx/xxpredictive
35Argumentxxxxxxxxxxxpredictive
36Argumentxxxxxxxx xxxx/xxxxx xxxx/xxxxx xxxx/xxxx xxxxpredictive
37Argumentxxx_xxpredictive
38Argumentxxpredictive
39Argumentxxpredictive
40Argumentxx_xxxxxxxxxpredictive
41Argumentxxxxxxxx[xx]predictive
42Argumentxxxxxpredictive
43Argumentxxxxxxxxxxxpredictive
44Argumentxxxxxpredictive
45Argumentxxx_xxxxxpredictive
46Input Value-x%xxxxxxx%xxxxx%xxxxxxxx%xxx,x,x,x,xxxxxxxx()predictive
47Input Valuexxxxxxx -xxxpredictive
48Network Portxxx/xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!