Blackwater 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (360)

タイムライン

言語

en342
ja6
de6
pl2
es2

国・地域

us152
gb24
ca2

アクター

Blackwater3
TrickBot1
Cobalt Strike1
AsyncRAT1

アクティビティ

関心

タイムライン

タイプ

Not Defined170
Content Management System14
Multimedia Processing Software12
Operating System12
Router Operating System12

ベンダー

Not Defined74
SourceCodester54
D-Link10
Microsoft10
Cisco10

製品

FFmpeg10
WordPress6
Microsoft Windows6
SourceCodester Employee Management System6
D-Link DAP-13254

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1SourceCodester Petrol Pump Management Software login_crud.php SQLインジェクション4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-2060
2SourceCodester Simple Book Catalog App Update Book Form クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.08CVE-2023-4847
3SourceCodester Resort Management System クロスサイトスクリプティング4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000500.04CVE-2023-3318
4SourceCodester Online Learning System V2 index.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-1970
5Infosoftbd Clcknshop GET Parameter all SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.11CVE-2023-4708
6SourceCodester Take-Note App index.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.04CVE-2023-4864
7Infosoftbd Clcknshop all クロスサイトスクリプティング4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.08CVE-2023-4707
8TOTOLINK N200RE V5 Validity_check Format String8.88.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.001790.08CVE-2023-4746
9Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000580.08CVE-2023-4745
10Ruijie RG-EW1200G login 弱い認証7.87.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.004970.04CVE-2023-4415
11code-projects Agro-School Management System loaddata.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000670.08CVE-2023-3310
12PuneethReddyHC Online Shopping System Advanced Admin Registration reg.php 弱い認証8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000910.04CVE-2023-3337
13Tenda FH1202 setcfm formSetCfm メモリ破損8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.11CVE-2024-2984
14SourceCodester Simple Student Attendance System ?page=attendance&class_id=1 クロスサイトスクリプティング3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2024-1834
15CodeAstro Simple Voting System Backend users.php 特権昇格5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.19CVE-2024-1823
16SourceCodester Flashcard Quiz App update-flashcard.php クロスサイトスクリプティング3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.11CVE-2024-2072
17Hyper CdCatalog HCF File サービス拒否3.33.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2024-1191
18SourceCodester Employee Management System Project Assignment Report assignp.php クロスサイトスクリプティング3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2024-1871
19SourceCodester Block Inserter for Dynamic Content view_post.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.11CVE-2024-2073
20Totolink X6000R AX3000 shttpd cstecgi.cgi setWizardCfg 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-1781

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • BlackWater

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
138.132.99.167Blackwater2019年05月21日verified
2XX.XXX.X.XXXxxx-xxx-x-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxxxx2019年05月21日verified
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxxxx2019年05月21日verified
4XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxx2019年05月21日verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-36Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCAPEC-55CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXX.XXXCAPEC-120CWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
14TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictive
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCAPEC-157CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
20TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (261)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File%PROGRAMFILES%\MyQ\PHP\Sessions\predictive
2File/.flatpak-infopredictive
3File/Account/login.phppredictive
4File/admin/predictive
5File/admin/app/login_crud.phppredictive
6File/admin/app/product.phppredictive
7File/admin/app/service_crud.phppredictive
8File/admin/category/view_category.phppredictive
9File/admin/edit.phppredictive
10File/admin/googleads.phppredictive
11File/admin/list_ipAddressPolicy.phppredictive
12File/admin/login.phppredictive
13File/Admin/login.phppredictive
14File/admin/pages/update_go.phppredictive
15File/admin/reg.phppredictive
16File/admin/renewaldue.phppredictive
17File/admin/search.phppredictive
18File/adminpanel/admin/query/deleteQuestionExe.phppredictive
19File/ajaxpredictive
20File/analysisProject/pagingQueryDatapredictive
21File/api/sys/loginpredictive
22File/app/ajax/search_sales_report.phppredictive
23File/app/middleware/TokenVerify.phppredictive
24File/application/index/controller/Databasesource.phppredictive
25File/application/index/controller/Screen.phppredictive
26File/bin/boapredictive
27File/booking/show_bookings/predictive
28File/cancel.phppredictive
29File/cgi-bin/adm.cgipredictive
30File/cgi-bin/cstecgi.cgipredictive
31File/xxx-xxx/xxxxxxx.xxx?xxxxxx=xxxxxpredictive
32File/xxxxxxx/xxxxx.xxx?x=xxxxpredictive
33File/xxxxxxxxxx/xxxpredictive
34File/xxxxxxxxx/xxx-xxxxxxxxx.xxxpredictive
35File/xxxxxxxpredictive
36File/xxxxx/xxxx-xxxxxxxxx.xxxpredictive
37File/x-xxxxxx/xxx/xxxxxx/xxxx/xxxxxxxx.xxxpredictive
38File/xxxxxxxx/xxx-xxxxxxxx.xxxpredictive
39File/xxxxxxxx/xxx-xxx.xxxpredictive
40File/xxxxxxxx/xxx-xxxxx.xxxpredictive
41File/xxxxxxxx/xxxxxx-xxxxxxxx.xxxpredictive
42File/xxxxxxxx/xxxxxx-xxxxxxxxx.xxxpredictive
43File/xxx_xxxxxxxxxx_xxxxxx.xxxpredictive
44File/xxxxxx/xxxxxxxxxxxxxxxxxxxxpredictive
45File/xxxxxx/xxxxxxxxxxxxpredictive
46File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictive
47File/xxxxxx/xxxxxxpredictive
48File/xxxxxx/xxxxxxxxxxxxxxpredictive
49File/xxxxxx/xxxxxxxxxxxxxpredictive
50File/xxxxxxxxxxxx.xxxpredictive
51File/xxxxx.xxxpredictive
52File/xxxxxxxxxxxxx/xxxxpredictive
53File/xxx/xxxxxxxxx.xxxpredictive
54File/xxxxx.xxxpredictive
55File/xxxx/xxxxxxx.xxxpredictive
56File/xxxxxx/xxx/xxxxxxx.xxxpredictive
57File/xxxxxxxx/xxxxx/xxxxxxxxxxxxxx.xxxpredictive
58File/xxxxx/xxxxxxxxxxxx.xxxpredictive
59File/xxxxxxxxx/xxxxxxxxx.xxxpredictive
60File/xxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxxpredictive
61File/xxxx/#####/xx/xpredictive
62File/xxxxxxx/xxxxxxx.xxxpredictive
63File/xxxxxxx/xxxxxxxx.xxxpredictive
64File/xxxxxxxxxx/xxxxxxxx_xxxx_xxxxxx.xxxpredictive
65File/xxxxxxx.xxxpredictive
66File/xxx/xxxpredictive
67File/xxx/xxxxxxx/xxx/xxxxxxx.xpredictive
68File/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
69File/xxxxxxxxx/xxxxxxxx.xxxpredictive
70File/xxxxxx/xxxxxxxxxxxxx?xxxxxx=xxxxxxpredictive
71File/xxxxxxx/predictive
72File/xxx/xxx/xxxxxxpredictive
73File/xxx/xxx/xxxxxxxx.xxxpredictive
74File/xxxx/?xxxx=xx_xxxxxxxxpredictive
75File?xxxx=xxxxxxxxxx&xxxxx_xx=xpredictive
76File?xxxx=xxxxxpredictive
77File?x=xxxxx/xxx/xxxxxxxx&xxxxxxxxx=xpredictive
78File?x=xxxx/xxxxxxxxx/xxxxx&xx=xxxpredictive
79File?x=xxxxx/xxxxx/xxxx/x/xpredictive
80File?x=xxxxx/xxxxxxx/xxxxxxxxxxpredictive
81Filexxxxx_xxxxxxxx.xxxpredictive
82Filexxxxxxx_xxxx_xxxxx.xxxpredictive
83Filexxxxxxxxxxxx.xxxpredictive
84Filexxxxx/xxxxx.xxxxxpredictive
85Filexxxxx/xxxxxx.xxxpredictive
86Filexxxxx/xxxxx.xxxpredictive
87Filexxxxx_xxx.xxx?xxxxxx=xxxpredictive
88Filexxxxx_xxxxx.xxxpredictive
89Filexxxx_xxxxxxx.xxxpredictive
90Filexxx.xxxpredictive
91Filexxx_xxxxx.xxxpredictive
92Filexxx.xxxxxxxxxxxxxxxxxxxx.xxpredictive
93Filexxxxxxxxxxxxx/xx_xxxxxxxxx.xpredictive
94Filexxxxx-xxx-xxxxxx-xxxxxxxxxx.xxxpredictive
95Filexxxx_xxxx_xxxxx.xxxpredictive
96Filexxx.xxxpredictive
97Filexxxxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxxpredictive
98Filexxxxxx_xxxx.xxxpredictive
99Filexxxxxx_xxxxxx.xxxpredictive
100Filexxxxxxxxxx.xxxpredictive
101Filexxxxxxxxxxxxx.xxxxpredictive
102Filexxxxxxx/xxx/xxxxxx/xxx-xxxxx-xxxxxxx.xpredictive
103Filexxxxxxxxx.xxxpredictive
104Filexxxx-xxxxxx.xxxpredictive
105Filexxxxxxxxxxxxxxx.xxxpredictive
106Filexxxxxxxxxxx.xxxxpredictive
107Filexxxxxxxxx.xxxpredictive
108Filexxxxxxx/xxxxx.xxxpredictive
109Filexxxx_xxxxxxx.xxx.xxxpredictive
110Filexxxxx.xxxpredictive
111Filexxxxxxx_xxxx.xxxpredictive
112Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictive
113Filexxxxxxxxxx/xxxx.xpredictive
114Filexxxxxxxxxx/xxxxxxxx.xpredictive
115Filexxxxxxxxxxx/xx_xxxxxxxx.xpredictive
116Filexxxxxxxx.xxxpredictive
117Filexxxxx.xxxxpredictive
118Filexxxxxx_xxxxxx.xxxpredictive
119Filexxxxxx_xxxx.xxxpredictive
120Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictive
121Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
122Filexxxxx.xxxpredictive
123Filexxx-xxxxx.xpredictive
124Filexxxxxxxxxxxx.xxxpredictive
125Filexxxxxx.xxxpredictive
126Filexxx.xpredictive
127Filexxxxx.xxxpredictive
128Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
129Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictive
130Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictive
131Filexxxxx_xxxx.xxxpredictive
132Filexxxxxxxx_xxxx.xxxpredictive
133Filexxxxxxxx.xxxpredictive
134Filexxxxxxxx/xxxxxxx/xxxxxxxx.xxxpredictive
135Filexxxx-xxxxxxxx.xxxpredictive
136Filexxxxx.xxxpredictive
137Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictive
138Filexxxx_xxxxxx.xxxpredictive
139Filexxxxx/xxxxx.xxpredictive
140Filexxxx_xxxxxx.xxxpredictive
141Filexxxx_xxxxxxx_xxxx.xxxpredictive
142Filexxxx_xxxx.xxxpredictive
143Filexxxxxxxxxxxxxxx.xxxxpredictive
144Filexx-xxxxxxxxxxx.xxxpredictive
145Libraryxxx/xxx/xxx/xxxxxxx/xxxxxxxx/xxxx_xxx/xxxxxxx/xxxxxxxx/xxxxxxx/xxxxxx.xxxpredictive
146Libraryxxxxxx.xxxxxpredictive
147Libraryxxxxxxxxxxxxxxxx.xxxpredictive
148Argumentx_xxxx_xxxxxxpredictive
149Argumentxxxxx_xxpredictive
150Argumentxxxpredictive
151Argumentxxxxpredictive
152Argumentxxxx_xxxxx/xxxx_xxxxxxpredictive
153Argumentxxxxxxxxpredictive
154Argumentxxxxxxxxxxpredictive
155Argumentxxx_xxpredictive
156Argumentxxxxx_xxxxpredictive
157Argumentxxxx_xxpredictive
158Argumentxxxxxxx[x][xxxx]predictive
159Argumentxxxxxxxpredictive
160Argumentxxxxxxxxpredictive
161Argumentxxxxxxxxxxx_xxx_xxxxpredictive
162Argumentxxxxxxx xxxxxxpredictive
163Argumentxxxxxxxxpredictive
164Argumentxxxxx/xxxxxpredictive
165Argumentxxxpredictive
166Argumentxxxxxxpredictive
167Argumentxxx_xxxxpredictive
168Argumentxxxxxxxxxxxpredictive
169Argumentxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxpredictive
170Argumentxxxxxxxx/xxxx/xxxxpredictive
171Argumentxxxpredictive
172Argumentxxxxxxxpredictive
173Argumentxxxpredictive
174Argumentxxxx_xxxxxxxxpredictive
175Argumentxxxpredictive
176Argumentxxxxxpredictive
177Argumentxxxxx/xxxx/xxxxx/xxxxxxxxpredictive
178Argumentxxxxx/xxxxxxxxpredictive
179Argumentxxxxx/xxxxx/xxxxx/xxxxxxxxpredictive
180Argumentxxxxxxxxxxpredictive
181Argumentxxxxpredictive
182Argumentxxxxpredictive
183Argumentxxxxxxxxpredictive
184Argumentxxxxxxxpredictive
185Argumentxxxxx xxxxpredictive
186Argumentxxxxxxxxxpredictive
187Argumentxxxxx xxxxpredictive
188Argumentxxxxpredictive
189Argumentxxxxxxxx xxxxxxpredictive
190Argumentxxxx/xxpredictive
191Argumentxxxx xxxxpredictive
192Argumentxxxxxxxxxpredictive
193Argumentxxxxxxxpredictive
194Argumentxxxxxxxpredictive
195Argumentxxxxxpredictive
196Argumentxxxx_xxxxpredictive
197Argumentxxpredictive
198Argumentxxxxx_xxxxpredictive
199Argumentxxxxxxxxxpredictive
200Argumentxxxxxpredictive
201Argumentxxxxxpredictive
202Argumentxx_xxxxxpredictive
203Argumentxxxx_xxxxpredictive
204Argumentxxxpredictive
205Argumentxxxxxxx/xxxpredictive
206Argumentxxxxxxxxxxxxxxxxpredictive
207Argumentxxx_xxpredictive
208Argumentxxxxxpredictive
209Argumentxxxx/xxxxxxxpredictive
210Argumentxxxx_xxxxxxxxxxpredictive
211Argumentxxxxxxxxxxxpredictive
212Argumentxxxxxxxpredictive
213Argumentxxxxxxxpredictive
214Argumentxxxxpredictive
215Argumentxxxxxpredictive
216Argumentxxxxxxpredictive
217Argumentxxxxxpredictive
218Argumentxxxpredictive
219Argumentxxxxxxpredictive
220Argumentxxxxxpredictive
221Argumentxxxxxxxxxxpredictive
222Argumentxxxxxxxx/xxxxxxpredictive
223Argumentxxxxxxxpredictive
224Argumentxxxxxxxxxxpredictive
225Argumentxxxxxx_xxxxxpredictive
226Argumentxxxxxxxxxxxxxxxxxxxxpredictive
227Argumentxxxxxxxxpredictive
228Argumentxxxxxxx/xxxxxxpredictive
229Argumentxxxxxxx xxxx/xxxxxxxxxxxpredictive
230Argumentxxxxxx-xxxpredictive
231Argumentxxxxxxpredictive
232Argumentxxxpredictive
233Argumentxxxx_xxpredictive
234Argumentxxxxpredictive
235Argumentxxxxxxxxpredictive
236Argumentxxxxxpredictive
237Argumentxxxxxxxxxxxpredictive
238Argumentxxxxxxxxxxxpredictive
239Argumentxxxxxxxxxxxpredictive
240Argumentxxxxxpredictive
241Argumentxxxpredictive
242Argumentxxxpredictive
243Argumentxxxx/xxxxxxxxpredictive
244Argumentxxxxxxxxpredictive
245Argumentxxxx_xxxxxpredictive
246Argumentxx_xxxpredictive
247Argumentxxxxxxxpredictive
248Argumentxxxxxxxxxpredictive
249Argumentxxxx_xxxxpredictive
250Input Value"><xxxxxx>xxxxx(x)</xxxxxx>predictive
251Input Value"><xxxxxx xxx="xxxxx://xx.xxx/xxxxxxxxxx"></xxxxxx>predictive
252Input Value'+xx+x%xxx%xxpredictive
253Input Valuex%xxxx%xxx=xpredictive
254Input Valuexxxx-xx-xx%xx%xx%xxxxxxxx%xxxxxxx(x)%xx/xxxxxx%xxpredictive
255Input Value</xxxxx><xxx xxx=xx xxxxxxx=xxxxx(x)>predictive
256Input Value<xxxxxx>xxxxx('xxx')</xxxxxx>predictive
257Input Value<xxxxx/xxx=x xxxxxxx=xxxxx(xxxxxxxx.xxxxxx)>predictive
258Input Valuexxxxxx|xxx|xxxxxxxpredictive
259Input Valuexxxxxx%xx+xx+%xxx%xx+%xx+%xxx%xx+--+-predictive
260Network Portxxx/xxxxpredictive
261Network Portxxx/xxx (xxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!