BlueNoroff 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

言語

en	56
de	4
zh	4
ru	2
ja	2

国・地域

us	58
vn	6
br	2
jp	2

アクター

BlueNoroff	5
RecordBreaker	2
BumbleBee	2
IcedID	2
Ursnif	1

関心

タイプ

Not Defined	30
Forum Software	6
Mail Server Software	4
Survey Software	4
Operating System	4

ベンダー

Not Defined	16
Cisco	4
Microsoft	4
Netgate	2
Google	2

製品

LimeSurvey	4
OpenResty	4
Sendmail	2
Netgate pf Sense	2
Google Chrome	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Microsoft Windows Domain Name Service Privilege Escalation	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.02058	0.00	CVE-2023-28223
3	HTTP/2 Stream Rapid Reset サービス拒否	6.4	6.3	$0-$5k	$0-$5k	High	Official Fix	0.73226	0.02	CVE-2023-44487
4	Apache James Server 特権昇格	8.1	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.78935	0.03	CVE-2015-7611
5	Frappe Framework SQLインジェクション	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00274	0.02	CVE-2019-14966
6	Alt-N MDaemon Worldclient 特権昇格	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00090	0.06	CVE-2021-27182
7	Ivanti Endpoint Manager Mobile 弱い認証	9.9	9.7	$0-$5k	$0-$5k	High	Official Fix	0.96584	0.00	CVE-2023-35078
8	Hitachi Vantara Pentaho Business Analytics Server Data Lineage 弱い暗号化	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00145	0.00	CVE-2021-45447
9	Oracle Application Server SQLインジェクション	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00322	0.04	CVE-2007-0286
10	Live555 Streaming Media parseRTSPRequestString Remote Code Execution	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.87706	0.00	CVE-2013-6934
11	Oracle Solaris Utility Local Privilege Escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.05	CVE-2023-21985
12	Appindex MWChat start_lobby.php 特権昇格	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01895	0.00	CVE-2005-1869
13	Coinsoft Technologies phpCOIN db.php ディレクトリトラバーサル	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03877	0.02	CVE-2005-4212
14	Damien Benier MyAlbum language.inc.php 特権昇格	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.09238	0.03	CVE-2006-5865
15	SourceCodester Grade Point Average GPA Calculator index.php クロスサイトスクリプティング	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00062	0.03	CVE-2023-1743
16	SourceCodester Grade Point Average GPA Calculator index.php 情報の漏洩	5.4	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00097	0.10	CVE-2023-1769
17	OpenResty API ngx_http_lua_subrequest.c 特権昇格	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00580	0.00	CVE-2020-11724
18	OpenResty ngx.req.get_post_args SQLインジェクション	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00637	0.04	CVE-2018-9230
19	Netgate pf Sense ACME Package acme_certificate_edit.php クロスサイトスクリプティング	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00085	0.00	CVE-2020-21219
20	Microsoft IIS IP/Domain Restriction 特権昇格	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.40	CVE-2014-4078

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.238.25.2	ip-45-238-25-2.interlink.com.br	BlueNoroff	2022年03月22日	verified	高
2	104.168.174.80	client-104-168-174-80.hostwindsdns.com	BlueNoroff	2023年01月05日	verified	高
3	XXX.XXX.XXX.XX	xxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxxxxxx	2023年01月05日	verified	高
4	XXX.XX.XXX.XXX		Xxxxxxxxxx	2022年03月22日	verified	高
5	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	2023年01月05日	verified	高
6	XXX.XX.XXX.XX		Xxxxxxxxxx	2023年01月05日	verified	高
7	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	2023年01月05日	verified	高
8	XXX.XX.XX.XX		Xxxxxxxxxx	2022年03月22日	verified	高
9	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxx.xxxx.xx	Xxxxxxxxxx	2023年01月05日	verified	高

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	高
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	高
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
4	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
7	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
8	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
11	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/mgmt/tm/util/bash	predictive	高
2	File	14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi	predictive	高
3	File	acme_certificate_edit.php	predictive	高
4	File	auth.php	predictive	中
5	File	books.php	predictive	中
6	File	class_gw_2checkout.php	predictive	高
7	File	xxxx_xxxxxxxx/xx.xxx	predictive	高
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
9	File	xxxxxxxxxxxx.xxx	predictive	高
10	File	xxx/xxxxxx.xxx	predictive	高
11	File	xxxxx.xxx	predictive	中
12	File	xxxxxxx.xxx	predictive	中
13	File	xxxxxxxx.xxx.xxx	predictive	高
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	高
15	File	xxxxxxx.xxx	predictive	中
16	File	xxxxx.xxx	predictive	中
17	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	高
18	File	xxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xx	predictive	高
19	File	xxxxxxxx.xxx	predictive	中
20	File	xxxxx_xxxxx.xxx	predictive	高
21	File	xxxx_x_xxxxxx.xxx.xxx	predictive	高
22	File	xxxxxx.xxx	predictive	中
23	Library	xxxxxx[xxxxxx_xxxx	predictive	高
24	Argument	xxx_xxxx	predictive	中
25	Argument	xxxxxxxx	predictive	中
26	Argument	xxxxxx	predictive	低
27	Argument	xxx	predictive	低
28	Argument	xxxxxx[xxxxxx_xxxx]	predictive	高
29	Argument	xxxxxxxx	predictive	中
30	Argument	xx	predictive	低
31	Argument	xxxxxxxxxxx	predictive	中
32	Argument	xxxxxxx_xxx	predictive	中
33	Argument	xxxxx_xxx	predictive	中
34	Argument	xxxx	predictive	低
35	Argument	xxxxxxxx	predictive	中
36	Argument	xxxx	predictive	低
37	Argument	xxxxxxxxxx	predictive	中
38	Argument	xxxxxx_xxxx	predictive	中
39	Argument	_xxxx[_xxx_xxxx_xxxx	predictive	高
40	Input Value	xxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxx	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Interested in the pricing of exploits?

See the underground prices here!