BlackByte Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (377)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en350
ru20
de4
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA76
CN: China22
ES: Spain6
RU: Russia6
FR: France4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine Stealer3
Cobalt Strike3
Bashlite2
BlackByte2
AsyncRAT2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined156
Operating System22
WordPress Plugin16
Programming Language Software14
Firewall Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined86
Apple16
mooSocial10
PHP Jabbers10
Google8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple macOS10
mooSocial mooDating10
Google Chrome6
Perl4
Cisco Firepower Threat Defense4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.00CVE-2010-0966
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable 0.009570.02CVE-2006-5509
4Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection7.57.2$0-$5k$0-$5kProof-of-ConceptWorkaroundexpected0.891260.21CVE-2024-7120
5Netgear WN604 Web Interface downloadFile.php information disclosure5.35.1$5k-$25k$0-$5kProof-of-ConceptWorkaroundexpected0.822700.08CVE-2024-6646
6ownCloud index.php path traversal7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.007980.00CVE-2014-4929
7Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.695320.00CVE-2024-0939
8TVT DVR TD-2104TS-CL queryDevInfo information disclosure5.35.1$0-$5k$0-$5kProof-of-ConceptWorkaroundpossible0.692750.08CVE-2024-7339
9osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.147440.00CVE-2024-4348
10D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection8.18.1$5k-$25k$0-$5kHighWorkaroundverified0.942130.07CVE-2024-3273
11mooSocial mooDating URL users cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.017700.04CVE-2023-3847
12Dahua Smart Park Management devicePoint_addImgIco unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.886560.00CVE-2023-3836
13PHP Jabbers Bus Reservation System index.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.060570.06CVE-2023-4111
14PHP Jabbers Taxi Booking index.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.051940.08CVE-2023-4116
15DedeCMS select_templets.php path traversal4.64.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.034280.00CVE-2023-2059
16PHP Jabbers Availability Booking Calendar index.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.016030.00CVE-2023-4110
17Ellucian Ethos Identity logout cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptOfficial fixpossible0.487910.00CVE-2023-2822
18PlayTube Redirect information disclosure5.45.2$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.637900.00CVE-2023-4714
19ColumbiaSoft Document Locator WebTools login improper authentication8.18.0$0-$5k$0-$5kNot definedOfficial fixpossible0.695700.07CVE-2023-5830
20Academy LMS GET Parameter filter sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.544600.00CVE-2023-4974

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2024-37085

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.148.114BlackByte02/15/2022verifiedLow
2XXX.XX.X.XXxxxx.xxxxxxx.xxxXxxxxxxxx07/29/2022verifiedMedium
3XXX.XXX.XX.XXXXxxxxxxxx07/07/2023verifiedHigh
4XXX.XX.XXX.XXXXxxxxxxxxXxx-xxxx-xxxxx08/28/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24, CWE-28, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (177)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/academy/tutor/filterpredictiveHigh
2File/ad-listpredictiveMedium
3File/admin/suppliers/view_details.phppredictiveHigh
4File/ajax.php?action=read_msgpredictiveHigh
5File/api/authentication/loginpredictiveHigh
6File/api/sys/loginpredictiveHigh
7File/api/sys/set_passwdpredictiveHigh
8File/api/v2/open/rowsInfopredictiveHigh
9File/app/sys1.phppredictiveHigh
10File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
11File/cas/logoutpredictiveMedium
12File/catalog/all-productspredictiveHigh
13File/cgi-bin/adm.cgipredictiveHigh
14File/cgi-bin/mesh.cgi?page=upgradepredictiveHigh
15File/cgi-bin/nas_sharing.cgipredictiveHigh
16File/cgi-bin/nightled.cgipredictiveHigh
17File/cgi-bin/touchlist_sync.cgipredictiveHigh
18File/cgi-bin/vitogate.cgipredictiveHigh
19File/debug/pprofpredictiveMedium
20File/desktop_app/file.ajax.php?action=uploadfilepredictiveHigh
21File/xxxxxxxxxxxx.xxxpredictiveHigh
22File/xxxx/xxxxxxxxxxx_xxxxxxxxx?xxxxxxxxxxxx=xxxxpredictiveHigh
23File/xxxpredictiveLow
24File/xxxx-x-xxxxxpredictiveHigh
25File/xxx/xxxxx/xxxx.xxxpredictiveHigh
26File/xxxxxxxpredictiveMedium
27File/xxxxxxx/xxxx_xxxxxxpredictiveHigh
28File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
29File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
30File/xxx/xxxxxx/xxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
31File/xxxxx.xxxpredictiveMedium
32File/xxxxx.xxx?xxxx=xxxxxxxx_xxxpredictiveHigh
33File/xxxxxx/xxxxxxx.xxxpredictiveHigh
34File/xxxxxxxxxxxx/xxxxxxxxpredictiveHigh
35File/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
36File/xxxxxpredictiveLow
37File/xxx/xxxx.xxxpredictiveHigh
38File/xxxxxxxx/xxxxx.xxxpredictiveHigh
39File/xxxxxxxxxxxxpredictiveHigh
40File/xxxxxxpredictiveLow
41File/xxxxxx/xxxxxpredictiveHigh
42File/xxxxxx-xxxxxxpredictiveHigh
43File/xxx/xxxxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
44File/xxxx/xxxxxxxxxx.xxxpredictiveHigh
45File/xxxxxpredictiveLow
46File/xxxxx/xxxxpredictiveMedium
47Filexxx-xxxxxx-xxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
50Filexxxxx/xxxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
51Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
52Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
53Filexxxxx.xxxpredictiveMedium
54Filexxx_xx_xxx_xxx.xxxpredictiveHigh
55Filexxx/xxxxxx/xxxx/xxx_xxxxxx.xxxpredictiveHigh
56Filexxx.xpredictiveLow
57FilexxxpredictiveLow
58Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
59Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
60Filexxxxxxx/xxxxxxxx/xxx/xxxxxxx-xxxxxx.xpredictiveHigh
61Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
62Filexxx_xxxx.xpredictiveMedium
63Filexxxxx_xxxxxxxx.xxxxpredictiveHigh
64Filexxx/xxxxx.xxxxxpredictiveHigh
65Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
66Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
67Filexxxxxxx_xxx.xxxxpredictiveHigh
68Filexxxxxx.xxxpredictiveMedium
69Filexxx/xxxxxx.xxxpredictiveHigh
70Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
71Filexxxxx.xxxpredictiveMedium
72Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHigh
73Filexx_xxxxx.xpredictiveMedium
74Filexxxxx_xxxxx.xpredictiveHigh
75Filexxxxxxxx/xxxxxxxxxpredictiveHigh
76Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
77Filexxxx.xxxpredictiveMedium
78Filexxxxx.xxxpredictiveMedium
79Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
80Filexxxxxxxx.xxxpredictiveMedium
81Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
82Filexxx_xxxx.xxxpredictiveMedium
83Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
84Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
85Filexxxxx/xxxxx.xxxxxpredictiveHigh
86Filexxxxxxx.xpredictiveMedium
87Filexxxxxxxx-x.xxpredictiveHigh
88Filexxxxxxxxxxxxx.xxxpredictiveHigh
89Filexxxxxx-xxxxxxx.xxxpredictiveHigh
90Filexxxxxx-xxxxxx.xxxpredictiveHigh
91Filexxxxxxxxx.xxxpredictiveHigh
92Filexxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
93Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
94Filexxx/xxxx/xxxx/xxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
95Filexxx/xxxx.xpredictiveMedium
96Filexxx.xpredictiveLow
97FilexxxxxxxxxxxxxxxxpredictiveHigh
98Filexxxxxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
99Filexxx-xxxxxxx-xxx.xxpredictiveHigh
100Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
101Filexxxxxxx.xpredictiveMedium
102Filexxx.xxxpredictiveLow
103Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
104File\xxxxxxxxxx\xxxxxxxxx\xxx\xxxxxx.xxpredictiveHigh
105File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
106Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
107Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
108Libraryxxxxxxx.xxxpredictiveMedium
109Libraryxxxxx.xxxpredictiveMedium
110Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
111ArgumentxxxxxxpredictiveLow
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxpredictiveLow
114ArgumentxxxxxxxxxxxpredictiveMedium
115Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
116ArgumentxxxxxxpredictiveLow
117ArgumentxxxxxxxxpredictiveMedium
118Argumentx:\xxxxxxx\xpredictiveMedium
119Argumentxxxxx_xxxxpredictiveMedium
120ArgumentxxxpredictiveLow
121ArgumentxxxpredictiveLow
122ArgumentxxxxxxxpredictiveLow
123Argumentxxxxx_xxpredictiveMedium
124ArgumentxxxxxxxxpredictiveMedium
125ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
126ArgumentxxxxxxxpredictiveLow
127Argumentxxx_xxxpredictiveLow
128ArgumentxxxxpredictiveLow
129ArgumentxxxxpredictiveLow
130ArgumentxxxxxxxxpredictiveMedium
131Argumentxxxx_xxxxxpredictiveMedium
132Argumentxxxx_xxxxxxpredictiveMedium
133Argumentxxxxxx[xxxxxxx]/xxxxxx[xxxxx]predictiveHigh
134ArgumentxxxxxpredictiveLow
135Argumentxxxxxx_xxxpredictiveMedium
136ArgumentxxxxpredictiveLow
137ArgumentxxpredictiveLow
138ArgumentxxxxxpredictiveLow
139ArgumentxxxxxpredictiveLow
140Argumentxxxxx/xxxxxx_xxpredictiveHigh
141ArgumentxxxxxxxpredictiveLow
142ArgumentxxpredictiveLow
143ArgumentxxxxxxpredictiveLow
144Argumentxxxxxxxx[xx]predictiveMedium
145ArgumentxxxpredictiveLow
146ArgumentxxxxpredictiveLow
147ArgumentxxxxpredictiveLow
148ArgumentxxxxxxpredictiveLow
149Argumentxxxxx_xxx/xxxxx_xxxpredictiveHigh
150ArgumentxxxxxxxpredictiveLow
151Argumentx_xxxxpredictiveLow
152ArgumentxxxxxxxxxxxxxpredictiveHigh
153Argumentxxxxxxxxxxx/xxxxpredictiveHigh
154Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
155ArgumentxxxxxxxxxxpredictiveMedium
156ArgumentxxxxxxpredictiveLow
157Argumentxxxxxxx_xxpredictiveMedium
158ArgumentxxxpredictiveLow
159ArgumentxxxxxpredictiveLow
160Argumentxxxxx_xxxxpredictiveMedium
161ArgumentxxxxxxpredictiveLow
162Argumentxxxxx_xxxxpredictiveMedium
163ArgumentxxxxxxxxpredictiveMedium
164ArgumentxxxxxxxxxxxpredictiveMedium
165ArgumentxxpredictiveLow
166ArgumentxxxxxxpredictiveLow
167ArgumentxxxpredictiveLow
168ArgumentxxxxxxpredictiveLow
169ArgumentxxxxxxxxpredictiveMedium
170ArgumentxxxxpredictiveLow
171Argumentx-xxxxxxxxx-xxxxpredictiveHigh
172Input Value"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
173Input Value/../../../../../../../../../xxxxxxx/xxx.xxxpredictiveHigh
174Input Value//xxx//xxxxxxx.xxxpredictiveHigh
175Input ValuexxxxxxpredictiveLow
176Input ValuexxpredictiveLow
177Input Valuexxxxxxx -xxxpredictiveMedium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!