BlackByte Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (274)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en246
ru16
fr8
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA70
CN: China26
FR: France10
RU: Russia6
GB: Great Britain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine Stealer3
Cobalt Strike3
Bashlite2
BlackByte2
CredStealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined92
Content Management System18
WordPress Plugin18
Operating System14
Firewall Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined86
Apache8
Apple8
Dahua6
Google6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple macOS6
4Site CMS6
Dahua DHI-HCVR7216A-S34
Google Chrome4
QEMU4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.55CVE-2010-0966
3WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.03CVE-2006-5509
4ownCloud index.php path traversal7.37.0$0-$5kCalculatingNot DefinedOfficial Fix0.007490.00CVE-2014-4929
5Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash access control6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.05CVE-2017-6342
6Cyr to Lat Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2022-4290
7SourceCodester Food Ordering System PHP File ajax.php unrestricted upload7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.003070.00CVE-2023-24646
8Linux Kernel capsule-loader.c use after free4.64.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2022-40307
9HPE Onboard Administrator Reflected cross site scripting4.44.4$5k-$25k$0-$5kNot DefinedNot Defined0.000500.05CVE-2020-7132
10Check Point Quantum Gateway/Spark Gateway/CloudGuard Network Remote Access VPN information disclosure6.46.4$0-$5k$0-$5kHighNot Defined0.945040.04CVE-2024-24919
11Logsign Unified SecOps Platform command injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.05CVE-2024-5717
12TotalSuite Total Poll Lite Plugin authorization4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-32821
13Linux Kernel dm_exception_table_exit infinite loop5.75.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2024-35805
14xwikisas macro-pdfviewer PDF Viewer Macro information disclosure6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.07CVE-2024-30263
15Moises Heberle WooCommerce Bookings Calendar Plugin cross site scripting5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
16Foxit PDF Reader AcroForm use after free7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
17Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-2581
18MediaTek MT8798 Lk memory corruption6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-20022
19Kofax Power PDF PNG File Parser out-of-bounds4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.04CVE-2024-27336
20Linux Kernel ASPM pci_set_power_state_locked deadlock4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2024-26605

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.148.114BlackByte02/15/2022verifiedMedium
2XXX.XX.X.XXxxxx.xxxxxxx.xxxXxxxxxxxx07/29/2022verifiedHigh
3XXX.XXX.XX.XXXXxxxxxxxx07/07/2023verifiedVery High

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ajax.php?action=read_msgpredictiveHigh
2File/debug/pprofpredictiveMedium
3File/desktop_app/file.ajax.php?action=uploadfilepredictiveHigh
4File/envpredictiveLow
5File/fos/admin/ajax.phppredictiveHigh
6File/goform/SetNetControlListpredictiveHigh
7File/goform/SetStaticRouteCfgpredictiveHigh
8File/server-statuspredictiveHigh
9File/src/chatbotapp/chatWindow.javapredictiveHigh
10Fileaddentry.phppredictiveMedium
11Filexxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
12Filexxxxx/xxxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
13Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
14Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxx_xx_xxx_xxx.xxxpredictiveHigh
17Filexxx.xpredictiveLow
18FilexxxpredictiveLow
19Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxxxxxxx/xxx/xxxxxxx-xxxxxx.xpredictiveHigh
22Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
23Filexxx_xxxx.xpredictiveMedium
24Filexxxxx_xxxxxxxx.xxxxpredictiveHigh
25Filexxx/xxxxx.xxxxxpredictiveHigh
26Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
27Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHigh
33Filexx_xxxxx.xpredictiveMedium
34Filexxxxx_xxxxx.xpredictiveHigh
35Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
40Filexxx_xxxx.xxxpredictiveMedium
41Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
42Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
43Filexxxxx/xxxxx.xxxxxpredictiveHigh
44Filexxxxxxx.xpredictiveMedium
45Filexxxxxxxx-x.xxpredictiveHigh
46Filexxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxx-xxxxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
49Filexxx.xpredictiveLow
50FilexxxxxxxxxxxxxxxxpredictiveHigh
51Filexxxxxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
52Filexxx-xxxxxxx-xxx.xxpredictiveHigh
53Filexxxxxxx.xpredictiveMedium
54Filexxx.xxxpredictiveLow
55Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
56File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
57Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
58Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
59Libraryxxxxxxx.xxxpredictiveMedium
60Libraryxxxxx.xxxpredictiveMedium
61Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxpredictiveLow
64Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
65ArgumentxxxxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67Argumentx:\xxxxxxx\xpredictiveMedium
68Argumentxxxxx_xxxxpredictiveMedium
69Argumentxxxxx_xxpredictiveMedium
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
72ArgumentxxxxxxxpredictiveLow
73Argumentxxx_xxxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76Argumentxxxx_xxxxxpredictiveMedium
77ArgumentxxxxxpredictiveLow
78Argumentxxxxxx_xxxpredictiveMedium
79ArgumentxxxxpredictiveLow
80ArgumentxxpredictiveLow
81ArgumentxxxxxxxpredictiveLow
82ArgumentxxxxpredictiveLow
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxxxpredictiveLow
85Argumentx_xxxxpredictiveLow
86Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
87ArgumentxxxpredictiveLow
88ArgumentxxxxxpredictiveLow
89ArgumentxxxxxxxxxxxpredictiveMedium
90ArgumentxxpredictiveLow
91ArgumentxxxxxxpredictiveLow
92Argumentx-xxxxxxxxx-xxxxpredictiveHigh
93Input Value//xxx//xxxxxxx.xxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!