Blackgear Cyberespionage Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

zh12
en8
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China20
US: USA2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Blackgear Cyberespionage6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Log Management Software4
Web Server2
Firewall Software2
SSH Server Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
Nuance2
Boa2
Juniper2
F52

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

AWStats4
Nuance PDF Reader2
Boa Webserver2
PHPWind2
Juniper Web Device Manager2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Microsoft Windows PCT Message memory corruption5.65.1$25k-$100k$0-$5kProof-of-ConceptOfficial fixpossible0.784870.03CVE-2004-0120
2Google Android Linux Kernel wma_vdev_start_resp_handler memory corruption7.37.0$25k-$100k$5k-$25kNot definedOfficial fix 0.001020.00CVE-2017-14894
3AWStats awstats.pl privileges management7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.000000.00
4F5 BIG-IP Configuration Utility path traversal9.39.1$5k-$25k$0-$5kNot definedOfficial fix 0.130940.00CVE-2023-41373
5ArmorX Spam sql injection8.58.5$0-$5k$0-$5kNot definedNot defined 0.002230.02CVE-2023-48384
6vsftpd deny_file3.73.6$0-$5k$0-$5kNot definedOfficial fix 0.352900.13CVE-2015-1419
7Juniper Junos OS J-Web external variable7.57.4$5k-$25k$0-$5kHighOfficial fixverified0.943200.03CVE-2023-36845
8Mortbay Jetty path traversal5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.279520.05CVE-2009-1523
9Linux Kernel Session Keyring Reference Count process_keys.c join_session_keyring integer overflow8.38.1$5k-$25k$0-$5kHighOfficial fixexpected0.582550.00CVE-2016-0728
10PHPWind admin.php sql injection5.95.9$0-$5k$0-$5kNot definedNot defined 0.002740.04CVE-2019-6691
11Dropbear svr-auth.c recv_msg_userauth_request User information disclosure5.35.2$0-$5k$0-$5kNot definedOfficial fix 0.005340.00CVE-2018-15599
12Boa Webserver Get Effective Rights Engine path traversal5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.057540.02CVE-2000-0920
13Microsoft Windows Roaming Security Rights Management Services Remote Code Execution8.17.4$100k and more$5k-$25kUnprovenOfficial fix 0.084080.00CVE-2022-21974
14Fipsasp fipsCMS index.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailablepossible0.004450.07CVE-2007-2561
15J-Pierre Dezelus Les Visiteurs config.inc.php privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.083780.04CVE-2003-1148
16BEESCMS Image File upload.php unrestricted upload5.55.5$0-$5k$0-$5kNot definedNot defined 0.005610.00CVE-2020-23572
17AWStats awstats.pl pathname traversal5.55.5$0-$5k$0-$5kNot definedNot defined 0.015650.22CVE-2020-35176
18Sophos SFOS Administration Service/User Portal sql injection9.49.2$5k-$25k$0-$5kHighOfficial fixverified0.829680.00CVE-2020-12271
19Juniper Web Device Manager Authentication hard-coded credentials9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround 0.000000.00
20Matt Wright GuestBook SSI guestbook.pl privileges management7.37.1$0-$5k$0-$5kHighNot definedexpected0.898320.04CVE-1999-1053

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
111.22.33.44Blackgear Cyberespionage07/18/2018verifiedLow
211.36.214.134Blackgear Cyberespionage07/18/2018verifiedLow
311.36.214.181Blackgear Cyberespionage07/18/2018verifiedLow
423.2.143.41a23-2-143-41.deploy.static.akamaitechnologies.comBlackgear Cyberespionage07/18/2018verifiedLow
523.53.197.99a23-53-197-99.deploy.static.akamaitechnologies.comBlackgear Cyberespionage07/18/2018verifiedLow
645.76.194.5945.76.194.59.vultrusercontent.comBlackgear Cyberespionage07/18/2018verifiedVery Low
747.88.18.79Blackgear Cyberespionage07/18/2018verifiedLow
8XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedVery Low
9XX.XXX.XXX.XXXxxxxxxxxxxxxxx.xxxx.xxxx.xxxx.xx.xxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
10XX.XXX.XX.XXxx-xxx-xx-xx.xxxxx-xx.xxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
11XX.XXX.XXX.XXXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
12XX.XXX.XXX.XXXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
13XX.XXX.XXX.XXXxxx.xxx.xxx.xx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedVery Low
14XX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
15XX.XXX.XXX.XXXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
16XX.XX.XXX.XXxx.xx.xxx.xx.xxxxxx.xxxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
17XXX.XXX.XXX.XXxxxx-xxx-xxx-xx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
18XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
19XXX.XXX.XXX.XXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
20XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xx.xxxxxx.xxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
21XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
22XXX.XX.XXX.XXxxx-xx-xxx-x.xx.xxxxxx.xxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
23XXX.XXX.XXX.XXXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
24XXX.XXX.XX.XXXxxx.xxxx.xxx.xxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
25XXX.XX.XXX.XXXxxxx-xx-xxx-xxx.xxxx.x.xxxx.xxxxxx.xxxxx.xxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
26XXX.XX.XXX.XXXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
27XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedVery Low
28XXX.XX.XXX.XXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
29XXX.XXX.XXX.XXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
30XXX.XXX.XXX.XXXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
31XXX.XX.XXX.XXXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
32XXX.XX.XXX.XXXXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedLow
33XXX.XX.XXX.XXXxxxxxxxxxxxxx.xxxxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedVery Low
34XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxxxxxxx.xxxXxxxxxxxx Xxxxxxxxxxxxxx07/18/2018verifiedVery Low

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1068CAPEC-122CWE-269Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/upload.phppredictiveHigh
2Fileadmin.php?m=backup&c=backup&a=dobackpredictiveHigh
3Fileawstats.plpredictiveMedium
4Filexxx-xxx/xxxxxxx.xxpredictiveHigh
5Filexxxxxx.xxx.xxxpredictiveHigh
6Filexxxxxxxxx.xxpredictiveMedium
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxxxx/xxxx/xxxxxxx_xxxx.xpredictiveHigh
9Filexxx-xxxx.xpredictiveMedium
10Libraryxxxxxxxx.xxxpredictiveMedium
11ArgumentxxxxxxpredictiveLow
12ArgumentxxxxxxxpredictiveLow
13Argumentxxx_xxxxxxx_xxxpredictiveHigh
14ArgumentxxxpredictiveLow
15Argumentxxxxxxx[]predictiveMedium
16Input Value%xxpredictiveLow
17Input Value<!-- xxxx -->predictiveHigh
18Pattern|xx xx|predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!