BlackNet Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (32)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	26
ru	4
zh	2

Country

us	18
nl	2

Actors

Mirai	2
Cobalt Strike	2
BlackNet	2
BlackNET RAT	1
LokiBot	1

Activities

Interest

Timeline

Type

Not Defined	16
WordPress Plugin	2
Operating System	2
Web Server	2
Content Management System	2

Vendor

Not Defined	14
Asus	4
Linux	2
Comersus Open Technologies	2
SialWeb	2

Product

Asus RT-AC86U	4
medoo	2
Post Grid Plugin	2
ampleShop	2
Linux Kernel	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.04	0.01847	CVE-2007-1192
2	Asus RT-AC86U Web URL os command injection	8.8	8.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00076	CVE-2023-28702
3	Asus RT-AC86U LPD Service os command injection	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00047	CVE-2022-25597
4	Asus RT-AC56U out-of-bounds write	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08	0.00070	CVE-2022-25596
5	Asus RT-AX56U V2/RT-AC86U cm_processChangedConfigMsg format string	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00330	CVE-2023-35087
6	lighttpd mod_alias_physical_handler mod_alias.c path traversal	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00368	CVE-2018-19052
7	Phpsugar PHP Melody Cookie watch.php sql injection	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00156	CVE-2017-15579
8	PDF24 Article To PDF Plugin cross-site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00054	CVE-2022-1827
9	medoo columnQuote sql injection	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.00146	CVE-2019-10762
10	Privoxy Template Name cgi_error_no_template cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00078	CVE-2021-44543
11	Telesquare SDT-CS3B1/SDT-CW3B1 Telnet Service hard-coded credentials	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.05	0.00905	CVE-2018-12526
12	Mods for HESK Time-Based sql injection	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00301	CVE-2020-13993
13	Linux Kernel hid-elo.c hid_parse memory leak	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00042	CVE-2022-27950
14	Linux Kernel load_elf_binary memory corruption	8.3	7.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.08	0.00072	CVE-2017-1000253
15	Corero SecureWatch Managed Services HTTP API Endpoint get_snapshot path traversal	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.00087	CVE-2021-38136
16	Post Grid Plugin Slider Import Search cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00302	CVE-2021-24488
17	IBM i2 Analyze information exposure	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00076	CVE-2021-29784
18	Apple watchOS WebKit use after free	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00358	CVE-2021-30795
19	Lesterchan wp-postratings wp-postratings.php code injection	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09	0.00190	CVE-2011-4646
20	phpList Bounce Rules cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00058	CVE-2020-36399

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	1.1.1.1	one.one.one.one	BlackNet	07/18/2021	verified	High
2	XX.XXX.XX.XX		Xxxxxxxx	07/18/2021	verified	High
3	XX.XXX.X.XX		Xxxxxxxx	07/18/2021	verified	High
4	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxx.xxx	Xxxxxxxx	07/18/2021	verified	Medium
5	XXX.XXX.XXX.XXX	xxx.xxxx.xx	Xxxxxxxx	07/18/2021	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1059	CWE-94	Cross Site Scripting	predictive	High
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx	predictive	High
5	TXXXX	CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/about.php	predictive	Medium
2	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	High
3	File	/phpwcms/setup/setup.php	predictive	High
4	File	xxxxxxxx.xxx	predictive	Medium
5	File	xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx	predictive	High
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
7	File	xxxxxxx/xxx/xxx-xxx.x	predictive	High
8	File	xxxxx.xxx	predictive	Medium
9	File	xxxx_xxxx.xxx	predictive	High
10	File	xxx_xxxxx.x	predictive	Medium
11	File	xxxxx.xxx	predictive	Medium
12	File	xx-xxxxxxxxxxx.xxx	predictive	High
13	Argument	xx_xxxxx_xxx_xxxx	predictive	High
14	Argument	xxx	predictive	Low
15	Argument	xxxx_xx	predictive	Low
16	Argument	xx	predictive	Low
17	Argument	xxxxxxxxx	predictive	Medium
18	Argument	xxxxx	predictive	Low
19	Argument	xxxx_xxxx	predictive	Medium
20	Argument	xxxx	predictive	Low
21	Argument	xxx	predictive	Low
22	Input Value	../	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!