BlackTech Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en	132
zh	14
de	3
sv	1
fr	1

Country

ms	131
cn	17
us	4

Actors

BlackTech	24
PLEAD	7
Winwebsec	1

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	CVE
1	vTiger CRM sql injection	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2019-11057
2	Microsoft Exchange Server ProxyShell Remote Code Execution	9.5	8.2	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.22	CVE-2021-34473
3	WordPress WP_Query class-wp-query.php sql injection	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2017-5611
4	Liferay Portal CE JSON Payload deserialization	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2019-16891
5	Apache Solr ResourceLoader path traversal	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2013-6397
6	ThinkPHP input validation	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2019-9082
7	Mailman input validation	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07	CVE-2018-13796
8	Yii Framework Exception Error ErrorHandler.php information disclosure	6.4	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2018-6010
9	Pivotal RabbitMQ password access control	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2016-9877
10	phpThumb Default Configuration server-side request forgery	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	CVE-2013-6919
11	phpThumb phpThumb.demo.showpic.php cross site scripting	5.2	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2016-10508
12	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.05	CVE-2007-1192
13	XenForo privileges management	8.6	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05
14	Microsoft Windows TCP/IP Stack access control	6.3	5.7	$25k-$100k	$0-$5k	High	Official Fix	0.04	CVE-2014-4076
15	PHPMailer validateAddress injection	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	CVE-2021-3603
16	Microsoft Windows Service Control Manager access control	6.3	6.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	CVE-2015-1702
17	Microsoft Windows Service Control Manager privileges management	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	CVE-2000-0737
18	PDF.js Viewer Plugin Shortcode cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	CVE-2021-24759
19	Aviatrix Controller pathname traversal	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2021-40870
20	Apple Mac OS X Server Wiki Server cross site scripting	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.03	CVE-2009-2814

Campaigns (3)

These are the campaigns that can be associated with the actor:

Taiwan Government Agencies
Xxxxxxxx
Xxxxxxxxx

IOC - Indicator of Compromise (10)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Confidence
1	10.0.0.211		BlackTech	WaterBear	High
2	43.240.12.81	mail.terascape.net	BlackTech	Taiwan Government Agencies	High
3	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxx.xxx	Xxxxxxxxx	Xxxxxxxx	Medium
4	XX.XXX.XX.XX	xxxxx.xxxx.xx	Xxxxxxxxx	Xxxxxx Xxxxxxxxxx Xxxxxxxx	High
5	XX.XXX.XX.XXX	xxxxx.xxxx.xx	Xxxxxxxxx	Xxxxxx Xxxxxxxxxx Xxxxxxxx	High
6	XX.XXX.XX.XX	xx-xxx-xx-xx.xxxx.xxxx.xxx.xx	Xxxxxxxxx	Xxxxxxxx	High
7	XXX.XXX.XXX.XX		Xxxxxxxxx	Xxxxxx Xxxxxxxxxx Xxxxxxxx	High
8	XXX.XXX.XXX.XX		Xxxxxxxxx	Xxxxxx Xxxxxxxxxx Xxxxxxxx	High
9	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxx		High
10	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxx	Xxxxxxxxx	Xxxxxxxx	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Confidence
1	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
2	T1068	CWE-264, CWE-284	Execution with Unnecessary Privileges	High
3	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx	High
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	High
5	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	High
6	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	High

IOA - Indicator of Attack (78)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Confidence
1	File	/mifs/c/i/reg/reg.html	High
2	File	/server-info	Medium
3	File	/wp-json/oembed/1.0/embed?url	High
4	File	a2billing/customer/iridium_threed.php	High
5	File	admin.php?s=/Channel/add.html	High
6	File	admin/class-bulk-editor-list-table.php	High
7	File	administrator/components/com_media/helpers/media.php	High
8	File	auth.asp	Medium
9	File	base/ErrorHandler.php	High
10	File	xxx-xxx/xxxxxx	High
11	File	xxxx/xxxxxxxxxxxxx/xxxxxxx.xxx	High
12	File	xxxx/xxxxxxxxxxxxxxx.xxx	High
13	File	xxxx_xxxxx.xxx	High
14	File	xxxxxx.xxx	Medium
15	File	xxxx/xxxxxxxx.xxxx.xxxxxxx.xxx	High
16	File	xxxxxxxxxxx/xxxx-xxxxxx-xxxxxx.xxx	High
17	File	xxxxxxxxx/xx/xxxxxxxxxxxx.xxx	High
18	File	xxxx.xxx	Medium
19	File	xxxx/xxxxxxxxxx.xxx	High
20	File	xxxxx.xxx	Medium
21	File	xxx/xxx_xxx_xx.xxxx	High
22	File	xxxx_xxxx.xxx	High
23	File	xxxxxxx.xxx	Medium
24	File	xxxxxxxxx/xxxxxxx.xxx.xxx	High
25	File	xxx.x	Low
26	File	xxxxxxx.xxx	Medium
27	File	xxx_xxxx.xxx	Medium
28	File	xxxxx/xxxxx.xxx	High
29	File	xxxxxxx/xxxx.xxx	High
30	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	High
31	File	xxxxxxx/xxxxx/xxxx-xxx/xxxxxx.x	High
32	File	xxxxx.xxx	Medium
33	File	xxxxxx.xxx	Medium
34	File	xxxxxxxxx.x	Medium
35	File	xxxxxxxx/xxxxxxxx	High
36	File	xxxxx.xxx	Medium
37	File	xxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxx	High
38	File	xxxxxxx.xxx	Medium
39	File	xx-xxxxx/xxxxx-xxxx.xxx	High
40	File	xx-xxxxx/xxxxxx-xxxx.xxx	High
41	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	High
42	Library	xxx/xxxx/xxxxxx.xxxxx.xxx	High
43	Argument	xxxxxx_xxxx	Medium
44	Argument	xxxxxxx	Low
45	Argument	xxxx_xx	Low
46	Argument	xxxxxxx-xxxxxx	High
47	Argument	xxxxxxx_xx	Medium
48	Argument	xxx_xxx	Low
49	Argument	xxxxxxxxxxxxxxx	High
50	Argument	xxxxxx	Low
51	Argument	xxxx	Low
52	Argument	xxxxxxx	Low
53	Argument	xxxx	Low
54	Argument	xx	Low
55	Argument	xxxxxxxxx	Medium
56	Argument	xx_xxxx	Low
57	Argument	x/xx/xxx	Medium
58	Argument	xxxxxxxxxx	Medium
59	Argument	xxxx	Low
60	Argument	xxxx/xxxxxxx	Medium
61	Argument	xxxxxxxxxxxxxxxxxxxxxxx	High
62	Argument	xxxxx	Low
63	Argument	xxxxxx_xxxx	Medium
64	Argument	xxxxxxxxxxxxx	High
65	Argument	xxxxxxxx_xxxxxxx	High
66	Argument	xxxxxx	Low
67	Argument	xxxxxxxx[]	Medium
68	Argument	xxxxxxxx[xxxx]	High
69	Argument	xxx	Low
70	Argument	xxx_xxxx[x][]	High
71	Argument	xxxxxxxx/xxx	Medium
72	Argument	xx	Low
73	Argument	xxxxxxxxxxxxx	High
74	Argument	xxx	Low
75	Argument	xxxxxxxxxxxxx	High
76	Input Value	-x	Low
77	Input Value	xxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]	High
78	Network Port	xxx xxxxxx xxxx	High

References (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!