BlackTech Analysis

IOB - Indicator of Behavior (332)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en256
zh66
de4
es2
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ms144
cn118
us68

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BlackTech9
Mofang1
PlugX1
Luoxk1
PingPull1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined112
Content Management System26
Firewall Software16
Operating System12
Programming Language Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined118
Microsoft16
Apache10
Palo Alto8
Oracle6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Palo Alto PAN-OS8
phpMyAdmin6
PHP4
KeyCloak4
Apache HTTP Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1vTiger CRM sql injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00890CVE-2019-11057
2Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.64728CVE-2022-1040
3PAN-OS improper authentication7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.030.01055CVE-2019-1572
4WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01974CVE-2017-5611
5XoruX LPAR2RRD/STOR2RRD hard-coded credentials6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00954CVE-2021-42371
6Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.61804CVE-2021-34473
7FCKeditor Connector Module path traversal7.37.0$0-$5k$0-$5kHighOfficial Fix0.030.92736CVE-2009-2265
8RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.02762CVE-2020-12640
9Mailman input validation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01018CVE-2018-13796
10OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.36880CVE-2022-1292
11Kingsoft WPS Office Registry wpsupdater.exe access control5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.030.23850CVE-2022-24934
12Palo Alto PAN-OS cleartext transmission5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2020-2013
13Palo Alto PAN-OS Maintenance Mode config6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2020-2041
14RoundCube Contact Photo photo.inc Absolute path traversal6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.100.01132CVE-2015-8794
15Roundcube Webmail Configuration File access control7.06.7$0-$5k$0-$5kHighOfficial Fix0.020.04804CVE-2017-16651
16phpMyAdmin Designer sql injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.010.00885CVE-2019-6798
17EmbedThis HTTP Library/Appweb httpLib.c authCondition improper authentication7.77.3$0-$5k$0-$5kHighOfficial Fix0.050.00954CVE-2018-8715
18Liferay Portal CE JSON Payload deserialization7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.020.05634CVE-2019-16891
19Apache Solr ResourceLoader path traversal5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.03384CVE-2013-6397
20ThinkPHP input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.84749CVE-2019-9082

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (18)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
110.0.0.211BlackTechWaterBearverifiedHigh
243.240.12.81mail.terascape.netBlackTechTaiwan Government AgenciesverifiedHigh
345.76.102.14545.76.102.145.vultr.comBlackTechTSCookieverifiedMedium
445.124.25.31hkhdc.laws.msBlackTechTaiwan Government AgenciesverifiedHigh
5XX.XXX.XX.XXXxxxxx.xxxx.xxXxxxxxxxxXxxxxx Xxxxxxxxxx XxxxxxxxverifiedHigh
6XX.XXX.XX.XXxx-xxx-xx-xx.xxxx.xxxx.xxx.xxXxxxxxxxxXxxxxxxxverifiedHigh
7XXX.XX.XX.XXXXxxxxxxxxverifiedHigh
8XXX.XXX.XXX.XXXxxxxxxxxXxxxxx Xxxxxxxxxx XxxxxxxxverifiedHigh
9XXX.XXX.XXX.XXXxxxxxxxxXxxxxx Xxxxxxxxxx XxxxxxxxverifiedHigh
10XXX.XXX.XXX.XXXXxxxxxxxxverifiedHigh
11XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
12XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
13XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
14XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
15XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
16XXX.XXX.XXX.Xxxx.xxx.xxx.x.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxverifiedHigh
17XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxxxverifiedHigh
18XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxxxxxxxXxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (155)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cdsms/classes/Master.php?f=delete_enrollmentpredictiveHigh
2File/cgi-bin/portalpredictiveHigh
3File/cgi-mod/lookup.cgipredictiveHigh
4File/forum/away.phppredictiveHigh
5File/mifs/c/i/reg/reg.htmlpredictiveHigh
6File/modules/profile/index.phppredictiveHigh
7File/RPC2predictiveLow
8File/server-infopredictiveMedium
9File/service/uploadpredictiveHigh
10File/tmppredictiveLow
11File/uncpath/predictiveMedium
12File/wp-json/oembed/1.0/embed?urlpredictiveHigh
13Filea2billing/customer/iridium_threed.phppredictiveHigh
14Fileadmin.phppredictiveMedium
15Fileadmin.php?s=/Channel/add.htmlpredictiveHigh
16Fileadmin/class-bulk-editor-list-table.phppredictiveHigh
17Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
18Filexxxxxxxxxxx\xxx\xxxxxxxxxx\xxxx.xxxpredictiveHigh
19Filexxxxxxxx\xxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
22Filexxx-xxx/xxxxxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxx/xxxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
25Filex_xxxxxxpredictiveMedium
26Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxx_xxxxx.xxxpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictiveHigh
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictiveHigh
32Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
33Filexxxxxxxxxxx/xxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
34Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
35Filexx/xxxxxx_xxx.xpredictiveHigh
36Filexx/xxxx/xxx.xpredictiveHigh
37Filexx/xx-xx.xpredictiveMedium
38Filexxxx.xxxpredictiveMedium
39Filexxxxx_xxxxxxxx.xxxpredictiveHigh
40Filexxxx/xxxxxxxxxx.xxxpredictiveHigh
41Filexxx/xxxxxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveHigh
44Filexxx/xxx_xxx_xx.xxxxpredictiveHigh
45Filexxxx_xxxx.xxxpredictiveHigh
46Filexxxxxxx.xxxpredictiveMedium
47Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveHigh
48Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
49Filexxxxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
50Filexxx.xpredictiveLow
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxxxx.xxxpredictiveMedium
53Filexxxxxxx.xxpredictiveMedium
54Filexxx_xxxx.xxxpredictiveMedium
55Filexxxxx/xxxxx.xxxpredictiveHigh
56Filexxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxx/xxxx.xxxpredictiveHigh
58Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
59Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
60Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
61Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
62Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
63Filexxx.xpredictiveLow
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictiveHigh
66Filexxxxx.xxxpredictiveMedium
67Filexxxx-xxxxxxxxx.xxxpredictiveHigh
68Filexxxxxx.xxxpredictiveMedium
69Filexxxx.xxxxpredictiveMedium
70Filexxxxxxxxx.xpredictiveMedium
71Filexxxxxxxx/xxxxxxxxpredictiveHigh
72Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
73Filexxxxxxxxx.xxxpredictiveHigh
74Filexxxxx.xxxpredictiveMedium
75Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictiveHigh
76Filexxxxxxx.xxxpredictiveMedium
77Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
78Filexxxxxxx.xxxpredictiveMedium
79Filexxxxxxxx.xxxpredictiveMedium
80Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
81Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
82Filexx-xxxxx/xxxxxx-xxxx.xxxpredictiveHigh
83Filexx-xxxxxxx/xxxxxxx/xx-xxxxxxxx-xxxxx-xxx/predictiveHigh
84Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
85Filexxxxxxxxxx.xxxpredictiveHigh
86Filexx_xxx_xxxxxx.xxxpredictiveHigh
87File~/xxxxxxxx-xxxxxxxx.xxxpredictiveHigh
88Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictiveHigh
89Libraryxxxx/xxxxxxx.xpredictiveHigh
90Libraryxxxxxxxx.xxxpredictiveMedium
91Libraryxxx/xxxx/xxxxxx.xxxxx.xxxpredictiveHigh
92Libraryxxx/xxx.xxxpredictiveMedium
93Argument-xpredictiveLow
94ArgumentxxxxxxxpredictiveLow
95ArgumentxxxxxxpredictiveLow
96Argumentxxxxxx_xxxxpredictiveMedium
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxpredictiveLow
100ArgumentxxxpredictiveLow
101Argumentxxxx_xxpredictiveLow
102Argumentxxxxxxx-xxxxxxpredictiveHigh
103Argumentxxxxxxx_xxpredictiveMedium
104Argumentxxx_xxxpredictiveLow
105ArgumentxxxxxxxxxxxxxxxpredictiveHigh
106ArgumentxxxxxxpredictiveLow
107ArgumentxxxxpredictiveLow
108ArgumentxxxxxxxpredictiveLow
109ArgumentxxxxpredictiveLow
110ArgumentxxpredictiveLow
111ArgumentxxxxxxxxxpredictiveMedium
112Argumentxx_xxxxpredictiveLow
113ArgumentxxxxxpredictiveLow
114Argumentx/xx/xxxpredictiveMedium
115ArgumentxxxxpredictiveLow
116ArgumentxxxxxxxxxxpredictiveMedium
117ArgumentxxxxpredictiveLow
118Argumentxxxx/xxxxxxxpredictiveMedium
119ArgumentxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
120ArgumentxxxxxpredictiveLow
121ArgumentxxxxxxxpredictiveLow
122Argumentxxxxxx_xxxxpredictiveMedium
123ArgumentxxxxxxxxpredictiveMedium
124ArgumentxxxxxxxpredictiveLow
125ArgumentxxxxxxxxxxxxxpredictiveHigh
126Argumentxxxxxxxx_xxxxxxxpredictiveHigh
127ArgumentxxxxxxxxpredictiveMedium
128ArgumentxxxxxxpredictiveLow
129ArgumentxxxxpredictiveLow
130Argumentxxxxxx/xxxxxpredictiveMedium
131Argumentxxxxxxxx[]predictiveMedium
132Argumentxxxxxxxx[xxxx]predictiveHigh
133ArgumentxxxxpredictiveLow
134Argumentxxxx_xxxxpredictiveMedium
135ArgumentxxxpredictiveLow
136ArgumentxxxxxxxxpredictiveMedium
137Argumentxxx_xxxx[x][]predictiveHigh
138Argumentxxxxxxxx/xxxpredictiveMedium
139Argumentxxxxxx[]predictiveMedium
140ArgumentxxpredictiveLow
141ArgumentxxxxxxxxxxxxxpredictiveHigh
142ArgumentxxxpredictiveLow
143ArgumentxxxxxxxxpredictiveMedium
144Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
145ArgumentxxxxxxxxxxxxxpredictiveHigh
146ArgumentxxxxxpredictiveLow
147Argument_xxxpredictiveLow
148Argument_xxxxpredictiveLow
149Argument_xxxxpredictiveLow
150Input Value-xpredictiveLow
151Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
152Input Value…/.predictiveLow
153Pattern|xx|xx|xx|predictiveMedium
154Pattern|xx xx xx|predictiveMedium
155Network Portxxx xxxxxx xxxxpredictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!