BlankSlate Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en100
de10
ru8
fr4
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

GB: Great Britain60
US: USA26
DE: Germany8
RU: Russia6
FR: France4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BlankSlate4
Cerber2
Ave Maria1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined62
WordPress Plugin16
Content Management System4
Anti-Malware Software4
Server Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
SourceCodester16
InterWorx4
JetBrains4
Zillya!4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Zillya! Antivirus4
Thomas R. Pasawicz HyperBook Guestbook2
InterWorx NodeWorx2
60IndexPage2
SourceCodester Event Registration System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.61CVE-2010-0966
2JetBrains PhpStorm idea.log log file3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2022-48435
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
4All in One SEO Pack Plugin cross site scripting3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.001070.07CVE-2023-0585
5All in One SEO Pack Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000760.07CVE-2023-0586
6JetBrains IntelliJ IDEA Authentication Token information disclosure5.25.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-24941
7PHPGurukul Online Notes Sharing System profile.php cross-site request forgery4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.05CVE-2023-7052
8Views for WPForms Plugin create_view cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000520.03CVE-2024-0374
9SourceCodester Responsive Ordering System Product_model.php unrestricted upload6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.008120.00CVE-2021-25206
10WPForms Pro Plugin csv injection7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002830.08CVE-2022-3574
11Wondershare Dr.Fone permission7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.000820.05CVE-2023-29835
12WPForms Contact Form Plugin Price improper authentication7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000520.04CVE-2024-3649
13WPForms Pro Form Submission cross site scripting5.95.8$0-$5k$0-$5kNot DefinedNot Defined0.000520.04CVE-2023-7063
14Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.09CVE-2023-5681
15Campcodes Simple Student Information System manage_academic.php sql injection6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.05CVE-2023-5929
16Campcodes Simple Student Information System index.php sql injection6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.06CVE-2023-5923
17CodeAstro Internet Banking System pages_reset_pwd.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.09CVE-2023-5695
18SourceCodester Engineers Online Portal downloadable_student.php sql injection7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000770.14CVE-2023-5276
19ZZZCMS Database Backup File save.php restore permission7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.00CVE-2023-5263
20MicroWorld eScan Anti-Virus runasroot incorrect execution-assigned permissions7.87.6$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.00CVE-2023-4383

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
119.48.17.0BlankSlate04/01/2022verifiedLow
254.68.27.226ec2-54-68-27-226.us-west-2.compute.amazonaws.comBlankSlate04/01/2022verifiedLow
3XX.XX.XX.Xxxxxxxx-xxx-xxx-xxx-xxx.xx.xx.xxxx.xxxxxxxxxx.xxXxxxxxxxxx04/01/2022verifiedVery Low
4XX.XX.XXX.Xxxx.xx-xx-xx-xxx.xxXxxxxxxxxx04/01/2022verifiedLow
5XXX.XX.XXX.XXXxxxxxxxxx04/01/2022verifiedMedium
6XXX.XXX.X.XXXxxx.x.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx04/01/2022verifiedLow
7XXX.XXX.XXX.Xxxx.xxxx.xxx.xxxx.xxxxxxxXxxxxxxxxx04/01/2022verifiedLow
8XXX.XXX.XXX.Xxxx.xx-xxx-xxx-xxx.xxXxxxxxxxxx04/01/2022verifiedLow
9XXX.XXX.XXX.XXxxxxxxxxx04/01/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-81CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/admin/list_addr_fwresource_ip.phppredictiveHigh
3File/admin/makehtml_freelist_action.phppredictiveHigh
4File/admin/return_add.phppredictiveHigh
5File/admin/save.phppredictiveHigh
6File/admin/service/stop/predictiveHigh
7File/admin/students/manage_academic.phppredictiveHigh
8File/api/v1/attack/falcopredictiveHigh
9File/application/websocket/controller/Setting.phppredictiveHigh
10File/cgi-bin/cstecgi.cgipredictiveHigh
11File/cgi-bin/login_action.cgipredictiveHigh
12File/event/admin/?page=user/listpredictiveHigh
13File/include/file.phppredictiveHigh
14File/index.phppredictiveMedium
15File/index.php?menu=asterisk_clipredictiveHigh
16File/xxxx/xxxxx/xxxxxxpredictiveHigh
17File/xxxxxxxxxxxxxxxpredictiveHigh
18File/xxxxxxxx/xxxxpredictiveHigh
19File/xxxxxxx/predictiveMedium
20File/xxxx/xxxxxxx.xxxpredictiveHigh
21File/xxxxxxxxxx.xxxpredictiveHigh
22File/xxxxxx/xxxxx.xxx/xxxxx/xxxxx/xxx_xxxxxx_xxxxxxxx.xxxxpredictiveHigh
23Filexxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
25Filexxxxx/xxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
26Filexxx/xxxxxx/xxxxxx.xxxpredictiveHigh
27Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
28Filexxx/xxxx/xxxxx/xxxx.xxxpredictiveHigh
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxx-xxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
35Filexxxx/xx-xxxxxxx.xxxpredictiveHigh
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
39Filexxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
40Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
41Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
42Filexxxx.xxxpredictiveMedium
43Filexxx/xxxxxxx/xxxxxxxxxxxxxx.xpredictiveHigh
44Filexxxxxxxx/xxxxx.xxxpredictiveHigh
45Filexxxx.xxxpredictiveMedium
46Filexxx/xxxxxx.xxxpredictiveHigh
47Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
48Filexxxxx.xxxpredictiveMedium
49Filexx/xxxxxxx.xpredictiveMedium
50Filexxxxx/xxxx.xxxpredictiveHigh
51Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
52Filexxx.x/xxxxxx.xpredictiveHigh
53Filexxxxxx/xxx/xxxxxxxxxxx/xxxx_xxxxxxxxxx.xxpredictiveHigh
54Filexxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
56Filexxxxxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxx.xxxpredictiveHigh
58Filexxxxx_xxxxx_xxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxxxx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxxpredictiveHigh
61Filexxxxxxx_xxxxx.xxxpredictiveHigh
62Filexxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxxx/xxxx/xxxxxxxxx.xxxpredictiveHigh
64Filexxxx/xxxx/predictiveMedium
65FilexxxxxxxxxpredictiveMedium
66Filexxxx/xxxxx_xxxxxx.xxxpredictiveHigh
67Filexxxxxx_xxxxxxx.xxxpredictiveHigh
68Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxx_xxx_xxxxx_xxx.xxxpredictiveHigh
70Filexxxxxxxx/xxxxx/xxx_xxx.xxxpredictiveHigh
71Filexxxx_x_xxxx.xxxpredictiveHigh
72Filexxxxx/xxxx_xxxx.xxxpredictiveHigh
73Libraryxxx.xxxpredictiveLow
74Argument$xxxx["xx"]predictiveMedium
75Argument$_xxxxxx['xxx_xxxx']predictiveHigh
76Argument$_xxxxxx['xxxxxx_xxxx']predictiveHigh
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxxxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxxxxpredictiveLow
81ArgumentxxxxxxxxxxxxxxpredictiveHigh
82Argumentx_xxxxxxpredictiveMedium
83ArgumentxxxxxxxxxxxpredictiveMedium
84Argumentxxx_xxxxpredictiveMedium
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxxpredictiveLow
87ArgumentxxxxxxxxxxxxpredictiveMedium
88ArgumentxxxxxpredictiveLow
89Argumentxxxxx/xxxxxxx/xxx/xxpredictiveHigh
90Argumentxxxxx_xxxxxxxpredictiveHigh
91ArgumentxxxxxpredictiveLow
92ArgumentxxxxpredictiveLow
93Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
94ArgumentxxxxxpredictiveLow
95Argumentxxxx_xxxxpredictiveMedium
96ArgumentxxpredictiveLow
97Argumentxxx_xxx_xxxxxpredictiveHigh
98ArgumentxxxxxxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101ArgumentxxxxxxxxpredictiveMedium
102Argumentxxx_xxxxx_xxpredictiveMedium
103Argumentxxxxxxxxxx/xxxx/xxxxxxxx/xxxx/xxxxxxx_xxxxpredictiveHigh
104ArgumentxxxxxxxxpredictiveMedium
105ArgumentxxxxxxxxpredictiveMedium
106Argumentxxxx_xxxxpredictiveMedium
107ArgumentxxxxxxxpredictiveLow
108ArgumentxxxxxxxpredictiveLow
109ArgumentxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111ArgumentxxxxxxxpredictiveLow
112Argumentxxxx_xxxxpredictiveMedium
113Argumentx_xxxx/x_xxxxpredictiveHigh
114ArgumentxxxpredictiveLow
115Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
116Input Value(xxxxxxxxx(xxxx,xxxxxx(xxxx,xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx),xxxx))predictiveHigh
117Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
118Input Valuexxxxxxx%xxxxxxxxx.xxx'%xx%xx<xxxxxx%xx>xxxxx(xxxx)</xxxxxx>predictiveHigh
119Network Portxxx/xx (xxx)predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!