BlankSlate Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (158)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en130
pt8
de8
ru8
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

GB: Great Britain76
US: USA44
DE: Germany8
RU: Russia8
FR: France4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BlankSlate4
Cerber3
Ave Maria1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined70
WordPress Plugin14
Content Management System12
Database Software4
Anti-Malware Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
SourceCodester22
Wondershare6
Totolink4
Campcodes4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Zillya! Antivirus4
phpBP2
SQLite SQLite32
Autodesk AutoCAD2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.30CVE-2010-0966
2JetBrains PhpStorm idea.log log file3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2022-48435
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.038280.00CVE-2007-1192
4WPForms Pro Form Submission cross site scripting5.95.8$0-$5k$0-$5kNot DefinedNot Defined0.000590.02CVE-2023-7063
5All in One SEO Pack Plugin cross site scripting3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.000840.00CVE-2023-0585
6All in One SEO Pack Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2023-0586
7JetBrains IntelliJ IDEA Authentication Token information disclosure5.25.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2024-24941
8PHPGurukul Online Notes Sharing System profile.php cross-site request forgery4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000710.12CVE-2023-7052
9Views for WPForms Plugin create_view cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2024-0374
10SourceCodester Responsive Ordering System Product_model.php unrestricted upload6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.019930.00CVE-2021-25206
11WPForms Pro Plugin csv injection7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003200.05CVE-2022-3574
12Wondershare Dr.Fone permission7.37.2$0-$5k$0-$5kNot DefinedNot Defined0.000900.02CVE-2023-29835
13code-projects Crud Operation System add.php cross site scripting5.65.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000660.20CVE-2024-11820
14ZZCMS ChangeTable.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2024-10292
15Autodesk AutoCAD/Advance Steel/Civil 3D STP File ASMKERN228A.dll out-of-bounds write7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-0446
16SourceCodester Petrol Pump Management Software invoice.php sql injection4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.001450.02CVE-2024-10355
17code-projects Pharmacy Management System Manage Customer Page manage_customer.php cross site scripting3.23.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000660.09CVE-2024-10198
18WPForms Google Sheet Connector Plugin cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2023-2321
19Totolink X2000R_V2 boa formTmultiAP buffer overflow8.68.5$0-$5k$0-$5kNot DefinedNot Defined0.005860.04CVE-2023-7208
20SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002140.14CVE-2023-0283

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
119.48.17.0BlankSlate04/01/2022verifiedLow
254.68.27.226ec2-54-68-27-226.us-west-2.compute.amazonaws.comBlankSlate04/01/2022verifiedLow
3XX.XX.XX.Xxxxxxxx-xxx-xxx-xxx-xxx.xx.xx.xxxx.xxxxxxxxxx.xxXxxxxxxxxx04/01/2022verifiedVery Low
4XX.XX.XXX.Xxxx.xx-xx-xx-xxx.xxXxxxxxxxxx04/01/2022verifiedLow
5XXX.XX.XXX.XXXxxxxxxxxx04/01/2022verifiedMedium
6XXX.XXX.X.XXXxxx.x.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx04/01/2022verifiedLow
7XXX.XXX.XXX.Xxxx.xxxx.xxx.xxxx.xxxxxxxXxxxxxxxxx04/01/2022verifiedLow
8XXX.XXX.XXX.Xxxx.xx-xxx-xxx-xxx.xxXxxxxxxxxx04/01/2022verifiedLow
9XXX.XXX.XXX.XXxxxxxxxxx04/01/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (143)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/add.phppredictiveMedium
2File/admin/index.phppredictiveHigh
3File/admin/invoice.phppredictiveHigh
4File/admin/list_addr_fwresource_ip.phppredictiveHigh
5File/admin/makehtml_freelist_action.phppredictiveHigh
6File/admin/return_add.phppredictiveHigh
7File/admin/save.phppredictiveHigh
8File/admin/service/stop/predictiveHigh
9File/admin/students/manage_academic.phppredictiveHigh
10File/api/v1/attack/falcopredictiveHigh
11File/application/websocket/controller/Setting.phppredictiveHigh
12File/bin/boapredictiveMedium
13File/cgi-bin/cstecgi.cgipredictiveHigh
14File/cgi-bin/discovery.cgipredictiveHigh
15File/cgi-bin/login_action.cgipredictiveHigh
16File/event/admin/?page=user/listpredictiveHigh
17File/include/file.phppredictiveHigh
18File/index.phppredictiveMedium
19File/xxxxx.xxx?xxxx=xxxxxxxx_xxxpredictiveHigh
20File/xxxxxx_xxxxxxxx.xxxpredictiveHigh
21File/xxxx/xxxxx/xxxxxxpredictiveHigh
22File/xxxxxxxxxxxxxxxpredictiveHigh
23File/xxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
24File/xxxxxxxx.xxxpredictiveHigh
25File/xxxxxxxx/xxxxpredictiveHigh
26File/xxxxxxx/predictiveMedium
27File/xxxx/xxxxxxx.xxxpredictiveHigh
28File/xxxxxxxxxx.xxxpredictiveHigh
29File/xxx_xxxx/xxx-xxx/xxxxxxx.xxxpredictiveHigh
30File/xxxxxx/xxxxx.xxx/xxxxx/xxxxx/xxx_xxxxxx_xxxxxxxx.xxxxpredictiveHigh
31Filex/xxxxx.x/xxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
34Filexxxxx/xxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
35Filexxx/xxxxxx/xxxxxx.xxxpredictiveHigh
36Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
37Filexxx/xxxx/xxxxx/xxxx.xxxpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxxxx.xxxpredictiveMedium
41Filexxxxxx-xxxxxxx.xxxpredictiveHigh
42Filexxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
44Filexxxx/xx-xxxxxxx.xxxpredictiveHigh
45Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxx.xxxpredictiveMedium
47Filexxxxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
48Filexxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
50Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
51Filexxxx.xxxpredictiveMedium
52Filexxx/xxxxxxx/xxxxxxxxxxxxxx.xpredictiveHigh
53Filexxxxxxxx/xxxxx.xxxpredictiveHigh
54Filexxxx.xxxpredictiveMedium
55Filexxx/xxxxxx.xxxpredictiveHigh
56Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
57Filexxxxx.xxxpredictiveMedium
58Filexx/xxxxxxx.xpredictiveMedium
59Filexxxxx/xxxx.xxxpredictiveHigh
60Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
61Filexxx.x/xxxxxx.xpredictiveHigh
62Filexxxxxx/xxx/xxxxxxxxxxx/xxxx_xxxxxxxxxx.xxpredictiveHigh
63Filexxxxxxxxxx.xxxpredictiveHigh
64Filexxxxxxxxx.xxxpredictiveHigh
65Filexxxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
66Filexxxxxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
67Filexxxxxxxxx.xxxpredictiveHigh
68Filexxxxx_xxxxx_xxx.xxxpredictiveHigh
69Filexxxxxxx.xxxpredictiveMedium
70Filexxxxxxx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxxpredictiveHigh
71Filexxxxxxx_xxxxx.xxxpredictiveHigh
72Filexxxxxxxx.xxxpredictiveMedium
73Filexxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
74Filexxxxxxxxx/xxxx/xxxxxxxxx.xxxpredictiveHigh
75Filexxxx/xxxx/predictiveMedium
76Filexxxxxx_xxxxxx.xxxpredictiveHigh
77FilexxxxxxxxxpredictiveMedium
78Filexxxx/xxxxx_xxxxxx.xxxpredictiveHigh
79Filexxxxxx.xxxpredictiveMedium
80Filexxxxxx_xxxxxxx.xxxpredictiveHigh
81Filexxxxx_xxxx.xxxpredictiveHigh
82Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
83Filexxxxxx_xxx_xxxxx_xxx.xxxpredictiveHigh
84Filexxxxxxxx/xxxxx/xxx_xxx.xxxpredictiveHigh
85Filexxxx_x_xxxx.xxxpredictiveHigh
86Filexxxxx/xxxx_xxxx.xxxpredictiveHigh
87Libraryxxxxxxxxxxx.xxxpredictiveHigh
88Libraryxxxxxx.xxxpredictiveMedium
89Libraryxxx.xxxpredictiveLow
90Argument$xxxx["xx"]predictiveMedium
91Argument$_xxxxxx['xxx_xxxx']predictiveHigh
92Argument$_xxxxxx['xxxxxx_xxxx']predictiveHigh
93ArgumentxxxxxxpredictiveLow
94ArgumentxxxxxxpredictiveLow
95ArgumentxxxxxxxxpredictiveMedium
96ArgumentxxxxxxxpredictiveLow
97ArgumentxxxxxxxxxxxxxxpredictiveHigh
98Argumentx_xxxxxxpredictiveMedium
99ArgumentxxxxxxxxxxxpredictiveMedium
100Argumentxxx_xxxxpredictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxxxpredictiveLow
103ArgumentxxxxxxxxxxxxpredictiveMedium
104ArgumentxxxxxpredictiveLow
105Argumentxxxxx/xxxxxxx/xxx/xxpredictiveHigh
106Argumentxxxxx_xxxxxxxpredictiveHigh
107ArgumentxxxxxpredictiveLow
108ArgumentxxxxpredictiveLow
109Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
110ArgumentxxxxxpredictiveLow
111Argumentxxxx_xxxxpredictiveMedium
112ArgumentxxpredictiveLow
113Argumentxxxxx_xxxxpredictiveMedium
114Argumentxxx_xxx_xxxxxpredictiveHigh
115ArgumentxxxxxxpredictiveLow
116ArgumentxxxxpredictiveLow
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxx_xxxxx_xxpredictiveMedium
120Argumentxxxxxxxxxx/xxxx/xxxxxxxx/xxxx/xxxxxxx_xxxxpredictiveHigh
121ArgumentxxxxxxxxpredictiveMedium
122ArgumentxxxxxxxxpredictiveMedium
123Argumentxxxx_xxxxpredictiveMedium
124ArgumentxxxxxxxpredictiveLow
125ArgumentxxxxxxxpredictiveLow
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxpredictiveLow
128ArgumentxxxxxxxxpredictiveMedium
129ArgumentxxxxxxxxxxxxpredictiveMedium
130ArgumentxxxxxxxpredictiveLow
131ArgumentxxxxxxxpredictiveLow
132Argumentxxxxxxxxx_xxxx/xxxxxxxpredictiveHigh
133ArgumentxxxxxxxxxpredictiveMedium
134Argumentxxxx_xxxxpredictiveMedium
135Argumentx_xxxx/x_xxxxpredictiveHigh
136ArgumentxxxpredictiveLow
137ArgumentxxxxpredictiveLow
138ArgumentxxxxxxxxpredictiveMedium
139Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
140Input Value(xxxxxxxxx(xxxx,xxxxxx(xxxx,xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx),xxxx))predictiveHigh
141Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
142Input Valuexxxxxxx%xxxxxxxxx.xxx'%xx%xx<xxxxxx%xx>xxxxx(xxxx)</xxxxxx>predictiveHigh
143Network Portxxx/xx (xxx)predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!