BlueNoroff Analysis

IOB - Indicator of Behavior (46)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38
de4
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us38
vn6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin2
PHP2
WordPress2
Cisco Email Security Appliance2
Cisco Web Security Appliance2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2Apache James Server os command injection8.17.9$5k-$25k$5k-$25kNot DefinedOfficial Fix0.020.82150CVE-2015-7611
3Laravel deserialization6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00885CVE-2022-2886
4laravel deserialization4.13.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00885CVE-2022-2870
5F5 BIG-IP iControl REST Authentication bash missing authentication9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.91244CVE-2022-1388
6Synacor Zimbra Collaboration mboximport pathname traversal4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.14469CVE-2022-27925
7Cisco ASA SNMP Service memory corruption8.88.6$25k-$100k$0-$5kHighOfficial Fix0.020.91774CVE-2016-6366
8phpMyAdmin cross_framing_protection.js code injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.020.73021CVE-2012-5159
9LimeSurvey Participant Model sql injection8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2019-25019
10LimeSurvey Textbox cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.050.00885CVE-2020-23710
11Cisco Email Security Appliance/Web Security Appliance Multipurpose Internet Mail Extensions Scanner 7pk error7.47.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.180.01213CVE-2016-1480
12FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.180.01213CVE-2008-5928
13Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.020.00986CVE-2009-4889
14PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.03129CVE-2007-1287
15Google Chrome SSL Error Message URL cryptographic issues6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.070.01055CVE-2012-2898
16jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.04499CVE-2019-7550
17DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.420.04187CVE-2010-0966
18Stadtaus Tell A Friend Script tell_a_friend.inc.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.050.01319CVE-2005-0679
19Simplemachines SMF sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01213CVE-2011-3615
20PunBB profile.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00986CVE-2005-1051

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/mgmt/tm/util/bashpredictiveHigh
2File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
3Fileauth.phppredictiveMedium
4Filebooks.phppredictiveMedium
5Filexxxxx_xx_xxxxxxxxx.xxxpredictiveHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxxxx.xxxpredictiveHigh
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
14Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxx_x_xxxxxx.xxx.xxxpredictiveHigh
17Filexxxxxx.xxxpredictiveMedium
18Argumentxxx_xxxxpredictiveMedium
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxxxxxpredictiveLow
21ArgumentxxxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxpredictiveLow
24ArgumentxxxxxxxxxxxpredictiveMedium
25Argumentxxxxxxx_xxxpredictiveMedium
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxxxpredictiveLow
28Argumentxxxxxx_xxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!