BlueNoroff Analysis

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en56
zh4
de4
ja2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us56
vn8
jp4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

F5 BIG-IP2
Samba2
Microsoft IIS2
Thomas R. Pasawicz HyperBook Guestbook2
Sendmail2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Microsoft Windows Domain Name Service Privilege Escalation6.66.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01058CVE-2023-28223
3HTTP/2 Stream Rapid Reset denial of service6.46.3$0-$5k$0-$5kHighOfficial Fix0.020.70585CVE-2023-44487
4Apache James Server os command injection8.17.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.78935CVE-2015-7611
5Frappe Framework sql injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00274CVE-2019-14966
6Alt-N MDaemon Worldclient injection4.94.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00090CVE-2021-27182
7Ivanti Endpoint Manager Mobile improper authentication9.99.7$0-$5k$0-$5kHighOfficial Fix0.000.96231CVE-2023-35078
8Hitachi Vantara Pentaho Business Analytics Server Data Lineage cleartext transmission6.36.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00135CVE-2021-45447
9Oracle Application Server sql injection5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00322CVE-2007-0286
10Live555 Streaming Media parseRTSPRequestString numeric error7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000.87706CVE-2013-6934
11Oracle Solaris Utility Local Privilege Escalation7.77.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00043CVE-2023-21985
12Appindex MWChat start_lobby.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01895CVE-2005-1869
13Coinsoft Technologies phpCOIN db.php path traversal5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.03877CVE-2005-4212
14Damien Benier MyAlbum language.inc.php code injection7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.030.09238CVE-2006-5865
15SourceCodester Grade Point Average GPA Calculator index.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00062CVE-2023-1743
16SourceCodester Grade Point Average GPA Calculator index.php information disclosure5.45.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00097CVE-2023-1769
17OpenResty API ngx_http_lua_subrequest.c request smuggling7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00580CVE-2020-11724
18OpenResty ngx.req.get_post_args sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00637CVE-2018-9230
19Netgate pf Sense ACME Package acme_certificate_edit.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00085CVE-2020-21219
20Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.080.00817CVE-2014-4078

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/mgmt/tm/util/bashpredictiveHigh
2File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
3Fileacme_certificate_edit.phppredictiveHigh
4Fileauth.phppredictiveMedium
5Filebooks.phppredictiveMedium
6Fileclass_gw_2checkout.phppredictiveHigh
7Filexxxx_xxxxxxxx/xx.xxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxxxxxx.xxxpredictiveHigh
10Filexxx/xxxxxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxxxxx.xxx.xxxpredictiveHigh
14Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
18Filexxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xxpredictiveHigh
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxxx_xxxxx.xxxpredictiveHigh
21Filexxxx_x_xxxxxx.xxx.xxxpredictiveHigh
22Filexxxxxx.xxxpredictiveMedium
23Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
24Argumentxxx_xxxxpredictiveMedium
25ArgumentxxxxxxxxpredictiveMedium
26ArgumentxxxxxxpredictiveLow
27ArgumentxxxpredictiveLow
28Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxpredictiveLow
31ArgumentxxxxxxxxxxxpredictiveMedium
32Argumentxxxxxxx_xxxpredictiveMedium
33Argumentxxxxx_xxxpredictiveMedium
34ArgumentxxxxpredictiveLow
35ArgumentxxxxxxxxpredictiveMedium
36ArgumentxxxxpredictiveLow
37ArgumentxxxxxxxxxxpredictiveMedium
38Argumentxxxxxx_xxxxpredictiveMedium
39Argument_xxxx[_xxx_xxxx_xxxxpredictiveHigh
40Input Valuexxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!