BlueNoroff Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en29
de1

Country

us25
vn4
br1

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2Apache James Server os command injection8.17.7$5k-$25k$5k-$25kNot DefinedOfficial Fix0.04CVE-2015-7611
3Google Chrome SSL Error Message URL cryptographic issues6.56.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.00CVE-2012-2898
4jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.16CVE-2019-7550
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.73CVE-2010-0966
6Simplemachines SMF sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2011-3615
7PunBB profile.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2005-1051
8Invision Power Services IP.Board class_gw_2checkout.php input validation6.35.5$0-$5k$0-$5kUnprovenOfficial Fix0.05CVE-2007-4914
9Cisco IOS XE NAT/MPLS input validation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2015-6282
10CPG-Nuke Dragonfly CMS install.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.07CVE-2006-0644
11PHP PCRE memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.02
12Pivotal Spring Framework path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2014-3625
13Apache Tomcat Java Servlet 7pk security7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2017-5664
14Sendmail Access Restriction cryptographic issues7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2009-4565
15Samba Default Configuration path traversal4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2010-0926
16Timeclock Employee Timeclock Software Login auth.php sql injection7.37.1$0-$5k$0-$5kHighWorkaround0.08CVE-2010-0122
17MRTG mrtg.cgi path traversal5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2002-0232
18Plohni Advanced Comment System Installation index.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2009-4623
19Mapos Scripts shoutbox shoutbox.php file inclusion7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.00CVE-2007-4330
20Zoho ManageEngine ServiceDesk Plus FileDownload.jsp path traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.03CVE-2011-2757

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
145.238.25.2ip-45-238-25-2.interlink.com.brBlueNoroffverifiedHigh
2XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
3XXX.XX.XX.XXXxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1211CWE-2547PK Security FeaturespredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgipredictiveHigh
2Fileauth.phppredictiveMedium
3Fileclass_gw_2checkout.phppredictiveHigh
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxxxxxx.xxxpredictiveHigh
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxx.xxxpredictiveMedium
13Argumentxxx_xxxxpredictiveMedium
14ArgumentxxxxxxxxpredictiveMedium
15ArgumentxxxpredictiveLow
16ArgumentxxxxxxxxpredictiveMedium
17ArgumentxxpredictiveLow
18ArgumentxxxxxxxxxxxpredictiveMedium
19Argumentxxxxxxx_xxxpredictiveMedium
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!