BlueNoroff Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Sprache

en	56
de	6
zh	4
ja	2

Land

us	54
vn	6
br	2
cn	2
de	2

Akteure

BlueNoroff	6
BumbleBee	3
RecordBreaker	2
IcedID	2
Ursnif	1

Interesse

Typ

Not Defined	28
Forum Software	4
Application Server Software	4
Operating System	2
Database Administration Software	2

Hersteller

Not Defined	18
Apache	6
Microsoft	2
Timeclock	2
Zoho ManageEngine	2

Produkt

Microsoft Windows	2
phpMyAdmin	2
Timeclock Employee Timeclock Software	2
Zoho ManageEngine ServiceDesk Plus	2
Apache HTTP Server	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Microsoft Windows Domain Name Service Privilege Escalation	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.01058	CVE-2023-28223
3	HTTP/2 Stream Rapid Reset Denial of Service	6.4	6.3	$0-$5k	$0-$5k	High	Official Fix	0.02	0.70585	CVE-2023-44487
4	Apache James Server erweiterte Rechte	8.1	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.78935	CVE-2015-7611
5	Frappe Framework SQL Injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01	0.00274	CVE-2019-14966
6	Alt-N MDaemon Worldclient erweiterte Rechte	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.00090	CVE-2021-27182
7	Ivanti Endpoint Manager Mobile schwache Authentisierung	9.9	9.7	$0-$5k	Wird berechnet	High	Official Fix	0.00	0.96229	CVE-2023-35078
8	Hitachi Vantara Pentaho Business Analytics Server Data Lineage schwache Verschlüsselung	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00135	CVE-2021-45447
9	Oracle Application Server SQL Injection	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00322	CVE-2007-0286
10	Live555 Streaming Media parseRTSPRequestString Remote Code Execution	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.87706	CVE-2013-6934
11	Oracle Solaris Utility Local Privilege Escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00043	CVE-2023-21985
12	Appindex MWChat start_lobby.php erweiterte Rechte	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.01895	CVE-2005-1869
13	Coinsoft Technologies phpCOIN db.php Directory Traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.03877	CVE-2005-4212
14	Damien Benier MyAlbum language.inc.php erweiterte Rechte	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.03	0.09238	CVE-2006-5865
15	SourceCodester Grade Point Average GPA Calculator index.php Cross Site Scripting	4.4	4.3	$0-$5k	Wird berechnet	Proof-of-Concept	Not Defined	0.06	0.00060	CVE-2023-1743
16	SourceCodester Grade Point Average GPA Calculator index.php Information Disclosure	5.4	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00069	CVE-2023-1769
17	OpenResty API ngx_http_lua_subrequest.c erweiterte Rechte	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00580	CVE-2020-11724
18	OpenResty ngx.req.get_post_args SQL Injection	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00637	CVE-2018-9230
19	Netgate pf Sense ACME Package acme_certificate_edit.php Cross Site Scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00085	CVE-2020-21219
20	Microsoft IIS IP/Domain Restriction erweiterte Rechte	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.09	0.00817	CVE-2014-4078

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	45.238.25.2	ip-45-238-25-2.interlink.com.br	BlueNoroff	22.03.2022	verifiziert	High
2	104.168.174.80	client-104-168-174-80.hostwindsdns.com	BlueNoroff	05.01.2023	verifiziert	High
3	XXX.XXX.XXX.XX	xxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxxxxxx	05.01.2023	verifiziert	High
4	XXX.XX.XXX.XXX		Xxxxxxxxxx	22.03.2022	verifiziert	High
5	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	05.01.2023	verifiziert	High
6	XXX.XX.XXX.XX		Xxxxxxxxxx	05.01.2023	verifiziert	High
7	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	05.01.2023	verifiziert	High
8	XXX.XX.XX.XX		Xxxxxxxxxx	22.03.2022	verifiziert	High
9	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxx.xxxx.xx	Xxxxxxxxxx	05.01.2023	verifiziert	High

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CWE-21, CWE-22	Path Traversal	prädiktiv	High
2	T1040	CWE-319	Authentication Bypass by Capture-replay	prädiktiv	High
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
4	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/mgmt/tm/util/bash	prädiktiv	High
2	File	14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi	prädiktiv	High
3	File	acme_certificate_edit.php	prädiktiv	High
4	File	auth.php	prädiktiv	Medium
5	File	books.php	prädiktiv	Medium
6	File	class_gw_2checkout.php	prädiktiv	High
7	File	xxxx_xxxxxxxx/xx.xxx	prädiktiv	High
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
9	File	xxxxxxxxxxxx.xxx	prädiktiv	High
10	File	xxx/xxxxxx.xxx	prädiktiv	High
11	File	xxxxx.xxx	prädiktiv	Medium
12	File	xxxxxxx.xxx	prädiktiv	Medium
13	File	xxxxxxxx.xxx.xxx	prädiktiv	High
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	prädiktiv	High
15	File	xxxxxxx.xxx	prädiktiv	Medium
16	File	xxxxx.xxx	prädiktiv	Medium
17	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	prädiktiv	High
18	File	xxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xx	prädiktiv	High
19	File	xxxxxxxx.xxx	prädiktiv	Medium
20	File	xxxxx_xxxxx.xxx	prädiktiv	High
21	File	xxxx_x_xxxxxx.xxx.xxx	prädiktiv	High
22	File	xxxxxx.xxx	prädiktiv	Medium
23	Library	xxxxxx[xxxxxx_xxxx	prädiktiv	High
24	Argument	xxx_xxxx	prädiktiv	Medium
25	Argument	xxxxxxxx	prädiktiv	Medium
26	Argument	xxxxxx	prädiktiv	Low
27	Argument	xxx	prädiktiv	Low
28	Argument	xxxxxx[xxxxxx_xxxx]	prädiktiv	High
29	Argument	xxxxxxxx	prädiktiv	Medium
30	Argument	xx	prädiktiv	Low
31	Argument	xxxxxxxxxxx	prädiktiv	Medium
32	Argument	xxxxxxx_xxx	prädiktiv	Medium
33	Argument	xxxxx_xxx	prädiktiv	Medium
34	Argument	xxxx	prädiktiv	Low
35	Argument	xxxxxxxx	prädiktiv	Medium
36	Argument	xxxx	prädiktiv	Low
37	Argument	xxxxxxxxxx	prädiktiv	Medium
38	Argument	xxxxxx_xxxx	prädiktiv	Medium
39	Argument	_xxxx[_xxx_xxxx_xxxx	prädiktiv	High
40	Input Value	xxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxx	prädiktiv	High

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Interested in the pricing of exploits?

See the underground prices here!