BlackNet Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (34)

Idioma

en	30
ru	4

País

us	16
nl	4

Actores

BlackNet	2
Cobalt Strike	2
Mirai	2
FTP Info Stealer	1
BumbleBee	1

Interesar

Escribe

Not Defined	20
Operating System	4
Content Management System	2
Programming Language Software	2
WordPress Plugin	2

Proveedor

Not Defined	14
Linux	4
Thomas R. Pasawicz	2
SialWeb	2
Telesquare	2

Producto

Linux Kernel	4
Thomas R. Pasawicz HyperBook Guestbook	2
SialWeb CMS	2
Telesquare SDT-CS3B1	2
Telesquare SDT-CW3B1	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Linux Kernel BlueZ jlink.c jlink_init denegación de servicio	3.6	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.03	CVE-2022-3637
3	Tiki Admin Password tiki-login.php autenticación débil	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.34	CVE-2020-15906
4	Asus RT-AC86U Web URL escalada de privilegios	8.8	8.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00083	0.04	CVE-2023-28702
5	Asus RT-AC86U LPD Service escalada de privilegios	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.03	CVE-2022-25597
6	Asus RT-AC56U desbordamiento de búfer	8.8	8.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00073	0.07	CVE-2022-25596
7	Asus RT-AX56U V2/RT-AC86U cm_processChangedConfigMsg Format String	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00330	0.03	CVE-2023-35087
8	lighttpd mod_alias_physical_handler mod_alias.c directory traversal	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00493	0.02	CVE-2018-19052
9	Phpsugar PHP Melody Cookie watch.php sql injection	8.5	7.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00156	0.00	CVE-2017-15579
10	PDF24 Article To PDF Plugin cross site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00062	0.03	CVE-2022-1827
11	medoo columnQuote sql injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00146	0.02	CVE-2019-10762
12	Privoxy Template Name cgi_error_no_template cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00078	0.00	CVE-2021-44543
13	Telesquare SDT-CS3B1/SDT-CW3B1 Telnet Service autenticación débil	8.5	8.3	$0-$5k	$0-$5k	Not Defined	Workaround	0.00939	0.03	CVE-2018-12526
14	Mods for HESK Time-Based sql injection	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00322	0.03	CVE-2020-13993
15	Linux Kernel hid-elo.c hid_parse denegación de servicio	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-27950
16	Linux Kernel load_elf_binary desbordamiento de búfer	8.3	7.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00072	0.03	CVE-2017-1000253
17	Corero SecureWatch Managed Services HTTP API Endpoint get_snapshot directory traversal	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.00	CVE-2021-38136
18	Post Grid Plugin Slider Import Search cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00297	0.00	CVE-2021-24488
19	IBM i2 Analyze divulgación de información	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2021-29784
20	Apple watchOS WebKit desbordamiento de búfer	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00417	0.00	CVE-2021-30795

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	1.1.1.1	one.one.one.one	BlackNet	2021-07-18	verified	Alto
2	XX.XXX.XX.XX		Xxxxxxxx	2021-07-18	verified	Alto
3	XX.XXX.X.XX		Xxxxxxxx	2021-07-18	verified	Alto
4	XXX.XXX.XX.XX	xxx.xxx.xx.xx.xxxxx.xxx	Xxxxxxxx	2021-07-18	verified	Medio
5	XXX.XXX.XXX.XXX	xxx.xxxx.xx	Xxxxxxxx	2021-07-18	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/about.php	predictive	Medio
2	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	Alto
3	File	/phpwcms/setup/setup.php	predictive	Alto
4	File	xxxxxxxx.xxx	predictive	Medio
5	File	xxxxxxxx_xxxxxxxxxxxxxxxxx.xxx	predictive	Alto
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
7	File	xxxxxxx/xxx/xxx-xxx.x	predictive	Alto
8	File	xxxxx.xxx	predictive	Medio
9	File	xxxx_xxxx.xxx	predictive	Alto
10	File	xxx_xxxxx.x	predictive	Medio
11	File	xxxxxxx/xxxxx.x	predictive	Alto
12	File	xxxx-xxxxx.xxx	predictive	Alto
13	File	xxxxx.xxx	predictive	Medio
14	File	xx-xxxxxxxxxxx.xxx	predictive	Alto
15	Argument	xx_xxxxx_xxx_xxxx	predictive	Alto
16	Argument	xxx	predictive	Bajo
17	Argument	xxxx_xx	predictive	Bajo
18	Argument	xx	predictive	Bajo
19	Argument	xxxxxxxxx	predictive	Medio
20	Argument	xxxxx	predictive	Bajo
21	Argument	xxxx_xxxx	predictive	Medio
22	Argument	xxxx	predictive	Bajo
23	Argument	xxx	predictive	Bajo
24	Input Value	../	predictive	Bajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!