BlankSlate Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

Cronología

Idioma

en102
fr8
de6
it6
ru4

País

gb70
us20
fr8
it6
de4

Actores

BlankSlate4
Ave Maria1
Cerber1

Ocupaciones

Interesar

Cronología

Escribe

Not Defined72
WordPress Plugin10
Anti-Malware Software4
Router Operating System2
Software Library2

Proveedor

Not Defined34
SourceCodester16
Campcodes6
Zillya!4
Wondershare4

Producto

Zillya! Antivirus4
SourceCodester Engineers Online Portal4
Kashipara Food Management System4
Campcodes Simple Student Information System4
Dasan GPON ONT WiFi Router H640X2

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.28CVE-2010-0966
2JetBrains PhpStorm idea.log divulgación de información3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2022-48435
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
4All in One SEO Pack Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000760.07CVE-2023-0586
5PHPGurukul Online Notes Sharing System profile.php cross site request forgery4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.08CVE-2023-7052
6Views for WPForms Plugin create_view cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000520.08CVE-2024-0374
7All in One SEO Pack Plugin cross site scripting3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2023-0585
8SourceCodester Responsive Ordering System Product_model.php escalada de privilegios6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.006320.03CVE-2021-25206
9WPForms Pro Plugin escalada de privilegios7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002290.04CVE-2022-3574
10Wondershare Dr.Fone escalada de privilegios7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.000820.00CVE-2023-29835
11Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.04CVE-2023-5681
12Campcodes Simple Student Information System manage_academic.php sql injection6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.04CVE-2023-5929
13Campcodes Simple Student Information System index.php sql injection6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.04CVE-2023-5923
14CodeAstro Internet Banking System pages_reset_pwd.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.04CVE-2023-5695
15SourceCodester Engineers Online Portal downloadable_student.php sql injection7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000770.08CVE-2023-5276
16ZZZCMS Database Backup File save.php restore escalada de privilegios7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.00CVE-2023-5263
17MicroWorld eScan Anti-Virus runasroot Local Privilege Escalation7.87.6$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.04CVE-2023-4383
18Lightxun IPTV Gateway web_upload_template.html escalada de privilegios5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-7026
19SourceCodester Best Courier Management System manage_parcel_status.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000500.04CVE-2023-5273
207-card Fakabao wxpay_notify.php sql injection6.66.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.08CVE-2023-7185

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
119.48.17.0BlankSlate2022-04-01verifiedAlto
254.68.27.226ec2-54-68-27-226.us-west-2.compute.amazonaws.comBlankSlate2022-04-01verifiedMedio
3XX.XX.XX.Xxxxxxxx-xxx-xxx-xxx-xxx.xx.xx.xxxx.xxxxxxxxxx.xxXxxxxxxxxx2022-04-01verifiedAlto
4XX.XX.XXX.Xxxx.xx-xx-xx-xxx.xxXxxxxxxxxx2022-04-01verifiedAlto
5XXX.XX.XXX.XXXxxxxxxxxx2022-04-01verifiedAlto
6XXX.XXX.X.XXXxxx.x.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-01verifiedMedio
7XXX.XXX.XXX.Xxxx.xxxx.xxx.xxxx.xxxxxxxXxxxxxxxxx2022-04-01verifiedAlto
8XXX.XXX.XXX.Xxxx.xx-xxx-xxx-xxx.xxXxxxxxxxxx2022-04-01verifiedAlto
9XXX.XXX.XXX.XXxxxxxxxxx2022-04-01verifiedAlto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22, CWE-24Path TraversalpredictiveAlto
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveAlto
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
4TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
13TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/admin/index.phppredictiveAlto
2File/admin/list_addr_fwresource_ip.phppredictiveAlto
3File/admin/makehtml_freelist_action.phppredictiveAlto
4File/admin/return_add.phppredictiveAlto
5File/admin/save.phppredictiveAlto
6File/admin/service/stop/predictiveAlto
7File/admin/students/manage_academic.phppredictiveAlto
8File/api/v1/attack/falcopredictiveAlto
9File/application/websocket/controller/Setting.phppredictiveAlto
10File/cgi-bin/cstecgi.cgipredictiveAlto
11File/cgi-bin/login_action.cgipredictiveAlto
12File/event/admin/?page=user/listpredictiveAlto
13File/include/file.phppredictiveAlto
14File/index.phppredictiveMedio
15File/index.php?menu=asterisk_clipredictiveAlto
16File/xxxx/xxxxx/xxxxxxpredictiveAlto
17File/xxxxxxxxxxxxxxxpredictiveAlto
18File/xxxxxxxx/xxxxpredictiveAlto
19File/xxxxxxx/predictiveMedio
20File/xxxx/xxxxxxx.xxxpredictiveAlto
21File/xxxxxxxxxx.xxxpredictiveAlto
22File/xxxxxx/xxxxx.xxx/xxxxx/xxxxx/xxx_xxxxxx_xxxxxxxx.xxxxpredictiveAlto
23Filexxxxxxxxxxxx.xxxpredictiveAlto
24Filexxxxx/xxx_xxxxxxxx.xxxpredictiveAlto
25Filexxxxx/xxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
26Filexxx/xxxxxx/xxxxxx.xxxpredictiveAlto
27Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictiveAlto
28Filexxx/xxxx/xxxxx/xxxx.xxxpredictiveAlto
29Filexxxxxxx.xxxpredictiveMedio
30Filexxxxxxx.xxxpredictiveMedio
31Filexxxxxxx.xxxpredictiveMedio
32Filexxxxxx-xxxxxxx.xxxpredictiveAlto
33Filexxxxxxxxxx.xxxpredictiveAlto
34Filexxxxxxxx_xxxxxxx.xxxpredictiveAlto
35Filexxxx/xx-xxxxxxx.xxxpredictiveAlto
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
37Filexxxxxxx.xxxpredictiveMedio
38Filexxxxxxxxxxxx_xxxxxxx.xxxpredictiveAlto
39Filexxxxxx_xxxxx_xxxxxxxx.xxxpredictiveAlto
40Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveAlto
41Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveAlto
42Filexxxx.xxxpredictiveMedio
43Filexxx/xxxxxxx/xxxxxxxxxxxxxx.xpredictiveAlto
44Filexxxxxxxx/xxxxx.xxxpredictiveAlto
45Filexxxx.xxxpredictiveMedio
46Filexxx/xxxxxx.xxxpredictiveAlto
47Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
48Filexxxxx.xxxpredictiveMedio
49Filexx/xxxxxxx.xpredictiveMedio
50Filexxxxx/xxxx.xxxpredictiveAlto
51Filexxxx_xxxx_xxxxxx.xxxpredictiveAlto
52Filexxx.x/xxxxxx.xpredictiveAlto
53Filexxxxxx/xxx/xxxxxxxxxxx/xxxx_xxxxxxxxxx.xxpredictiveAlto
54Filexxxxxxxxxx.xxxpredictiveAlto
55Filexxxxxx_xxxxxx_xxxxxx.xxxpredictiveAlto
56Filexxxxxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveAlto
57Filexxxxxxxxx.xxxpredictiveAlto
58Filexxxxx_xxxxx_xxx.xxxpredictiveAlto
59Filexxxxxxx.xxxpredictiveMedio
60Filexxxxxxx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxxpredictiveAlto
61Filexxxxxxx_xxxxx.xxxpredictiveAlto
62Filexxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveAlto
63Filexxxxxxxxx/xxxx/xxxxxxxxx.xxxpredictiveAlto
64Filexxxx/xxxx/predictiveMedio
65FilexxxxxxxxxpredictiveMedio
66Filexxxx/xxxxx_xxxxxx.xxxpredictiveAlto
67Filexxxxxx_xxxxxxx.xxxpredictiveAlto
68Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
69Filexxxxxx_xxx_xxxxx_xxx.xxxpredictiveAlto
70Filexxxxxxxx/xxxxx/xxx_xxx.xxxpredictiveAlto
71Filexxxx_x_xxxx.xxxpredictiveAlto
72Filexxxxx/xxxx_xxxx.xxxpredictiveAlto
73Libraryxxx.xxxpredictiveBajo
74Argument$xxxx["xx"]predictiveMedio
75Argument$_xxxxxx['xxx_xxxx']predictiveAlto
76Argument$_xxxxxx['xxxxxx_xxxx']predictiveAlto
77ArgumentxxxxxxpredictiveBajo
78ArgumentxxxxxxpredictiveBajo
79ArgumentxxxxxxxxpredictiveMedio
80ArgumentxxxxxxxpredictiveBajo
81ArgumentxxxxxxxxxxxxxxpredictiveAlto
82Argumentx_xxxxxxpredictiveMedio
83ArgumentxxxxxxxxxxxpredictiveMedio
84Argumentxxx_xxxxpredictiveMedio
85ArgumentxxxxxxxxpredictiveMedio
86ArgumentxxxxxxpredictiveBajo
87ArgumentxxxxxxxxxxxxpredictiveMedio
88ArgumentxxxxxpredictiveBajo
89Argumentxxxxx/xxxxxxx/xxx/xxpredictiveAlto
90Argumentxxxxx_xxxxxxxpredictiveAlto
91ArgumentxxxxxpredictiveBajo
92ArgumentxxxxpredictiveBajo
93Argumentxxxxx xxxx/xxxx xxxxpredictiveAlto
94ArgumentxxxxxpredictiveBajo
95Argumentxxxx_xxxxpredictiveMedio
96ArgumentxxpredictiveBajo
97Argumentxxx_xxx_xxxxxpredictiveAlto
98ArgumentxxxxxxpredictiveBajo
99ArgumentxxxxpredictiveBajo
100ArgumentxxxxpredictiveBajo
101ArgumentxxxxxxxxpredictiveMedio
102Argumentxxx_xxxxx_xxpredictiveMedio
103Argumentxxxxxxxxxx/xxxx/xxxxxxxx/xxxx/xxxxxxx_xxxxpredictiveAlto
104ArgumentxxxxxxxxpredictiveMedio
105ArgumentxxxxxxxxpredictiveMedio
106Argumentxxxx_xxxxpredictiveMedio
107ArgumentxxxxxxxpredictiveBajo
108ArgumentxxxxxxxpredictiveBajo
109ArgumentxxxpredictiveBajo
110ArgumentxxxxxxxpredictiveBajo
111ArgumentxxxxxxxpredictiveBajo
112Argumentxxxx_xxxxpredictiveMedio
113Argumentx_xxxx/x_xxxxpredictiveAlto
114ArgumentxxxpredictiveBajo
115Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
116Input Value(xxxxxxxxx(xxxx,xxxxxx(xxxx,xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx),xxxx))predictiveAlto
117Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveAlto
118Input Valuexxxxxxx%xxxxxxxxx.xxx'%xx%xx<xxxxxx%xx>xxxxx(xxxx)</xxxxxx>predictiveAlto
119Network Portxxx/xx (xxx)predictiveMedio

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!