BlueNoroff Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Idioma

en	62
de	2
ru	2
zh	2

País

us	56
jp	6
vn	4

Actores

BlueNoroff	4
RecordBreaker	2
BumbleBee	2
IcedID	2
Ursnif	1

Interesar

Escribe

Not Defined	30
Forum Software	4
Content Management System	4
Programming Language Software	4
Operating System	4

Proveedor

Not Defined	20
Oracle	4
Zoho ManageEngine	2
Plohni	2
Live555	2

Producto

PHP	4
jforum	2
Zoho ManageEngine ServiceDesk Plus	2
WordPress	2
PunBB	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Microsoft Windows Domain Name Service Privilege Escalation	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.01058	CVE-2023-28223
3	HTTP/2 Stream Rapid Reset denegación de servicio	6.4	6.3	$0-$5k	$0-$5k	High	Official Fix	0.02	0.70585	CVE-2023-44487
4	Apache James Server escalada de privilegios	8.1	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.78935	CVE-2015-7611
5	Frappe Framework sql injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00274	CVE-2019-14966
6	Alt-N MDaemon Worldclient escalada de privilegios	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.00090	CVE-2021-27182
7	Ivanti Endpoint Manager Mobile autenticación débil	9.9	9.7	$0-$5k	$0-$5k	High	Official Fix	0.00	0.96231	CVE-2023-35078
8	Hitachi Vantara Pentaho Business Analytics Server Data Lineage cifrado débil	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00135	CVE-2021-45447
9	Oracle Application Server sql injection	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00322	CVE-2007-0286
10	Live555 Streaming Media parseRTSPRequestString Remote Code Execution	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.87706	CVE-2013-6934
11	Oracle Solaris Utility Local Privilege Escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00043	CVE-2023-21985
12	Appindex MWChat start_lobby.php escalada de privilegios	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.01895	CVE-2005-1869
13	Coinsoft Technologies phpCOIN db.php directory traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.03877	CVE-2005-4212
14	Damien Benier MyAlbum language.inc.php escalada de privilegios	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.03	0.09238	CVE-2006-5865
15	SourceCodester Grade Point Average GPA Calculator index.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00062	CVE-2023-1743
16	SourceCodester Grade Point Average GPA Calculator index.php divulgación de información	5.4	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00097	CVE-2023-1769
17	OpenResty API ngx_http_lua_subrequest.c escalada de privilegios	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00580	CVE-2020-11724
18	OpenResty ngx.req.get_post_args sql injection	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00637	CVE-2018-9230
19	Netgate pf Sense ACME Package acme_certificate_edit.php cross site scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00085	CVE-2020-21219
20	Microsoft IIS IP/Domain Restriction escalada de privilegios	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.03	0.00817	CVE-2014-4078

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	45.238.25.2	ip-45-238-25-2.interlink.com.br	BlueNoroff	2022-03-22	verified	Alto
2	104.168.174.80	client-104-168-174-80.hostwindsdns.com	BlueNoroff	2023-01-05	verified	Alto
3	XXX.XXX.XXX.XX	xxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxxxxxx	2023-01-05	verified	Alto
4	XXX.XX.XXX.XXX		Xxxxxxxxxx	2022-03-22	verified	Alto
5	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	2023-01-05	verified	Alto
6	XXX.XX.XXX.XX		Xxxxxxxxxx	2023-01-05	verified	Alto
7	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	2023-01-05	verified	Alto
8	XXX.XX.XX.XX		Xxxxxxxxxx	2022-03-22	verified	Alto
9	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxx.xxxx.xx	Xxxxxxxxxx	2023-01-05	verified	Alto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-21, CWE-22	Path Traversal	predictive	Alto
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Alto
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
4	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/mgmt/tm/util/bash	predictive	Alto
2	File	14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi	predictive	Alto
3	File	acme_certificate_edit.php	predictive	Alto
4	File	auth.php	predictive	Medio
5	File	books.php	predictive	Medio
6	File	class_gw_2checkout.php	predictive	Alto
7	File	xxxx_xxxxxxxx/xx.xxx	predictive	Alto
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
9	File	xxxxxxxxxxxx.xxx	predictive	Alto
10	File	xxx/xxxxxx.xxx	predictive	Alto
11	File	xxxxx.xxx	predictive	Medio
12	File	xxxxxxx.xxx	predictive	Medio
13	File	xxxxxxxx.xxx.xxx	predictive	Alto
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	Alto
15	File	xxxxxxx.xxx	predictive	Medio
16	File	xxxxx.xxx	predictive	Medio
17	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
18	File	xxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xx	predictive	Alto
19	File	xxxxxxxx.xxx	predictive	Medio
20	File	xxxxx_xxxxx.xxx	predictive	Alto
21	File	xxxx_x_xxxxxx.xxx.xxx	predictive	Alto
22	File	xxxxxx.xxx	predictive	Medio
23	Library	xxxxxx[xxxxxx_xxxx	predictive	Alto
24	Argument	xxx_xxxx	predictive	Medio
25	Argument	xxxxxxxx	predictive	Medio
26	Argument	xxxxxx	predictive	Bajo
27	Argument	xxx	predictive	Bajo
28	Argument	xxxxxx[xxxxxx_xxxx]	predictive	Alto
29	Argument	xxxxxxxx	predictive	Medio
30	Argument	xx	predictive	Bajo
31	Argument	xxxxxxxxxxx	predictive	Medio
32	Argument	xxxxxxx_xxx	predictive	Medio
33	Argument	xxxxx_xxx	predictive	Medio
34	Argument	xxxx	predictive	Bajo
35	Argument	xxxxxxxx	predictive	Medio
36	Argument	xxxx	predictive	Bajo
37	Argument	xxxxxxxxxx	predictive	Medio
38	Argument	xxxxxx_xxxx	predictive	Medio
39	Argument	_xxxx[_xxx_xxxx_xxxx	predictive	Alto
40	Input Value	xxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxx	predictive	Alto

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!