BlackTechq Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (249)

Chronologie

Langue

en170
zh62
ja8
de8
es2

De campagne

us134
cn110
ir2

Acteurs

BlackTech3
BlackTechq2
Cobalt Strike1
Havoc1
Mofang1

Activités

Intérêt

Chronologie

Taper

Not Defined64
Content Management System14
Firewall Software12
Operating System10
Mail Client Software6

Fournisseur

Not Defined72
Microsoft10
Palo Alto10
Linux6
Apache6

Produit

Palo Alto PAN-OS10
Linux Kernel6
MediaWiki6
Redmine4
e-Quick Cart4

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25kCalculateurHighWorkaround0.020160.02CVE-2007-1192
2Responsive FileManager ajax_calls.php elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004820.00CVE-2020-10567
3PAN-OS authentification faible7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003680.04CVE-2019-1572
4Expinion.net News Manager Lite comment_add.asp cross site scripting4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.006070.02CVE-2004-1845
5Horde Groupware elévation de privilèges7.37.3$0-$5k$0-$5kHighNot Defined0.882530.00CVE-2012-0209
6RoundCube Webmail rcube_plugin_api.php directory traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
7Softnext SPAM SQR elévation de privilèges7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.05CVE-2023-24835
8JDOM SAXBuilder dénie de service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004800.00CVE-2021-33813
9Cacti graph_view.php sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.201520.02CVE-2023-39361
10OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment dénie de service5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.09CVE-2023-2617
11Apple iOS/iPadOS GPU Drivers buffer overflow4.44.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000570.04CVE-2022-46702
12Palo Alto PAN-OS Web Interface authentification faible6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001910.03CVE-2022-0030
13Genivia gSOAP XML Document soap_get buffer overflow6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.225760.00CVE-2017-9765
14Diffie-Hellman Key Agreement Protocol Public Key dénie de service3.73.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.010460.00CVE-2002-20001
15MediaWiki File Download api.php Reflected elévation de privilèges7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006850.03CVE-2017-8809
16Apache Dubbo Tag Routing Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002970.00CVE-2021-30180
17Palo Alto PAN-OS chiffrement faible5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2020-2013
18Palo Alto PAN-OS Maintenance Mode dénie de service6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2020-2041
19RoundCube Contact Photo photo.inc Absolute directory traversal6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.04CVE-2015-8794
20phpMyAdmin Designer sql injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001640.03CVE-2019-6798

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
145.32.23.14045.32.23.140.vultrusercontent.comBlackTechq16/02/2024verifiedÉlevé
2XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx16/02/2024verifiedÉlevé
3XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx16/02/2024verifiedÉlevé
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx16/02/2024verifiedÉlevé
5XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx16/02/2024verifiedÉlevé

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveÉlevé
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveÉlevé
13TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveÉlevé
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/administration/theme.phppredictiveÉlevé
2File/assets/something/services/AppModule.classpredictiveÉlevé
3File/cgi-mod/lookup.cgipredictiveÉlevé
4File/orrs/admin/reservations/view_details.phppredictiveÉlevé
5File/servicespredictiveMoyen
6File/uploadpredictiveFaible
7Fileadditem.asppredictiveMoyen
8Fileagora.cgipredictiveMoyen
9Fileajax_calls.phppredictiveÉlevé
10Fileapi.phppredictiveFaible
11Fileapplication\api\controller\User.phppredictiveÉlevé
12Filearch/arm/kernel/perf_event.cpredictiveÉlevé
13Filexxxxxx.xpredictiveMoyen
14Filexxxxxx.xxxxpredictiveMoyen
15Filexxxxx_xxxxxxxx.xpredictiveÉlevé
16Filexxxxxxx_xxx.xxxpredictiveÉlevé
17Filexxxxxxxxxx.xxxpredictiveÉlevé
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
19Filexxxxxxxxx.xxxpredictiveÉlevé
20Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictiveÉlevé
21Filexxxxx.xxxpredictiveMoyen
22Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveÉlevé
23Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveÉlevé
24Filexx/xxxxxx_xxx.xpredictiveÉlevé
25Filexx/xxxx/xxx.xpredictiveÉlevé
26Filexxxx.xxxpredictiveMoyen
27Filexxxxx_xxxx.xxxpredictiveÉlevé
28Filexxxxxx.xxxpredictiveMoyen
29Filexxx/xxxxxx.xxxpredictiveÉlevé
30Filexxxxxxx_xx.xxxpredictiveÉlevé
31Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveÉlevé
32Filexxxxxxxxx/xxxxxxxx.xxxpredictiveÉlevé
33Filexxxxx.xxxpredictiveMoyen
34Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveÉlevé
35Filexxxxxxx.xxxpredictiveMoyen
36Filexxxx_xxxx.xxxpredictiveÉlevé
37Filexxxxxxx/xxxx.xxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
38Filexxxxxxx/xxxx/xxxxxxx.xxxpredictiveÉlevé
39Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveÉlevé
40Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveÉlevé
41Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveÉlevé
42Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveÉlevé
43Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveÉlevé
44Filexxxxx_xxxxxx_xxx.xxxpredictiveÉlevé
45Filexxxxx.xxxpredictiveMoyen
46Filexxxxx.xxxpredictiveMoyen
47Filexxxxxxxx.xxxpredictiveMoyen
48Filexxxxxxxxxxxxx.xxxpredictiveÉlevé
49Filexxxxxxx.xxxpredictiveMoyen
50Filexxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
51Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveÉlevé
52Filexxxxx.xxxpredictiveMoyen
53Filexxxx.xxxpredictiveMoyen
54Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveÉlevé
55Filexxxxxxxx.xxxpredictiveMoyen
56Filexxxxxxx.xxxpredictiveMoyen
57Filexxx.xxxpredictiveFaible
58Filexxxxxx/xxxxx/xxxx_xxx.xxxpredictiveÉlevé
59Filexxxxxxx.xxxpredictiveMoyen
60Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveÉlevé
61Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveÉlevé
62Library/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxxx.xxxpredictiveÉlevé
63Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxx.xxxpredictiveÉlevé
64Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictiveÉlevé
65Libraryxxxx/xxxxxxx.xpredictiveÉlevé
66Libraryxxxxxxx.xxxpredictiveMoyen
67Argument-xpredictiveFaible
68ArgumentxxxxxxpredictiveFaible
69ArgumentxxxxxxxxpredictiveMoyen
70Argumentxxxx_xxpredictiveFaible
71ArgumentxxxxxxxpredictiveFaible
72ArgumentxxxxxpredictiveFaible
73Argumentxx-xxxxx-xxxxxxpredictiveÉlevé
74Argumentxxxx_xxxxxpredictiveMoyen
75ArgumentxxpredictiveFaible
76ArgumentxxxxxxxxxxpredictiveMoyen
77Argumentxxxxxxxx_xxxxxxxx_xpredictiveÉlevé
78Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveÉlevé
79ArgumentxxxxxxxxxpredictiveMoyen
80ArgumentxxpredictiveFaible
81ArgumentxxxxxxxxxxpredictiveMoyen
82Argumentxxxxxx xxxxxpredictiveMoyen
83ArgumentxxxxxxxpredictiveFaible
84ArgumentxxxxpredictiveFaible
85ArgumentxxxxpredictiveFaible
86ArgumentxxxxxxxxpredictiveMoyen
87ArgumentxxxxxxxpredictiveFaible
88ArgumentxxxxxxxxxxxxxpredictiveÉlevé
89ArgumentxxxxpredictiveFaible
90ArgumentxxxxxxxxxpredictiveMoyen
91ArgumentxxxxxxpredictiveFaible
92Argumentxxxxx_xxxxxxpredictiveMoyen
93ArgumentxxxpredictiveFaible
94ArgumentxxxxxxpredictiveFaible
95ArgumentxxxxxxxxpredictiveMoyen
96Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
97Argumentxxxx->xxxxxxxpredictiveÉlevé
98Argument_xxxpredictiveFaible
99Argument_xxxxpredictiveFaible
100Argument_xxxxpredictiveFaible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!