BlankSlate Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

Chronologie

Langue

en96
de10
fr6
ru6
it4

De campagne

gb60
us16
de10
fr6
ru6

Acteurs

BlankSlate3
Cerber2
Ave Maria1

Activités

Intérêt

Chronologie

Taper

Not Defined66
Anti-Malware Software6
WordPress Plugin6
Content Management System4
Customer Relationship Management System2

Fournisseur

Not Defined28
SourceCodester10
Wondershare6
Zillya!4
Campcodes4

Produit

CentOS Web Panel4
SourceCodester Engineers Online Portal4
Zillya! Antivirus4
Campcodes Simple Student Information System4
7-card Fakabao2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.86CVE-2010-0966
2JetBrains PhpStorm idea.log divulgation de l'information3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2022-48435
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
4All in One SEO Pack Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000760.07CVE-2023-0586
5PHPGurukul Online Notes Sharing System profile.php cross site request forgery4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.08CVE-2023-7052
6Views for WPForms Plugin create_view cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000520.08CVE-2024-0374
7All in One SEO Pack Plugin cross site scripting3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2023-0585
8SourceCodester Responsive Ordering System Product_model.php elévation de privilèges6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.006320.03CVE-2021-25206
9WPForms Pro Plugin elévation de privilèges7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002290.00CVE-2022-3574
10Wondershare Dr.Fone elévation de privilèges7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.000820.00CVE-2023-29835
11Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.04CVE-2023-5681
12Campcodes Simple Student Information System manage_academic.php sql injection6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.09CVE-2023-5929
13Campcodes Simple Student Information System index.php sql injection6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.04CVE-2023-5923
14CodeAstro Internet Banking System pages_reset_pwd.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.04CVE-2023-5695
15SourceCodester Engineers Online Portal downloadable_student.php sql injection7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000770.08CVE-2023-5276
16ZZZCMS Database Backup File save.php restore elévation de privilèges7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.00CVE-2023-5263
17MicroWorld eScan Anti-Virus runasroot Local Privilege Escalation7.87.6$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.04CVE-2023-4383
18Lightxun IPTV Gateway web_upload_template.html elévation de privilèges5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-7026
19SourceCodester Best Courier Management System manage_parcel_status.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000500.04CVE-2023-5273
207-card Fakabao wxpay_notify.php sql injection6.66.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.04CVE-2023-7185

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
119.48.17.0BlankSlate01/04/2022verifiedÉlevé
254.68.27.226ec2-54-68-27-226.us-west-2.compute.amazonaws.comBlankSlate01/04/2022verifiedMoyen
3XX.XX.XX.Xxxxxxxx-xxx-xxx-xxx-xxx.xx.xx.xxxx.xxxxxxxxxx.xxXxxxxxxxxx01/04/2022verifiedÉlevé
4XX.XX.XXX.Xxxx.xx-xx-xx-xxx.xxXxxxxxxxxx01/04/2022verifiedÉlevé
5XXX.XX.XXX.XXXxxxxxxxxx01/04/2022verifiedÉlevé
6XXX.XXX.X.XXXxxx.x.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx01/04/2022verifiedMoyen
7XXX.XXX.XXX.Xxxx.xxxx.xxx.xxxx.xxxxxxxXxxxxxxxxx01/04/2022verifiedÉlevé
8XXX.XXX.XXX.Xxxx.xx-xxx-xxx-xxx.xxXxxxxxxxxx01/04/2022verifiedÉlevé
9XXX.XXX.XXX.XXxxxxxxxxx01/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22, CWE-24Path TraversalpredictiveÉlevé
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveÉlevé
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
13TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/admin/index.phppredictiveÉlevé
2File/admin/list_addr_fwresource_ip.phppredictiveÉlevé
3File/admin/makehtml_freelist_action.phppredictiveÉlevé
4File/admin/return_add.phppredictiveÉlevé
5File/admin/save.phppredictiveÉlevé
6File/admin/service/stop/predictiveÉlevé
7File/admin/students/manage_academic.phppredictiveÉlevé
8File/api/v1/attack/falcopredictiveÉlevé
9File/application/websocket/controller/Setting.phppredictiveÉlevé
10File/cgi-bin/cstecgi.cgipredictiveÉlevé
11File/cgi-bin/login_action.cgipredictiveÉlevé
12File/event/admin/?page=user/listpredictiveÉlevé
13File/include/file.phppredictiveÉlevé
14File/index.phppredictiveMoyen
15File/index.php?menu=asterisk_clipredictiveÉlevé
16File/xxxx/xxxxx/xxxxxxpredictiveÉlevé
17File/xxxxxxxxxxxxxxxpredictiveÉlevé
18File/xxxxxxxx/xxxxpredictiveÉlevé
19File/xxxxxxx/predictiveMoyen
20File/xxxx/xxxxxxx.xxxpredictiveÉlevé
21File/xxxxxxxxxx.xxxpredictiveÉlevé
22File/xxxxxx/xxxxx.xxx/xxxxx/xxxxx/xxx_xxxxxx_xxxxxxxx.xxxxpredictiveÉlevé
23Filexxxxxxxxxxxx.xxxpredictiveÉlevé
24Filexxxxx/xxx_xxxxxxxx.xxxpredictiveÉlevé
25Filexxxxx/xxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
26Filexxx/xxxxxx/xxxxxx.xxxpredictiveÉlevé
27Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictiveÉlevé
28Filexxx/xxxx/xxxxx/xxxx.xxxpredictiveÉlevé
29Filexxxxxxx.xxxpredictiveMoyen
30Filexxxxxxx.xxxpredictiveMoyen
31Filexxxxxxx.xxxpredictiveMoyen
32Filexxxxxx-xxxxxxx.xxxpredictiveÉlevé
33Filexxxxxxxxxx.xxxpredictiveÉlevé
34Filexxxxxxxx_xxxxxxx.xxxpredictiveÉlevé
35Filexxxx/xx-xxxxxxx.xxxpredictiveÉlevé
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
37Filexxxxxxx.xxxpredictiveMoyen
38Filexxxxxxxxxxxx_xxxxxxx.xxxpredictiveÉlevé
39Filexxxxxx_xxxxx_xxxxxxxx.xxxpredictiveÉlevé
40Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveÉlevé
41Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveÉlevé
42Filexxxx.xxxpredictiveMoyen
43Filexxx/xxxxxxx/xxxxxxxxxxxxxx.xpredictiveÉlevé
44Filexxxxxxxx/xxxxx.xxxpredictiveÉlevé
45Filexxxx.xxxpredictiveMoyen
46Filexxx/xxxxxx.xxxpredictiveÉlevé
47Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveÉlevé
48Filexxxxx.xxxpredictiveMoyen
49Filexx/xxxxxxx.xpredictiveMoyen
50Filexxxxx/xxxx.xxxpredictiveÉlevé
51Filexxxx_xxxx_xxxxxx.xxxpredictiveÉlevé
52Filexxx.x/xxxxxx.xpredictiveÉlevé
53Filexxxxxx/xxx/xxxxxxxxxxx/xxxx_xxxxxxxxxx.xxpredictiveÉlevé
54Filexxxxxxxxxx.xxxpredictiveÉlevé
55Filexxxxxx_xxxxxx_xxxxxx.xxxpredictiveÉlevé
56Filexxxxxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveÉlevé
57Filexxxxxxxxx.xxxpredictiveÉlevé
58Filexxxxx_xxxxx_xxx.xxxpredictiveÉlevé
59Filexxxxxxx.xxxpredictiveMoyen
60Filexxxxxxx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxxpredictiveÉlevé
61Filexxxxxxx_xxxxx.xxxpredictiveÉlevé
62Filexxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveÉlevé
63Filexxxxxxxxx/xxxx/xxxxxxxxx.xxxpredictiveÉlevé
64Filexxxx/xxxx/predictiveMoyen
65FilexxxxxxxxxpredictiveMoyen
66Filexxxx/xxxxx_xxxxxx.xxxpredictiveÉlevé
67Filexxxxxx_xxxxxxx.xxxpredictiveÉlevé
68Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
69Filexxxxxx_xxx_xxxxx_xxx.xxxpredictiveÉlevé
70Filexxxxxxxx/xxxxx/xxx_xxx.xxxpredictiveÉlevé
71Filexxxx_x_xxxx.xxxpredictiveÉlevé
72Filexxxxx/xxxx_xxxx.xxxpredictiveÉlevé
73Libraryxxx.xxxpredictiveFaible
74Argument$xxxx["xx"]predictiveMoyen
75Argument$_xxxxxx['xxx_xxxx']predictiveÉlevé
76Argument$_xxxxxx['xxxxxx_xxxx']predictiveÉlevé
77ArgumentxxxxxxpredictiveFaible
78ArgumentxxxxxxpredictiveFaible
79ArgumentxxxxxxxxpredictiveMoyen
80ArgumentxxxxxxxpredictiveFaible
81ArgumentxxxxxxxxxxxxxxpredictiveÉlevé
82Argumentx_xxxxxxpredictiveMoyen
83ArgumentxxxxxxxxxxxpredictiveMoyen
84Argumentxxx_xxxxpredictiveMoyen
85ArgumentxxxxxxxxpredictiveMoyen
86ArgumentxxxxxxpredictiveFaible
87ArgumentxxxxxxxxxxxxpredictiveMoyen
88ArgumentxxxxxpredictiveFaible
89Argumentxxxxx/xxxxxxx/xxx/xxpredictiveÉlevé
90Argumentxxxxx_xxxxxxxpredictiveÉlevé
91ArgumentxxxxxpredictiveFaible
92ArgumentxxxxpredictiveFaible
93Argumentxxxxx xxxx/xxxx xxxxpredictiveÉlevé
94ArgumentxxxxxpredictiveFaible
95Argumentxxxx_xxxxpredictiveMoyen
96ArgumentxxpredictiveFaible
97Argumentxxx_xxx_xxxxxpredictiveÉlevé
98ArgumentxxxxxxpredictiveFaible
99ArgumentxxxxpredictiveFaible
100ArgumentxxxxpredictiveFaible
101ArgumentxxxxxxxxpredictiveMoyen
102Argumentxxx_xxxxx_xxpredictiveMoyen
103Argumentxxxxxxxxxx/xxxx/xxxxxxxx/xxxx/xxxxxxx_xxxxpredictiveÉlevé
104ArgumentxxxxxxxxpredictiveMoyen
105ArgumentxxxxxxxxpredictiveMoyen
106Argumentxxxx_xxxxpredictiveMoyen
107ArgumentxxxxxxxpredictiveFaible
108ArgumentxxxxxxxpredictiveFaible
109ArgumentxxxpredictiveFaible
110ArgumentxxxxxxxpredictiveFaible
111ArgumentxxxxxxxpredictiveFaible
112Argumentxxxx_xxxxpredictiveMoyen
113Argumentx_xxxx/x_xxxxpredictiveÉlevé
114ArgumentxxxpredictiveFaible
115Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
116Input Value(xxxxxxxxx(xxxx,xxxxxx(xxxx,xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx),xxxx))predictiveÉlevé
117Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveÉlevé
118Input Valuexxxxxxx%xxxxxxxxx.xxx'%xx%xx<xxxxxx%xx>xxxxx(xxxx)</xxxxxx>predictiveÉlevé
119Network Portxxx/xx (xxx)predictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!