BlackNet Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (34)

Sequenza temporale

Linguaggio

en26
ru6
zh2

Nazione

us22
ru2
nl2

Attori

BlackNet2
Cobalt Strike2
Mirai2
FTP Info Stealer1
BumbleBee1

Attività

Interesse

Sequenza temporale

Genere

Not Defined16
WordPress Plugin6
Content Management System4
Web Server2
Mailing List Software2

Fornitore

Not Defined12
Asus4
Telesquare2
Lesterchan2
Thomas R. Pasawicz2

Prodotto

Telesquare SDT-CS3B12
Telesquare SDT-CW3B12
Lesterchan wp-postratings2
Privoxy2
Tiki2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Linux Kernel BlueZ jlink.c jlink_init denial of service3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00043CVE-2022-3637
3Tiki Admin Password tiki-login.php autenticazione debole8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix3.620.00936CVE-2020-15906
4Asus RT-AC86U Web URL escalazione di privilegi8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00076CVE-2023-28702
5Asus RT-AC86U LPD Service escalazione di privilegi8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00049CVE-2022-25597
6Asus RT-AC56U buffer overflow8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.070.00073CVE-2022-25596
7Asus RT-AX56U V2/RT-AC86U cm_processChangedConfigMsg Format String9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00330CVE-2023-35087
8lighttpd mod_alias_physical_handler mod_alias.c directory traversal7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00493CVE-2018-19052
9Phpsugar PHP Melody Cookie watch.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00156CVE-2017-15579
10PDF24 Article To PDF Plugin cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.030.00062CVE-2022-1827
11medoo columnQuote sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00146CVE-2019-10762
12Privoxy Template Name cgi_error_no_template cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00078CVE-2021-44543
13Telesquare SDT-CS3B1/SDT-CW3B1 Telnet Service autenticazione debole8.58.3$0-$5k$0-$5kNot DefinedWorkaround0.030.00939CVE-2018-12526
14Mods for HESK Time-Based sql injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00322CVE-2020-13993
15Linux Kernel hid-elo.c hid_parse denial of service3.53.4$0-$5kCalcoloNot DefinedOfficial Fix0.090.00042CVE-2022-27950
16Linux Kernel load_elf_binary buffer overflow8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00072CVE-2017-1000253
17Corero SecureWatch Managed Services HTTP API Endpoint get_snapshot directory traversal3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00088CVE-2021-38136
18Post Grid Plugin Slider Import Search cross site scripting3.53.4$0-$5kCalcoloNot DefinedOfficial Fix0.000.00259CVE-2021-24488
19IBM i2 Analyze rivelazione di un 'informazione4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00076CVE-2021-29784
20Apple watchOS WebKit buffer overflow6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00425CVE-2021-30795

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
11.1.1.1one.one.one.oneBlackNet18/07/2021verifiedAlto
2XX.XXX.XX.XXXxxxxxxx18/07/2021verifiedAlto
3XX.XXX.X.XXXxxxxxxx18/07/2021verifiedAlto
4XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxxxxx18/07/2021verifiedMedia
5XXX.XXX.XXX.XXXxxx.xxxx.xxXxxxxxxx18/07/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/about.phppredictiveMedia
2File/it-IT/splunkd/__raw/services/get_snapshotpredictiveAlto
3File/phpwcms/setup/setup.phppredictiveAlto
4Filexxxxxxxx.xxxpredictiveMedia
5Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveAlto
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
7Filexxxxxxx/xxx/xxx-xxx.xpredictiveAlto
8Filexxxxx.xxxpredictiveMedia
9Filexxxx_xxxx.xxxpredictiveAlto
10Filexxx_xxxxx.xpredictiveMedia
11Filexxxxxxx/xxxxx.xpredictiveAlto
12Filexxxx-xxxxx.xxxpredictiveAlto
13Filexxxxx.xxxpredictiveMedia
14Filexx-xxxxxxxxxxx.xxxpredictiveAlto
15Argumentxx_xxxxx_xxx_xxxxpredictiveAlto
16ArgumentxxxpredictiveBasso
17Argumentxxxx_xxpredictiveBasso
18ArgumentxxpredictiveBasso
19ArgumentxxxxxxxxxpredictiveMedia
20ArgumentxxxxxpredictiveBasso
21Argumentxxxx_xxxxpredictiveMedia
22ArgumentxxxxpredictiveBasso
23ArgumentxxxpredictiveBasso
24Input Value../predictiveBasso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!