BlackByte 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (270)

タイムライン

言語

en244
ru18
fr6
de2

国・地域

us58
cn14
ru10
fr10
gb2

アクター

RedLine Stealer3
Cobalt Strike3
BlackByte2
CredStealer1
TeamTNT1

アクティビティ

関心

タイムライン

タイプ

Not Defined100
WordPress Plugin16
Operating System14
Cloud Software10
Firewall Software8

ベンダー

Not Defined86
Cisco6
Google6
Apple6
Sun6

製品

Google Chrome4
MediaTek MT67894
MediaTek MT68354
MediaTek MT68554
MediaTek MT68794

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.11CVE-2010-0966
3WoltLab Burning Book addentry.php SQLインジェクション7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
4ownCloud index.php ディレクトリトラバーサル7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007490.00CVE-2014-4929
5Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash 特権昇格6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
6Cyr to Lat Plugin SQLインジェクション6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2022-4290
7SourceCodester Food Ordering System PHP File ajax.php 特権昇格7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.003070.00CVE-2023-24646
8Linux Kernel capsule-loader.c メモリ破損4.64.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2022-40307
9HPE Onboard Administrator Reflected クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2020-7132
10xwikisas macro-pdfviewer PDF Viewer Macro 情報の漏洩6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
11Moises Heberle WooCommerce Bookings Calendar Plugin クロスサイトスクリプティング5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
12Foxit PDF Reader AcroForm メモリ破損6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
13Tenda AC10 SetStaticRouteCfg fromSetRouteStatic メモリ破損8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-2581
14MediaTek MT8798 Lk メモリ破損6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022
15Kofax Power PDF PNG File Parser 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2024-27336
16Linux Kernel ASPM pci_set_power_state_locked サービス拒否4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-26605
17Elementor Plugin 特権昇格5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04CVE-2024-24934
18IBM Security Access Manager Container DSC Server サービス拒否6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2023-31006
19WP Recipe Maker Plugin クロスサイトスクリプティング5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.02CVE-2024-0382
20Dahua IPC/SD/NVR/XVR Packet 未知の脆弱性4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.05CVE-2022-30564

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.9.148.114BlackByte2022年02月15日verified
2XXX.XX.X.XXxxxx.xxxxxxx.xxxXxxxxxxxx2022年07月29日verified
3XXX.XXX.XX.XXXXxxxxxxxx2023年07月07日verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22, CWE-425Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxxpredictive
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/ajax.php?action=read_msgpredictive
2File/debug/pprofpredictive
3File/desktop_app/file.ajax.php?action=uploadfilepredictive
4File/envpredictive
5File/fos/admin/ajax.phppredictive
6File/goform/SetNetControlListpredictive
7File/goform/SetStaticRouteCfgpredictive
8File/server-statuspredictive
9File/src/chatbotapp/chatWindow.javapredictive
10Fileaddentry.phppredictive
11Filexxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictive
12Filexxxxx/xxxxx-xxx-xxxxx-xxxxx.xxxpredictive
13Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictive
14Filexxxxxxxxxxxx/xxxxx/xxxx/predictive
15Filexxxxx.xxxpredictive
16Filexxx_xx_xxx_xxx.xxxpredictive
17Filexxx.xpredictive
18Filexxxpredictive
19Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictive
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
21Filexxxxxxx/xxxxxxxx/xxx/xxxxxxx-xxxxxx.xpredictive
22Filexxxxxxx/xxx/xxx-xx.xpredictive
23Filexxx_xxxx.xpredictive
24Filexxxxx_xxxxxxxx.xxxxpredictive
25Filexxx/xxxxx.xxxxxpredictive
26Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictive
27Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
28Filexxxxxx.xxxpredictive
29Filexxx/xxxxxx.xxxpredictive
30Filexxxxxxx/xxxxx.xxx.xxxpredictive
31Filexxxxx.xxxpredictive
32Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictive
33Filexx_xxxxx.xpredictive
34Filexxxxx_xxxxx.xpredictive
35Filexxxxxx/xxx/xxxxxxxx.xpredictive
36Filexxxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxxxxx.xxxpredictive
39Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictive
40Filexxx_xxxx.xxxpredictive
41Filexxxxxxxxxxx-xxxx.xxpredictive
42Filexxxxxxxxx/xxxxx.xxxxxpredictive
43Filexxxxx/xxxxx.xxxxxpredictive
44Filexxxxxxx.xpredictive
45Filexxxxxxxx-x.xxpredictive
46Filexxxxxxxxxxxxx.xxxpredictive
47Filexxxxxx-xxxxxx.xxxpredictive
48Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictive
49Filexxx.xpredictive
50Filexxxxxxxxxxxxxxxxpredictive
51Filexxxxxxxx_xxxxxx_xxxxx.xxxpredictive
52Filexxx-xxxxxxx-xxx.xxpredictive
53Filexxxxxxx.xpredictive
54Filexxx.xxxpredictive
55Filexx-xxxxx-xxxxxx.xxxpredictive
56File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictive
57Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictive
58Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictive
59Libraryxxxxxxx.xxxpredictive
60Libraryxxxxx.xxxpredictive
61Libraryxxxxxxxxxxxxx.xxx)predictive
62Argumentxxxxxxpredictive
63Argumentxxxpredictive
64Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
65Argumentxxxxxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentx:\xxxxxxx\xpredictive
68Argumentxxxxx_xxxxpredictive
69Argumentxxxxx_xxpredictive
70Argumentxxxxxxxxpredictive
71Argumentxxxxxxxxxxxxxxxxxpredictive
72Argumentxxxxxxxpredictive
73Argumentxxx_xxxpredictive
74Argumentxxxxpredictive
75Argumentxxxxpredictive
76Argumentxxxx_xxxxxpredictive
77Argumentxxxxxpredictive
78Argumentxxxxxx_xxxpredictive
79Argumentxxxxpredictive
80Argumentxxpredictive
81Argumentxxxxxxxpredictive
82Argumentxxxxpredictive
83Argumentxxxxpredictive
84Argumentxxxxxxxpredictive
85Argumentx_xxxxpredictive
86Argumentxxxxxx/xxxxxx_xxxxxxpredictive
87Argumentxxxpredictive
88Argumentxxxxxpredictive
89Argumentxxxxxxxxxxxpredictive
90Argumentxxpredictive
91Argumentxxxxxxpredictive
92Argumentx-xxxxxxxxx-xxxxpredictive
93Input Value//xxx//xxxxxxx.xxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!