BlackTech 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (488)

タイムライン

言語

en362
zh94
de16
ja10
es2

国・地域

cn176
us170
ms136
gb2

アクター

BlackTech12
Cobalt Strike4
PlugX2
Havoc1
Luoxk1

アクティビティ

関心

タイムライン

タイプ

Not Defined158
Content Management System36
Firewall Software24
Operating System22
Application Server Software10

ベンダー

Not Defined148
Microsoft22
Palo Alto18
Oracle10
Linux10

製品

Palo Alto PAN-OS18
Linux Kernel10
WordPress8
Microsoft Windows8
PHPWind4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2vTiger CRM SQLインジェクション7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002280.04CVE-2019-11057
3Responsive FileManager ajax_calls.php 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004820.04CVE-2020-10567
4Sophos Firewall User Portal/Webadmin 弱い認証8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.974340.08CVE-2022-1040
5PAN-OS 弱い認証7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003680.04CVE-2019-1572
6WordPress WP_Query class-wp-query.php SQLインジェクション8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.02CVE-2017-5611
7Expinion.net News Manager Lite comment_add.asp クロスサイトスクリプティング4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.006070.02CVE-2004-1845
8XoruX LPAR2RRD/STOR2RRD 弱い認証6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002620.02CVE-2021-42371
9Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.973190.00CVE-2021-34473
10FCKeditor Connector Module ディレクトリトラバーサル7.37.0$0-$5k$0-$5kHighOfficial Fix0.972700.04CVE-2009-2265
11RoundCube Webmail rcube_plugin_api.php ディレクトリトラバーサル8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
12DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.99CVE-2010-0966
13Mailman 特権昇格6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001600.00CVE-2018-13796
14ThinkPHP 特権昇格8.58.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.974550.03CVE-2019-9082
15Softnext SPAM SQR 特権昇格7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.04CVE-2023-24835
16OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment サービス拒否5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.08CVE-2023-2617
17Apple iOS/iPadOS GPU Drivers メモリ破損4.44.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000570.04CVE-2022-46702
18Palo Alto PAN-OS Web Interface 弱い認証6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001910.00CVE-2022-0030
19OpenSSL c_rehash 特権昇格5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.04CVE-2022-1292
20Diffie-Hellman Key Agreement Protocol Public Key サービス拒否3.73.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.010040.04CVE-2002-20001

キャンペーン (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
110.0.0.211BlackTechWaterBear2021年09月02日verified
243.240.12.81mail.terascape.netBlackTechTaiwan Government Agencies2021年09月02日verified
345.32.23.14045.32.23.140.vultrusercontent.comBlackTech2024年02月16日verified
445.76.102.14545.76.102.145.vultr.comBlackTechTSCookie2020年12月15日verified
545.76.184.22745.76.184.227.vultrusercontent.comBlackTech2024年02月16日verified
6XX.XXX.XX.XXxxxxx.xxxx.xxXxxxxxxxxXxxxxx Xxxxxxxxxx Xxxxxxxx2021年09月02日verified
7XX.XXX.XX.XXXxxxxx.xxxx.xxXxxxxxxxxXxxxxx Xxxxxxxxxx Xxxxxxxx2021年09月02日verified
8XX.XXX.XX.XXXXxxxxxxxx2024年02月13日verified
9XX.XXX.XX.XXxx-xxx-xx-xx.xxxx.xxxx.xxx.xxXxxxxxxxxXxxxxxxx2020年12月15日verified
10XX.XXX.XX.XXxx-xxx-xx-xx.xxxxx-xx.xxxxx.xxxXxxxxxxxx2024年02月13日verified
11XXX.XX.XX.XXXXxxxxxxxx2022年07月13日verified
12XXX.XXX.XXX.XXXxxxxxxxxXxxxxx Xxxxxxxxxx Xxxxxxxx2021年09月02日verified
13XXX.XXX.XXX.XXXxxxxxxxxXxxxxx Xxxxxxxxxx Xxxxxxxx2021年09月02日verified
14XXX.XXX.XXX.XXXXxxxxxxxx2022年07月13日verified
15XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022年07月13日verified
16XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022年07月13日verified
17XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022年10月10日verified
18XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022年10月10日verified
19XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx2024年02月16日verified
20XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022年10月10日verified
21XXX.XXX.XXX.Xxxx.xxx.xxx.x.xxxxxxxxxxxxxxxx.xxxXxxxxxxxx2022年10月10日verified
22XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxXxxxxxxxx2020年12月15日verified
23XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxx-xx.xxxxx.xxxXxxxxxxxxXxxxxxxx2020年12月15日verified

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxpredictive
19TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
20TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
21TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
22TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
23TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (215)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/administration/theme.phppredictive
2File/cdsms/classes/Master.php?f=delete_enrollmentpredictive
3File/cgi-bin/portalpredictive
4File/cgi-mod/lookup.cgipredictive
5File/forum/away.phppredictive
6File/mifs/c/i/reg/reg.htmlpredictive
7File/modules/profile/index.phppredictive
8File/RPC2predictive
9File/server-infopredictive
10File/service/uploadpredictive
11File/servicespredictive
12File/system/dept/editpredictive
13File/tmppredictive
14File/uncpath/predictive
15File/uploadpredictive
16File/user/updatePwdpredictive
17File/wp-json/oembed/1.0/embed?urlpredictive
18Filea2billing/customer/iridium_threed.phppredictive
19Fileadditem.asppredictive
20Fileadmin.phppredictive
21Fileadmin.php?s=/Channel/add.htmlpredictive
22Fileadmin/class-bulk-editor-list-table.phppredictive
23Fileadministrator/components/com_media/helpers/media.phppredictive
24Fileagora.cgipredictive
25Filexxxx_xxxxx.xxxpredictive
26Filexxx.xxxpredictive
27Filexxxxxxxxxxx\xxx\xxxxxxxxxx\xxxx.xxxpredictive
28Filexxxx/xxx/xxxxxx/xxxx_xxxxx.xpredictive
29Filexxxxxxxx\xxxxx.xxxpredictive
30Filexxxxxx.xpredictive
31Filexxxx.xxxpredictive
32Filexxxxxx.xxxxpredictive
33Filexxxx/xxxxxxxxxxxx.xxxpredictive
34Filexxxxx_xxxxxxxx.xpredictive
35Filexxx-xxx/xxxxxxpredictive
36Filexxxxxxx_xxx.xxxpredictive
37Filexxx_xxxxxxx_xxxxxxxxx_xxxxxxxxx_xxxxxxxxxxxxxx.xxxpredictive
38Filexxxxxxx.xxxpredictive
39Filexxxxxxxxxx.xxxpredictive
40Filexxxx/xxxxxxxxxxxxx/xxxxxxx.xxxpredictive
41Filex_xxxxxxpredictive
42Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
43Filexxxx_xxxxx.xxxpredictive
44Filexxxxxx.xxxpredictive
45Filexxxx/xxxxxxxx.xxxx.xxxxxxx.xxxpredictive
46Filexxxxxx.xxxpredictive
47Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictive
48Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictive
49Filexxxxx.xxxpredictive
50Filexxxxxxxxxxx/xxxx-xxxxxx-xxxxxx.xxxpredictive
51Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictive
52Filexx/xxxxxx_xxx.xpredictive
53Filexx/xxxx/xxx.xpredictive
54Filexx/xx-xx.xpredictive
55Filexxxx.xxxpredictive
56Filexxxxx_xxxxxxxx.xxxpredictive
57Filexxxx/xxxxxxxxxx.xxxpredictive
58Filexxx/xxxxxx.xxxpredictive
59Filexxxxx.xxxpredictive
60Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictive
61Filexxxxxxx_xx.xxxpredictive
62Filexxx/xxx_xxx_xx.xxxxpredictive
63Filexxxx_xxxx.xxxpredictive
64Filexxxxxxx.xxxpredictive
65Filexxxxxx/xxxxx/xxxxxxxx.xpredictive
66Filexxxxxxxxx/xxxxxxxx.xxxpredictive
67Filexxxxxxxxxx/xxxxxx.xpredictive
68Filexxxxxxxxx/xxxxxxx.xxx.xxxpredictive
69Filexxx.xpredictive
70Filexxxxx.xxxpredictive
71Filexxxxxxx.xxxpredictive
72Filexxxxxxx.xxxpredictive
73Filexxxxxxx.xxpredictive
74Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictive
75Filexxx_xxxx.xxxpredictive
76Filexxxxxxx.xxxpredictive
77Filexxxxx/xxxxx.xxxpredictive
78Filexxxx_xxxx.xxxpredictive
79Filexxxxxxxxxxxx.xxxpredictive
80Filexxxxxxx/xxxx.xxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxpredictive
81Filexxxxxxx/xxxx/xxxxxxx.xxxpredictive
82Filexxxxxxx/xxxx.xxxpredictive
83Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictive
84Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictive
85Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictive
86Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
87Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictive
88Filexxxxx_xxxxxx_xxx.xxxpredictive
89Filexxxxx.xxxpredictive
90Filexxxxx.xxxpredictive
91Filexxxxxxxx.xxxpredictive
92Filexxx.xpredictive
93Filexxxxxxxx.xxxpredictive
94Filexxxxxxx/xxxxx/xxxx-xxx/xxxxxx.xpredictive
95Filexxxxxxxxxxxxx.xxxpredictive
96Filexxxxxxx.xxxpredictive
97Filexxxxxxxxxxxxxxxx.xxxpredictive
98Filexxxxx.xxxpredictive
99Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictive
100Filexxxxxxx-xxxxxxx.xxxpredictive
101Filexxxxx.xxxpredictive
102Filexxxx-xxxxxxxxx.xxxpredictive
103Filexxxxxx.xxxpredictive
104Filexxxx.xxxxpredictive
105Filexxxx.xxxpredictive
106Filexxxxxxxxx.xpredictive
107Filexxxxxxxx/xxxxxxxxpredictive
108Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
109Filexxxxxxxxx.xxxpredictive
110Filexxxxx.xxxpredictive
111Filexxxxxxxx.xxxpredictive
112Filexxxxxxx.xxxpredictive
113Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictive
114Filexxxxxx/xxxxx/xxxx_xxx.xxxpredictive
115Filexxxxxxx.xxxpredictive
116Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictive
117Filexxxxxxx.xxxpredictive
118Filexxxxxxxx.xxxpredictive
119Filexx-xxxxx/xxxxx-xxxx.xxxpredictive
120Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictive
121Filexx-xxxxx/xxxxxx-xxxx.xxxpredictive
122Filexx-xxxxxxx/xxxxxxx/xx-xxxxxxxx-xxxxx-xxx/predictive
123Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
124Filexxxxxxxxxx.xxxpredictive
125Filexx_xxx_xxxxxx.xxxpredictive
126File~/xxxxxxxx-xxxxxxxx.xxxpredictive
127Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxx.xxxpredictive
128Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictive
129Libraryxxxx/xxxxxxx.xpredictive
130Libraryxxxxxxxx.xxxpredictive
131Libraryxxx/xxxx/xxxxxx.xxxxx.xxxpredictive
132Libraryxxx/xxx.xxxpredictive
133Argument-xpredictive
134Argumentxxxxxxxpredictive
135Argumentxxxxxxpredictive
136Argumentxxxxxx_xxxxpredictive
137Argumentxxxxxxpredictive
138Argumentxxxxxxxxpredictive
139Argumentxxxx_xxpredictive
140Argumentxxxxxxxpredictive
141Argumentxxxpredictive
142Argumentxxxx_xxpredictive
143Argumentxxxxxxx-xxxxxxpredictive
144Argumentxxxxxxxpredictive
145Argumentxxxxxxx_xxpredictive
146Argumentxxx_xxxpredictive
147Argumentxxxxxxxxxxxxxxxpredictive
148Argumentxxxxxxpredictive
149Argumentxxxxpredictive
150Argumentxxxxxxxpredictive
151Argumentxxxxxpredictive
152Argumentxxxx_xxxxxpredictive
153Argumentxxxxpredictive
154Argumentxxpredictive
155Argumentxxxxxxxxxxpredictive
156Argumentxxxxxxxx_xxxxxxxx_xpredictive
157Argumentxxxxxxxxxpredictive
158Argumentxx_xxxxpredictive
159Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictive
160Argumentxxxxxxxxxpredictive
161Argumentxxxxxpredictive
162Argumentxxpredictive
163Argumentx/xx/xxxpredictive
164Argumentxxxxpredictive
165Argumentxxxxxx xxxxxpredictive
166Argumentxxxxxxxxxxpredictive
167Argumentxxxxpredictive
168Argumentxxxxpredictive
169Argumentxxxx/xxxxxxxpredictive
170Argumentxxxxxxxxxxxxxxxxxxxxxxxpredictive
171Argumentxxxxxpredictive
172Argumentxxxxxxxpredictive
173Argumentxxxxpredictive
174Argumentxxxxxx_xxxxpredictive
175Argumentxxxxxxxxpredictive
176Argumentxxxxxxxpredictive
177Argumentxxxxxxxxxxxxxpredictive
178Argumentxxxxpredictive
179Argumentxxxxxxxx_xxxxxxxpredictive
180Argumentxxxxxxxxpredictive
181Argumentxxxxxxpredictive
182Argumentxxxxpredictive
183Argumentxxxxxx/xxxxxpredictive
184Argumentxxxxxxxx[]predictive
185Argumentxxxxxxxx[xxxx]predictive
186Argumentxxxxpredictive
187Argumentxxxx_xxxxpredictive
188Argumentxxxpredictive
189Argumentxxxxxxxxpredictive
190Argumentxxxxxxxxxpredictive
191Argumentxxxxxxpredictive
192Argumentxxxxx_xxxxxxpredictive
193Argumentxxx_xxxx[x][]predictive
194Argumentxxxxxxxx/xxxpredictive
195Argumentxxxxxpredictive
196Argumentxxxxxx[]predictive
197Argumentxxpredictive
198Argumentxxxxxxxxxxxxxpredictive
199Argumentxxxpredictive
200Argumentxxxxxxpredictive
201Argumentxxxxxxxxpredictive
202Argumentxxxxxxxxpredictive
203Argumentxxxxxxxx/xxxxxxxxpredictive
204Argumentxxxxxxxxxxxxxpredictive
205Argumentxxxxxpredictive
206Argumentxxxx->xxxxxxxpredictive
207Argument_xxxpredictive
208Argument_xxxxpredictive
209Argument_xxxxpredictive
210Input Value-xpredictive
211Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictive
212Input Value…/.predictive
213Pattern|xx|xx|xx|predictive
214Pattern|xx xx xx|predictive
215Network Portxxx xxxxxx xxxxpredictive

参考 (9)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!