BlackTechq 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (249)

タイムライン

言語

en170
zh64
de10
ja6

国・地域

us126
cn118
gb2

アクター

BlackTech3
BlackTechq2
Cobalt Strike1
Havoc1
Mofang1

アクティビティ

関心

タイムライン

タイプ

Not Defined66
Content Management System12
Operating System10
Mail Client Software10
Firewall Software10

ベンダー

Not Defined74
Apple8
Palo Alto6
OpenCV4
D-Link4

製品

RoundCube6
MediaWiki6
Palo Alto PAN-OS6
Apple iOS4
OpenCV wechat_qrcode Module4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2Responsive FileManager ajax_calls.php 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004820.00CVE-2020-10567
3PAN-OS 弱い認証7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003680.04CVE-2019-1572
4Expinion.net News Manager Lite comment_add.asp クロスサイトスクリプティング4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.006070.00CVE-2004-1845
5Horde Groupware 特権昇格7.37.3$0-$5k$0-$5kHighNot Defined0.893240.05CVE-2012-0209
6RoundCube Webmail rcube_plugin_api.php ディレクトリトラバーサル8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.04CVE-2020-12640
7Softnext SPAM SQR 特権昇格7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.03CVE-2023-24835
8JDOM SAXBuilder サービス拒否3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004800.00CVE-2021-33813
9Cacti graph_view.php SQLインジェクション8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.233000.02CVE-2023-39361
10OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment サービス拒否5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001490.07CVE-2023-2617
11Apple iOS/iPadOS GPU Drivers メモリ破損4.44.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000570.04CVE-2022-46702
12Palo Alto PAN-OS Web Interface 弱い認証6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.00CVE-2022-0030
13Genivia gSOAP XML Document soap_get メモリ破損6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.225760.03CVE-2017-9765
14Diffie-Hellman Key Agreement Protocol Public Key サービス拒否3.73.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.010460.00CVE-2002-20001
15MediaWiki File Download api.php Reflected 特権昇格7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006850.03CVE-2017-8809
16Apache Dubbo Tag Routing Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002970.00CVE-2021-30180
17Palo Alto PAN-OS 弱い暗号化5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2020-2013
18Palo Alto PAN-OS Maintenance Mode サービス拒否6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2020-2041
19RoundCube Contact Photo photo.inc Absolute ディレクトリトラバーサル6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.00CVE-2015-8794
20phpMyAdmin Designer SQLインジェクション8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001640.03CVE-2019-6798

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.32.23.14045.32.23.140.vultrusercontent.comBlackTechq2024年02月16日verified
2XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2024年02月16日verified
3XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2024年02月16日verified
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2024年02月16日verified
5XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2024年02月16日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/administration/theme.phppredictive
2File/assets/something/services/AppModule.classpredictive
3File/cgi-mod/lookup.cgipredictive
4File/orrs/admin/reservations/view_details.phppredictive
5File/servicespredictive
6File/uploadpredictive
7Fileadditem.asppredictive
8Fileagora.cgipredictive
9Fileajax_calls.phppredictive
10Fileapi.phppredictive
11Fileapplication\api\controller\User.phppredictive
12Filearch/arm/kernel/perf_event.cpredictive
13Filexxxxxx.xpredictive
14Filexxxxxx.xxxxpredictive
15Filexxxxx_xxxxxxxx.xpredictive
16Filexxxxxxx_xxx.xxxpredictive
17Filexxxxxxxxxx.xxxpredictive
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
19Filexxxxxxxxx.xxxpredictive
20Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictive
21Filexxxxx.xxxpredictive
22Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictive
23Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictive
24Filexx/xxxxxx_xxx.xpredictive
25Filexx/xxxx/xxx.xpredictive
26Filexxxx.xxxpredictive
27Filexxxxx_xxxx.xxxpredictive
28Filexxxxxx.xxxpredictive
29Filexxx/xxxxxx.xxxpredictive
30Filexxxxxxx_xx.xxxpredictive
31Filexxxxxx/xxxxx/xxxxxxxx.xpredictive
32Filexxxxxxxxx/xxxxxxxx.xxxpredictive
33Filexxxxx.xxxpredictive
34Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictive
35Filexxxxxxx.xxxpredictive
36Filexxxx_xxxx.xxxpredictive
37Filexxxxxxx/xxxx.xxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxpredictive
38Filexxxxxxx/xxxx/xxxxxxx.xxxpredictive
39Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictive
40Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictive
41Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictive
42Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
43Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictive
44Filexxxxx_xxxxxx_xxx.xxxpredictive
45Filexxxxx.xxxpredictive
46Filexxxxx.xxxpredictive
47Filexxxxxxxx.xxxpredictive
48Filexxxxxxxxxxxxx.xxxpredictive
49Filexxxxxxx.xxxpredictive
50Filexxxxxxxxxxxxxxxx.xxxpredictive
51Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictive
52Filexxxxx.xxxpredictive
53Filexxxx.xxxpredictive
54Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
55Filexxxxxxxx.xxxpredictive
56Filexxxxxxx.xxxpredictive
57Filexxx.xxxpredictive
58Filexxxxxx/xxxxx/xxxx_xxx.xxxpredictive
59Filexxxxxxx.xxxpredictive
60Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictive
61Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
62Library/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxxx.xxxpredictive
63Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxx.xxxpredictive
64Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictive
65Libraryxxxx/xxxxxxx.xpredictive
66Libraryxxxxxxx.xxxpredictive
67Argument-xpredictive
68Argumentxxxxxxpredictive
69Argumentxxxxxxxxpredictive
70Argumentxxxx_xxpredictive
71Argumentxxxxxxxpredictive
72Argumentxxxxxpredictive
73Argumentxx-xxxxx-xxxxxxpredictive
74Argumentxxxx_xxxxxpredictive
75Argumentxxpredictive
76Argumentxxxxxxxxxxpredictive
77Argumentxxxxxxxx_xxxxxxxx_xpredictive
78Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictive
79Argumentxxxxxxxxxpredictive
80Argumentxxpredictive
81Argumentxxxxxxxxxxpredictive
82Argumentxxxxxx xxxxxpredictive
83Argumentxxxxxxxpredictive
84Argumentxxxxpredictive
85Argumentxxxxpredictive
86Argumentxxxxxxxxpredictive
87Argumentxxxxxxxpredictive
88Argumentxxxxxxxxxxxxxpredictive
89Argumentxxxxpredictive
90Argumentxxxxxxxxxpredictive
91Argumentxxxxxxpredictive
92Argumentxxxxx_xxxxxxpredictive
93Argumentxxxpredictive
94Argumentxxxxxxpredictive
95Argumentxxxxxxxxpredictive
96Argumentxxxxxxxx/xxxxxxxxpredictive
97Argumentxxxx->xxxxxxxpredictive
98Argument_xxxpredictive
99Argument_xxxxpredictive
100Argument_xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!