BlackNet Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (34)

Oś czasu

Język

en28
ru6

Kraj

us20
nl2

Aktorzy

BlackNet2
Cobalt Strike2
Mirai2
FTP Info Stealer1
BumbleBee1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined20
Content Management System4
WordPress Plugin4
Operating System2
Programming Language Software2

Sprzedawca

Not Defined10
Asus4
Dream42
Telesquare2
SialWeb2

Produkt

Asus RT-AC86U4
Dream4 Koobi CMS2
Telesquare SDT-CS3B12
Telesquare SDT-CW3B12
SialWeb CMS2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2Linux Kernel BlueZ jlink.c jlink_init denial of service3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00043CVE-2022-3637
3Tiki Admin Password tiki-login.php weak authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix5.570.00936CVE-2020-15906
4Asus RT-AC86U Web URL privilege escalation8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00076CVE-2023-28702
5Asus RT-AC86U LPD Service privilege escalation8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.030.00049CVE-2022-25597
6Asus RT-AC56U memory corruption8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.070.00073CVE-2022-25596
7Asus RT-AX56U V2/RT-AC86U cm_processChangedConfigMsg Format String9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00330CVE-2023-35087
8lighttpd mod_alias_physical_handler mod_alias.c directory traversal7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00493CVE-2018-19052
9Phpsugar PHP Melody Cookie watch.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00156CVE-2017-15579
10PDF24 Article To PDF Plugin cross site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00062CVE-2022-1827
11medoo columnQuote sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00146CVE-2019-10762
12Privoxy Template Name cgi_error_no_template cross site scripting3.53.4$0-$5kObliczenieNot DefinedOfficial Fix0.000.00078CVE-2021-44543
13Telesquare SDT-CS3B1/SDT-CW3B1 Telnet Service weak authentication8.58.3$0-$5k$0-$5kNot DefinedWorkaround0.030.00939CVE-2018-12526
14Mods for HESK Time-Based sql injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00322CVE-2020-13993
15Linux Kernel hid-elo.c hid_parse denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00042CVE-2022-27950
16Linux Kernel load_elf_binary memory corruption8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00072CVE-2017-1000253
17Corero SecureWatch Managed Services HTTP API Endpoint get_snapshot directory traversal3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00088CVE-2021-38136
18Post Grid Plugin Slider Import Search cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00259CVE-2021-24488
19IBM i2 Analyze information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00076CVE-2021-29784
20Apple watchOS WebKit memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00425CVE-2021-30795

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
11.1.1.1one.one.one.oneBlackNet2021-07-18verifiedWysoki
2XX.XXX.XX.XXXxxxxxxx2021-07-18verifiedWysoki
3XX.XXX.X.XXXxxxxxxx2021-07-18verifiedWysoki
4XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxxxxx2021-07-18verifiedMedium
5XXX.XXX.XXX.XXXxxx.xxxx.xxXxxxxxxx2021-07-18verifiedWysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1059CWE-94Argument InjectionpredictiveWysoki
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
4TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
7TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/about.phppredictiveMedium
2File/it-IT/splunkd/__raw/services/get_snapshotpredictiveWysoki
3File/phpwcms/setup/setup.phppredictiveWysoki
4Filexxxxxxxx.xxxpredictiveMedium
5Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveWysoki
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
7Filexxxxxxx/xxx/xxx-xxx.xpredictiveWysoki
8Filexxxxx.xxxpredictiveMedium
9Filexxxx_xxxx.xxxpredictiveWysoki
10Filexxx_xxxxx.xpredictiveMedium
11Filexxxxxxx/xxxxx.xpredictiveWysoki
12Filexxxx-xxxxx.xxxpredictiveWysoki
13Filexxxxx.xxxpredictiveMedium
14Filexx-xxxxxxxxxxx.xxxpredictiveWysoki
15Argumentxx_xxxxx_xxx_xxxxpredictiveWysoki
16ArgumentxxxpredictiveNiski
17Argumentxxxx_xxpredictiveNiski
18ArgumentxxpredictiveNiski
19ArgumentxxxxxxxxxpredictiveMedium
20ArgumentxxxxxpredictiveNiski
21Argumentxxxx_xxxxpredictiveMedium
22ArgumentxxxxpredictiveNiski
23ArgumentxxxpredictiveNiski
24Input Value../predictiveNiski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Want to stay up to date on a daily basis?

Enable the mail alert feature now!