BlackNET RAT Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (120)

Oś czasu

Język

en68
ru24
fr6
pl6
es4

Kraj

us68
ru12
de6
tt2
sv2

Aktorzy

BlackNET RAT6
Mirai6
RedLine Stealer4
Cobalt Strike3
AsyncRAT3

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined48
Operating System8
Programming Language Software6
Virtualization Software2
SCADA Software2

Sprzedawca

Not Defined28
Apple6
Microsoft4
Cisco2
Thomas R. Pasawicz2

Produkt

Turuncu Portal2
Cisco Virtualization Experience Media Engine2
Thomas R. Pasawicz HyperBook Guestbook2
Tenda M32
Webfroot ShoutBox CGI Suite2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kObliczenieHighWorkaround0.020160.00CVE-2007-1192
2LS Electric PLC/XG5000 weak encryption5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001440.00CVE-2022-2758
3Omron PLC CJ/PLC CS weak authentication6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001330.04CVE-2019-13533
4Omron CX-Position Project File memory corruption7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.001020.00CVE-2022-26417
5Microsoft Windows Remote Procedure Call Runtime Remote Code Execution9.88.9$100k i więcej$5k-$25kUnprovenOfficial Fix0.022460.06CVE-2022-26809
6Turuncu Portal h_goster.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002490.00CVE-2007-1022
7Microsoft Windows IKE Protocol Extension Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.010930.04CVE-2022-34721
8RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.005330.06CVE-2020-35730
9jforum User privilege escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.03CVE-2019-7550
10phpx search.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.006900.00CVE-2007-1551
11SourceCodester Online Pizza Ordering System index.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.10CVE-2023-0883
12KoschtIT KoschtIT Image Gallery ki_makepic.php directory traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.011180.00CVE-2009-1510
13SourceCodester Library Management System bookdetails.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003220.05CVE-2022-2214
14D-Link DIR-816 A2 Web Interface setDeviceSettings privilege escalation6.46.3$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000670.08CVE-2024-0921
15Nsasoft Network Sleuth Registration denial of service4.03.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.10CVE-2024-1184
16Turbotraffictrader Php ttt-webmaster.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.009230.00CVE-2004-2191
17Webfroot ShoutBox CGI Suite privilege escalation7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
18Siemens SICAM PQ Analyzer Registry privilege escalation3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000810.00CVE-2021-45460
19Astaro Security Gateway pfilter-reporter.pl denial of service7.56.5$0-$5k$0-$5kUnprovenOfficial Fix0.103240.00CVE-2007-4243
20Dell Rugged Control Center Service Endpoint privilege escalation7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-34443

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
12.57.19.173BlackNET RAT2023-10-17verifiedWysoki
220.163.158.142BlackNET RAT2023-11-06verifiedWysoki
334.172.89.7575.89.172.34.bc.googleusercontent.comBlackNET RAT2024-03-04verifiedMedium
4XX.XXX.X.XXXxxxxxxx Xxx2021-03-25verifiedWysoki
5XX.XX.XXX.XXxx.xxxXxxxxxxx Xxx2022-12-30verifiedWysoki
6XX.XX.XXX.XXXXxxxxxxx Xxx2024-02-27verifiedWysoki
7XXX.XX.XXX.XXXXxxxxxxx Xxx2023-12-28verifiedWysoki
8XXX.XX.XXX.XXXXxxxxxxx Xxx2023-10-17verifiedWysoki
9XXX.XX.XXX.XXXxxxx-xxxxxxx.xxxXxxxxxxx Xxx2023-04-16verifiedWysoki
10XXX.XXX.XX.XXXXxxxxxxx Xxx2024-02-07verifiedWysoki
11XXX.XXX.XX.XXXXxxxxxxx Xxx2024-01-27verifiedWysoki
12XXX.XXX.XX.XXXXxxxxxxx Xxx2024-01-26verifiedWysoki

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CAPEC-126CWE-22Path TraversalpredictiveWysoki
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveWysoki
3T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveWysoki
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveWysoki
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
10TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveWysoki
11TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki
12TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (49)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/goform/setDeviceSettingspredictiveWysoki
2File/it-IT/splunkd/__raw/services/get_snapshotpredictiveWysoki
3File/librarian/bookdetails.phppredictiveWysoki
4File/php-opos/index.phppredictiveWysoki
5File/phpwcms/setup/setup.phppredictiveWysoki
6File/usr/bin/atpredictiveMedium
7File/xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveWysoki
8File/xxxx/?xxxx=xxxxxx_xxxxxxxpredictiveWysoki
9Filexxxxxxx.xxxpredictiveMedium
10Filexxx:.xxxpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveWysoki
13Filex_xxxxxx.xxxpredictiveMedium
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxxx/xxxxxxxxxx.xpredictiveWysoki
16Filexx_xxxxxxx.xxxpredictiveWysoki
17Filexxxxxxx-xxxxxxxx.xxpredictiveWysoki
18Filexxxxx_xxxxxx_xxx.xxxpredictiveWysoki
19Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveWysoki
20Filexxxxxxxxxx.xxxpredictiveWysoki
21Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveWysoki
22Filexxxxxx.xxxpredictiveMedium
23Filexxx-xxxxxxxxx.xxxpredictiveWysoki
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxx.xxxpredictiveMedium
26Filexx-xxxxxxxxxxx.xxxpredictiveWysoki
27Libraryxxxxxxx/xxxxxxxx/predictiveWysoki
28ArgumentxxxpredictiveNiski
29ArgumentxxxpredictiveNiski
30Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveWysoki
31ArgumentxxxxpredictiveNiski
32ArgumentxxxxpredictiveNiski
33ArgumentxxpredictiveNiski
34ArgumentxxpredictiveNiski
35ArgumentxxpredictiveNiski
36ArgumentxxxxxxxxxpredictiveMedium
37Argumentxxxxxx xxxxxxxxxxxpredictiveWysoki
38ArgumentxxxxxpredictiveNiski
39ArgumentxxxxxxpredictiveNiski
40Argumentxxxxxx/xxxxxx_xxxxxxpredictiveWysoki
41Argumentxxxx_xxxxpredictiveMedium
42ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveWysoki
43ArgumentxxxxxpredictiveNiski
44Argumentx_xxxx_xxpredictiveMedium
45ArgumentxxxpredictiveNiski
46ArgumentxxxpredictiveNiski
47ArgumentxxxpredictiveNiski
48Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveWysoki
49Input Value-xpredictiveNiski

Referencje (13)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Interested in the pricing of exploits?

See the underground prices here!