BlueNoroff Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Язык

en	60
zh	4
de	2
ru	2

Страна

us	54
vn	6
jp	4
de	2
br	2

Акторы

BlueNoroff	5
IcedID	2
RecordBreaker	2
BumbleBee	2
Purple Fox	1

Интерес

Тип

Not Defined	34
Forum Software	4
Survey Software	4
Operating System	2
Chat Software	2

Поставщик

Not Defined	24
Netgate	2
Thomas R. Pasawicz	2
Plohni	2
Microsoft	2

Продукт

LimeSurvey	4
Netgate pf Sense	2
CS-Cart	2
Thomas R. Pasawicz HyperBook Guestbook	2
MRTG	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Microsoft Windows Domain Name Service Privilege Escalation	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.01058	CVE-2023-28223
3	HTTP/2 Stream Rapid Reset отказ в обслуживании	6.4	6.3	$0-$5k	$0-$5k	High	Official Fix	0.03	0.70585	CVE-2023-44487
4	Apache James Server эскалация привилегий	8.1	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.78935	CVE-2015-7611
5	Frappe Framework sql-инъекция	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00274	CVE-2019-14966
6	Alt-N MDaemon Worldclient эскалация привилегий	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.00090	CVE-2021-27182
7	Ivanti Endpoint Manager Mobile слабая аутентификация	9.9	9.7	$0-$5k	$0-$5k	High	Official Fix	0.00	0.96231	CVE-2023-35078
8	Hitachi Vantara Pentaho Business Analytics Server Data Lineage слабое шифрование	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00135	CVE-2021-45447
9	Oracle Application Server sql-инъекция	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00322	CVE-2007-0286
10	Live555 Streaming Media parseRTSPRequestString Remote Code Execution	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.87706	CVE-2013-6934
11	Oracle Solaris Utility Local Privilege Escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.05	0.00043	CVE-2023-21985
12	Appindex MWChat start_lobby.php эскалация привилегий	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.01895	CVE-2005-1869
13	Coinsoft Technologies phpCOIN db.php обход каталога	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.03877	CVE-2005-4212
14	Damien Benier MyAlbum language.inc.php эскалация привилегий	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.03	0.09238	CVE-2006-5865
15	SourceCodester Grade Point Average GPA Calculator index.php межсайтовый скриптинг	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.20	0.00062	CVE-2023-1743
16	SourceCodester Grade Point Average GPA Calculator index.php раскрытие информации	5.4	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.20	0.00097	CVE-2023-1769
17	OpenResty API ngx_http_lua_subrequest.c эскалация привилегий	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00580	CVE-2020-11724
18	OpenResty ngx.req.get_post_args sql-инъекция	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00637	CVE-2018-9230
19	Netgate pf Sense ACME Package acme_certificate_edit.php межсайтовый скриптинг	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00085	CVE-2020-21219
20	Microsoft IIS IP/Domain Restriction эскалация привилегий	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00	0.00817	CVE-2014-4078

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	45.238.25.2	ip-45-238-25-2.interlink.com.br	BlueNoroff	22.03.2022	verified	Высокий
2	104.168.174.80	client-104-168-174-80.hostwindsdns.com	BlueNoroff	05.01.2023	verified	Высокий
3	XXX.XXX.XXX.XX	xxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxxxxxx	05.01.2023	verified	Высокий
4	XXX.XX.XXX.XXX		Xxxxxxxxxx	22.03.2022	verified	Высокий
5	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	05.01.2023	verified	Высокий
6	XXX.XX.XXX.XX		Xxxxxxxxxx	05.01.2023	verified	Высокий
7	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	05.01.2023	verified	Высокий
8	XXX.XX.XX.XX		Xxxxxxxxxx	22.03.2022	verified	Высокий
9	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxx.xxxx.xx	Xxxxxxxxxx	05.01.2023	verified	Высокий

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-21, CWE-22	Path Traversal	predictive	Высокий
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Высокий
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
4	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/mgmt/tm/util/bash	predictive	Высокий
2	File	14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi	predictive	Высокий
3	File	acme_certificate_edit.php	predictive	Высокий
4	File	auth.php	predictive	Средний
5	File	books.php	predictive	Средний
6	File	class_gw_2checkout.php	predictive	Высокий
7	File	xxxx_xxxxxxxx/xx.xxx	predictive	Высокий
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Высокий
9	File	xxxxxxxxxxxx.xxx	predictive	Высокий
10	File	xxx/xxxxxx.xxx	predictive	Высокий
11	File	xxxxx.xxx	predictive	Средний
12	File	xxxxxxx.xxx	predictive	Средний
13	File	xxxxxxxx.xxx.xxx	predictive	Высокий
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	Высокий
15	File	xxxxxxx.xxx	predictive	Средний
16	File	xxxxx.xxx	predictive	Средний
17	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Высокий
18	File	xxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xx	predictive	Высокий
19	File	xxxxxxxx.xxx	predictive	Средний
20	File	xxxxx_xxxxx.xxx	predictive	Высокий
21	File	xxxx_x_xxxxxx.xxx.xxx	predictive	Высокий
22	File	xxxxxx.xxx	predictive	Средний
23	Library	xxxxxx[xxxxxx_xxxx	predictive	Высокий
24	Argument	xxx_xxxx	predictive	Средний
25	Argument	xxxxxxxx	predictive	Средний
26	Argument	xxxxxx	predictive	Низкий
27	Argument	xxx	predictive	Низкий
28	Argument	xxxxxx[xxxxxx_xxxx]	predictive	Высокий
29	Argument	xxxxxxxx	predictive	Средний
30	Argument	xx	predictive	Низкий
31	Argument	xxxxxxxxxxx	predictive	Средний
32	Argument	xxxxxxx_xxx	predictive	Средний
33	Argument	xxxxx_xxx	predictive	Средний
34	Argument	xxxx	predictive	Низкий
35	Argument	xxxxxxxx	predictive	Средний
36	Argument	xxxx	predictive	Низкий
37	Argument	xxxxxxxxxx	predictive	Средний
38	Argument	xxxxxx_xxxx	predictive	Средний
39	Argument	_xxxx[_xxx_xxxx_xxxx	predictive	Высокий
40	Input Value	xxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxx	predictive	Высокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!