BlackNET RAT Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (118)

Lang

en	68
fr	20
ru	20
zh	4
de	2

Land

us	68
tt	8
ru	6
de	2
fr	2

Skådespelare

BlackNET RAT	6
Mirai	6
RedLine Stealer	4
Bashlite	3
Cobalt Strike	3

Intressera

Typ

Not Defined	34
Operating System	16
Programming Language Software	10
Chip Software	6
WordPress Plugin	4

Säljare

Not Defined	24
Microsoft	8
Qualcomm	6
Apple	4
Omron	4

Produkt

Microsoft Windows	6
Qualcomm Snapdragon Auto	6
Qualcomm Snapdragon Compute	6
Qualcomm Snapdragon Consumer IOT	6
Qualcomm Snapdragon Industrial IOT	6

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	Beräknande	High	Workaround	0.02016	0.00	CVE-2007-1192
2	LS Electric PLC/XG5000 svag kryptering	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00144	0.00	CVE-2022-2758
3	Omron PLC CJ/PLC CS svag autentisering	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00133	0.04	CVE-2019-13533
4	Omron CX-Position Project File minneskorruption	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00099	0.00	CVE-2022-26417
5	Microsoft Windows Remote Procedure Call Runtime Remote Code Execution	9.8	8.9	$100k och mer	$5k-$25k	Unproven	Official Fix	0.01558	0.00	CVE-2022-26809
6	Turuncu Portal h_goster.asp sql injektion	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00354	0.04	CVE-2007-1022
7	Microsoft Windows IKE Protocol Extension Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01093	0.04	CVE-2022-34721
8	RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting	3.5	3.4	$0-$5k	$0-$5k	High	Official Fix	0.00612	0.04	CVE-2020-35730
9	jforum User privilegier eskalering	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.04	CVE-2019-7550
10	KoschtIT KoschtIT Image Gallery ki_makepic.php kataloggenomgång	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01118	0.03	CVE-2009-1510
11	SourceCodester Library Management System bookdetails.php sql injektion	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00322	0.24	CVE-2022-2214
12	D-Link DIR-816 A2 Web Interface setDeviceSettings privilegier eskalering	6.4	6.3	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00067	0.00	CVE-2024-0921
13	Nsasoft Network Sleuth Registration förnekande av tjänsten	4.0	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.00	CVE-2024-1184
14	Turbotraffictrader Php ttt-webmaster.php cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00923	0.00	CVE-2004-2191
15	Webfroot ShoutBox CGI Suite privilegier eskalering	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
16	Siemens SICAM PQ Analyzer Registry privilegier eskalering	3.5	3.4	$5k-$25k	Beräknande	Not Defined	Official Fix	0.00081	0.00	CVE-2021-45460
17	Astaro Security Gateway pfilter-reporter.pl förnekande av tjänsten	7.5	6.5	$0-$5k	$0-$5k	Unproven	Official Fix	0.10324	0.00	CVE-2007-4243
18	Dell Rugged Control Center Service Endpoint privilegier eskalering	7.8	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-34443
19	Minecraft Servers List install.php privilegier eskalering	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00639	0.00	CVE-2018-5749
20	Epic Games Psyonix Rocket League UPK Object minneskorruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00300	0.00	CVE-2021-32238

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	2.57.19.173		BlackNET RAT	17/10/2023	verified	Hög
2	20.163.158.142		BlackNET RAT	06/11/2023	verified	Hög
3	34.172.89.75	75.89.172.34.bc.googleusercontent.com	BlackNET RAT	04/03/2024	verified	Medium
4	XX.XXX.X.XX		Xxxxxxxx Xxx	25/03/2021	verified	Hög
5	XX.XX.XXX.XX	xx.xxx	Xxxxxxxx Xxx	30/12/2022	verified	Hög
6	XX.XX.XXX.XXX		Xxxxxxxx Xxx	27/02/2024	verified	Hög
7	XXX.XX.XXX.XXX		Xxxxxxxx Xxx	28/12/2023	verified	Hög
8	XXX.XX.XXX.XXX		Xxxxxxxx Xxx	17/10/2023	verified	Hög
9	XXX.XX.XXX.XXX	xxxx-xxxxxxx.xxx	Xxxxxxxx Xxx	16/04/2023	verified	Hög
10	XXX.XXX.XX.XXX		Xxxxxxxx Xxx	07/02/2024	verified	Hög
11	XXX.XXX.XX.XXX		Xxxxxxxx Xxx	27/01/2024	verified	Hög
12	XXX.XXX.XX.XXX		Xxxxxxxx Xxx	26/01/2024	verified	Hög

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
2	T1040	CAPEC-102	CWE-294, CWE-319	Authentication Bypass by Capture-replay	predictive	Hög
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Hög
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
10	TXXXX.XXX	CAPEC-	CWE-XXX	Xxxxxxxx Xxxxxx Xxxx	predictive	Hög
11	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-112	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/goform/setDeviceSettings	predictive	Hög
2	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	Hög
3	File	/librarian/bookdetails.php	predictive	Hög
4	File	/phpwcms/setup/setup.php	predictive	Hög
5	File	/usr/bin/at	predictive	Medium
6	File	/vendor/htmlawed/htmlawed/htmLawedTest.php	predictive	Hög
7	File	/xxxx/?xxxx=xxxxxx_xxxxxxx	predictive	Hög
8	File	xxxxxxx.xxx	predictive	Medium
9	File	xxx:.xxx	predictive	Medium
10	File	xxxxxxxx.xxx	predictive	Medium
11	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
12	File	x_xxxxxx.xxx	predictive	Medium
13	File	xxxxxxx.xxx	predictive	Medium
14	File	xxxxxx/xxxxxxxxxx.x	predictive	Hög
15	File	xx_xxxxxxx.xxx	predictive	Hög
16	File	xxxxxxx-xxxxxxxx.xx	predictive	Hög
17	File	xxxxx_xxxxxx_xxx.xxx	predictive	Hög
18	File	xxxxx_xxxxxx_xxxxxxxx.xxx	predictive	Hög
19	File	xxxxxxxxxx.xxx	predictive	Hög
20	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Hög
21	File	xxxxxx.xxx	predictive	Medium
22	File	xxx-xxxxxxxxx.xxx	predictive	Hög
23	File	xxxxxxx.xxx	predictive	Medium
24	File	xxxxxx.xxx	predictive	Medium
25	File	xx-xxxxxxxxxxx.xxx	predictive	Hög
26	Library	xxxxxxx/xxxxxxxx/	predictive	Hög
27	Argument	xxx	predictive	Låg
28	Argument	xxx	predictive	Låg
29	Argument	xxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxx	predictive	Hög
30	Argument	xxxx	predictive	Låg
31	Argument	xxxx	predictive	Låg
32	Argument	xx	predictive	Låg
33	Argument	xx	predictive	Låg
34	Argument	xxxxxxxxx	predictive	Medium
35	Argument	xxxxxx xxxxxxxxxxx	predictive	Hög
36	Argument	xxxxx	predictive	Låg
37	Argument	xxxxxx	predictive	Låg
38	Argument	xxxxxx/xxxxxx_xxxxxx	predictive	Hög
39	Argument	xxxx_xxxx	predictive	Medium
40	Argument	xxxxxxxxxxxxxxxxxxxx	predictive	Hög
41	Argument	xxxxx	predictive	Låg
42	Argument	x_xxxx_xx	predictive	Medium
43	Argument	xxx	predictive	Låg
44	Argument	xxx	predictive	Låg
45	Argument	xxx	predictive	Låg
46	Input Value	' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	Hög
47	Input Value	-x	predictive	Låg

Referenser (13)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!