BlackTechq Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (249)

Tidslinje

Lang

en182
zh46
ja10
de10
es2

Land

us144
cn98
gb2

Skådespelare

BlackTech3
BlackTechq2
Mofang1
TrickBot1
MsraMiner1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined64
Operating System14
Firewall Software12
Content Management System12
Mail Client Software6

Säljare

Not Defined58
Linux12
Palo Alto10
Apache10
Apple6

Produkt

Linux Kernel12
Palo Alto PAN-OS10
Apple iOS4
Oracle WebLogic Server4
ONLYOFFICE Document Server4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25kBeräknandeHighWorkaround0.020160.02CVE-2007-1192
2Responsive FileManager ajax_calls.php privilegier eskalering8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004820.00CVE-2020-10567
3PAN-OS svag autentisering7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003680.04CVE-2019-1572
4Expinion.net News Manager Lite comment_add.asp cross site scripting4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.006070.02CVE-2004-1845
5Horde Groupware privilegier eskalering7.37.3$0-$5k$0-$5kHighNot Defined0.882530.00CVE-2012-0209
6RoundCube Webmail rcube_plugin_api.php kataloggenomgång8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
7Softnext SPAM SQR privilegier eskalering7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.05CVE-2023-24835
8JDOM SAXBuilder förnekande av tjänsten3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004800.00CVE-2021-33813
9Cacti graph_view.php sql injektion8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.201520.02CVE-2023-39361
10OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment förnekande av tjänsten5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.07CVE-2023-2617
11Apple iOS/iPadOS GPU Drivers minneskorruption4.44.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000570.04CVE-2022-46702
12Palo Alto PAN-OS Web Interface svag autentisering6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001910.03CVE-2022-0030
13Genivia gSOAP XML Document soap_get minneskorruption6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.225760.00CVE-2017-9765
14Diffie-Hellman Key Agreement Protocol Public Key förnekande av tjänsten3.73.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.010460.00CVE-2002-20001
15MediaWiki File Download api.php Reflected privilegier eskalering7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006850.03CVE-2017-8809
16Apache Dubbo Tag Routing Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002970.00CVE-2021-30180
17Palo Alto PAN-OS svag kryptering5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2020-2013
18Palo Alto PAN-OS Maintenance Mode förnekande av tjänsten6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2020-2041
19RoundCube Contact Photo photo.inc Absolute kataloggenomgång6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.04CVE-2015-8794
20phpMyAdmin Designer sql injektion8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001640.03CVE-2019-6798

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.32.23.14045.32.23.140.vultrusercontent.comBlackTechq16/02/2024verifiedHög
2XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx16/02/2024verifiedHög
3XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx16/02/2024verifiedHög
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx16/02/2024verifiedHög
5XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx16/02/2024verifiedHög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHög
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHög
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHög
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHög
13TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHög
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/administration/theme.phppredictiveHög
2File/assets/something/services/AppModule.classpredictiveHög
3File/cgi-mod/lookup.cgipredictiveHög
4File/orrs/admin/reservations/view_details.phppredictiveHög
5File/servicespredictiveMedium
6File/uploadpredictiveLåg
7Fileadditem.asppredictiveMedium
8Fileagora.cgipredictiveMedium
9Fileajax_calls.phppredictiveHög
10Fileapi.phppredictiveLåg
11Fileapplication\api\controller\User.phppredictiveHög
12Filearch/arm/kernel/perf_event.cpredictiveHög
13Filexxxxxx.xpredictiveMedium
14Filexxxxxx.xxxxpredictiveMedium
15Filexxxxx_xxxxxxxx.xpredictiveHög
16Filexxxxxxx_xxx.xxxpredictiveHög
17Filexxxxxxxxxx.xxxpredictiveHög
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
19Filexxxxxxxxx.xxxpredictiveHög
20Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictiveHög
21Filexxxxx.xxxpredictiveMedium
22Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHög
23Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHög
24Filexx/xxxxxx_xxx.xpredictiveHög
25Filexx/xxxx/xxx.xpredictiveHög
26Filexxxx.xxxpredictiveMedium
27Filexxxxx_xxxx.xxxpredictiveHög
28Filexxxxxx.xxxpredictiveMedium
29Filexxx/xxxxxx.xxxpredictiveHög
30Filexxxxxxx_xx.xxxpredictiveHög
31Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveHög
32Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHög
33Filexxxxx.xxxpredictiveMedium
34Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveHög
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxx_xxxx.xxxpredictiveHög
37Filexxxxxxx/xxxx.xxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHög
38Filexxxxxxx/xxxx/xxxxxxx.xxxpredictiveHög
39Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHög
40Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHög
41Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHög
42Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHög
43Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveHög
44Filexxxxx_xxxxxx_xxx.xxxpredictiveHög
45Filexxxxx.xxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxxxxxxxxxx.xxxpredictiveHög
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxxxxxx.xxxpredictiveHög
51Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHög
52Filexxxxx.xxxpredictiveMedium
53Filexxxx.xxxpredictiveMedium
54Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHög
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxxxx.xxxpredictiveMedium
57Filexxx.xxxpredictiveLåg
58Filexxxxxx/xxxxx/xxxx_xxx.xxxpredictiveHög
59Filexxxxxxx.xxxpredictiveMedium
60Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHög
61Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHög
62Library/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxxx.xxxpredictiveHög
63Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxx.xxxpredictiveHög
64Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictiveHög
65Libraryxxxx/xxxxxxx.xpredictiveHög
66Libraryxxxxxxx.xxxpredictiveMedium
67Argument-xpredictiveLåg
68ArgumentxxxxxxpredictiveLåg
69ArgumentxxxxxxxxpredictiveMedium
70Argumentxxxx_xxpredictiveLåg
71ArgumentxxxxxxxpredictiveLåg
72ArgumentxxxxxpredictiveLåg
73Argumentxx-xxxxx-xxxxxxpredictiveHög
74Argumentxxxx_xxxxxpredictiveMedium
75ArgumentxxpredictiveLåg
76ArgumentxxxxxxxxxxpredictiveMedium
77Argumentxxxxxxxx_xxxxxxxx_xpredictiveHög
78Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHög
79ArgumentxxxxxxxxxpredictiveMedium
80ArgumentxxpredictiveLåg
81ArgumentxxxxxxxxxxpredictiveMedium
82Argumentxxxxxx xxxxxpredictiveMedium
83ArgumentxxxxxxxpredictiveLåg
84ArgumentxxxxpredictiveLåg
85ArgumentxxxxpredictiveLåg
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxpredictiveLåg
88ArgumentxxxxxxxxxxxxxpredictiveHög
89ArgumentxxxxpredictiveLåg
90ArgumentxxxxxxxxxpredictiveMedium
91ArgumentxxxxxxpredictiveLåg
92Argumentxxxxx_xxxxxxpredictiveMedium
93ArgumentxxxpredictiveLåg
94ArgumentxxxxxxpredictiveLåg
95ArgumentxxxxxxxxpredictiveMedium
96Argumentxxxxxxxx/xxxxxxxxpredictiveHög
97Argumentxxxx->xxxxxxxpredictiveHög
98Argument_xxxpredictiveLåg
99Argument_xxxxpredictiveLåg
100Argument_xxxxpredictiveLåg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Might our Artificial Intelligence support you?

Check our Alexa App!