BlueFox Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (118)

Tidslinje

Lang

en100
fr6
ru4
es4
it2

Land

us34
fr4
it2
es2
ru2

Skådespelare

BlueFox5
Cobalt Strike4
RedLine Stealer3
Vidar3
Amadey2

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined50
Content Management System12
Groupware Software4
Programming Language Software4
WordPress Plugin2

Säljare

Not Defined40
Microsoft6
Multishop2
Virtual Programming2
Synacor2

Produkt

Multishop CMS2
Microsoft Outlook2
MonsterInsights Plugin2
MLM Forced Matrix2
Pre Shopping Mall2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.98CVE-2014-2230
2Netjuke explore.php sql injektion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002870.00CVE-2007-4810
3Basti2web Book Panel books.php sql injektion7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.03CVE-2009-4889
4Tiki Admin Password tiki-login.php svag autentisering8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.79CVE-2020-15906
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.72
6ZyXEL NAS326/NAS540/NAS542 UDP Packet Format String9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004350.00CVE-2022-34747
7uTorrent minneskorruption7.37.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.125610.00CVE-2009-5134
8Brand039 MMSLamp default.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.001070.00CVE-2007-6575
9SMEWeb catalog.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002540.00CVE-2008-2644
10PhpMyFactures index.php sql injektion6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
11Gallarific PHP Photo Gallery script gallery.php sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001120.04CVE-2011-0519
12Php-shop-system Com Xobbix index.php sql injektion7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001220.00CVE-2010-5053
13Bitmain Antminer D3/Antminer L3+/Antminer S9 restore privilegier eskalering7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012520.03CVE-2018-11220
14Apertoblog categories.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.001020.00CVE-2008-5775
15UAEPD Shopping Cart Script products.php sql injektion7.37.1$0-$5k$0-$5kHighUnavailable0.004710.02CVE-2014-1618
16PHP-Fusion photogallery.php sql injektion7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2005-3160
17Dxproscripts DXShopCart product_detail.php sql injektion7.37.1$0-$5k$0-$5kHighUnavailable0.000640.02CVE-2008-4744
18Clip-bucket ClipBucket ITEM view_item.php sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003950.03CVE-2015-2102
19Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Version Data version.js informationsgivning5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000450.44CVE-2024-4022
20Grandstream HT800 TR-069 Service förnekande av tjänsten6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.007290.00CVE-2020-5761

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
131.41.244.152BlueFox28/11/2022verifiedHög
245.8.147.31vm792438.stark-industries.solutionsBlueFox28/11/2022verifiedHög
3XX.X.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxx28/11/2022verifiedHög
4XX.XXX.XXX.XXXxxx.xxxxxxxx.xxxxxx-xxx.xxXxxxxxx28/11/2022verifiedHög
5XX.XXX.XXX.XXxxxxxxxxxx-xxxxxxx.xxxx.xxxxxxxXxxxxxx28/11/2022verifiedHög
6XX.XXX.XX.XXxxxxxxxxxxx.xxXxxxxxx28/11/2022verifiedHög
7XX.XXX.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxx28/11/2022verifiedHög
8XXX.XXX.XXX.XXXXxxxxxx28/11/2022verifiedHög

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-73, CWE-119, CWE-121, CWE-122, CWE-134, CWE-287, CWE-306, CWE-404, CWE-416, CWE-610, CWE-824, CWE-835, CWE-908Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22Path TraversalpredictiveHög
3T1040CAPEC-114CWE-287, CWE-294Authentication Bypass by Capture-replaypredictiveHög
4TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx XxxxxxxxxpredictiveHög
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
11TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
12TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
13TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
14TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
15TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (106)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/forum/away.phppredictiveHög
2File/importexport.phppredictiveHög
3File/index.phppredictiveMedium
4File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHög
5File/version.jspredictiveMedium
6Fileadclick.phppredictiveMedium
7Fileaddtocart.asppredictiveHög
8Fileadmin/adm/test.phppredictiveHög
9Fileagora.cgipredictiveMedium
10Filebooks.phppredictiveMedium
11Filecat.asppredictiveLåg
12Filecatalog.phppredictiveMedium
13Filecategories.phppredictiveHög
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxx.xxxpredictiveMedium
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxx/xxx/xxx_xxxx.xpredictiveHög
20Filexxx.xxxpredictiveLåg
21Filexxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxxx.xxxpredictiveMedium
24Filexxx_xxxxxxx.xxxpredictiveHög
25Filexxxx/xxxxxxx.xxxpredictiveHög
26Filexxxxxxx\xxxxxxx\xxxxxxx_xxxxx.xxxpredictiveHög
27Filexxxxx.xxxpredictiveMedium
28Filexxxx.xxxpredictiveMedium
29Filexxxxxxxxxx.xxxpredictiveHög
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHög
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxx-xxxxxx.xxxpredictiveHög
34Filexxxx.xxxpredictiveMedium
35Filexxxx_xxxx.xxxpredictiveHög
36Filexxx_xxxx.xxxpredictiveMedium
37Filexxxxxxxx.xxxx/xxxx.xxxxpredictiveHög
38Filexxxxx.xxxpredictiveMedium
39Filexxxxx_xxxxxxxx_xxxxx.xxxpredictiveHög
40Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHög
41Filexxxx/xxxxx.xxxpredictiveHög
42Filexxxxxxxxxxxx.xxxpredictiveHög
43Filexxxxxxx.xxxpredictiveMedium
44Filexxxxx/xxxxxx/xxxxxxx/xxxxxx.xxxxpredictiveHög
45Filexxxxxxxx.xxxpredictiveMedium
46Filexxxxxxx_xxxxxx.xxxpredictiveHög
47Filexxxxxxx_xxxxxxx.xxxpredictiveHög
48Filexxxxxxx.xxxpredictiveMedium
49Filexxx.xxxpredictiveLåg
50Filexxxxxx_xxxxxxx.xxxpredictiveHög
51Filexxxx.xxxpredictiveMedium
52Filexxxxxxxxxxxx.xxxpredictiveHög
53Filexxxxxxxxxxxxxxx.xxxpredictiveHög
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxx-xxxxx.xxxpredictiveHög
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxxxxx.xxxpredictiveHög
58Filexxxx_xxxx.xxxpredictiveHög
59Library/_xxx_xxx/xxxxx.xxxpredictiveHög
60Libraryxx_xxx.xxxpredictiveMedium
61Libraryxxx.xxxpredictiveLåg
62Argumentxxxxxxx_xxxxxxpredictiveHög
63ArgumentxxxxxpredictiveLåg
64Argumentxxxxxxx_xxpredictiveMedium
65Argumentxx[]predictiveLåg
66ArgumentxxxxxxpredictiveLåg
67Argumentxxxx_xxpredictiveLåg
68ArgumentxxxpredictiveLåg
69Argumentxxxxxxxx_xxpredictiveMedium
70ArgumentxxxxxpredictiveLåg
71Argumentxxx_xxpredictiveLåg
72ArgumentxxxpredictiveLåg
73Argumentxxxxxx[xxxxxx_xxxx]predictiveHög
74Argumentxxxxxxx_xxpredictiveMedium
75ArgumentxxxxxxpredictiveLåg
76ArgumentxxxxpredictiveLåg
77ArgumentxxxxpredictiveLåg
78Argumentxx_xxpredictiveLåg
79ArgumentxxpredictiveLåg
80ArgumentxxxxxxxxxxxxxxxxpredictiveHög
81ArgumentxxxxxpredictiveLåg
82Argumentxx_xxxxpredictiveLåg
83Argumentxx_xxxxpredictiveLåg
84Argumentxxx_xxxpredictiveLåg
85ArgumentxxxxpredictiveLåg
86ArgumentxxxxxxpredictiveLåg
87ArgumentxxxxxxxxpredictiveMedium
88Argumentxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxx/xxxxpredictiveHög
89ArgumentxxxxxpredictiveLåg
90Argumentxxx_xpredictiveLåg
91ArgumentxxxpredictiveLåg
92Argumentxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHög
93ArgumentxxxxxxpredictiveLåg
94ArgumentxxxxxxxpredictiveLåg
95ArgumentxxxxxxxxxxxpredictiveMedium
96ArgumentxxxxxxpredictiveLåg
97ArgumentxxxxxpredictiveLåg
98ArgumentxxxxxxxxxpredictiveMedium
99ArgumentxxxpredictiveLåg
100ArgumentxxxxxxxpredictiveLåg
101ArgumentxxxxxxpredictiveLåg
102Argument\xxxxxx\predictiveMedium
103Input Valuexxxxxxxxx--><xxxxxx%xx>xxxxx(xxxx)</xxxxxx><!--predictiveHög
104Patternxxxxxxxx-xxx-xxx|xx|predictiveHög
105Network PortxxxxxpredictiveLåg
106Network Portxxx/xxxx (xxx)predictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Interested in the pricing of exploits?

See the underground prices here!