BlueNoroff Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Lang

en	58
de	4
zh	4
ja	2

Land

us	56
vn	6
jp	4

Skådespelare

BlueNoroff	4
IcedID	2
RecordBreaker	2
BumbleBee	2
BlackCat	1

Intressera

Typ

Not Defined	28
Operating System	6
Content Management System	4
Web Server	4
Groupware Software	2

Säljare

Not Defined	12
Microsoft	6
Apache	4
Cisco	4
Hitachi	2

Produkt

Microsoft Windows	4
Hitachi Vantara Pentaho Business Analytics Server	2
Synacor Zimbra Collaboration	2
CPG-Nuke Dragonfly CMS	2
DZCP deV!L`z Clanportal	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Microsoft Windows Domain Name Service Privilege Escalation	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.02058	0.00	CVE-2023-28223
3	HTTP/2 Stream Rapid Reset förnekande av tjänsten	6.4	6.3	$0-$5k	$0-$5k	High	Official Fix	0.73226	0.02	CVE-2023-44487
4	Apache James Server privilegier eskalering	8.1	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.78935	0.03	CVE-2015-7611
5	Frappe Framework sql injektion	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00274	0.02	CVE-2019-14966
6	Alt-N MDaemon Worldclient privilegier eskalering	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00090	0.06	CVE-2021-27182
7	Ivanti Endpoint Manager Mobile svag autentisering	9.9	9.7	$0-$5k	$0-$5k	High	Official Fix	0.96584	0.00	CVE-2023-35078
8	Hitachi Vantara Pentaho Business Analytics Server Data Lineage svag kryptering	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00145	0.00	CVE-2021-45447
9	Oracle Application Server sql injektion	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00322	0.04	CVE-2007-0286
10	Live555 Streaming Media parseRTSPRequestString Remote Code Execution	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.87706	0.00	CVE-2013-6934
11	Oracle Solaris Utility Local Privilege Escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.05	CVE-2023-21985
12	Appindex MWChat start_lobby.php privilegier eskalering	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01895	0.00	CVE-2005-1869
13	Coinsoft Technologies phpCOIN db.php kataloggenomgång	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03877	0.02	CVE-2005-4212
14	Damien Benier MyAlbum language.inc.php privilegier eskalering	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.09238	0.03	CVE-2006-5865
15	SourceCodester Grade Point Average GPA Calculator index.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00062	0.00	CVE-2023-1743
16	SourceCodester Grade Point Average GPA Calculator index.php informationsgivning	5.4	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00097	0.07	CVE-2023-1769
17	OpenResty API ngx_http_lua_subrequest.c privilegier eskalering	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00580	0.00	CVE-2020-11724
18	OpenResty ngx.req.get_post_args sql injektion	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00637	0.04	CVE-2018-9230
19	Netgate pf Sense ACME Package acme_certificate_edit.php cross site scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00085	0.00	CVE-2020-21219
20	Microsoft IIS IP/Domain Restriction privilegier eskalering	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.48	CVE-2014-4078

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	45.238.25.2	ip-45-238-25-2.interlink.com.br	BlueNoroff	22/03/2022	verified	Hög
2	104.168.174.80	client-104-168-174-80.hostwindsdns.com	BlueNoroff	05/01/2023	verified	Hög
3	XXX.XXX.XXX.XX	xxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxxxxxx	05/01/2023	verified	Hög
4	XXX.XX.XXX.XXX		Xxxxxxxxxx	22/03/2022	verified	Hög
5	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	05/01/2023	verified	Hög
6	XXX.XX.XXX.XX		Xxxxxxxxxx	05/01/2023	verified	Hög
7	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	05/01/2023	verified	Hög
8	XXX.XX.XX.XX		Xxxxxxxxxx	22/03/2022	verified	Hög
9	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxx.xxxx.xx	Xxxxxxxxxx	05/01/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Hög
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	Hög
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Hög
4	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
5	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
11	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/mgmt/tm/util/bash	predictive	Hög
2	File	14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi	predictive	Hög
3	File	acme_certificate_edit.php	predictive	Hög
4	File	auth.php	predictive	Medium
5	File	books.php	predictive	Medium
6	File	class_gw_2checkout.php	predictive	Hög
7	File	xxxx_xxxxxxxx/xx.xxx	predictive	Hög
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Hög
9	File	xxxxxxxxxxxx.xxx	predictive	Hög
10	File	xxx/xxxxxx.xxx	predictive	Hög
11	File	xxxxx.xxx	predictive	Medium
12	File	xxxxxxx.xxx	predictive	Medium
13	File	xxxxxxxx.xxx.xxx	predictive	Hög
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	Hög
15	File	xxxxxxx.xxx	predictive	Medium
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Hög
18	File	xxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xx	predictive	Hög
19	File	xxxxxxxx.xxx	predictive	Medium
20	File	xxxxx_xxxxx.xxx	predictive	Hög
21	File	xxxx_x_xxxxxx.xxx.xxx	predictive	Hög
22	File	xxxxxx.xxx	predictive	Medium
23	Library	xxxxxx[xxxxxx_xxxx	predictive	Hög
24	Argument	xxx_xxxx	predictive	Medium
25	Argument	xxxxxxxx	predictive	Medium
26	Argument	xxxxxx	predictive	Låg
27	Argument	xxx	predictive	Låg
28	Argument	xxxxxx[xxxxxx_xxxx]	predictive	Hög
29	Argument	xxxxxxxx	predictive	Medium
30	Argument	xx	predictive	Låg
31	Argument	xxxxxxxxxxx	predictive	Medium
32	Argument	xxxxxxx_xxx	predictive	Medium
33	Argument	xxxxx_xxx	predictive	Medium
34	Argument	xxxx	predictive	Låg
35	Argument	xxxxxxxx	predictive	Medium
36	Argument	xxxx	predictive	Låg
37	Argument	xxxxxxxxxx	predictive	Medium
38	Argument	xxxxxx_xxxx	predictive	Medium
39	Argument	_xxxx[_xxx_xxxx_xxxx	predictive	Hög
40	Input Value	xxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxx	predictive	Hög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!