Blackwater 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (357)

时间轴

语言

en342
es6
de6
ja2
pl2

国家/地区

us140
gb34
es2
ca2

演员

Blackwater3
TrickBot1
Cobalt Strike1
AsyncRAT1

活动

利益

时间轴

类型

Not Defined182
Content Management System12
Router Operating System12
Operating System10
Multimedia Processing Software10

供应商

Not Defined72
SourceCodester58
Microsoft14
code-projects10
TOTOLINK6

产品

FFmpeg10
SourceCodester Employee Management System8
TOTOLINK EX1200L6
Microsoft Windows6
SourceCodester Inventory Management System4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1SourceCodester Petrol Pump Management Software login_crud.php SQL注入4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-2060
2SourceCodester Simple Book Catalog App Update Book Form 跨网站脚本4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.09CVE-2023-4847
3SourceCodester Resort Management System 跨网站脚本4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000500.14CVE-2023-3318
4SourceCodester Online Learning System V2 index.php 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.10CVE-2024-1970
5Infosoftbd Clcknshop GET Parameter all SQL注入7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000860.00CVE-2023-4708
6SourceCodester Take-Note App index.php 跨网站脚本4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.09CVE-2023-4864
7Infosoftbd Clcknshop all 跨网站脚本4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.10CVE-2023-4707
8TOTOLINK N200RE V5 Validity_check Format String8.88.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.001190.05CVE-2023-4746
9Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform importexport.php SQL注入7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000580.05CVE-2023-4745
10Ruijie RG-EW1200G login 弱身份验证7.87.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.004970.09CVE-2023-4415
11code-projects Agro-School Management System loaddata.php SQL注入7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.00CVE-2023-3310
12PuneethReddyHC Online Shopping System Advanced Admin Registration reg.php 弱身份验证8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000910.04CVE-2023-3337
13Tenda FH1202 setcfm formSetCfm 内存损坏8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-2984
14SourceCodester Simple Student Attendance System ?page=attendance&class_id=1 跨网站脚本3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.14CVE-2024-1834
15CodeAstro Simple Voting System Backend users.php 权限升级5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-1823
16SourceCodester Flashcard Quiz App update-flashcard.php 跨网站脚本3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-2072
17Hyper CdCatalog HCF File 拒绝服务3.33.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-1191
18SourceCodester Employee Management System Project Assignment Report assignp.php 跨网站脚本3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-1871
19SourceCodester Block Inserter for Dynamic Content view_post.php SQL注入6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-2073
20Totolink X6000R AX3000 shttpd cstecgi.cgi setWizardCfg 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.14CVE-2024-1781

活动 (1)

These are the campaigns that can be associated with the actor:

  • BlackWater

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
138.132.99.167Blackwater2019-05-21verified
2XX.XXX.X.XXXxxx-xxx-x-xxx.xxxx.xxxxxxxxxx.xx.xxXxxxxxxxxx2019-05-21verified
3XX.XX.XXX.XXXxxxxx.xx-xx-xx-xxx.xxXxxxxxxxxx2019-05-21verified
4XXX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxx2019-05-21verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-36Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
19TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
20TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (259)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File%PROGRAMFILES%\MyQ\PHP\Sessions\predictive
2File/.flatpak-infopredictive
3File/Account/login.phppredictive
4File/admin/predictive
5File/admin/app/login_crud.phppredictive
6File/admin/app/product.phppredictive
7File/admin/app/service_crud.phppredictive
8File/admin/category/view_category.phppredictive
9File/admin/edit.phppredictive
10File/admin/googleads.phppredictive
11File/admin/list_ipAddressPolicy.phppredictive
12File/admin/login.phppredictive
13File/Admin/login.phppredictive
14File/admin/pages/update_go.phppredictive
15File/admin/reg.phppredictive
16File/admin/renewaldue.phppredictive
17File/admin/search.phppredictive
18File/adminpanel/admin/query/deleteQuestionExe.phppredictive
19File/ajaxpredictive
20File/analysisProject/pagingQueryDatapredictive
21File/api/sys/loginpredictive
22File/app/ajax/search_sales_report.phppredictive
23File/app/middleware/TokenVerify.phppredictive
24File/application/index/controller/Databasesource.phppredictive
25File/application/index/controller/Screen.phppredictive
26File/bin/boapredictive
27File/booking/show_bookings/predictive
28File/cancel.phppredictive
29File/cgi-bin/adm.cgipredictive
30File/cgi-bin/cstecgi.cgipredictive
31File/xxx-xxx/xxxxxxx.xxx?xxxxxx=xxxxxpredictive
32File/xxxxxxx/xxxxx.xxx?x=xxxxpredictive
33File/xxxxxxxxxx/xxxpredictive
34File/xxxxxxxxx/xxx-xxxxxxxxx.xxxpredictive
35File/xxxxxxxpredictive
36File/xxxxx/xxxx-xxxxxxxxx.xxxpredictive
37File/x-xxxxxx/xxx/xxxxxx/xxxx/xxxxxxxx.xxxpredictive
38File/xxxxxxxx/xxx-xxxxxxxx.xxxpredictive
39File/xxxxxxxx/xxx-xxx.xxxpredictive
40File/xxxxxxxx/xxx-xxxxx.xxxpredictive
41File/xxxxxxxx/xxxxxx-xxxxxxxx.xxxpredictive
42File/xxxxxxxx/xxxxxx-xxxxxxxxx.xxxpredictive
43File/xxx_xxxxxxxxxx_xxxxxx.xxxpredictive
44File/xxxxxx/xxxxxxxxxxxxxxxxxxxxpredictive
45File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictive
46File/xxxxxx/xxxxxxpredictive
47File/xxxxxx/xxxxxxxxxxxxxxpredictive
48File/xxxxxx/xxxxxxxxxxxxxpredictive
49File/xxxxxxxxxxxx.xxxpredictive
50File/xxxxx.xxxpredictive
51File/xxxxxxxxxxxxx/xxxxpredictive
52File/xxx/xxxxxxxxx.xxxpredictive
53File/xxxxx.xxxpredictive
54File/xxxx/xxxxxxx.xxxpredictive
55File/xxxxxx/xxx/xxxxxxx.xxxpredictive
56File/xxxxxxxx/xxxxx/xxxxxxxxxxxxxx.xxxpredictive
57File/xxxxx/xxxxxxxxxxxx.xxxpredictive
58File/xxxxxxxxx/xxxxxxxxx.xxxpredictive
59File/xxxxxx/xxxxxxx/xxxxxxx_xxxxxxxxxpredictive
60File/xxxx/#####/xx/xpredictive
61File/xxxxxxx/xxxxxxx.xxxpredictive
62File/xxxxxxx/xxxxxxxx.xxxpredictive
63File/xxxxxxxxxx/xxxxxxxx_xxxx_xxxxxx.xxxpredictive
64File/xxxxxxx.xxxpredictive
65File/xxx/xxxpredictive
66File/xxx/xxxxxxx/xxx/xxxxxxx.xpredictive
67File/xxxxxxxxx/xxxxxxxxxxxxx.xxxxpredictive
68File/xxxxxxxxx/xxxxxxxx.xxxpredictive
69File/xxxxxx/xxxxxxxxxxxxx?xxxxxx=xxxxxxpredictive
70File/xxxxxxx/predictive
71File/xxx/xxx/xxxxxxpredictive
72File/xxx/xxx/xxxxxxxx.xxxpredictive
73File/xxxx/?xxxx=xx_xxxxxxxxpredictive
74File?xxxx=xxxxxxxxxx&xxxxx_xx=xpredictive
75File?xxxx=xxxxxpredictive
76File?x=xxxxx/xxx/xxxxxxxx&xxxxxxxxx=xpredictive
77File?x=xxxx/xxxxxxxxx/xxxxx&xx=xxxpredictive
78File?x=xxxxx/xxxxx/xxxx/x/xpredictive
79File?x=xxxxx/xxxxxxx/xxxxxxxxxxpredictive
80Filexxxxx_xxxxxxxx.xxxpredictive
81Filexxxxxxx_xxxx_xxxxx.xxxpredictive
82Filexxxxxxxxxxxx.xxxpredictive
83Filexxxxx/xxxxx.xxxxxpredictive
84Filexxxxx/xxxxxx.xxxpredictive
85Filexxxxx/xxxxx.xxxpredictive
86Filexxxxx_xxx.xxx?xxxxxx=xxxpredictive
87Filexxxxx_xxxxx.xxxpredictive
88Filexxxx_xxxxxxx.xxxpredictive
89Filexxx.xxxpredictive
90Filexxx_xxxxx.xxxpredictive
91Filexxx.xxxxxxxxxxxxxxxxxxxx.xxpredictive
92Filexxxxxxxxxxxxx/xx_xxxxxxxxx.xpredictive
93Filexxxxx-xxx-xxxxxx-xxxxxxxxxx.xxxpredictive
94Filexxxx_xxxx_xxxxx.xxxpredictive
95Filexxx.xxxpredictive
96Filexxxxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxxpredictive
97Filexxxxxx_xxxx.xxxpredictive
98Filexxxxxx_xxxxxx.xxxpredictive
99Filexxxxxxxxxx.xxxpredictive
100Filexxxxxxxxxxxxx.xxxxpredictive
101Filexxxxxxx/xxx/xxxxxx/xxx-xxxxx-xxxxxxx.xpredictive
102Filexxxxxxxxx.xxxpredictive
103Filexxxx-xxxxxx.xxxpredictive
104Filexxxxxxxxxxxxxxx.xxxpredictive
105Filexxxxxxxxxxx.xxxxpredictive
106Filexxxxxxxxx.xxxpredictive
107Filexxxxxxx/xxxxx.xxxpredictive
108Filexxxx_xxxxxxx.xxx.xxxpredictive
109Filexxxxx.xxxpredictive
110Filexxxxxxx_xxxx.xxxpredictive
111Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictive
112Filexxxxxxxxxx/xxxx.xpredictive
113Filexxxxxxxxxx/xxxxxxxx.xpredictive
114Filexxxxxxxxxxx/xx_xxxxxxxx.xpredictive
115Filexxxxxxxx.xxxpredictive
116Filexxxxx.xxxxpredictive
117Filexxxxxx_xxxxxx.xxxpredictive
118Filexxxxxx_xxxx.xxxpredictive
119Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictive
120Filexxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
121Filexxxxx.xxxpredictive
122Filexxx-xxxxx.xpredictive
123Filexxxxxxxxxxxx.xxxpredictive
124Filexxxxxx.xxxpredictive
125Filexxx.xpredictive
126Filexxxxx.xxxpredictive
127Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
128Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictive
129Filexxxxxx/xxxxxxxxx/xxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictive
130Filexxxxx_xxxx.xxxpredictive
131Filexxxxxxxx_xxxx.xxxpredictive
132Filexxxxxxxx.xxxpredictive
133Filexxxxxxxx/xxxxxxx/xxxxxxxx.xxxpredictive
134Filexxxx-xxxxxxxx.xxxpredictive
135Filexxxxx.xxxpredictive
136Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictive
137Filexxxx_xxxxxx.xxxpredictive
138Filexxxxx/xxxxx.xxpredictive
139Filexxxx_xxxxxx.xxxpredictive
140Filexxxx_xxxxxxx_xxxx.xxxpredictive
141Filexxxx_xxxx.xxxpredictive
142Filexxxxxxxxxxxxxxx.xxxxpredictive
143Filexx-xxxxxxxxxxx.xxxpredictive
144Libraryxxx/xxx/xxx/xxxxxxx/xxxxxxxx/xxxx_xxx/xxxxxxx/xxxxxxxx/xxxxxxx/xxxxxx.xxxpredictive
145Libraryxxxxxx.xxxxxpredictive
146Libraryxxxxxxxxxxxxxxxx.xxxpredictive
147Argumentx_xxxx_xxxxxxpredictive
148Argumentxxxxx_xxpredictive
149Argumentxxxpredictive
150Argumentxxxxpredictive
151Argumentxxxx_xxxxx/xxxx_xxxxxxpredictive
152Argumentxxxxxxxxpredictive
153Argumentxxxxxxxxxxpredictive
154Argumentxxx_xxpredictive
155Argumentxxxxx_xxxxpredictive
156Argumentxxxx_xxpredictive
157Argumentxxxxxxx[x][xxxx]predictive
158Argumentxxxxxxxpredictive
159Argumentxxxxxxxxpredictive
160Argumentxxxxxxxxxxx_xxx_xxxxpredictive
161Argumentxxxxxxx xxxxxxpredictive
162Argumentxxxxxxxxpredictive
163Argumentxxxxx/xxxxxpredictive
164Argumentxxxpredictive
165Argumentxxxxxxpredictive
166Argumentxxx_xxxxpredictive
167Argumentxxxxxxxxxxxpredictive
168Argumentxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxpredictive
169Argumentxxxxxxxx/xxxx/xxxxpredictive
170Argumentxxxpredictive
171Argumentxxxxxxxpredictive
172Argumentxxxpredictive
173Argumentxxxx_xxxxxxxxpredictive
174Argumentxxxpredictive
175Argumentxxxxxpredictive
176Argumentxxxxx/xxxx/xxxxx/xxxxxxxxpredictive
177Argumentxxxxx/xxxxxxxxpredictive
178Argumentxxxxx/xxxxx/xxxxx/xxxxxxxxpredictive
179Argumentxxxxxxxxxxpredictive
180Argumentxxxxpredictive
181Argumentxxxxpredictive
182Argumentxxxxxxxxpredictive
183Argumentxxxxxxxpredictive
184Argumentxxxxx xxxxpredictive
185Argumentxxxxxxxxxpredictive
186Argumentxxxxx xxxxpredictive
187Argumentxxxxpredictive
188Argumentxxxxxxxx xxxxxxpredictive
189Argumentxxxx/xxpredictive
190Argumentxxxx xxxxpredictive
191Argumentxxxxxxxxxpredictive
192Argumentxxxxxxxpredictive
193Argumentxxxxxxxpredictive
194Argumentxxxxxpredictive
195Argumentxxxx_xxxxpredictive
196Argumentxxpredictive
197Argumentxxxxx_xxxxpredictive
198Argumentxxxxxxxxxpredictive
199Argumentxxxxxpredictive
200Argumentxxxxxpredictive
201Argumentxx_xxxxxpredictive
202Argumentxxxx_xxxxpredictive
203Argumentxxxpredictive
204Argumentxxxxxxx/xxxpredictive
205Argumentxxxxxxxxxxxxxxxxpredictive
206Argumentxxx_xxpredictive
207Argumentxxxxxpredictive
208Argumentxxxx/xxxxxxxpredictive
209Argumentxxxx_xxxxxxxxxxpredictive
210Argumentxxxxxxxxxxxpredictive
211Argumentxxxxxxxpredictive
212Argumentxxxxxxxpredictive
213Argumentxxxxpredictive
214Argumentxxxxxpredictive
215Argumentxxxxxxpredictive
216Argumentxxxxxpredictive
217Argumentxxxpredictive
218Argumentxxxxxxpredictive
219Argumentxxxxxpredictive
220Argumentxxxxxxxxxxpredictive
221Argumentxxxxxxxx/xxxxxxpredictive
222Argumentxxxxxxxpredictive
223Argumentxxxxxxxxxxpredictive
224Argumentxxxxxx_xxxxxpredictive
225Argumentxxxxxxxxxxxxxxxxxxxxpredictive
226Argumentxxxxxxxxpredictive
227Argumentxxxxxxx/xxxxxxpredictive
228Argumentxxxxxxx xxxx/xxxxxxxxxxxpredictive
229Argumentxxxxxx-xxxpredictive
230Argumentxxxxxxpredictive
231Argumentxxxpredictive
232Argumentxxxx_xxpredictive
233Argumentxxxxxxxxpredictive
234Argumentxxxxxpredictive
235Argumentxxxxxxxxxxxpredictive
236Argumentxxxxxxxxxxxpredictive
237Argumentxxxxxxxxxxxpredictive
238Argumentxxxxxpredictive
239Argumentxxxpredictive
240Argumentxxxpredictive
241Argumentxxxx/xxxxxxxxpredictive
242Argumentxxxxxxxxpredictive
243Argumentxxxx_xxxxxpredictive
244Argumentxx_xxxpredictive
245Argumentxxxxxxxpredictive
246Argumentxxxxxxxxxpredictive
247Argumentxxxx_xxxxpredictive
248Input Value"><xxxxxx>xxxxx(x)</xxxxxx>predictive
249Input Value"><xxxxxx xxx="xxxxx://xx.xxx/xxxxxxxxxx"></xxxxxx>predictive
250Input Value'+xx+x%xxx%xxpredictive
251Input Valuex%xxxx%xxx=xpredictive
252Input Valuexxxx-xx-xx%xx%xx%xxxxxxxx%xxxxxxx(x)%xx/xxxxxx%xxpredictive
253Input Value</xxxxx><xxx xxx=xx xxxxxxx=xxxxx(x)>predictive
254Input Value<xxxxxx>xxxxx('xxx')</xxxxxx>predictive
255Input Value<xxxxx/xxx=x xxxxxxx=xxxxx(xxxxxxxx.xxxxxx)>predictive
256Input Valuexxxxxx|xxx|xxxxxxxpredictive
257Input Valuexxxxxx%xx+xx+%xxx%xx+%xx+%xxx%xx+--+-predictive
258Network Portxxx/xxxxpredictive
259Network Portxxx/xxx (xxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Might our Artificial Intelligence support you?

Check our Alexa App!