BlankSlate 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (127)

时间轴

语言

en112
de6
it4
fr2
ru2

国家/地区

gb76
us16
it4
de4
fr2

演员

BlankSlate4
Ave Maria1
Cerber1

活动

利益

时间轴

类型

Not Defined68
WordPress Plugin12
Content Management System4
Peer-to-Peer Software2
Customer Relationship Management System2

供应商

Not Defined40
SourceCodester12
Wondershare4
Totolink4
Chris92de2

产品

Wondershare MobileTrans2
uTorrent2
Chris92de AdminServ2
Wondershare Dr.Fone2
Guangdong Pythagorean OA Office System2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.15CVE-2010-0966
2JetBrains PhpStorm idea.log 信息公开3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2022-48435
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
4All in One SEO Pack Plugin 跨网站脚本5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000760.07CVE-2023-0586
5PHPGurukul Online Notes Sharing System profile.php 跨网站请求伪造4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.09CVE-2023-7052
6Views for WPForms Plugin create_view 跨网站请求伪造4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000520.03CVE-2024-0374
7All in One SEO Pack Plugin 跨网站脚本3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2023-0585
8SourceCodester Responsive Ordering System Product_model.php 权限升级6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.006320.03CVE-2021-25206
9WPForms Pro Plugin 权限升级7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002290.08CVE-2022-3574
10Wondershare Dr.Fone 权限升级7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.000820.00CVE-2023-29835
11Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php SQL注入5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.14CVE-2023-5681
12Campcodes Simple Student Information System manage_academic.php SQL注入6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2023-5929
13Campcodes Simple Student Information System index.php SQL注入6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.09CVE-2023-5923
14CodeAstro Internet Banking System pages_reset_pwd.php 跨网站脚本4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.00CVE-2023-5695
15SourceCodester Engineers Online Portal downloadable_student.php SQL注入7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000770.04CVE-2023-5276
16ZZZCMS Database Backup File save.php restore 权限升级7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.09CVE-2023-5263
17MicroWorld eScan Anti-Virus runasroot Local Privilege Escalation7.87.6$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.10CVE-2023-4383
18Lightxun IPTV Gateway web_upload_template.html 权限升级5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.05CVE-2023-7026
19SourceCodester Best Courier Management System manage_parcel_status.php 跨网站脚本4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000500.14CVE-2023-5273
207-card Fakabao wxpay_notify.php SQL注入6.66.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.09CVE-2023-7185

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
119.48.17.0BlankSlate2022-04-01verified
254.68.27.226ec2-54-68-27-226.us-west-2.compute.amazonaws.comBlankSlate2022-04-01verified
3XX.XX.XX.Xxxxxxxx-xxx-xxx-xxx-xxx.xx.xx.xxxx.xxxxxxxxxx.xxXxxxxxxxxx2022-04-01verified
4XX.XX.XXX.Xxxx.xx-xx-xx-xxx.xxXxxxxxxxxx2022-04-01verified
5XXX.XX.XXX.XXXxxxxxxxxx2022-04-01verified
6XXX.XXX.X.XXXxxx.x.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-01verified
7XXX.XXX.XXX.Xxxx.xxxx.xxx.xxxx.xxxxxxxXxxxxxxxxx2022-04-01verified
8XXX.XXX.XXX.Xxxx.xx-xxx-xxx-xxx.xxXxxxxxxxxx2022-04-01verified
9XXX.XXX.XXX.XXxxxxxxxxx2022-04-01verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-24Path Traversalpredictive
2T1040CWE-294Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4TXXXXCWE-XXXxxxxxxx Xxxxxxxxxpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/index.phppredictive
2File/admin/list_addr_fwresource_ip.phppredictive
3File/admin/makehtml_freelist_action.phppredictive
4File/admin/return_add.phppredictive
5File/admin/save.phppredictive
6File/admin/service/stop/predictive
7File/admin/students/manage_academic.phppredictive
8File/api/v1/attack/falcopredictive
9File/application/websocket/controller/Setting.phppredictive
10File/cgi-bin/cstecgi.cgipredictive
11File/cgi-bin/login_action.cgipredictive
12File/event/admin/?page=user/listpredictive
13File/include/file.phppredictive
14File/index.phppredictive
15File/index.php?menu=asterisk_clipredictive
16File/xxxx/xxxxx/xxxxxxpredictive
17File/xxxxxxxxxxxxxxxpredictive
18File/xxxxxxxx/xxxxpredictive
19File/xxxxxxx/predictive
20File/xxxx/xxxxxxx.xxxpredictive
21File/xxxxxxxxxx.xxxpredictive
22File/xxxxxx/xxxxx.xxx/xxxxx/xxxxx/xxx_xxxxxx_xxxxxxxx.xxxxpredictive
23Filexxxxxxxxxxxx.xxxpredictive
24Filexxxxx/xxx_xxxxxxxx.xxxpredictive
25Filexxxxx/xxxxxxxxxx/xxxxxxx.xxxpredictive
26Filexxx/xxxxxx/xxxxxx.xxxpredictive
27Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictive
28Filexxx/xxxx/xxxxx/xxxx.xxxpredictive
29Filexxxxxxx.xxxpredictive
30Filexxxxxxx.xxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxxxxx-xxxxxxx.xxxpredictive
33Filexxxxxxxxxx.xxxpredictive
34Filexxxxxxxx_xxxxxxx.xxxpredictive
35Filexxxx/xx-xxxxxxx.xxxpredictive
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
37Filexxxxxxx.xxxpredictive
38Filexxxxxxxxxxxx_xxxxxxx.xxxpredictive
39Filexxxxxx_xxxxx_xxxxxxxx.xxxpredictive
40Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictive
41Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictive
42Filexxxx.xxxpredictive
43Filexxx/xxxxxxx/xxxxxxxxxxxxxx.xpredictive
44Filexxxxxxxx/xxxxx.xxxpredictive
45Filexxxx.xxxpredictive
46Filexxx/xxxxxx.xxxpredictive
47Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
48Filexxxxx.xxxpredictive
49Filexx/xxxxxxx.xpredictive
50Filexxxxx/xxxx.xxxpredictive
51Filexxxx_xxxx_xxxxxx.xxxpredictive
52Filexxx.x/xxxxxx.xpredictive
53Filexxxxxx/xxx/xxxxxxxxxxx/xxxx_xxxxxxxxxx.xxpredictive
54Filexxxxxxxxxx.xxxpredictive
55Filexxxxxx_xxxxxx_xxxxxx.xxxpredictive
56Filexxxxxxxxxxx_xxxxx_xxxxxxxx.xxxpredictive
57Filexxxxxxxxx.xxxpredictive
58Filexxxxx_xxxxx_xxx.xxxpredictive
59Filexxxxxxx.xxxpredictive
60Filexxxxxxx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxxpredictive
61Filexxxxxxx_xxxxx.xxxpredictive
62Filexxxxxxxx_xxxxx_xxxxxxxx.xxxpredictive
63Filexxxxxxxxx/xxxx/xxxxxxxxx.xxxpredictive
64Filexxxx/xxxx/predictive
65Filexxxxxxxxxpredictive
66Filexxxx/xxxxx_xxxxxx.xxxpredictive
67Filexxxxxx_xxxxxxx.xxxpredictive
68Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
69Filexxxxxx_xxx_xxxxx_xxx.xxxpredictive
70Filexxxxxxxx/xxxxx/xxx_xxx.xxxpredictive
71Filexxxx_x_xxxx.xxxpredictive
72Filexxxxx/xxxx_xxxx.xxxpredictive
73Libraryxxx.xxxpredictive
74Argument$xxxx["xx"]predictive
75Argument$_xxxxxx['xxx_xxxx']predictive
76Argument$_xxxxxx['xxxxxx_xxxx']predictive
77Argumentxxxxxxpredictive
78Argumentxxxxxxpredictive
79Argumentxxxxxxxxpredictive
80Argumentxxxxxxxpredictive
81Argumentxxxxxxxxxxxxxxpredictive
82Argumentx_xxxxxxpredictive
83Argumentxxxxxxxxxxxpredictive
84Argumentxxx_xxxxpredictive
85Argumentxxxxxxxxpredictive
86Argumentxxxxxxpredictive
87Argumentxxxxxxxxxxxxpredictive
88Argumentxxxxxpredictive
89Argumentxxxxx/xxxxxxx/xxx/xxpredictive
90Argumentxxxxx_xxxxxxxpredictive
91Argumentxxxxxpredictive
92Argumentxxxxpredictive
93Argumentxxxxx xxxx/xxxx xxxxpredictive
94Argumentxxxxxpredictive
95Argumentxxxx_xxxxpredictive
96Argumentxxpredictive
97Argumentxxx_xxx_xxxxxpredictive
98Argumentxxxxxxpredictive
99Argumentxxxxpredictive
100Argumentxxxxpredictive
101Argumentxxxxxxxxpredictive
102Argumentxxx_xxxxx_xxpredictive
103Argumentxxxxxxxxxx/xxxx/xxxxxxxx/xxxx/xxxxxxx_xxxxpredictive
104Argumentxxxxxxxxpredictive
105Argumentxxxxxxxxpredictive
106Argumentxxxx_xxxxpredictive
107Argumentxxxxxxxpredictive
108Argumentxxxxxxxpredictive
109Argumentxxxpredictive
110Argumentxxxxxxxpredictive
111Argumentxxxxxxxpredictive
112Argumentxxxx_xxxxpredictive
113Argumentx_xxxx/x_xxxxpredictive
114Argumentxxxpredictive
115Argumentxxxxxxxx/xxxxxxxxpredictive
116Input Value(xxxxxxxxx(xxxx,xxxxxx(xxxx,xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx),xxxx))predictive
117Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictive
118Input Valuexxxxxxx%xxxxxxxxx.xxx'%xx%xx<xxxxxx%xx>xxxxx(xxxx)</xxxxxx>predictive
119Network Portxxx/xx (xxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!