BlueFox 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (118)

时间轴

语言

en102
pl4
fr4
es4
sv2

国家/地区

us30
ru6
fr4
ir4
pl2

演员

BlueFox4
Vidar3
Cobalt Strike3
RedLine Stealer2
Kinsing1

活动

利益

时间轴

类型

Not Defined64
Content Management System8
Firewall Software4
Forum Software2
Operating System2

供应商

Not Defined36
SmarterTools2
WiJungle2
Microsoft2
UAEPD2

产品

Pre Shopping Mall4
phpLinkat2
SmarterTools SmarterMail2
Tiki2
Forumer 2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.86CVE-2014-2230
2Netjuke explore.php SQL注入7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002870.00CVE-2007-4810
3Basti2web Book Panel books.php SQL注入7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.03CVE-2009-4889
4Tiki Admin Password tiki-login.php 弱身份验证8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.03CVE-2020-15906
5LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.93
6ZyXEL NAS326/NAS540/NAS542 UDP Packet Format String9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004350.00CVE-2022-34747
7uTorrent 内存损坏7.37.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.125610.00CVE-2009-5134
8Brand039 MMSLamp default.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.001070.00CVE-2007-6575
9SMEWeb catalog.php 跨网站脚本4.34.2$0-$5k$0-$5kHighUnavailable0.002540.00CVE-2008-2644
10PhpMyFactures index.php SQL注入6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
11Gallarific PHP Photo Gallery script gallery.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001120.04CVE-2011-0519
12Php-shop-system Com Xobbix index.php SQL注入7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001220.00CVE-2010-5053
13Bitmain Antminer D3/Antminer L3+/Antminer S9 restore 权限升级7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012520.03CVE-2018-11220
14Apertoblog categories.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.001020.00CVE-2008-5775
15UAEPD Shopping Cart Script products.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.004710.02CVE-2014-1618
16PHP-Fusion photogallery.php SQL注入7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2005-3160
17Dxproscripts DXShopCart product_detail.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.000640.02CVE-2008-4744
18Clip-bucket ClipBucket ITEM view_item.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003950.03CVE-2015-2102
19Keenetic KN-1010/KN-1410/KN-1711/KN-1810/KN-1910 Version Data version.js 信息公开5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.000003.98CVE-2024-4022
20Grandstream HT800 TR-069 Service 拒绝服务6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.007290.00CVE-2020-5761

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
131.41.244.152BlueFox2022-11-28verified
245.8.147.31vm792438.stark-industries.solutionsBlueFox2022-11-28verified
3XX.X.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxx2022-11-28verified
4XX.XXX.XXX.XXXxxx.xxxxxxxx.xxxxxx-xxx.xxXxxxxxx2022-11-28verified
5XX.XXX.XXX.XXxxxxxxxxxx-xxxxxxx.xxxx.xxxxxxxXxxxxxx2022-11-28verified
6XX.XXX.XX.XXxxxxxxxxxxx.xxXxxxxxx2022-11-28verified
7XX.XXX.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxx2022-11-28verified
8XXX.XXX.XXX.XXXXxxxxxx2022-11-28verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1040CWE-294Authentication Bypass by Capture-replaypredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (106)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/forum/away.phppredictive
2File/importexport.phppredictive
3File/index.phppredictive
4File/opt/zimbra/jetty/webapps/zimbra/publicpredictive
5File/version.jspredictive
6Fileadclick.phppredictive
7Fileaddtocart.asppredictive
8Fileadmin/adm/test.phppredictive
9Fileagora.cgipredictive
10Filebooks.phppredictive
11Filecat.asppredictive
12Filecatalog.phppredictive
13Filecategories.phppredictive
14Filexxxxxx.xxxpredictive
15Filexxxxxx.xxxpredictive
16Filexxxxxxx.xxxpredictive
17Filexxxxxx.xxxpredictive
18Filexxxxxxx.xxxpredictive
19Filexxx/xxx/xxx_xxxx.xpredictive
20Filexxx.xxxpredictive
21Filexxxx.xxxpredictive
22Filexxxxxxxx.xxxpredictive
23Filexxxxxxx.xxxpredictive
24Filexxx_xxxxxxx.xxxpredictive
25Filexxxx/xxxxxxx.xxxpredictive
26Filexxxxxxx\xxxxxxx\xxxxxxx_xxxxx.xxxpredictive
27Filexxxxx.xxxpredictive
28Filexxxx.xxxpredictive
29Filexxxxxxxxxx.xxxpredictive
30Filexxxxx.xxxpredictive
31Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictive
32Filexxxxxxx.xxxpredictive
33Filexxxx-xxxxxx.xxxpredictive
34Filexxxx.xxxpredictive
35Filexxxx_xxxx.xxxpredictive
36Filexxx_xxxx.xxxpredictive
37Filexxxxxxxx.xxxx/xxxx.xxxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxx_xxxxxxxx_xxxxx.xxxpredictive
40Filexxxxxxxxxxxxxxxxxx.xxxpredictive
41Filexxxx/xxxxx.xxxpredictive
42Filexxxxxxxxxxxx.xxxpredictive
43Filexxxxxxx.xxxpredictive
44Filexxxxx/xxxxxx/xxxxxxx/xxxxxx.xxxxpredictive
45Filexxxxxxxx.xxxpredictive
46Filexxxxxxx_xxxxxx.xxxpredictive
47Filexxxxxxx_xxxxxxx.xxxpredictive
48Filexxxxxxx.xxxpredictive
49Filexxx.xxxpredictive
50Filexxxxxx_xxxxxxx.xxxpredictive
51Filexxxx.xxxpredictive
52Filexxxxxxxxxxxx.xxxpredictive
53Filexxxxxxxxxxxxxxx.xxxpredictive
54Filexxxxxxx.xxxpredictive
55Filexxxx-xxxxx.xxxpredictive
56Filexxxxxxxx.xxxpredictive
57Filexxxxxxxxx.xxxpredictive
58Filexxxx_xxxx.xxxpredictive
59Library/_xxx_xxx/xxxxx.xxxpredictive
60Libraryxx_xxx.xxxpredictive
61Libraryxxx.xxxpredictive
62Argumentxxxxxxx_xxxxxxpredictive
63Argumentxxxxxpredictive
64Argumentxxxxxxx_xxpredictive
65Argumentxx[]predictive
66Argumentxxxxxxpredictive
67Argumentxxxx_xxpredictive
68Argumentxxxpredictive
69Argumentxxxxxxxx_xxpredictive
70Argumentxxxxxpredictive
71Argumentxxx_xxpredictive
72Argumentxxxpredictive
73Argumentxxxxxx[xxxxxx_xxxx]predictive
74Argumentxxxxxxx_xxpredictive
75Argumentxxxxxxpredictive
76Argumentxxxxpredictive
77Argumentxxxxpredictive
78Argumentxx_xxpredictive
79Argumentxxpredictive
80Argumentxxxxxxxxxxxxxxxxpredictive
81Argumentxxxxxpredictive
82Argumentxx_xxxxpredictive
83Argumentxx_xxxxpredictive
84Argumentxxx_xxxpredictive
85Argumentxxxxpredictive
86Argumentxxxxxxpredictive
87Argumentxxxxxxxxpredictive
88Argumentxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxx/xxxxpredictive
89Argumentxxxxxpredictive
90Argumentxxx_xpredictive
91Argumentxxxpredictive
92Argumentxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
93Argumentxxxxxxpredictive
94Argumentxxxxxxxpredictive
95Argumentxxxxxxxxxxxpredictive
96Argumentxxxxxxpredictive
97Argumentxxxxxpredictive
98Argumentxxxxxxxxxpredictive
99Argumentxxxpredictive
100Argumentxxxxxxxpredictive
101Argumentxxxxxxpredictive
102Argument\xxxxxx\predictive
103Input Valuexxxxxxxxx--><xxxxxx%xx>xxxxx(xxxx)</xxxxxx><!--predictive
104Patternxxxxxxxx-xxx-xxx|xx|predictive
105Network Portxxxxxpredictive
106Network Portxxx/xxxx (xxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Want to stay up to date on a daily basis?

Enable the mail alert feature now!