BlackEnergy Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

ru108
pl100
zh98
es86
de84

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru108
pl100
es86
de84
pt82

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Unknown1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined50
WordPress Plugin40
E-Commerce Management Software6
Operating System4
PrestaShop Module2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
Tenda24
FME Modules2
SourceCodester2
Vektor2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MailCleaner8
Tenda W15E6
Tenda TX96
Tenda 4G3004
FME Modules preorderandnotication Module2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.71CVE-2024-4327
2MailCleaner Email os command injection9.89.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.97CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.42CVE-2024-4348
4MailCleaner Admin Interface cross site scripting6.56.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.59CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.76CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.09CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.55CVE-2024-32951
8Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33688
9Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.00CVE-2021-44790
10Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.50CVE-2024-3074
11Tenda i21 formQosManageDouble_auto stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.13CVE-2024-4246
12Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.38CVE-2024-28963
13Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2021-41561
14Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32775
15Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32955
16Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.56CVE-2024-28976
17Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33690
18ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
19AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.65CVE-2024-3023
20Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.67CVE-2024-32948

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • BlackEnergy

IOC - Indicator of Compromise (30)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.9.32.230static.230.32.9.5.clients.your-server.deSandworm TeamBlackEnergy12/20/2020verifiedHigh
25.61.38.31Sandworm TeamBlackEnergy01/01/2021verifiedHigh
35.79.80.166Sandworm TeamBlackEnergy01/01/2021verifiedHigh
45.149.254.114mail1.auditoriavanzada.infoSandworm TeamBlackEnergy12/20/2020verifiedHigh
55.255.87.39Sandworm TeamBlackEnergy01/01/2021verifiedHigh
631.210.111.154.Sandworm TeamBlackEnergy12/20/2020verifiedHigh
7XX.XXX.XX.XXXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
8XX.X.XX.XXXxxxxxx.xxx.xx.x.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
9XX.XXX.XXX.XXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
10XX.XXX.XXX.XXxxxx.xxxxxx-xxxxx.xxxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
11XX.XXX.XXX.XXXXxxxxxxxxxx03/27/2022verifiedHigh
12XX.XX.XX.XXXxxxxxx.xxx.xx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
13XX.XX.XXX.XXXx-xx.xx.xxx.xxx.xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
14XX.XX.XX.XXXXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
15XX.XXX.XX.XXxxxxx.xxxxxxxxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx12/20/2020verifiedHigh
16XX.XXX.XXX.XXXXxxxxxxxxxx03/27/2022verifiedHigh
17XX.XXX.XXX.XXXxxx.xxxx-xxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
18XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxx.xxxxxxxxxx.xxxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
19XX.XXX.XXX.XXXxxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
20XX.XXX.XXX.XXXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
21XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxxxxxxx03/27/2022verifiedHigh
22XXX.XXX.XXX.XXxxxxxxx.xxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
23XXX.X.XX.XXxxxxxxx XxxxXxxxxxxxxxx12/20/2020verifiedHigh
24XXX.XX.XXX.XXXxxx-xx-xxx-x.xx.xxxxxxxxxx.xxxXxxxxxxxxxx03/27/2022verifiedHigh
25XXX.XX.X.XXxxxxxx.xx.x.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx12/20/2020verifiedHigh
26XXX.XXX.XXX.XXxxxxx.xxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
27XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxxxx.xx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
28XXX.XX.XXX.XXxxxxx.xx.xxxxxxxxxxx.xxXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
29XXX.XXX.XXX.XXXxxxxxxx XxxxXxxxxxxxxxx01/01/2021verifiedHigh
30XXX.XXX.XXX.XXxxxxxxxx.xxx.xxXxxxxxxxxxx03/27/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (67)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catalog/all-productspredictiveHigh
2File/changePasswordpredictiveHigh
3File/goform/addIpMacBindpredictiveHigh
4File/goform/AdvSetMacMtuWanpredictiveHigh
5File/goform/DelDhcpRulepredictiveHigh
6File/goform/delIpMacBindpredictiveHigh
7File/goform/DelPortMappingpredictiveHigh
8File/goform/modifyDhcpRulepredictiveHigh
9File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
10File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
11File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
12File/xxxxxx/xxxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxxxpredictiveHigh
21File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
22File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
23File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
24File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
25File/xxx/xxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
27Filexxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxx.xxxpredictiveMedium
33Argumentxxxxx_xxxxxpredictiveMedium
34ArgumentxxxxxxxxxxxxxpredictiveHigh
35ArgumentxxxpredictiveLow
36ArgumentxxxxxxxxxpredictiveMedium
37ArgumentxxxxxxxxxxxxpredictiveMedium
38ArgumentxxxxxxxxxxpredictiveMedium
39ArgumentxxxxxxxpredictiveLow
40ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
41ArgumentxxxxpredictiveLow
42ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
43Argumentxx/xxxxpredictiveLow
44ArgumentxxxxxxxxxxpredictiveMedium
45ArgumentxxpredictiveLow
46ArgumentxxxxxxxxxxxxxxpredictiveHigh
47ArgumentxxxxxxxxxxxxxpredictiveHigh
48Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
49Argumentxxxx xxxxxxpredictiveMedium
50ArgumentxxxxpredictiveLow
51ArgumentxxxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxxxxxpredictiveMedium
53ArgumentxxxxpredictiveLow
54ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
55ArgumentxxxpredictiveLow
56ArgumentxxxxxxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
59ArgumentxxxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
62ArgumentxxxxxxxxxpredictiveMedium
63ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
64ArgumentxxxxpredictiveLow
65ArgumentxxxxxxxxxxpredictiveMedium
66Argumentxxxxxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
67Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!