BlackTechq Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (249)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en170
zh60
ja10
de10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us138
cn108
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BlackTech3
BlackTechq2
Cobalt Strike1
Havoc1
Mofang1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
Content Management System14
Firewall Software14
Operating System12
Mail Client Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined66
Palo Alto12
Linux6
Apple6
Lexmark4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Palo Alto PAN-OS12
Linux Kernel6
MediaWiki4
RoundCube4
PHP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Responsive FileManager ajax_calls.php input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004820.00CVE-2020-10567
3PAN-OS improper authentication7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003680.04CVE-2019-1572
4Expinion.net News Manager Lite comment_add.asp cross site scripting4.33.8$0-$5k$0-$5kUnprovenOfficial Fix0.006070.00CVE-2004-1845
5Horde Groupware code injection7.37.3$0-$5k$0-$5kHighNot Defined0.882530.00CVE-2012-0209
6RoundCube Webmail rcube_plugin_api.php path traversal8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.011630.00CVE-2020-12640
7Softnext SPAM SQR code injection7.27.2$0-$5k$0-$5kNot DefinedNot Defined0.001430.05CVE-2023-24835
8JDOM SAXBuilder denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004800.00CVE-2021-33813
9Cacti graph_view.php sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.201520.02CVE-2023-39361
10OpenCV wechat_qrcode Module decoded_bit_stream_parser.cpp decodeByteSegment null pointer dereference5.65.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.09CVE-2023-2617
11Apple iOS/iPadOS GPU Drivers memory corruption4.44.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000570.04CVE-2022-46702
12Palo Alto PAN-OS Web Interface authentication spoofing6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001910.03CVE-2022-0030
13Genivia gSOAP XML Document soap_get integer overflow6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.225760.00CVE-2017-9765
14Diffie-Hellman Key Agreement Protocol Public Key algorithmic complexity3.73.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.010460.00CVE-2002-20001
15MediaWiki File Download api.php Reflected injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006850.03CVE-2017-8809
16Apache Dubbo Tag Routing Privilege Escalation5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002970.00CVE-2021-30180
17Palo Alto PAN-OS cleartext transmission5.85.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001990.00CVE-2020-2013
18Palo Alto PAN-OS Maintenance Mode config6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002060.00CVE-2020-2041
19RoundCube Contact Photo photo.inc Absolute path traversal6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001780.04CVE-2015-8794
20phpMyAdmin Designer sql injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001640.03CVE-2019-6798

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.23.14045.32.23.140.vultrusercontent.comBlackTechq02/16/2024verifiedHigh
2XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx02/16/2024verifiedHigh
3XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx02/16/2024verifiedHigh
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx02/16/2024verifiedHigh
5XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx02/16/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXXXxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (100)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/administration/theme.phppredictiveHigh
2File/assets/something/services/AppModule.classpredictiveHigh
3File/cgi-mod/lookup.cgipredictiveHigh
4File/orrs/admin/reservations/view_details.phppredictiveHigh
5File/servicespredictiveMedium
6File/uploadpredictiveLow
7Fileadditem.asppredictiveMedium
8Fileagora.cgipredictiveMedium
9Fileajax_calls.phppredictiveHigh
10Fileapi.phppredictiveLow
11Fileapplication\api\controller\User.phppredictiveHigh
12Filearch/arm/kernel/perf_event.cpredictiveHigh
13Filexxxxxx.xpredictiveMedium
14Filexxxxxx.xxxxpredictiveMedium
15Filexxxxx_xxxxxxxx.xpredictiveHigh
16Filexxxxxxx_xxx.xxxpredictiveHigh
17Filexxxxxxxxxx.xxxpredictiveHigh
18Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxx/xxxx/xxxx_xxxxxxxx.xpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
23Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveHigh
24Filexx/xxxxxx_xxx.xpredictiveHigh
25Filexx/xxxx/xxx.xpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexxxxx_xxxx.xxxpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxxxx_xx.xxxpredictiveHigh
31Filexxxxxx/xxxxx/xxxxxxxx.xpredictiveHigh
32Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveHigh
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxx_xxxx.xxxpredictiveHigh
37Filexxxxxxx/xxxx.xxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxx/xxxx/xxxxxxx.xxxpredictiveHigh
39Filexxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
40Filexxxxxxx/xxxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
41Filexxxxxxx/xxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
42Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
43Filexxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx_xxxxxx.xxxpredictiveHigh
44Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
51Filexxx/xxxx/xxxx/xxx.xxxxxxxx.xxxxxxx/xxxxxxx/xxx/xxxxxx.xxxxpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxx.xxxpredictiveMedium
54Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxxxx.xxxpredictiveMedium
57Filexxx.xxxpredictiveLow
58Filexxxxxx/xxxxx/xxxx_xxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
61Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
62Library/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxxx.xxxxx.xxxpredictiveHigh
63Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
64Libraryxxxx/xxxxx/xxxxxxx/xxxxxxx/xxx/xxx/xxxx.xxxpredictiveHigh
65Libraryxxxx/xxxxxxx.xpredictiveHigh
66Libraryxxxxxxx.xxxpredictiveMedium
67Argument-xpredictiveLow
68ArgumentxxxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70Argumentxxxx_xxpredictiveLow
71ArgumentxxxxxxxpredictiveLow
72ArgumentxxxxxpredictiveLow
73Argumentxx-xxxxx-xxxxxxpredictiveHigh
74Argumentxxxx_xxxxxpredictiveMedium
75ArgumentxxpredictiveLow
76ArgumentxxxxxxxxxxpredictiveMedium
77Argumentxxxxxxxx_xxxxxxxx_xpredictiveHigh
78Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
79ArgumentxxxxxxxxxpredictiveMedium
80ArgumentxxpredictiveLow
81ArgumentxxxxxxxxxxpredictiveMedium
82Argumentxxxxxx xxxxxpredictiveMedium
83ArgumentxxxxxxxpredictiveLow
84ArgumentxxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxpredictiveLow
88ArgumentxxxxxxxxxxxxxpredictiveHigh
89ArgumentxxxxpredictiveLow
90ArgumentxxxxxxxxxpredictiveMedium
91ArgumentxxxxxxpredictiveLow
92Argumentxxxxx_xxxxxxpredictiveMedium
93ArgumentxxxpredictiveLow
94ArgumentxxxxxxpredictiveLow
95ArgumentxxxxxxxxpredictiveMedium
96Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
97Argumentxxxx->xxxxxxxpredictiveHigh
98Argument_xxxpredictiveLow
99Argument_xxxxpredictiveLow
100Argument_xxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!