BlueNoroff Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	58
de	4
zh	4
ru	2

Country

us	56
vn	8
br	2
jp	2

Actors

BlueNoroff	5
IcedID	2
RecordBreaker	2
BumbleBee	2
BlackCat	1

Activities

Interest

Timeline

Type

Not Defined	30
Forum Software	6
Operating System	4
Web Server	4
Database Administration Software	2

Vendor

Not Defined	18
Microsoft	6
Apache	4
Invision Power Services	2
Timeclock	2

Product

Microsoft Windows	4
Invision Power Services IP.Board	2
phpMyAdmin	2
Samba	2
Apache James Server	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.02016	0.00	CVE-2007-1192
2	Microsoft Windows Domain Name Service Privilege Escalation	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.02058	0.00	CVE-2023-28223
3	HTTP/2 Stream Rapid Reset denial of service	6.4	6.3	$0-$5k	$0-$5k	High	Official Fix	0.72011	0.04	CVE-2023-44487
4	Apache James Server os command injection	8.1	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.77433	0.03	CVE-2015-7611
5	Frappe Framework sql injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00274	0.02	CVE-2019-14966
6	Alt-N MDaemon Worldclient injection	4.9	4.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00090	0.04	CVE-2021-27182
7	Ivanti Endpoint Manager Mobile improper authentication	9.9	9.7	$0-$5k	$0-$5k	High	Official Fix	0.96816	0.09	CVE-2023-35078
8	Hitachi Vantara Pentaho Business Analytics Server Data Lineage cleartext transmission	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00145	0.00	CVE-2021-45447
9	Oracle Application Server sql injection	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00322	0.04	CVE-2007-0286
10	Live555 Streaming Media parseRTSPRequestString numeric error	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.87706	0.00	CVE-2013-6934
11	Oracle Solaris Utility Local Privilege Escalation	7.7	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2023-21985
12	Appindex MWChat start_lobby.php file inclusion	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01895	0.00	CVE-2005-1869
13	Coinsoft Technologies phpCOIN db.php path traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03877	0.02	CVE-2005-4212
14	Damien Benier MyAlbum language.inc.php code injection	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.09238	0.03	CVE-2006-5865
15	SourceCodester Grade Point Average GPA Calculator index.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00070	0.00	CVE-2023-1743
16	SourceCodester Grade Point Average GPA Calculator index.php information disclosure	5.4	5.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00105	0.05	CVE-2023-1769
17	OpenResty API ngx_http_lua_subrequest.c request smuggling	7.4	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00580	0.05	CVE-2020-11724
18	OpenResty ngx.req.get_post_args sql injection	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00637	0.00	CVE-2018-9230
19	Netgate pf Sense ACME Package acme_certificate_edit.php cross site scripting	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00085	0.00	CVE-2020-21219
20	Microsoft IIS IP/Domain Restriction access control	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.23	CVE-2014-4078

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	45.238.25.2	ip-45-238-25-2.interlink.com.br	BlueNoroff	03/22/2022	verified	High
2	104.168.174.80	client-104-168-174-80.hostwindsdns.com	BlueNoroff	01/05/2023	verified	High
3	XXX.XXX.XXX.XX	xxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxxx.xxx	Xxxxxxxxxx	01/05/2023	verified	High
4	XXX.XX.XXX.XXX		Xxxxxxxxxx	03/22/2022	verified	High
5	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	01/05/2023	verified	High
6	XXX.XX.XXX.XX		Xxxxxxxxxx	01/05/2023	verified	High
7	XXX.XXX.XXX.XX	xxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	01/05/2023	verified	High
8	XXX.XX.XX.XX		Xxxxxxxxxx	03/22/2022	verified	High
9	XXX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxxxxx.xxxx.xx	Xxxxxxxxxx	01/05/2023	verified	High

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	High
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	High
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
4	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
7	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
11	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/mgmt/tm/util/bash	predictive	High
2	File	14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi	predictive	High
3	File	acme_certificate_edit.php	predictive	High
4	File	auth.php	predictive	Medium
5	File	books.php	predictive	Medium
6	File	class_gw_2checkout.php	predictive	High
7	File	xxxx_xxxxxxxx/xx.xxx	predictive	High
8	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
9	File	xxxxxxxxxxxx.xxx	predictive	High
10	File	xxx/xxxxxx.xxx	predictive	High
11	File	xxxxx.xxx	predictive	Medium
12	File	xxxxxxx.xxx	predictive	Medium
13	File	xxxxxxxx.xxx.xxx	predictive	High
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	High
15	File	xxxxxxx.xxx	predictive	Medium
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
18	File	xxxxxx_xxxxx.xxx/xxxxx_xxxxxxx_xxxxxxxxxx.xx	predictive	High
19	File	xxxxxxxx.xxx	predictive	Medium
20	File	xxxxx_xxxxx.xxx	predictive	High
21	File	xxxx_x_xxxxxx.xxx.xxx	predictive	High
22	File	xxxxxx.xxx	predictive	Medium
23	Library	xxxxxx[xxxxxx_xxxx	predictive	High
24	Argument	xxx_xxxx	predictive	Medium
25	Argument	xxxxxxxx	predictive	Medium
26	Argument	xxxxxx	predictive	Low
27	Argument	xxx	predictive	Low
28	Argument	xxxxxx[xxxxxx_xxxx]	predictive	High
29	Argument	xxxxxxxx	predictive	Medium
30	Argument	xx	predictive	Low
31	Argument	xxxxxxxxxxx	predictive	Medium
32	Argument	xxxxxxx_xxx	predictive	Medium
33	Argument	xxxxx_xxx	predictive	Medium
34	Argument	xxxx	predictive	Low
35	Argument	xxxxxxxx	predictive	Medium
36	Argument	xxxx	predictive	Low
37	Argument	xxxxxxxxxx	predictive	Medium
38	Argument	xxxxxx_xxxx	predictive	Medium
39	Argument	_xxxx[_xxx_xxxx_xxxx	predictive	High
40	Input Value	xxx://xxxxxx/xxxx=xxxxxxx.xxxxxx-xxxxxx/xxxxxxxx=xxxxx_xxxxx	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!