BlackNet Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (34)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en28
ru4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us22
ru2
nl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BlackNet2
Cobalt Strike2
Mirai2
Horabot1
FTP Info Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Operating System4
WordPress Plugin2
Mailing List Software2
Smartwatch Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Linux4
Asus4
GENIVI2
Corero2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
Asus RT-AC86U4
Post Grid Plugin2
Paid Memberships Pro2
GENIVI dlt-daemon2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Linux Kernel BlueZ jlink.c jlink_init denial of service3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2022-3637
3Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.43CVE-2020-15906
4Asus RT-AC86U Web URL os command injection8.88.8$0-$5k$0-$5kNot DefinedNot Defined0.000800.05CVE-2023-28702
5Asus RT-AC86U LPD Service os command injection8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.000490.03CVE-2022-25597
6Asus RT-AC56U out-of-bounds write8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.000730.07CVE-2022-25596
7Asus RT-AX56U V2/RT-AC86U cm_processChangedConfigMsg format string9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.003300.03CVE-2023-35087
8lighttpd mod_alias_physical_handler mod_alias.c path traversal7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004930.00CVE-2018-19052
9Phpsugar PHP Melody Cookie watch.php sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001560.00CVE-2017-15579
10PDF24 Article To PDF Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000620.03CVE-2022-1827
11medoo columnQuote sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001460.02CVE-2019-10762
12Privoxy Template Name cgi_error_no_template cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2021-44543
13Telesquare SDT-CS3B1/SDT-CW3B1 Telnet Service hard-coded credentials8.58.3$0-$5k$0-$5kNot DefinedWorkaround0.009390.04CVE-2018-12526
14Mods for HESK Time-Based sql injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.003220.03CVE-2020-13993
15Linux Kernel hid-elo.c hid_parse memory leak3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-27950
16Linux Kernel load_elf_binary memory corruption8.37.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000720.03CVE-2017-1000253
17Corero SecureWatch Managed Services HTTP API Endpoint get_snapshot path traversal3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000880.00CVE-2021-38136
18Post Grid Plugin Slider Import Search cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002970.00CVE-2021-24488
19IBM i2 Analyze information exposure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000760.00CVE-2021-29784
20Apple watchOS WebKit use after free6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.004170.00CVE-2021-30795

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.1.1.1one.one.one.oneBlackNet07/18/2021verifiedHigh
2XX.XXX.XX.XXXxxxxxxx07/18/2021verifiedHigh
3XX.XXX.X.XXXxxxxxxx07/18/2021verifiedHigh
4XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxxxxx07/18/2021verifiedMedium
5XXX.XXX.XXX.XXXxxx.xxxx.xxXxxxxxxx07/18/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/about.phppredictiveMedium
2File/it-IT/splunkd/__raw/services/get_snapshotpredictiveHigh
3File/phpwcms/setup/setup.phppredictiveHigh
4Filexxxxxxxx.xxxpredictiveMedium
5Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxx/xxx/xxx-xxx.xpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxx_xxxx.xxxpredictiveHigh
10Filexxx_xxxxx.xpredictiveMedium
11Filexxxxxxx/xxxxx.xpredictiveHigh
12Filexxxx-xxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexx-xxxxxxxxxxx.xxxpredictiveHigh
15Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
16ArgumentxxxpredictiveLow
17Argumentxxxx_xxpredictiveLow
18ArgumentxxpredictiveLow
19ArgumentxxxxxxxxxpredictiveMedium
20ArgumentxxxxxpredictiveLow
21Argumentxxxx_xxxxpredictiveMedium
22ArgumentxxxxpredictiveLow
23ArgumentxxxpredictiveLow
24Input Value../predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!