BlackNET RAT Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (118)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en78
ru16
fr12
es4
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us64
ru10
tt10
de4
nl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BlackNET RAT6
Mirai5
RedLine Stealer4
Cobalt Strike3
AsyncRAT3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined32
Operating System8
Chip Software6
Forum Software4
WordPress Plugin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
Qualcomm6
Microsoft4
Omron4
Google4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Compute6
Qualcomm Snapdragon Consumer IOT6
Qualcomm Snapdragon Industrial IOT6
Qualcomm Snapdragon Mobile6
Qualcomm Snapdragon Wired Infrastructure6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
2LS Electric PLC/XG5000 inadequate encryption5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001440.00CVE-2022-2758
3Omron PLC CJ/PLC CS authentication replay6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001330.04CVE-2019-13533
4Omron CX-Position Project File use after free7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.000990.00CVE-2022-26417
5Microsoft Windows Remote Procedure Call Runtime Remote Code Execution9.88.9$100k and more$5k-$25kUnprovenOfficial Fix0.015580.00CVE-2022-26809
6Turuncu Portal h_goster.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003540.04CVE-2007-1022
7Microsoft Windows IKE Protocol Extension Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.010930.04CVE-2022-34721
8RoundCube Webmail Email Message rcube_string_replacer.php linkref_addindex cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.006120.00CVE-2020-35730
9jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
10KoschtIT KoschtIT Image Gallery ki_makepic.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.011180.03CVE-2009-1510
11SourceCodester Library Management System bookdetails.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003220.14CVE-2022-2214
12D-Link DIR-816 A2 Web Interface setDeviceSettings os command injection6.46.3$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000670.46CVE-2024-0921
13Nsasoft Network Sleuth Registration denial of service4.03.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.17CVE-2024-1184
14Turbotraffictrader Php ttt-webmaster.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.009230.00CVE-2004-2191
15Webfroot ShoutBox CGI Suite code injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.02
16Siemens SICAM PQ Analyzer Registry unquoted search path3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000810.00CVE-2021-45460
17Astaro Security Gateway pfilter-reporter.pl denial of service7.56.5$0-$5k$0-$5kUnprovenOfficial Fix0.108440.00CVE-2007-4243
18Dell Rugged Control Center Service Endpoint input validation7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-34443
19Minecraft Servers List install.php unrestricted upload8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.006390.00CVE-2018-5749
20Epic Games Psyonix Rocket League UPK Object stack-based overflow5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.003000.00CVE-2021-32238

IOC - Indicator of Compromise (12)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.57.19.173BlackNET RAT10/17/2023verifiedHigh
220.163.158.142BlackNET RAT11/06/2023verifiedHigh
334.172.89.7575.89.172.34.bc.googleusercontent.comBlackNET RAT03/04/2024verifiedMedium
4XX.XXX.X.XXXxxxxxxx Xxx03/25/2021verifiedHigh
5XX.XX.XXX.XXxx.xxxXxxxxxxx Xxx12/30/2022verifiedHigh
6XX.XX.XXX.XXXXxxxxxxx Xxx02/27/2024verifiedHigh
7XXX.XX.XXX.XXXXxxxxxxx Xxx12/28/2023verifiedHigh
8XXX.XX.XXX.XXXXxxxxxxx Xxx10/17/2023verifiedHigh
9XXX.XX.XXX.XXXxxxx-xxxxxxx.xxxXxxxxxxx Xxx04/16/2023verifiedHigh
10XXX.XXX.XX.XXXXxxxxxxx Xxx02/07/2024verifiedHigh
11XXX.XXX.XX.XXXXxxxxxxx Xxx01/27/2024verifiedHigh
12XXX.XXX.XX.XXXXxxxxxxx Xxx01/26/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (47)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/goform/setDeviceSettingspredictiveHigh
2File/it-IT/splunkd/__raw/services/get_snapshotpredictiveHigh
3File/librarian/bookdetails.phppredictiveHigh
4File/phpwcms/setup/setup.phppredictiveHigh
5File/usr/bin/atpredictiveMedium
6File/vendor/htmlawed/htmlawed/htmLawedTest.phppredictiveHigh
7File/xxxx/?xxxx=xxxxxx_xxxxxxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxx:.xxxpredictiveMedium
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filex_xxxxxx.xxxpredictiveMedium
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxx/xxxxxxxxxx.xpredictiveHigh
15Filexx_xxxxxxx.xxxpredictiveHigh
16Filexxxxxxx-xxxxxxxx.xxpredictiveHigh
17Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
18Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
21Filexxxxxx.xxxpredictiveMedium
22Filexxx-xxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxx.xxxpredictiveMedium
25Filexx-xxxxxxxxxxx.xxxpredictiveHigh
26Libraryxxxxxxx/xxxxxxxx/predictiveHigh
27ArgumentxxxpredictiveLow
28ArgumentxxxpredictiveLow
29Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
30ArgumentxxxxpredictiveLow
31ArgumentxxxxpredictiveLow
32ArgumentxxpredictiveLow
33ArgumentxxpredictiveLow
34ArgumentxxxxxxxxxpredictiveMedium
35Argumentxxxxxx xxxxxxxxxxxpredictiveHigh
36ArgumentxxxxxpredictiveLow
37ArgumentxxxxxxpredictiveLow
38Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
39Argumentxxxx_xxxxpredictiveMedium
40ArgumentxxxxxxxxxxxxxxxxxxxxpredictiveHigh
41ArgumentxxxxxpredictiveLow
42Argumentx_xxxx_xxpredictiveMedium
43ArgumentxxxpredictiveLow
44ArgumentxxxpredictiveLow
45ArgumentxxxpredictiveLow
46Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
47Input Value-xpredictiveLow

References (13)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!