BlankSlate Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (129)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en106
pt6
ru6
de6
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

gb74
us18
pt6
ru6
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BlankSlate4
Ave Maria1
Cerber1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
Content Management System10
WordPress Plugin10
Anti-Malware Software2
Multimedia Processing Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
SourceCodester18
DZCP4
InterWorx4
Wondershare4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

DZCP deV!L`z Clanportal4
ForU CMS4
CentOS Web Panel4
WordPress4
ZZZCMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.47CVE-2010-0966
2JetBrains PhpStorm idea.log log file3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-48435
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
4All in One SEO Pack Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000760.04CVE-2023-0586
5PHPGurukul Online Notes Sharing System profile.php cross-site request forgery4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.03CVE-2023-7052
6Views for WPForms Plugin create_view cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000520.04CVE-2024-0374
7All in One SEO Pack Plugin cross site scripting3.93.9$0-$5k$0-$5kNot DefinedNot Defined0.001010.00CVE-2023-0585
8SourceCodester Responsive Ordering System Product_model.php unrestricted upload6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.005860.00CVE-2021-25206
9WPForms Pro Plugin csv injection7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002520.08CVE-2022-3574
10Wondershare Dr.Fone permission7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.000820.00CVE-2023-29835
11WPForms Contact Form Plugin Price improper authentication7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000520.06CVE-2024-3649
12WPForms Pro Form Submission cross site scripting5.95.8$0-$5k$0-$5kNot DefinedNot Defined0.000520.04CVE-2023-7063
13Netentsec NS-ASG Application Security Gateway list_addr_fwresource_ip.php sql injection5.55.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.06CVE-2023-5681
14Campcodes Simple Student Information System manage_academic.php sql injection6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2023-5929
15Campcodes Simple Student Information System index.php sql injection6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.04CVE-2023-5923
16CodeAstro Internet Banking System pages_reset_pwd.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000520.08CVE-2023-5695
17SourceCodester Engineers Online Portal downloadable_student.php sql injection7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000770.08CVE-2023-5276
18ZZZCMS Database Backup File save.php restore permission7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.04CVE-2023-5263
19MicroWorld eScan Anti-Virus runasroot incorrect execution-assigned permissions7.87.6$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000420.04CVE-2023-4383
20Lightxun IPTV Gateway web_upload_template.html unrestricted upload5.04.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.07CVE-2023-7026

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
119.48.17.0BlankSlate04/01/2022verifiedHigh
254.68.27.226ec2-54-68-27-226.us-west-2.compute.amazonaws.comBlankSlate04/01/2022verifiedMedium
3XX.XX.XX.Xxxxxxxx-xxx-xxx-xxx-xxx.xx.xx.xxxx.xxxxxxxxxx.xxXxxxxxxxxx04/01/2022verifiedHigh
4XX.XX.XXX.Xxxx.xx-xx-xx-xxx.xxXxxxxxxxxx04/01/2022verifiedHigh
5XXX.XX.XXX.XXXxxxxxxxxx04/01/2022verifiedHigh
6XXX.XXX.X.XXXxxx.x.xxx.xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxxxxx04/01/2022verifiedMedium
7XXX.XXX.XXX.Xxxx.xxxx.xxx.xxxx.xxxxxxxXxxxxxxxxx04/01/2022verifiedHigh
8XXX.XXX.XXX.Xxxx.xx-xxx-xxx-xxx.xxXxxxxxxxxx04/01/2022verifiedHigh
9XXX.XXX.XXX.XXxxxxxxxxx04/01/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-81CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-112CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/admin/list_addr_fwresource_ip.phppredictiveHigh
3File/admin/makehtml_freelist_action.phppredictiveHigh
4File/admin/return_add.phppredictiveHigh
5File/admin/save.phppredictiveHigh
6File/admin/service/stop/predictiveHigh
7File/admin/students/manage_academic.phppredictiveHigh
8File/api/v1/attack/falcopredictiveHigh
9File/application/websocket/controller/Setting.phppredictiveHigh
10File/cgi-bin/cstecgi.cgipredictiveHigh
11File/cgi-bin/login_action.cgipredictiveHigh
12File/event/admin/?page=user/listpredictiveHigh
13File/include/file.phppredictiveHigh
14File/index.phppredictiveMedium
15File/index.php?menu=asterisk_clipredictiveHigh
16File/xxxx/xxxxx/xxxxxxpredictiveHigh
17File/xxxxxxxxxxxxxxxpredictiveHigh
18File/xxxxxxxx/xxxxpredictiveHigh
19File/xxxxxxx/predictiveMedium
20File/xxxx/xxxxxxx.xxxpredictiveHigh
21File/xxxxxxxxxx.xxxpredictiveHigh
22File/xxxxxx/xxxxx.xxx/xxxxx/xxxxx/xxx_xxxxxx_xxxxxxxx.xxxxpredictiveHigh
23Filexxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
25Filexxxxx/xxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
26Filexxx/xxxxxx/xxxxxx.xxxpredictiveHigh
27Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
28Filexxx/xxxx/xxxxx/xxxx.xxxpredictiveHigh
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxxxx-xxxxxxx.xxxpredictiveHigh
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx_xxxxxxx.xxxpredictiveHigh
35Filexxxx/xx-xxxxxxx.xxxpredictiveHigh
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
39Filexxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
40Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxxpredictiveHigh
41Filexxxxxxx/xxxx-xxxxx-xxxxxx.xxx?xxxxxx=xpredictiveHigh
42Filexxxx.xxxpredictiveMedium
43Filexxx/xxxxxxx/xxxxxxxxxxxxxx.xpredictiveHigh
44Filexxxxxxxx/xxxxx.xxxpredictiveHigh
45Filexxxx.xxxpredictiveMedium
46Filexxx/xxxxxx.xxxpredictiveHigh
47Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
48Filexxxxx.xxxpredictiveMedium
49Filexx/xxxxxxx.xpredictiveMedium
50Filexxxxx/xxxx.xxxpredictiveHigh
51Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
52Filexxx.x/xxxxxx.xpredictiveHigh
53Filexxxxxx/xxx/xxxxxxxxxxx/xxxx_xxxxxxxxxx.xxpredictiveHigh
54Filexxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
56Filexxxxxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxx.xxxpredictiveHigh
58Filexxxxx_xxxxx_xxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxxxx/xxxxxx-xxxxxxx-xxxx-xxxx.xxxxpredictiveHigh
61Filexxxxxxx_xxxxx.xxxpredictiveHigh
62Filexxxxxxxx_xxxxx_xxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxxx/xxxx/xxxxxxxxx.xxxpredictiveHigh
64Filexxxx/xxxx/predictiveMedium
65FilexxxxxxxxxpredictiveMedium
66Filexxxx/xxxxx_xxxxxx.xxxpredictiveHigh
67Filexxxxxx_xxxxxxx.xxxpredictiveHigh
68Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxx_xxx_xxxxx_xxx.xxxpredictiveHigh
70Filexxxxxxxx/xxxxx/xxx_xxx.xxxpredictiveHigh
71Filexxxx_x_xxxx.xxxpredictiveHigh
72Filexxxxx/xxxx_xxxx.xxxpredictiveHigh
73Libraryxxx.xxxpredictiveLow
74Argument$xxxx["xx"]predictiveMedium
75Argument$_xxxxxx['xxx_xxxx']predictiveHigh
76Argument$_xxxxxx['xxxxxx_xxxx']predictiveHigh
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxxxpredictiveLow
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxxxxpredictiveLow
81ArgumentxxxxxxxxxxxxxxpredictiveHigh
82Argumentx_xxxxxxpredictiveMedium
83ArgumentxxxxxxxxxxxpredictiveMedium
84Argumentxxx_xxxxpredictiveMedium
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxxpredictiveLow
87ArgumentxxxxxxxxxxxxpredictiveMedium
88ArgumentxxxxxpredictiveLow
89Argumentxxxxx/xxxxxxx/xxx/xxpredictiveHigh
90Argumentxxxxx_xxxxxxxpredictiveHigh
91ArgumentxxxxxpredictiveLow
92ArgumentxxxxpredictiveLow
93Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
94ArgumentxxxxxpredictiveLow
95Argumentxxxx_xxxxpredictiveMedium
96ArgumentxxpredictiveLow
97Argumentxxx_xxx_xxxxxpredictiveHigh
98ArgumentxxxxxxpredictiveLow
99ArgumentxxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101ArgumentxxxxxxxxpredictiveMedium
102Argumentxxx_xxxxx_xxpredictiveMedium
103Argumentxxxxxxxxxx/xxxx/xxxxxxxx/xxxx/xxxxxxx_xxxxpredictiveHigh
104ArgumentxxxxxxxxpredictiveMedium
105ArgumentxxxxxxxxpredictiveMedium
106Argumentxxxx_xxxxpredictiveMedium
107ArgumentxxxxxxxpredictiveLow
108ArgumentxxxxxxxpredictiveLow
109ArgumentxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111ArgumentxxxxxxxpredictiveLow
112Argumentxxxx_xxxxpredictiveMedium
113Argumentx_xxxx/x_xxxxpredictiveHigh
114ArgumentxxxpredictiveLow
115Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
116Input Value(xxxxxxxxx(xxxx,xxxxxx(xxxx,xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx),xxxx))predictiveHigh
117Input Value<xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
118Input Valuexxxxxxx%xxxxxxxxx.xxx'%xx%xx<xxxxxx%xx>xxxxx(xxxx)</xxxxxx>predictiveHigh
119Network Portxxx/xx (xxx)predictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!