BlueFox Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (120)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en102
ru8
es8
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us36
ru8
es6
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BlueFox4
Cobalt Strike3
Vidar3
RedLine Stealer2
Raccoon1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined58
Content Management System12
Programming Language Software4
Network Encryption Software2
Web Browser2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Microsoft4
Virtual Programming2
ViArt2
Steve Kneizys2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Virtual Programming VP-ASP2
ViArt Shop Enterprise2
PHP-Fusion2
Steve Kneizys Agora2
Clip-bucket ClipBucket2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.76CVE-2014-2230
2Netjuke explore.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.003010.00CVE-2007-4810
3Basti2web Book Panel books.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.05CVE-2009-4889
4Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.70CVE-2020-15906
5LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.28
6ZyXEL NAS326/NAS540/NAS542 UDP Packet format string9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004350.00CVE-2022-34747
7uTorrent memory corruption7.37.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.125610.00CVE-2009-5134
8Brand039 MMSLamp default.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001070.00CVE-2007-6575
9SMEWeb catalog.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002540.00CVE-2008-2644
10PhpMyFactures index.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
11Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001360.05CVE-2011-0519
12Php-shop-system Com Xobbix index.php sql injection7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002060.00CVE-2010-5053
13Bitmain Antminer D3/Antminer L3+/Antminer S9 restore command injection7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.018990.03CVE-2018-11220
14Apertoblog categories.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001020.00CVE-2008-5775
15UAEPD Shopping Cart Script products.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.004710.04CVE-2014-1618
16PHP-Fusion photogallery.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001530.00CVE-2005-3160
17Dxproscripts DXShopCart product_detail.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.000640.02CVE-2008-4744
18Clip-bucket ClipBucket ITEM view_item.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003950.00CVE-2015-2102
19SourceCodester Prison Management System changepassword.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.41CVE-2024-4644
20Ruijie RG-UAC dhcp_relay_commit.php os command injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.05CVE-2024-4503

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.41.244.152BlueFox11/28/2022verifiedHigh
245.8.147.31vm792438.stark-industries.solutionsBlueFox11/28/2022verifiedHigh
3XX.X.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxx11/28/2022verifiedHigh
4XX.XXX.XXX.XXXxxx.xxxxxxxx.xxxxxx-xxx.xxXxxxxxx11/28/2022verifiedHigh
5XX.XXX.XXX.XXxxxxxxxxxx-xxxxxxx.xxxx.xxxxxxxXxxxxxx11/28/2022verifiedHigh
6XX.XXX.XX.XXxxxxxxxxxxx.xxXxxxxxx11/28/2022verifiedHigh
7XX.XXX.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxx11/28/2022verifiedHigh
8XXX.XXX.XXX.XXXXxxxxxx11/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-59CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (110)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Employee/changepassword.phppredictiveHigh
2File/forum/away.phppredictiveHigh
3File/importexport.phppredictiveHigh
4File/index.phppredictiveMedium
5File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
6File/version.jspredictiveMedium
7File/view/dhcp/dhcpConfig/dhcp_relay_commit.phppredictiveHigh
8Fileadclick.phppredictiveMedium
9Fileaddtocart.asppredictiveHigh
10Fileadmin/adm/test.phppredictiveHigh
11Fileagora.cgipredictiveMedium
12Filebooks.phppredictiveMedium
13Filecat.asppredictiveLow
14Filecatalog.phppredictiveMedium
15Filexxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxx.xxxpredictiveMedium
17Filexxxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxxxxx.xxxpredictiveMedium
21Filexxx/xxx/xxx_xxxx.xpredictiveHigh
22Filexxx.xxxpredictiveLow
23Filexxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxx.xxxpredictiveMedium
26Filexxx_xxxxxxx.xxxpredictiveHigh
27Filexxxx/xxxxxxx.xxxpredictiveHigh
28Filexxxxxxx\xxxxxxx\xxxxxxx_xxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxxxxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxx-xxxxxx.xxxpredictiveHigh
36Filexxxx.xxxpredictiveMedium
37Filexxxx_xxxx.xxxpredictiveHigh
38Filexxx_xxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxxx/xxxx.xxxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxx_xxxxxxxx_xxxxx.xxxpredictiveHigh
42Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxx/xxxxx.xxxpredictiveHigh
44Filexxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxx.xxxpredictiveMedium
46Filexxxxx/xxxxxx/xxxxxxx/xxxxxx.xxxxpredictiveHigh
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxxxx_xxxxxx.xxxpredictiveHigh
49Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
50Filexxxxxxx.xxxpredictiveMedium
51Filexxx.xxxpredictiveLow
52Filexxxxxx_xxxxxxx.xxxpredictiveHigh
53Filexxxx.xxxpredictiveMedium
54Filexxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxxx.xxxpredictiveMedium
57Filexxxx-xxxxx.xxxpredictiveHigh
58Filexxxxxxxx.xxxpredictiveMedium
59Filexxxxxxxxx.xxxpredictiveHigh
60Filexxxx_xxxx.xxxpredictiveHigh
61Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
62Libraryxx_xxx.xxxpredictiveMedium
63Libraryxxx.xxxpredictiveLow
64Argumentxxxxxxx_xxxxxxpredictiveHigh
65ArgumentxxxxxpredictiveLow
66Argumentxxxxxxx_xxpredictiveMedium
67Argumentxx[]predictiveLow
68ArgumentxxxxxxpredictiveLow
69Argumentxxxx_xxpredictiveLow
70ArgumentxxxpredictiveLow
71Argumentxxxxxxxx_xxpredictiveMedium
72ArgumentxxxxxpredictiveLow
73Argumentxxx_xxpredictiveLow
74ArgumentxxxpredictiveLow
75Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
76Argumentxxxxxxx_xxpredictiveMedium
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxxxpredictiveLow
80Argumentxx_xxpredictiveLow
81ArgumentxxpredictiveLow
82ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
83ArgumentxxxxxpredictiveLow
84Argumentxx_xxxxpredictiveLow
85Argumentxx_xxxxpredictiveLow
86Argumentxxx_xxxpredictiveLow
87Argumentxxxxxxxxx_xxxxpredictiveHigh
88ArgumentxxxxpredictiveLow
89ArgumentxxxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxx/xxxxpredictiveHigh
92ArgumentxxxxxpredictiveLow
93Argumentxxx_xpredictiveLow
94ArgumentxxxpredictiveLow
95Argumentxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
96ArgumentxxxxxxpredictiveLow
97ArgumentxxxxxxxpredictiveLow
98ArgumentxxxxxxxxxxxpredictiveMedium
99ArgumentxxxxxxpredictiveLow
100ArgumentxxxxxpredictiveLow
101ArgumentxxxxxxxxxpredictiveMedium
102ArgumentxxxpredictiveLow
103ArgumentxxxxxxxpredictiveLow
104Argumentxxxxxx_xxxxxxxx/xxxxxx_xxxxxxxx/xxxxxxxxxx_xxxxxxxxpredictiveHigh
105ArgumentxxxxxxpredictiveLow
106Argument\xxxxxx\predictiveMedium
107Input Valuexxxxxxxxx--><xxxxxx%xx>xxxxx(xxxx)</xxxxxx><!--predictiveHigh
108Patternxxxxxxxx-xxx-xxx|xx|predictiveHigh
109Network PortxxxxxpredictiveLow
110Network Portxxx/xxxx (xxx)predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!