Novter 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (775)

タイムライン

言語

pl468
en208
zh50
ru26
de10

国・地域

pl468
cn124
us84
ru26
gb10

アクター

Novter14
Cobalt Strike9
BianLian6
Conti4
IcedID4

アクティビティ

関心

タイムライン

タイプ

Not Defined182
WordPress Plugin18
Content Management System16
Operating System14
Programming Language Software10

ベンダー

Not Defined126
Microsoft16
Apache12
Apple8
Google6

製品

WordPress8
OpenSSH6
PHP6
Apple macOS6
SignKorn Guestbook6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Hiox India Guest Book gb.php メモリ破損7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.071330.00CVE-2007-1998
2Visual Form Builder Plugin 特権昇格6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003070.00CVE-2022-0142
3jax guestbook jax_guestbook.php クロスサイトスクリプティング4.34.2$0-$5k$0-$5kHighUnavailable0.002970.02CVE-2005-4879
4Lars Ellingsen Guestserver guestbook.cgi クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.21CVE-2005-4222
5ASPjar ASPjar Guestbook login.asp SQLインジェクション5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003120.00CVE-2005-0423
6DM Guestbook admin.guestbook.php ディレクトリトラバーサル7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.044030.04CVE-2007-5821
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
8Qt-cute QuickTalk guestbook qtg_msg_view.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.003060.00CVE-2007-3538
9Professional Home Page Tools Professional Home Page Tools Guestbook delcookie.php 未知の脆弱性5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.003810.00CVE-2006-3837
10XAMPP Apache Distribution cds.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002300.00CVE-2005-1077
11Papoo guestbook.php SQLインジェクション6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.03
12AN Guestbook sign1.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kHighOfficial Fix0.002540.03CVE-2009-0424
13FAC Guestbook 情報の漏洩9.89.5$0-$5k$0-$5kHighUnavailable0.010730.00CVE-2007-2101
14AFGB AFGB GUESTBOOK add.php 特権昇格7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.185560.00CVE-2006-5307
15SignKorn Guestbook preview.php 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
16episodex episodex guestbook default.asp クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001960.00CVE-2005-1684
17Planetmoon Guestbook passwd.txt Password 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.017840.00CVE-2003-1541
18MPM Guestbook クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.007020.02CVE-2003-1182
19MPC SoftWeb Guestbook insertguest.asp クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
20Big Sam Guestbook bigsam_guestbook.php サービス拒否3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00

IOC - Indicator of Compromise (68)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.88.24.27Novter2022年02月19日verified
22.58.80.150Novter2022年02月19日verified
32.196.217.25Novter2022年02月19日verified
43.128.83.132ec2-3-128-83-132.us-east-2.compute.amazonaws.comNovter2022年02月19日verified
55.61.40.95Novter2022年02月19日verified
65.61.42.103Novter2022年02月19日verified
75.61.42.111box.invfx.euNovter2022年02月19日verified
85.61.42.116Novter2022年02月19日verified
95.61.48.155Novter2022年02月19日verified
105.61.48.156192.64.119.156Novter2022年02月19日verified
116.217.158.104Novter2022年02月19日verified
127.130.244.4Novter2022年02月19日verified
1313.158.242.227Novter2022年02月19日verified
1420.56.162.154Novter2022年02月19日verified
15XX.XX.XXX.XXXxxxxx2022年02月19日verified
16XX.XXX.XX.XXXxxxxx2022年02月19日verified
17XX.XXX.XX.XXXXxxxxx2022年02月19日verified
18XX.XXX.XXX.XXXXxxxxx2022年02月19日verified
19XX.XX.XX.XXXxxx.xx.xx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxx2022年02月19日verified
20XX.X.XXX.XXXXxxxxx2022年02月19日verified
21XX.XXX.X.XXxxxxxxxxxxx.xxxXxxxxx2022年02月19日verified
22XX.XXX.XX.XXXxxxxx2022年02月19日verified
23XX.XX.XXX.XXXxxxxx2022年02月19日verified
24XX.XXX.XXX.XXXxxxxx2022年02月19日verified
25XX.XXX.X.XXXxxxxx2022年02月19日verified
26XX.XX.XX.XXXxx-xx-xx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxxx2022年02月19日verified
27XX.XX.XX.XXXXxxxxx2022年02月19日verified
28XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxx.xxxxxxxxx.xxxXxxxxx2022年02月19日verified
29XX.XXX.XXX.XXXXxxxxx2022年02月19日verified
30XX.XX.XX.XXXxxxxx2022年02月19日verified
31XX.XX.XXX.XXx-xx-xx-xxx-xx.xxxx.xx.xxxxxxx.xxxXxxxxx2022年02月19日verified
32XX.XX.XXX.XXXxxxxxxxxxxx-xxx-x-xx-xxx.xxx-xx.xxx.xxxxxxx.xxXxxxxx2022年02月19日verified
33XX.XX.XXX.Xxxxxx-xx-xxx-x.xxxxx.xxx-xxx.xxXxxxxx2022年02月19日verified
34XX.XXX.XX.XXxxxxxxxxxx.xxxXxxxxx2022年02月19日verified
35XX.XXX.XX.XXxxxxxxxxxx.xxxXxxxxx2022年02月19日verified
36XX.XXX.XX.XXxxxx.xxxxxxxxxxxxx.xxxXxxxxx2022年02月19日verified
37XX.XX.XXX.XXXxxxx-xxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxxxxxx-xx.xxXxxxxx2022年02月19日verified
38XX.XX.X.XXXXxxxxx2022年02月19日verified
39XXX.XX.XXX.XXxxxx-xxx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxx2022年02月19日verified
40XXX.XXX.X.XXXxxxxx2022年02月19日verified
41XXX.XXX.XX.XXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxxxx2022年02月19日verified
42XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxxxx2022年02月19日verified
43XXX.XX.XXX.XXXXxxxxx2022年02月19日verified
44XXX.XXX.XX.XXXXxxxxx2022年02月19日verified
45XXX.XXX.XX.XXXxxxxx2022年02月19日verified
46XXX.XXX.XX.XXXXxxxxx2022年02月19日verified
47XXX.XXX.XXX.XXXXxxxxx2022年02月19日verified
48XXX.XX.XX.XXxxxx-xxx-xxx.xx-xxxxxxxx.xxXxxxxx2022年02月19日verified
49XXX.XXX.XXX.XXXXxxxxx2022年02月19日verified
50XXX.XX.X.XXXXxxxxx2022年02月19日verified
51XXX.XX.XX.XXxxxxx2022年02月19日verified
52XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxx.xxx.xxXxxxxx2022年02月19日verified
53XXX.XX.XXX.XXXXxxxxx2022年02月19日verified
54XXX.XXX.XXX.XXXxxxxx2022年02月19日verified
55XXX.XX.XX.XXXXxxxxx2022年02月19日verified
56XXX.XXX.XX.XXxx-xx-xxx-xxx.xxxxxxx.xxx.xxXxxxxx2022年02月19日verified
57XXX.XX.XXX.XXXXxxxxx2022年02月19日verified
58XXX.X.XXX.XXXxxxxxxxxx.xxxx-xxxxx.xxXxxxxx2022年02月19日verified
59XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxx.xxxXxxxxx2022年02月19日verified
60XXX.XX.XXX.XXXXxxxxx2022年02月19日verified
61XXX.XX.XXX.XXXXxxxxx2022年02月19日verified
62XXX.XXX.XXX.XXXxxxxx2022年02月19日verified
63XXX.XX.XXX.XXXXxxxxx2022年02月19日verified
64XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxx2022年02月19日verified
65XXX.XXX.XXX.XXXXxxxxx2022年02月19日verified
66XXX.XX.XX.XXXxxxxx2022年02月19日verified
67XXX.XX.XX.XXxxxxx2022年02月19日verified
68XXX.XXX.XXX.XXXXxxxxx2022年02月19日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
18TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (196)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/adfs/lspredictive
3File/carbon/mediation_secure_vault/properties/ajaxprocessor.jsppredictive
4File/cgi-bin/wlogin.cgipredictive
5File/fos/admin/index.php?page=menupredictive
6File/getcfg.phppredictive
7File/Home/debit_credit_ppredictive
8File/index.php/weblinks-categoriespredictive
9File/iwguestbook/admin/messages_edit.asppredictive
10File/login/index.phppredictive
11File/odfs/classes/Master.php?f=delete_teampredictive
12File/public/plugins/predictive
13File/scripts/iisadmin/bdir.htrpredictive
14File/usr/bin/pkexecpredictive
15File/wp-content/plugins/updraftplus/admin.phppredictive
16Fileadd.phppredictive
17Fileadmin.cgi/config.cgipredictive
18Fileadmin.phppredictive
19Fileadmin/admin.guestbook.phppredictive
20Fileadmin/auth.phppredictive
21Fileadmin/backupdb.phppredictive
22Fileadmin/login.asppredictive
23Fileadmin/preview.phppredictive
24Fileadministrator/components/com_media/helpers/media.phppredictive
25Filexxxxxxx_xxxx_xxxxxxx_xxxxxx_xxx.xpredictive
26Filexxxx.xxpredictive
27Filexxxxxxxxxxxx.xxxpredictive
28Filexxxx/xxxx_xxx.xxxpredictive
29Filexxxxxx_xxxxxxxxx.xxxpredictive
30Filexxxxxx/xxxxxxx/xxxx/xxxxxxx/xxxxxxx/xxxx_xxxxxxx.xxxpredictive
31Filexxx.xxxpredictive
32Filexxxxxxx.xxxxpredictive
33Filexxx-xxx/xxxxxpredictive
34Filexxxxxxxxxxxxxxxx.xxxpredictive
35Filexxxxxxx/xxxxxxxxxx.xxxpredictive
36Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xpredictive
37Filexxxxx-xxxxxxx.xxxpredictive
38Filex_xxxxxxpredictive
39Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
40Filexx/xx.xxxpredictive
41Filexxxxxxxxxx.xpredictive
42Filexxxxxxx.xxxpredictive
43Filexxxxxxxxx.xxxpredictive
44Filexxxxxxx/xxx/xxx/xxxxx.xpredictive
45Filexxxx.xxxpredictive
46Filexxxxx.xxxpredictive
47Filexxx/xxxx/xxxx.xpredictive
48Filexxxxxxx.xxxpredictive
49Filexxxxx/xxxxxx.xxxpredictive
50Filexxxx_xxxxxx_xxxxxxx.xxxpredictive
51Filexx_xxxxxxxpredictive
52Filexxxxx/xxxxx_xxxxx_xpredictive
53Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictive
54Filexx.xxxpredictive
55Filexxxxx.xxxpredictive
56Filexxxxxx/xxxxxxxxpredictive
57Filexxxx_xxxxxxx.xxx.xxxpredictive
58Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxpredictive
59Filexxxxxxxxx.xxxpredictive
60Filexxxxxxxxx.xxxpredictive
61Filexxxxxxxxx/xxxxxxxxx.xxx.xxxpredictive
62Filexxxxxxxxxxxx.xxxpredictive
63Filexxxxxxxxx.xxxpredictive
64Filexxxx/xx/xxxxxxxxxx.xxxpredictive
65Filexxxxxxxx.xxxpredictive
66Filexxxxxxxxx.xxpredictive
67Filexxx/xxxxxx.xxxpredictive
68Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
69Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictive
70Filexxxxxxxx/xxxxxxxxx.xxxxx.xxxpredictive
71Filexxxxxxxx/xxxxxx/xxxx/xxxxx.xxx.xxxpredictive
72Filexxxxx.xxxpredictive
73Filexxxxxxxxxxx.xxxpredictive
74Filexxxxxxxx/xxx_xxxx_xxxx.xpredictive
75Filexxx/xxxxxxxx.xxxpredictive
76Filexxx_xxxxxxxxx.xxxpredictive
77Filexxx.x/xxxxxx.xpredictive
78Filexxx.xpredictive
79Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictive
80Filexxxxx.xxxpredictive
81Filexxx_xxxxxx.xpredictive
82Filexxxxxxxx_xxxxxx.xxxpredictive
83Filexxx/xxxx/xxxxxx.xpredictive
84Filexxxxxxx_xxxx.xxxpredictive
85Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictive
86Filexxx_xxxx.xxxpredictive
87Filexxxx-xxxx_xxxxxxx.xxpredictive
88Filexxxxxxx.xxxpredictive
89Filexxxxxxxxxxx.xxxpredictive
90Filexxxxxxxxxxxx.xxxpredictive
91Filexxxxxx.xxxpredictive
92Filexxxxxxx\xxx_xxxxxx.xxxpredictive
93Filexxx_xxx_xxxx.xxxpredictive
94Filexx.xxxpredictive
95Filexxxxxx/xxx/xx/xxx.xxpredictive
96Filexxxxxxxxx.xxxxpredictive
97Filexxxxxx.xxxpredictive
98Filexxxx_xxxxx.xxxpredictive
99Filexxxxxxxxxxxx.xxxpredictive
100Filexxxxxx/xxxxx.xxxpredictive
101Filexxxxxxxxx.xxxpredictive
102Filexx_xxxxx_xxxx.xxxpredictive
103Filexxxx-xxx/predictive
104Filexxxxx.xxxpredictive
105Filexxxxxxxx_xxxxxxxxx.xxxpredictive
106Filexxxxx.xxxpredictive
107Filexxxxxx_xxx.xxxpredictive
108Filexxxxxxx.xxxxpredictive
109Filexxxxxx.xxxpredictive
110Filexxxxxxxxxx.xxxxpredictive
111Filexx-xxxxx/xxxx.xxxpredictive
112Filexx-xxxxx.xxxpredictive
113Filexxxxxx.xxxpredictive
114Filexxxxxxxxxxxxx.xxxpredictive
115Library/xxxxx/xxxxxxxx/xxxxxxx.xxxpredictive
116Libraryxxx/xxxx/xxxxx.xxxpredictive
117Libraryxxxxxx-xx/xxx/xxx-xxxxxx-xxxxx-xx.xxxpredictive
118Libraryxxxxxxx.xxx.xx.xxxpredictive
119Libraryxxxxxx.xxxpredictive
120Libraryxxx/xxx/xxxx/predictive
121Argumentxx/xxpredictive
122Argumentxxxxxxxpredictive
123Argumentxxxxxxxxpredictive
124Argumentxxxxxpredictive
125Argumentxxxxxpredictive
126Argumentxxxxxxxxxxxxxpredictive
127Argumentxxxxxxxxpredictive
128Argumentxxxpredictive
129Argumentxxxxxxxpredictive
130Argumentxxxxxxxxxxxxxpredictive
131Argumentxxxxxxpredictive
132Argumentxxxxxxxpredictive
133Argumentxxxxxxxxpredictive
134Argumentxxxxxxx_xxxx_xxx_xxxxxxpredictive
135Argumentxxxxxpredictive
136Argumentxxx_xxxxpredictive
137Argumentxxxxxxxpredictive
138Argumentxxxx_xxxxx_xxxxpredictive
139Argumentxxxxpredictive
140Argumentxxxxxxxxpredictive
141Argumentxx_xxpredictive
142Argumentxx_xxxxpredictive
143Argumentxxpredictive
144Argumentx_xxxxxxxpredictive
145Argumentxxxxpredictive
146Argumentxxxxxpredictive
147Argumentxxpredictive
148Argumentxxxxxpredictive
149Argumentxxxxxpredictive
150Argumentxxxpredictive
151Argumentxxx_xxxpredictive
152Argumentxxxxxpredictive
153Argumentxxxxxxx_xxxxpredictive
154Argumentxxxxxxpredictive
155Argumentxxxpredictive
156Argumentxxxxxxpredictive
157Argumentxxxxxxxpredictive
158Argumentxxxxxxxxxpredictive
159Argumentxxx_xxpredictive
160Argumentxxxxpredictive
161Argumentxxxxpredictive
162Argumentxx_xxpredictive
163Argumentxxxxxxpredictive
164Argumentxxxxxpredictive
165Argumentxxxxpredictive
166Argumentxxxx[xx]predictive
167Argumentxxxxx_xxxx_xxxxpredictive
168Argumentxxxxxxpredictive
169Argumentxxx-xxxxxxpredictive
170Argumentxxxxxx/xxxxxx_xxxxxxpredictive
171Argumentxxxxxx_xxxxxxpredictive
172Argumentxxxxxx_xxxxxpredictive
173Argumentxxxxxx_xxxxpredictive
174Argumentxxxxxxxxpredictive
175Argumentxxxxpredictive
176Argumentxxxx_xxpredictive
177Argumentxxxpredictive
178Argumentxxxxxpredictive
179Argumentxxxxxxxpredictive
180Argumentxxxxxpredictive
181Argumentxxxxxxxxxpredictive
182Argumentxxxxxxxxxxxpredictive
183Argumentxxxxxxpredictive
184Argumentxxxxxxxxpredictive
185Argumentxxx:xxxxpredictive
186Argumentxxxxx/xxxxxxpredictive
187Argumentxxx_xxx_xxxxxxxx_xxxpredictive
188Argumentx_xxxxxxxxpredictive
189Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictive
190Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictive
191Input Value<?xxx xxxxxx($_xxx['x']); ?>predictive
192Input Value??x:\predictive
193Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictive
194Network Portxxx/xx (xxx)predictive
195Network Portxxx/xxxxpredictive
196Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!