Naikon Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en157
fr60
de53
es26
it21

Country

us258
fr10
cn2

Actors

Carbanak338
Naikon2

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1WEKA INTEREST Security Scanner Webspider denial of service2.82.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.04CVE-2017-20014
2Netegrity SiteMinder Login smpwservicescgi.exe redirect5.45.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2005-10001
3Mirmay Secure Private Browser / File Manager Auto Lock improper authentication3.33.3$0-$5k$0-$5kFunctionalWorkaround0.00CVE-2018-25030
4ISS BlackICE PC Protection Update cleartext transmission3.73.7$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2003-5002
5WEKA INTEREST Security Scanner Stresstest Configuration denial of service2.82.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.00CVE-2017-20013
6WEKA INTEREST Security Scanner Portscan memory allocation4.34.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.04CVE-2017-20016
7ISS BlackICE PC Protection Cross Site Scripting Detection privileges management5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2003-5001
8WEKA INTEREST Security Scanner LAN Viewer denial of service2.82.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.00CVE-2017-20015
9Kiddoware Kids Place Home Button Protection denial of service5.35.1$0-$5k$0-$5kHighOfficial Fix0.04CVE-2015-10002
10Shemes GrabIt NZB Date Parser denial of service5.35.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2010-10001
11WEKA INTEREST Security Scanner HTTP denial of service2.82.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.08CVE-2017-20011
12TEM FLEX-1080/FLEX-1085 Log information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.37CVE-2022-1077
13DolphinPHP User Management Page cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.04CVE-2022-1086
14WEKA INTEREST Security Scanner Stresstest Scheme denial of service2.82.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.00CVE-2017-20012
15ISS BlackICE PC Protection Update cross site scriting5.04.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2003-5003
16Brocade Network Advisor DashboardFileReceiveServlet path traversal8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2016-8205
17PostgreSQL numeric error6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2007-4769
18Apple tvOS Security inadequate encryption7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-4693
19Linux Kernel NFS Subsystem decode_nfs_fh memory corruption7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix1.02CVE-2021-4157
20Akeo Rufus Executable/Rufus Portable Executable untrusted search path6.36.3$0-$5k$0-$5kNot DefinedNot Defined1.07CVE-2022-26620

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Camerashy

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
147.241.127.190NaikonHigh
250.117.115.89NaikonCamerashyHigh
350.117.115.90NaikonCamerashyHigh
465.19.141.203shibakov.orgNaikonCamerashyHigh
5XX.XX.XXX.XXXxxxxxxxxxxxxxxxx-x-xx.xxxxxxxx.xxxx.xx.xxxXxxxxxXxxxxxxxxHigh
6XXX.XX.XX.XXXxxxxxXxxxxxxxxHigh
7XXX.XXX.XXX.XXXxxxxxHigh
8XXX.XXX.XXX.XXXXxxxxxXxxxxxxxxHigh
9XXX.XXX.XXX.XXXXxxxxxHigh
10XXX.XXX.XXX.XXXXxxxxxHigh
11XXX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxHigh
12XXX.XX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxxxHigh
13XXX.XXX.XXX.XXXXxxxxxXxxxxxxxxHigh
14XXX.XXX.XXX.XXXXxxxxxXxxxxxxxxHigh
15XXX.XXX.XXX.XXXXxxxxxXxxxxxxxxHigh
16XXX.XX.XX.XXXxxx.xx-xx-xxx.xxxx.xxxxxxxxxxx.xxxXxxxxxXxxxxxxxxHigh
17XXX.XX.XXX.XXxxxx.xxx.xxxx.xxx.xxXxxxxxHigh
18XXX.XXX.XXX.XXXXxxxxxXxxxxxxxxHigh
19XXX.XXX.XXX.XXXXxxxxxXxxxxxxxxHigh
20XXX.XX.XXX.XXXxxxxxx-xx-xxx-xxx-xx-xxx.xxx.xxxxxx.xxxXxxxxxHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxHigh
4TXXXXCWE-XXXXxxxxxxxxx XxxxxxHigh
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxx Xx XxxxxxxxxxxHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxHigh
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (113)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File%windir%\Internet Logs\High
2File/admin.php/admin/website/data.htmlHigh
3File/aqpg/users/login.phpHigh
4File/crypto_keyfile.binHigh
5File/cwms/admin/?page=articles/view_article/High
6File/cwms/classes/Master.php?f=save_contactHigh
7File/mims/app/addcustomerHandler.phpHigh
8File/one_church/userregister.phpHigh
9File/show_news.phpHigh
10File/siteminderagent/pwcgi/smpwservicescgi.exeHigh
11File/squashfs-root/www/HNAP1/control/SetWizardConfig.phpHigh
12File500page.jspMedium
13Fileadmin/admin_process.phpHigh
14Filexxxxx/xxxx_xxxxxxxx_xxxxxx.xxxHigh
15Filexxxxxxxxxx.xxxHigh
16Filexxxxxx-xxxxxxxxx.xxxHigh
17Filexxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxx.xxxHigh
18Filexxxxxx.xxMedium
19Filexxxxxx/xxx.xMedium
20Filexxxxxxx.xxxxxx.xxx.xx.xxxHigh
21Filexxxxxxxxxx.xxxHigh
22Filexxxxxxxxxxxxxxxxxx.xxxHigh
23Filexxxxx-xxxxxx.xxxHigh
24Filexxxxxxx.xxxMedium
25Filexxx_xxx.xxxMedium
26Filexxxxxxx.xxxMedium
27Filexxxxxxxxx_xxxxxx.xHigh
28Filexxxxxxx.xMedium
29Filexxxxx.xxxMedium
30Filexxxx_xxx.xxxMedium
31Filexxxxxxx.xMedium
32Filexxxxxx/xx-xxxxxx_xxx_xx_xxxxxxxxxx/xxxxxx/xxxxxxx/xxxxx/xxxxxxxx/xxx/xxxxxx_xx/xxxxxx/xxx_xxxxxx.xHigh
33Filexxxxxx/xxxxxxx.xxxHigh
34Filexxxx/xxxxx/?xxxx=xxxxxxxxxxx/xxxx_xxxxxxxHigh
35Filexxx/xxxx/xx_xxxx_xxxxx.xHigh
36Filexxxxxxx.xxxMedium
37Filexxxxx.xxxMedium
38Filexxxxxxxx/xxxxx.xxxHigh
39Filexxxxxx.xxx/xxx-xxx/xxx/xxxxx.xxxHigh
40Filexxxxx/xxx/xxxxxx_xxxxx/!xxxxxxxx?xxxxxxxxxx=xxxx-xxxxx-xx-xxxx.xxxxxxxx_xxxxxxxxxxxxxHigh
41Filexxxxxxxxxxxx.xxxHigh
42Filexxxxxxxx.xxxMedium
43Filexxxxxxxx.xxxMedium
44Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxHigh
45Filexxxx_xxxxx.xMedium
46Filexxxxxx.xxxMedium
47Filexxx/xxxxx/xxx/xx/xx.xxxHigh
48Filexxxx-xxxxxx_xxxxxxxx.xxxHigh
49Filexxx/xxx/xxx-xxxxxxHigh
50Filexxxxxxx.xxxMedium
51Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxx-xxxxxxxHigh
52Filexxxxxxxxxxxxxx.xxxHigh
53Libraryxxxxx.xxxMedium
54Libraryxxx/xxxxxx/xxxxxxxxx/xxxxxx.xHigh
55Libraryxxxxxxx.xxxMedium
56Libraryxxxxxxxx.xxxMedium
57Libraryxxxxxxxx.xxxMedium
58Libraryxxx/xxxx.xMedium
59Libraryxxx/xxxxx/xxxxx_xxxx.xxxHigh
60Libraryxxxxxxxxx.xxxHigh
61Libraryxxxxxxxxxxxxx.xxxxxxxxxxHigh
62LibraryxxxxxxxLow
63Libraryxxxxx.xxxMedium
64ArgumentxxxxxLow
65ArgumentxxxxxxxxxxxxMedium
66Argumentxxx_xxLow
67Argumentxx/xxx/xxMedium
68Argumentxxx_xxxxxx_xxxxHigh
69Argumentxxxxxxx-xxxxxxHigh
70ArgumentxxxxxLow
71Argumentxxxxxxxx_xxxx_xxxxxx/xxxxxxx_xxxxxx/xxxxxxx_xxxxxx_xxxxxx/xxxxxxx_xxxx_xxxxxxHigh
72ArgumentxxxxLow
73Argumentxxxxx[]Low
74Argumentxxxxx xxxx/xxxxxx xxxx/xxxx xxxxHigh
75Argumentxxxxx_xxxxMedium
76Argumentxx_xxxxLow
77Argumentxxxxx_xxMedium
78Argumentxxxx_xxxxMedium
79ArgumentxxLow
80Argumentxxxx_xxx_xxxxxx/xxxx_xxx_xxxxxx/xxxx_xxx_xxxxxx/xxxx_xxx_xxxxxxHigh
81Argumentxxxxxxxx/xxxxxxx/xxx/xxxxxxHigh
82Argumentxxx/xxxxxMedium
83Argumentx_xxLow
84ArgumentxxxxxxLow
85ArgumentxxLow
86ArgumentxxxxLow
87Argumentxxxxx[x]Medium
88Argumentx_x_xLow
89Argumentxxxxx[x][xxxxxxx]High
90ArgumentxxxxxxxLow
91Argumentxxxxxx/xxxxxMedium
92ArgumentxxxLow
93Argumentxxxxxx_xxxxxx_xxxx_xxxxxxx_xx_xxxxHigh
94ArgumentxxxxxxLow
95ArgumentxxxxxLow
96ArgumentxxxLow
97ArgumentxxxxxxxxMedium
98ArgumentxxxxxxxxMedium
99Argumentxxxx/xxxx/xxxxxxHigh
100ArgumentxxxxLow
101Argumentxxxx xxxxMedium
102Input Value'"><xxx xxx=xx xxxxxxx=xxxxx(x)>.xxxHigh
103Input Value-xLow
104Input ValuexxxxxxxxxxxxxxxxHigh
105Input Value<xxxx xxxxx="High
106Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)High
107Input Valuexxxx://xxx.xxx.x.x/xxx-xxx/xxxxxxxx.xxx?xxxx=/xxx/xxxxxx.xxxxxxHigh
108Input Value\..Low
109Patternxxxxxxx.xxxMedium
110Pattern__xxxxxxxxx=Medium
111Network Portxxx/xxLow
112Network Portxxx/xxxxMedium
113Network Portxxx xxxxxx xxxxHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!