Necro Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (182)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en176
ru2
es2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us34
ru10
tr2
si2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Necro11
Mirai2
AsyncRAT2
Ave Maria2
Azorult2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined98
WordPress Plugin14
Content Management System10
Programming Language Software6
Router Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
Itech8
JUNG6
Uniqkey6
V-Zug4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cryptocat8
JUNG Smart Visu Server6
Hindu Matrimonial Script6
Uniqkey Password Manager6
V-Zug Combi-Steam MSLQ4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Symantec Endpoint Protection Manager Management Console secars.dll memory corruption9.68.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.00680CVE-2013-1612
2OpenSSH Key Exchange Initialization kex_input_kexinit resource management7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.78351CVE-2016-8858
3FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.160.00052CVE-2015-10003
4vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00312CVE-2015-1419
5Oracle PeopleSoft Enterprise PeopleTools Rich Text Editor access control6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00322CVE-2018-3132
6WordPress URL server-side request forgery8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01530CVE-2019-17669
7Moodle sql injection7.17.1$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00070CVE-2023-28329
8BrotherScripts Business Directory articlesdetails.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00122CVE-2010-4969
9SourceCodester Medical Hub Directory Site view_details.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00190CVE-2022-28533
10pdfkit URL command injection8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.020.28060CVE-2022-25765
11nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.100.00241CVE-2020-12440
12D-Link Router alpha_auth_check access control9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.01314CVE-2013-6026
13OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00250CVE-2005-1612
14package nested-object-assign Prototype code injection7.36.6$0-$5kCalculatingProof-of-ConceptOfficial Fix0.000.00101CVE-2021-23329
15Backdoor.Win32.Anaptix.bd permission6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
16Apple Safari WebRTC memory corruption6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.01152CVE-2022-2294
17ISS BlackICE PC Protection Cross Site Scripting Detection privileges management5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.050.00186CVE-2003-5001
18ISS BlackICE PC Protection Update cross site scripting5.04.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.070.00067CVE-2003-5003
19ISS BlackICE PC Protection Update cleartext transmission3.73.7$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00067CVE-2003-5002
20Mozilla Firefox String unknown vulnerability4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.040.00202CVE-2005-2602

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.145.185.83Necro02/11/2022verifiedHigh
245.145.185.229Necro02/11/2022verifiedHigh
352.3.115.71ec2-52-3-115-71.compute-1.amazonaws.comNecro02/11/2022verifiedMedium
454.161.239.214ec2-54-161-239-214.compute-1.amazonaws.comNecro02/11/2022verifiedMedium
5XX.XXX.XXX.XXXXxxxx02/11/2022verifiedHigh
6XX.XXX.XX.XXXxxxx02/11/2022verifiedHigh
7XX.XXX.XX.XXxxxxxx.xx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx02/11/2022verifiedHigh
8XXX.XXX.XXX.XXXxxxx02/11/2022verifiedHigh
9XXX.XXX.XXX.XXXxxxx02/11/2022verifiedHigh
10XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxx02/11/2022verifiedHigh
11XXX.XXX.XXX.XXxxx.xxx.xxXxxxx02/11/2022verifiedHigh
12XXX.XX.XX.XXxxxx.xxxxxx.xxXxxxx02/11/2022verifiedHigh
13XXX.XX.XXX.XXXxxxx02/11/2022verifiedHigh
14XXX.XXX.XX.XXXXxxxx02/11/2022verifiedHigh
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xxxXxxxx02/11/2022verifiedMedium
16XXX.XXX.XXX.XXXXxxxx02/11/2022verifiedHigh
17XXX.X.XXX.XXXXxxxx02/11/2022verifiedHigh
18XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxx.xxxxxxxxxxxxx.xxx.xxXxxxx02/11/2022verifiedHigh
19XXX.XX.XX.XXxxxxxxxxxxxxxx.xxxxxxx.xxxxXxxxx02/11/2022verifiedHigh
20XXX.XXX.XXX.XXXXxxxx02/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adminpredictiveLow
2File/admin/conferences/get-all-status/predictiveHigh
3File/admin/conferences/list/predictiveHigh
4File/admin/countrymanagement.phppredictiveHigh
5File/admin/general/change-langpredictiveHigh
6File/admin/group/list/predictiveHigh
7File/admin/renewaldue.phppredictiveHigh
8File/admin/usermanagement.phppredictiveHigh
9File/artist-display.phppredictiveHigh
10File/backups/predictiveMedium
11File/catcompany.phppredictiveHigh
12File/xxx-xxx/xxxxxxxxxxxxpredictiveHigh
13File/xxxx-xxxxxx.xxxpredictiveHigh
14File/xxxxx/xxxxxxxx-xxxxxxx.xxxpredictiveHigh
15File/xxxxxxxxx.xxxpredictiveHigh
16File/xxxx/xxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
17File/xxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
18File/xxxxx.xxxpredictiveMedium
19File/xxxx-xxxxxx-xxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
20File/xxxxxxxxx/xxxxx.xxxpredictiveHigh
21File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
22File/xxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
23File/xxx/xxxx/_xxxxxxxx/xxxxxxxxxxxxx.xxx.xxxpredictiveHigh
24File/xxxxxx/xxxx.xxxpredictiveHigh
25File/xxxxxxx/?/xxxxx/xxxx/xxxpredictiveHigh
26Filexxxxx/xxx/xxxxxxxxxxxxpredictiveHigh
27Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxxpredictiveHigh
30Filexxxxxxxxx.xpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filex:\predictiveLow
33Filexxx-xxx/xxx/xxxxxxxx_xxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxx.xxpredictiveMedium
36Filexxx_xxxxxx_xxxx_xxxxxx.xpredictiveHigh
37Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexx-xxx-xxxxxxxxx.xpredictiveHigh
40Filexxxx_xxxx.xxxpredictiveHigh
41Filexx/xxxx.xxxpredictiveMedium
42Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
43Filexxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxxxx.xxxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxx.xxpredictiveMedium
48Filexxxx/xxx-xxx.xxxpredictiveHigh
49Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
50Filexxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxx/xxxxx/xxxxx.xxxxpredictiveHigh
52Filexx-xxxxx/xxxxx.xxxpredictiveHigh
53Filexxxxx.xpredictiveLow
54Libraryxxxxxxxxxxx.xxxpredictiveHigh
55Libraryxxxxxx.xxxpredictiveMedium
56Argument--xx xxxpredictiveMedium
57ArgumentxxxpredictiveLow
58ArgumentxxpredictiveLow
59Argumentxxxxxxx_xxxxx_xxpredictiveHigh
60Argumentxxxx_xxpredictiveLow
61Argumentxxxxxxxxxxxx/xxxxxxxpredictiveHigh
62ArgumentxxxxpredictiveLow
63ArgumentxxxxxpredictiveLow
64ArgumentxxxxxxpredictiveLow
65Argumentxxxx/xxxxxx/xxxpredictiveHigh
66ArgumentxxpredictiveLow
67Argumentxxxx[]predictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70Argumentxxxxx_xx/xxxxxpredictiveHigh
71ArgumentxxxxxxxpredictiveLow
72Argumentxxxxxxxx_xxxpredictiveMedium
73Argumentxxxxxxxx_xxxpredictiveMedium
74ArgumentxxxxxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76ArgumentxxxpredictiveLow
77ArgumentxxxpredictiveLow
78ArgumentxxxxxpredictiveLow
79Argumentxxxxxx_xxxpredictiveMedium
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxxx_xxxxxpredictiveMedium
82Argument_xpredictiveLow
83Input Value/'-xxxxx(xxxxxxxx.xxxxxx)-'x/x/x/predictiveHigh
84Input Valuex' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
85Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
86Input ValuexxxxxxxxxxxxxxxxpredictiveHigh
87Input Value</xxxxx><xxx xxx=xx xxxxxxx=xxxxx(x)>predictiveHigh
88Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
89Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictiveHigh
90Input ValuexxxxxxxxpredictiveMedium
91Input Valuexxxxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
92Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!