Necurs Analysis

IOB - Indicator of Behavior (40)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en36
jp2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us32
fr6
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

lshell2
IBM Lotus Domino2
Maran PHP Shop2
Linux Kernel2
Pixelpost2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
3WPFront Scroll Top Plugin Image cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2021-24564
4Francisco Burzi PHP-Nuke Addressbook addressbook.php path traversal7.37.1$25k-$100k$0-$5kFunctionalUnavailable0.020.06790CVE-2007-1720
5Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.020.01178CVE-2021-31969
6LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.450.00000
7Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.010.00986CVE-2008-4879
8DUware DUpaypal detail.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01139CVE-2006-6365
9PHP Arena paBugs MySQL class.mysql.php file inclusion7.36.8$0-$5k$0-$5kFunctionalUnavailable0.040.04187CVE-2006-5079
10ShopStoreNow E-commerce Shopping Cart orange.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.020.01139CVE-2007-0142
11Motorola SBG6580 Web Access login denial of service7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.020.00000
12Pixelpost cross-site request forgery7.06.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.08382CVE-2010-3305
13Check Point VPN-1 UTM Edge Administrator Account WizU.html cross-site request forgery8.88.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.01319CVE-2007-3489
14Qualcomm Snapdragon Automobile Register access control5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2017-11004
15WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.01319CVE-2006-5509
16OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.180.00986CVE-2005-1612
17lshell access control8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01232CVE-2016-6902
18Wesley Destailleur forum todooforum.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.010.01953CVE-2013-3538
19GetSimpleCMS index.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2019-9915
20FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.110.01213CVE-2008-5928

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/goform/loginpredictiveHigh
3Fileaddentry.phppredictiveMedium
4Fileaddressbook.phppredictiveHigh
5Filexxxxx/xxxxx.xxxpredictiveHigh
6Filexxxxx.xxxxx.xxxpredictiveHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9Filexxxxxx.xxxpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveHigh
11Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
12Filexxxxxx.xxxpredictiveMedium
13Filexxx/xxxx.xxxxpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
18Filexxxx_xxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxx.xxxpredictiveHigh
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxpredictiveLow
22ArgumentxxxxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxpredictiveLow
25ArgumentxxxxpredictiveLow
26Argumentxxxxxx_xxxxpredictiveMedium
27Argumentxxxx_xx_xx_xxxpredictiveHigh
28ArgumentxxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxxxxpredictiveMedium
31ArgumentxxxpredictiveLow
32Network Portxxx xxxxxx xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!