Necurs Analysis

IOB - Indicator of Behavior (41)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en36
it2
jp2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us38
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco ASA2
DUware DUpaypal2
lshell2
Motorola SBG65802
Qualcomm Snapdragon Automobile2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.790.00943CVE-2010-0966
3Joomla CMS Login sql injection9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.000.00194CVE-2006-1047
4WPFront Scroll Top Plugin Image cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00058CVE-2021-24564
5Francisco Burzi PHP-Nuke Addressbook addressbook.php path traversal7.37.1$25k-$100k$0-$5kFunctionalUnavailable0.000.04741CVE-2007-1720
6Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation8.37.3$100k and more$5k-$25kUnprovenOfficial Fix0.020.00046CVE-2021-31969
7LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.180.00000
8Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.030.00137CVE-2008-4879
9DUware DUpaypal detail.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00421CVE-2006-6365
10PHP Arena paBugs MySQL class.mysql.php file inclusion7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.07369CVE-2006-5079
11ShopStoreNow E-commerce Shopping Cart orange.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.000.00811CVE-2007-0142
12Motorola SBG6580 Web Access login denial of service7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000.00000
13Pixelpost cross-site request forgery7.06.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01219CVE-2010-3305
14Check Point VPN-1 UTM Edge Administrator Account WizU.html cross-site request forgery8.88.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01277CVE-2007-3489
15Qualcomm Snapdragon Automobile Register access control5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2017-11004
16WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
17OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00250CVE-2005-1612
18lshell access control8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00348CVE-2016-6902
19Wesley Destailleur forum todooforum.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00195CVE-2013-3538
20GetSimpleCMS index.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00123CVE-2019-9915

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
140.121.206.97Necurs06/13/2021verifiedHigh
262.212.154.98ns1.crossdns.comNecurs04/01/2022verifiedHigh
364.47.209.23Necurs06/13/2021verifiedHigh
464.63.188.85Necurs06/13/2021verifiedHigh
564.231.250.149bas3-toronto12-64-231-250-149.dsl.bell.caNecurs06/13/2021verifiedHigh
6XX.XX.XX.XXxxxxxxxx-xxxxxx.xx.xxxXxxxxx06/13/2021verifiedHigh
7XX.XXX.XXX.XXXXxxxxx06/13/2021verifiedHigh
8XX.X.XX.XXXXxxxxx06/13/2021verifiedHigh
9XX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxxXxxxxx04/01/2022verifiedHigh
10XX.XXX.XXX.XXXxxxxx06/13/2021verifiedHigh
11XX.XXX.XX.XXxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxx04/01/2022verifiedHigh
12XX.XXX.XXX.XXxxx-xxxxxxxx.xxx.xxxxxxxxx.xxxXxxxxx06/13/2021verifiedHigh
13XX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxxxxxxxxxxx.xxxXxxxxx06/13/2021verifiedHigh
14XX.XX.XXX.XXXXxxxxx06/13/2021verifiedHigh
15XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxx.xxxx.xxxxxxx.xxxXxxxxx06/13/2021verifiedHigh
16XX.XX.XX.XXXxxxx.xxxxxxxxxxxxxx-xxxxx.xx.xx.xxxXxxxxx06/13/2021verifiedHigh
17XX.XXX.XX.XXXxx-xxx-xx-xxx.xxx.xxxxx.xxxXxxxxx04/01/2022verifiedHigh
18XX.XXX.XX.XXXxxxxx.xxxxxxxxx.xxxXxxxxx04/01/2022verifiedHigh
19XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxx04/06/2022verifiedHigh
20XX.XXX.XXX.XXxxxxx-xxxxxxxxxxx.xxxXxxxxx04/01/2022verifiedHigh
21XX.XXX.XXX.XXXxxxxx-xxxxxxxxxxx.xxxXxxxxx04/08/2022verifiedHigh
22XXX.XXX.XX.XXXXxxxxx04/06/2022verifiedHigh
23XXX.XXX.XXX.XXxxxxxxxxxx.xxx.xxx-xxxxxx.xxx.xxXxxxxx04/01/2022verifiedHigh
24XXX.XXX.XXX.XXXxxxxx04/01/2022verifiedHigh
25XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxXxxxxx04/06/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/goform/loginpredictiveHigh
3Fileaddentry.phppredictiveMedium
4Fileaddressbook.phppredictiveHigh
5Filexxxxx/xxxxx.xxxpredictiveHigh
6Filexxxxx.xxxxx.xxxpredictiveHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9Filexxxxxx.xxxpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveHigh
11Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
12Filexxxxxx.xxxpredictiveMedium
13Filexxx/xxxx.xxxxpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
18Filexxxx_xxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxx.xxxpredictiveHigh
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxpredictiveLow
22ArgumentxxxxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxpredictiveLow
25ArgumentxxxxpredictiveLow
26Argumentxxxxxx_xxxxpredictiveMedium
27Argumentxxxx_xx_xx_xxxpredictiveHigh
28ArgumentxxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxxxxpredictiveMedium
31ArgumentxxxpredictiveLow
32Network Portxxx xxxxxx xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!