Necurs Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (42)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	28
es	4
jp	2
sv	2
de	2

Country

US: USA	36
FR: France	4
GB: Great Britain	2

Actors

Necurs	2

Activities

Interest

Timeline

Type

Not Defined	12
Content Management System	6
WordPress Plugin	2
Programming Language Software	2
Network Encryption Software	2

Vendor

Not Defined	6
Cutephp	4
PHP Arena	2
Check Point	2
A10	2

Product

Cutephp CuteNews	4
WPFront Scroll Top Plugin	2
GetSimpleCMS	2
PHP Arena paBugs	2
Check Point VPN-1 UTM Edge	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	possible	0.02956	0.00	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.00970	0.00	CVE-2010-0966
3	Firewalla Box Software BLE weak credentials	7.1	6.9	$0-$5k	$0-$5k	Not defined	Official fix		0.02419	0.09	CVE-2024-40892
4	Joomla CMS Login sql injection	9.8	9.8	$5k-$25k	$5k-$25k	Not defined	Not defined		0.00048	0.00	CVE-2006-1047
5	WPFront Scroll Top Plugin Image cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not defined	Official fix		0.00188	0.00	CVE-2021-24564
6	Francisco Burzi PHP-Nuke Addressbook addressbook.php path traversal	7.3	7.1	$5k-$25k	$0-$5k	Functional	Unavailable		0.06604	0.00	CVE-2007-1720
7	Microsoft Windows Cloud Files Mini Filter Driver privilege escalation	8.3	7.3	$100k and more	$5k-$25k	Unproven	Official fix		0.01184	0.00	CVE-2021-31969
8	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not defined	Unavailable		0.00000	0.06
9	Maran PHP Shop prod.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	possible	0.00167	0.04	CVE-2008-4879
10	DUware DUpaypal detail.asp sql injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.01707	0.08	CVE-2006-6365
11	PHP Arena paBugs MySQL class.mysql.php file inclusion	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable		0.03088	0.03	CVE-2006-5079
12	ShopStoreNow E-commerce Shopping Cart orange.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	possible	0.01046	0.00	CVE-2007-0142
13	Motorola SBG6580 Web Access login denial of service	7.5	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround		0.00000	0.00
14	Pixelpost cross-site request forgery	7.0	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00502	0.00	CVE-2010-3305
15	Check Point VPN-1 UTM Edge Administrator Account WizU.html cross-site request forgery	8.8	8.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.01708	0.00	CVE-2007-3489
16	Qualcomm Snapdragon Automobile Register access control	5.4	5.2	$5k-$25k	$0-$5k	Not defined	Official fix		0.00051	0.00	CVE-2017-11004
17	WoltLab Burning Book addentry.php sql injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable		0.00957	0.02	CVE-2006-5509
18	OpenBB read.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not defined	Official fix		0.00326	0.00	CVE-2005-1612
19	lshell access control	8.1	8.1	$0-$5k	$0-$5k	Not defined	Official fix		0.02356	0.00	CVE-2016-6902
20	Wesley Destailleur forum todooforum.php cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.03547	0.04	CVE-2013-3538

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	40.121.206.97		Necurs	06/13/2021	verified	Low
2	62.212.154.98	ns1.crossdns.com	Necurs	04/01/2022	verified	Low
3	64.47.209.23		Necurs	06/13/2021	verified	Low
4	64.63.188.85		Necurs	06/13/2021	verified	Low
5	64.231.250.149	bas3-toronto12-64-231-250-149.dsl.bell.ca	Necurs	06/13/2021	verified	Very Low
6	XX.XX.XX.XX	xxxxxxxx-xxxxxx.xx.xxx	Xxxxxx	06/13/2021	verified	Low
7	XX.XXX.XXX.XXX		Xxxxxx	06/13/2021	verified	Low
8	XX.X.XX.XXX		Xxxxxx	06/13/2021	verified	Low
9	XX.XX.XXX.XXX	xxxxxxxx.xxxxxxxxxxxxx.xxxx	Xxxxxx	04/01/2022	verified	Low
10	XX.XXX.XXX.XX		Xxxxxx	06/13/2021	verified	Low
11	XX.XXX.XX.XX	xxxxxxxxxxxxxxxxxxxxxx.xxx	Xxxxxx	04/01/2022	verified	Low
12	XX.XXX.XXX.XX	xxx-xxxxxxxx.xxx.xxxxxxxxx.xxx	Xxxxxx	06/13/2021	verified	Low
13	XX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxx.xxxxxxxxxxxx.xxx	Xxxxxx	06/13/2021	verified	Low
14	XX.XX.XXX.XXX		Xxxxxx	06/13/2021	verified	Low
15	XX.XX.XXX.XXX	xxxx-xx-xx-xxx-xxx.xxxxx.xxxx.xxxxxxx.xxx	Xxxxxx	06/13/2021	verified	Low
16	XX.XX.XX.XXX	xxxx.xxxxxxxxxxxxxx-xxxxx.xx.xx.xxx	Xxxxxx	06/13/2021	verified	Low
17	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xxx.xxxxx.xxx	Xxxxxx	04/01/2022	verified	Low
18	XX.XXX.XX.XXX	xxxxx.xxxxxxxxx.xxx	Xxxxxx	04/01/2022	verified	Low
19	XX.XXX.XX.XXX	xxxxx.xx-xx-xxx-xx.xx	Xxxxxx	04/06/2022	verified	Low
20	XX.XXX.XXX.XX	xxxxx-xxxxxxxxxxx.xxx	Xxxxxx	04/01/2022	verified	Low
21	XX.XXX.XXX.XXX	xxxxx-xxxxxxxxxxx.xxx	Xxxxxx	04/08/2022	verified	Low
22	XXX.XXX.XX.XXX		Xxxxxx	04/06/2022	verified	Low
23	XXX.XXX.XXX.XX	xxxxxxxxxx.xxx.xxx-xxxxxx.xxx.xx	Xxxxxx	04/01/2022	verified	Low
24	XXX.XXX.XXX.XX		Xxxxxx	04/01/2022	verified	Low
25	XXX.XXX.XXX.XXX	xxxxx.xx-xxx-xxx-xxx.xx	Xxxxxx	04/06/2022	verified	Low

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-XXX	CWE-XX	Xxxxx Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-XX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
6	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/forum/away.php	predictive	High
2	File	/goform/login	predictive	High
3	File	addentry.php	predictive	Medium
4	File	addressbook.php	predictive	High
5	File	xxxxx/xxxxx.xxx	predictive	High
6	File	xxxxx.xxxxx.xxx	predictive	High
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
8	File	xxxxxx.xxx	predictive	Medium
9	File	xxxxxx.xxx	predictive	Medium
10	File	xxx/xxxxxx.xxx	predictive	High
11	File	xxx/xxxx/xxxx_xxxxxxxxxx_xxxx.x	predictive	High
12	File	xxxxxx.xxx	predictive	Medium
13	File	xxx/xxxx.xxxx	predictive	High
14	File	xxxx.xxx	predictive	Medium
15	File	xxxx.xxx	predictive	Medium
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxx	predictive	High
18	File	xxxx_xxxxxxxx.xxx	predictive	High
19	File	xxxxxxxxxx.xxx	predictive	High
20	Argument	xxxxxxxx	predictive	Medium
21	Argument	xxx	predictive	Low
22	Argument	xxxxx	predictive	Low
23	Argument	xxxxxxxx	predictive	Medium
24	Argument	xx	predictive	Low
25	Argument	xxxx	predictive	Low
26	Argument	xxxxxx_xxxx	predictive	Medium
27	Argument	xxxx_xx_xx_xxx	predictive	High
28	Argument	xx	predictive	Low
29	Argument	xxxxxxxx	predictive	Medium
30	Argument	xxxxxxxx	predictive	Medium
31	Argument	xxx	predictive	Low
32	Network Port	xxx xxxxxx xxxx	predictive	High

References (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!