neshta Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	16
ja	4
fr	2
zh	2
sv	2

Country

US: USA	26

Actors

RedLine Stealer	1
AsyncRAT	1
DarkComet	1
neshta	1
Quasar RAT	1

Activities

Interest

Timeline

Type

Content Management System	6
Not Defined	4
Log Management Software	4
Operating System	2

Vendor

Not Defined	12
Apple	2
CodeAstro	2

Product

AWStats	4
phpFox	2
Apple Mac OS X Server	2
SPIP	2
TikiWiki	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	AWStats awstats.pl Path information disclosure	5.3	5.3	$0-$5k	Calculating	Not defined	Not defined		0.00244	0.06	CVE-2018-10245
2	AWStats awstats.pl pathname traversal	5.5	5.5	$0-$5k	$0-$5k	Not defined	Not defined		0.01565	0.06	CVE-2020-35176
3	phpBB album_portal.php file inclusion	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.01676	0.09	CVE-2004-1943
4	Lenovo/IBM System X Server BIOS Mode USB Driver toctou	4.5	4.5	$0-$5k	$0-$5k	Not defined	Not defined		0.00035	0.00	CVE-2020-8332
5	phpFox Request Parameter redirect unserialize code injection	8.4	8.3	$0-$5k	$0-$5k	Not defined	Official fix		0.00768	0.00	CVE-2023-46817
6	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.04277	0.97	CVE-2006-6168
7	CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload	4.7	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00092	0.06	CVE-2024-7910
8	Apple Mac OS X Server Wiki Server sql injection	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official fix		0.00391	0.06	CVE-2015-5911
9	code-projects Blood Bank Management System member_register.php sql injection	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.00116	0.04	CVE-2024-9986
10	PHP phpinfo cross site scripting	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official fix		0.25032	0.03	CVE-2006-0996
11	awstats Installation awstats.pl cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined		0.08613	0.00	CVE-2006-3682
12	TeamViewer Remote Full Client/Remote Host Printer Driver Installation TeamViewer_service.exe signature verification	8.3	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Official fix		0.00089	0.09	CVE-2024-7481
13	SPIP spip.php cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not defined	Official fix		0.02305	0.97	CVE-2022-28959
14	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	possible	0.01802	0.18	CVE-2007-0354
15	WordPress wp-trackback.php sql injection	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Not defined		0.09965	0.03	CVE-2007-0233

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	201.16.194.227	201-016-194-227.static.ctbctelecom.com.br	neshta		06/18/2025	verified	Very High
2	XXX.XXX.XXX.XXX		Xxxxxx		07/01/2024	verified	Very High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006		CWE-21	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-XXX	CWE-XX, CWE-XX	Xxxxx Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-X	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (18)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/emp-profile-avatar.php	predictive	High
2	File	/core/redirect	predictive	High
3	File	/spip.php	predictive	Medium
4	File	xxxxx_xxxxxx.xxx	predictive	High
5	File	xxxxxxx.xx	predictive	Medium
6	File	xxx-xxx/xxxxxxx.xx	predictive	High
7	File	xxxxx.xxx	predictive	Medium
8	File	xxxxxx_xxxxxxxx.xxx	predictive	High
9	File	xxxxxxxxxx_xxxxxxx.xxx	predictive	High
10	File	xxxx-xxxxxxxx.xxx	predictive	High
11	File	xx-xxxxxxxxx.xxx	predictive	High
12	Argument	xxxxxx	predictive	Low
13	Argument	xxxxxxxxx/xxxxxx	predictive	High
14	Argument	xxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxx	predictive	High
15	Argument	xx	predictive	Low
16	Argument	xxxxx_xxxx_xxxx	predictive	High
17	Argument	xx_xx	predictive	Low
18	Argument	xxx	predictive	Low

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!