Neutrino Exploit Kit Analysis

IOB - Indicator of Behavior (98)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en90
fr8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us40
ir22
ca12
fr4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP6
Linux Kernel4
Dropbear SSH4
Suricata2
CKEditor2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.390.04187CVE-2010-0966
3FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.280.01213CVE-2008-5928
4Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration os command injection4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.050.02055CVE-2021-3617
5Fortinet FortiMail HTTPS sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2021-24007
6Netgear NMS300 command injection9.89.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.02055CVE-2020-35797
7rConfig sudoers privileges management6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00890CVE-2019-19585
8vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.040.01564CVE-2016-6195
9PHP unserialize use after free7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.020.00000
10Apache Tomcat CORS Filter 7pk security8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.07767CVE-2018-8014
11D-Link DSL-2875AL/DSL-2877AL Web Management Server index.asp cleartext storage6.46.4$5k-$25k$0-$5kNot DefinedNot Defined0.030.00885CVE-2019-15656
12HTTP2 Window Size resource consumption6.46.2$5k-$25k$0-$5kNot DefinedWorkaround0.030.09020CVE-2019-9511
13nginx HTTP2 resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.090.01537CVE-2018-16843
14D-Link DIR-825 router_info.xml PIN access control6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.050.00885CVE-2019-9126
15D-Link DSL-2770L atbox.htm Credentials credentials management7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.01055CVE-2018-18007
16Magento sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00885CVE-2019-7139
17Atlassian JIRA Server/Data Center Jira Importers Plugin injection7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.130.04571CVE-2019-15001
18Apache HTTP Server mod_session input validation5.85.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.06425CVE-2018-1283
19Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.07767CVE-2018-1312
20LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable1.250.00000

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/forum/away.phppredictiveHigh
3File/uncpath/predictiveMedium
4Filearch/x86/kernel/paravirt.cpredictiveHigh
5FileArchiveNews.aspxpredictiveHigh
6Fileatbox.htmpredictiveMedium
7Fileblank.phppredictiveMedium
8Filexxx_xxxxxxxx.xxxpredictiveHigh
9Filexxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxxx/xxxx.xpredictiveHigh
12Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxx_xxxx.xxxpredictiveHigh
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxxx_xxxx.xxxpredictiveHigh
21Filexxxxxx/xxxxxxxxxx.xpredictiveHigh
22Filexxxx.xxxpredictiveMedium
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxx/xxxx/xxxxxxxxx_xxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxx.xpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxx_xxxx.xxxpredictiveHigh
31Filexxxxxx_xxxx.xxxpredictiveHigh
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxxxx/xxxxx.xxpredictiveHigh
34Libraryxxx/xx/xxxxxxx.xxpredictiveHigh
35Libraryxxxxxxxxxxxx.xxxpredictiveHigh
36Argument-x/-xpredictiveLow
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxxx_xxpredictiveLow
39Argumentxxxxxx_xxpredictiveMedium
40Argumentxxxx_xxxx/xxxxx/xxxxxxpredictiveHigh
41Argumentxxxx_xxxxxxxpredictiveMedium
42ArgumentxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44ArgumentxxxxxxxxxpredictiveMedium
45Argumentxxxxx_xxxx_xxxpredictiveHigh
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxxxxxxpredictiveMedium
48Argumentxxxxxx_xxxxpredictiveMedium
49ArgumentxxxxxxxxxxxxpredictiveMedium
50ArgumentxxxpredictiveLow
51ArgumentxxxpredictiveLow
52ArgumentxxxxpredictiveLow
53Argumentxxxxxxxx/xxxxpredictiveHigh
54Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHigh
55Argumentxxxx->xxxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!