Neutrino Exploit Kit Analysis

IOB - Indicator of Behavior (98)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	90
fr	8

Country

us	40
ir	22
ca	12
fr	4
ru	2

Actors

Neutrino Exploit Kit	3

Activities

Interest

Timeline

Type

Not Defined	34
Content Management System	10
Programming Language Software	10
Operating System	6
Web Server	6

Vendor

Not Defined	38
Microsoft	6
Midicart Software	4
Linux	4
Charon Internet	2

Product

PHP	6
Linux Kernel	4
Dropbear SSH	4
Suricata	2
CKEditor	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.04	0.04187	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.39	0.04187	CVE-2010-0966
3	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.28	0.01213	CVE-2008-5928
4	Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration os command injection	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.02055	CVE-2021-3617
5	Fortinet FortiMail HTTPS sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00885	CVE-2021-24007
6	Netgear NMS300 command injection	9.8	9.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01	0.02055	CVE-2020-35797
7	rConfig sudoers privileges management	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.00890	CVE-2019-19585
8	vBulletin moderation.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.04	0.01564	CVE-2016-6195
9	PHP unserialize use after free	7.3	6.4	$25k-$100k	$0-$5k	Unproven	Official Fix	0.02	0.00000
10	Apache Tomcat CORS Filter 7pk security	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.07767	CVE-2018-8014
11	D-Link DSL-2875AL/DSL-2877AL Web Management Server index.asp cleartext storage	6.4	6.4	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.03	0.00885	CVE-2019-15656
12	HTTP2 Window Size resource consumption	6.4	6.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.03	0.09020	CVE-2019-9511
13	nginx HTTP2 resource consumption	6.4	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09	0.01537	CVE-2018-16843
14	D-Link DIR-825 router_info.xml PIN access control	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.05	0.00885	CVE-2019-9126
15	D-Link DSL-2770L atbox.htm Credentials credentials management	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.01055	CVE-2018-18007
16	Magento sql injection	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08	0.00885	CVE-2019-7139
17	Atlassian JIRA Server/Data Center Jira Importers Plugin injection	7.2	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.13	0.04571	CVE-2019-15001
18	Apache HTTP Server mod_session input validation	5.8	5.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02	0.06425	CVE-2018-1283
19	Apache HTTP Server HTTP Digest Authentication Challenge improper authentication	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.07767	CVE-2018-1312
20	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	1.25	0.00000

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Type	Confidence
1	45.32.183.118	45.32.183.118.vultrusercontent.com	Neutrino Exploit Kit	verified	High
2	78.136.221.141		Neutrino Exploit Kit	verified	High
3	XX.XX.X.XX		Xxxxxxxx Xxxxxxx Xxx	verified	High
4	XX.XXX.XXX.X	xxxx-xxxxxxxx-xxxxxx.xxxx.xxxxxx.xxx	Xxxxxxxx Xxxxxxx Xxx	verified	High
5	XX.XXX.XXX.X	xxx.xxxxxx.xx	Xxxxxxxx Xxxxxxx Xxx	verified	High
6	XX.XX.XXX.XXX	xx-xx-xxx-xxx.xxxxx.xxx.xx	Xxxxxxxx Xxxxxxx Xxx	verified	High
7	XXX.XX.X.XXX		Xxxxxxxx Xxxxxxx Xxx	verified	High
8	XXX.X.XXX.X		Xxxxxxxx Xxxxxxx Xxx	verified	High
9	XXX.XXX.XXX.XX	xxxxxx-xx.xxxxxx-xxxxx.xxx	Xxxxxxxx Xxxxxxx Xxx	verified	High

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CWE-22	Pathname Traversal	predictive	High
2	T1055	CWE-74	Injection	predictive	High
3	T1059	CWE-94	Cross Site Scripting	predictive	High
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
8	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
11	TXXXX	CWE-XXX	Xxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx Xxxx	predictive	High
12	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
13	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
14	TXXXX	CWE-XXX	Xxxxxxxxxxxxx	predictive	High
15	TXXXX	CWE-XXX	X2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx Xxxxxxxxxx	predictive	High

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/etc/sudoers	predictive	Medium
2	File	/forum/away.php	predictive	High
3	File	/uncpath/	predictive	Medium
4	File	arch/x86/kernel/paravirt.c	predictive	High
5	File	ArchiveNews.aspx	predictive	High
6	File	atbox.htm	predictive	Medium
7	File	blank.php	predictive	Medium
8	File	xxx_xxxxxxxx.xxx	predictive	High
9	File	xxxx/xxxxxxxxxxxxx.xxx	predictive	High
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
11	File	xxx/xxxx/xxxx.x	predictive	High
12	File	xxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxx	predictive	High
13	File	xxxxxxxx.xxx	predictive	Medium
14	File	xxxxx_xxxx.xxx	predictive	High
15	File	xxx/xxxxxx.xxx	predictive	High
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxxx.xxx	predictive	Medium
18	File	xxxxxxx.xxx	predictive	Medium
19	File	xxxx.xxx	predictive	Medium
20	File	xxxx_xxxx.xxx	predictive	High
21	File	xxxxxx/xxxxxxxxxx.x	predictive	High
22	File	xxxx.xxx	predictive	Medium
23	File	xxxxx.xxx	predictive	Medium
24	File	xxxxxxx/xxxx/xxxxxxxxx_xxx.xxx	predictive	High
25	File	xxxxx.xxx	predictive	Medium
26	File	xxxxx.xxx	predictive	Medium
27	File	xxxxxxxxxx.xxx	predictive	High
28	File	xxxxxx.x	predictive	Medium
29	File	xxxxxx.xxx	predictive	Medium
30	File	xxxxxx_xxxx.xxx	predictive	High
31	File	xxxxxx_xxxx.xxx	predictive	High
32	File	xxxxxxxxx.xxx	predictive	High
33	File	xxxxx/xxxxx.xx	predictive	High
34	Library	xxx/xx/xxxxxxx.xx	predictive	High
35	Library	xxxxxxxxxxxx.xxx	predictive	High
36	Argument	-x/-x	predictive	Low
37	Argument	xxxxxxxx	predictive	Medium
38	Argument	xxxx_xx	predictive	Low
39	Argument	xxxxxx_xx	predictive	Medium
40	Argument	xxxx_xxxx/xxxxx/xxxxxx	predictive	High
41	Argument	xxxx_xxxxxxx	predictive	Medium
42	Argument	xx	predictive	Low
43	Argument	xxxxx	predictive	Low
44	Argument	xxxxxxxxx	predictive	Medium
45	Argument	xxxxx_xxxx_xxx	predictive	High
46	Argument	xxxxxxx	predictive	Low
47	Argument	xxxxxxxxx	predictive	Medium
48	Argument	xxxxxx_xxxx	predictive	Medium
49	Argument	xxxxxxxxxxxx	predictive	Medium
50	Argument	xxx	predictive	Low
51	Argument	xxx	predictive	Low
52	Argument	xxxx	predictive	Low
53	Argument	xxxxxxxx/xxxx	predictive	High
54	Argument	xxxxxxxx_x/xxxxxxxx_x	predictive	High
55	Argument	xxxx->xxxxxxx	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!