Neutrino Exploit Kit Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en89
fr6
de2
pl1

Country

us42
ir24
ca11
fr3
gr1

Actors

Neutrino Exploit Kit22

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.61CVE-2010-0966
3FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.17CVE-2008-5928
4Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration os command injection4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-3617
5Fortinet FortiMail HTTPS sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-24007
6Netgear NMS300 command injection9.89.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-35797
7rConfig sudoers privileges management6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2019-19585
8vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.04CVE-2016-6195
9PHP unserialize use after free7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.03
10Apache Tomcat CORS Filter 7pk security8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.14CVE-2018-8014
11D-Link DSL-2875AL/DSL-2877AL Web Management Server index.asp cleartext storage6.46.4$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2019-15656
12HTTP2 Window Size resource consumption6.46.2$5k-$25k$0-$5kNot DefinedWorkaround0.03CVE-2019-9511
13nginx HTTP2 resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-16843
14D-Link DIR-825 router_info.xml PIN access control6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2019-9126
15D-Link DSL-2770L atbox.htm Credentials credentials management7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2018-18007
16Magento sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-7139
17Atlassian JIRA Server/Data Center Jira Importers Plugin injection7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-15001
18Apache HTTP Server mod_session input validation5.85.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-1283
19Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.12CVE-2018-1312
20LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.20

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
145.32.183.11845.32.183.118.vultrusercontent.comNeutrino Exploit KitverifiedHigh
278.136.221.141Neutrino Exploit KitverifiedHigh
3XX.XX.X.XXXxxxxxxx Xxxxxxx XxxverifiedHigh
4XX.XXX.XXX.Xxxxx-xxxxxxxx-xxxxxx.xxxx.xxxxxx.xxxXxxxxxxx Xxxxxxx XxxverifiedHigh
5XX.XXX.XXX.Xxxx.xxxxxx.xxXxxxxxxx Xxxxxxx XxxverifiedHigh
6XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxxxx Xxxxxxx XxxverifiedHigh
7XXX.XX.X.XXXXxxxxxxx Xxxxxxx XxxverifiedHigh
8XXX.X.XXX.XXxxxxxxx Xxxxxxx XxxverifiedHigh
9XXX.XXX.XXX.XXxxxxxx-xx.xxxxxx-xxxxx.xxxXxxxxxxx Xxxxxxx XxxverifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/forum/away.phppredictiveHigh
3File/uncpath/predictiveMedium
4Filearch/x86/kernel/paravirt.cpredictiveHigh
5FileArchiveNews.aspxpredictiveHigh
6Fileatbox.htmpredictiveMedium
7Fileblank.phppredictiveMedium
8Filexxx_xxxxxxxx.xxxpredictiveHigh
9Filexxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxxx/xxxx.xpredictiveHigh
12Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxx_xxxx.xxxpredictiveHigh
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxxx_xxxx.xxxpredictiveHigh
21Filexxxxxx/xxxxxxxxxx.xpredictiveHigh
22Filexxxx.xxxpredictiveMedium
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxx/xxxx/xxxxxxxxx_xxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxx.xpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxx_xxxx.xxxpredictiveHigh
31Filexxxxxx_xxxx.xxxpredictiveHigh
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxxxx/xxxxx.xxpredictiveHigh
34Libraryxxx/xx/xxxxxxx.xxpredictiveHigh
35Libraryxxxxxxxxxxxx.xxxpredictiveHigh
36Argument-x/-xpredictiveLow
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxxx_xxpredictiveLow
39Argumentxxxxxx_xxpredictiveMedium
40Argumentxxxx_xxxx/xxxxx/xxxxxxpredictiveHigh
41Argumentxxxx_xxxxxxxpredictiveMedium
42ArgumentxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44ArgumentxxxxxxxxxpredictiveMedium
45Argumentxxxxx_xxxx_xxxpredictiveHigh
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxxxxxxpredictiveMedium
48Argumentxxxxxx_xxxxpredictiveMedium
49ArgumentxxxxxxxxxxxxpredictiveMedium
50ArgumentxxxpredictiveLow
51ArgumentxxxpredictiveLow
52ArgumentxxxxpredictiveLow
53Argumentxxxxxxxx/xxxxpredictiveHigh
54Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHigh
55Argumentxxxx->xxxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!