Neutrino Exploit Kit Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (101)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en88
fr4
ru4
de4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA42
IR: Iran22
CA: Canada16
PT: Portugal4
FR: France2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Neutrino Exploit Kit3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined44
Forum Software6
Programming Language Software6
File Transfer Software4
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Microsoft6
Ipswitch4
VMware4
Atlassian4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Ipswitch WS_FTP Server4
vBulletin2
Flexera InstallShield2
VMware Horizon View Agent2
nginx2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.38CVE-2010-0966
3appneta tcpreplay get.c get_layer4_v6 heap-based overflow6.16.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000970.15CVE-2024-3024
4FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.002020.07CVE-2008-5928
5Squid Web Proxy SSL Certificate Validation out-of-bounds7.17.1$5k-$25k$0-$5kNot definedOfficial fix 0.004470.08CVE-2023-46724
6Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration os command injection4.74.5$0-$5k$0-$5kNot definedOfficial fix 0.013230.00CVE-2021-3617
7Fortinet FortiMail HTTPS sql injection7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.011700.00CVE-2021-24007
8Netgear NMS300 command injection9.89.8$5k-$25k$0-$5kNot definedOfficial fix 0.032920.05CVE-2020-35797
9rConfig sudoers privileges management6.56.5$0-$5k$0-$5kNot definedNot defined 0.000980.00CVE-2019-19585
10vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial fixexpected0.847730.07CVE-2016-6195
11PHP unserialize use after free7.36.4$25k-$100k$0-$5kUnprovenOfficial fix 0.000000.00
12Apache Tomcat CORS Filter 7pk security8.58.4$5k-$25k$0-$5kNot definedOfficial fixpossible0.663360.00CVE-2018-8014
13D-Link DSL-2875AL/DSL-2877AL Web Management Server index.asp cleartext storage6.46.4$5k-$25k$0-$5kNot definedNot defined 0.007370.03CVE-2019-15656
14HTTP/2 Window Size resource consumption6.86.7$5k-$25kCalculatingNot definedWorkaround 0.206280.03CVE-2019-9511
15nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot definedOfficial fixpossible0.451110.00CVE-2018-16843
16D-Link DIR-825 router_info.xml PIN access control6.46.4$5k-$25k$5k-$25kNot definedNot defined 0.007190.00CVE-2019-9126
17D-Link DSL-2770L atbox.htm Credentials credentials management7.57.5$5k-$25k$5k-$25kNot definedNot defined 0.030800.00CVE-2018-18007
18Magento sql injection8.58.4$0-$5k$0-$5kNot definedOfficial fixpossible0.400230.00CVE-2019-7139
19Atlassian JIRA Server/Data Center Jira Importers Plugin injection7.27.0$0-$5k$0-$5kNot definedOfficial fix 0.154800.00CVE-2019-15001
20Apache HTTP Server mod_session input validation5.85.7$5k-$25k$0-$5kNot definedOfficial fix 0.056460.08CVE-2018-1283

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.183.11845.32.183.118.vultrusercontent.comNeutrino Exploit Kit04/01/2022verifiedLow
278.136.221.141Neutrino Exploit Kit04/06/2022verifiedLow
3XX.XX.X.XXXxxxxxxx Xxxxxxx Xxx04/01/2022verifiedLow
4XX.XXX.XXX.Xxxxx-xxxxxxxx-xxxxxx.xxxx.xxxxxx.xxxXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedLow
5XX.XXX.XXX.Xxxx.xxxxxx.xxXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedLow
6XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedLow
7XXX.XX.X.XXXXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedLow
8XXX.X.XXX.XXxxxxxxx Xxxxxxx Xxx04/01/2022verifiedLow
9XXX.XXX.XXX.XXxxxxxx-xx.xxxxxx-xxxxx.xxxXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedVery Low

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (56)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/forum/away.phppredictiveHigh
3File/tcpreplay/src/common/get.cpredictiveHigh
4File/uncpath/predictiveMedium
5Filearch/x86/kernel/paravirt.cpredictiveHigh
6FileArchiveNews.aspxpredictiveHigh
7Fileatbox.htmpredictiveMedium
8Filexxxxx.xxxpredictiveMedium
9Filexxx_xxxxxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxx/xxxx/xxxx.xpredictiveHigh
13Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxxx_xxxx.xxxpredictiveHigh
16Filexxx/xxxxxx.xxxpredictiveHigh
17Filexxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxx_xxxx.xxxpredictiveHigh
22Filexxxxxx/xxxxxxxxxx.xpredictiveHigh
23Filexxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxx/xxxx/xxxxxxxxx_xxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxx.xpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxx_xxxx.xxxpredictiveHigh
32Filexxxxxx_xxxx.xxxpredictiveHigh
33Filexxxxxxxxx.xxxpredictiveHigh
34Filexxxxx/xxxxx.xxpredictiveHigh
35Libraryxxx/xx/xxxxxxx.xxpredictiveHigh
36Libraryxxxxxxxxxxxx.xxxpredictiveHigh
37Argument-x/-xpredictiveLow
38ArgumentxxxxxxxxpredictiveMedium
39Argumentxxxx_xxpredictiveLow
40Argumentxxxxxx_xxpredictiveMedium
41Argumentxxxx_xxxx/xxxxx/xxxxxxpredictiveHigh
42Argumentxxxx_xxxxxxxpredictiveMedium
43ArgumentxxpredictiveLow
44ArgumentxxxxxpredictiveLow
45ArgumentxxxxxxxxxpredictiveMedium
46Argumentxxxxx_xxxx_xxxpredictiveHigh
47ArgumentxxxxxxxpredictiveLow
48ArgumentxxxxxxxxxpredictiveMedium
49Argumentxxxxxx_xxxxpredictiveMedium
50ArgumentxxxxxxxxxxxxpredictiveMedium
51ArgumentxxxpredictiveLow
52ArgumentxxxpredictiveLow
53ArgumentxxxxpredictiveLow
54Argumentxxxxxxxx/xxxxpredictiveHigh
55Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHigh
56Argumentxxxx->xxxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!