NightScout Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en21
zh1

Country

cn16
us3

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Juniper Junos Pulse Secure Access Service SSL VPN Web Server cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2013-5649
2Apache Struts Incomplete Fix CVE-2020-17530 injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.32CVE-2021-31805
3Metabase Custom GeoJSON Map file inclusion8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2021-41277
4Rabbitmq Docker Image hard-coded password9.89.8$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-35196
5RabbitMQ Security Vulnerability uncontrolled search path5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-5419
6Boa Webserver GET wapopen path traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.16CVE-2017-9833
7Commvault CVDataPipe.dll command injection8.58.2$0-$5k$0-$5kHighOfficial Fix0.00CVE-2017-18044
8Pulse Secure Pulse Connect Secure login_meeting.cgi input validation9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-20813
9QNAP QTS input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-7193
10Adobe Acrobat Reader privileges management7.06.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2020-9613
11UEditor IFRAME cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2017-14744
12Alcatel-Lucent CellPipe 7130 Router Port Triggering Menu cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2015-4587
13Qualcomm Snapdragon Auto WMA Event memory corruption6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2018-11923
14Oracle E-Business Suite Scripting iesfootprint.jsp access control9.18.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2017-3549
15Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2014-2120
16ProFTPD mod_copy access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-12815
17FileZen File Upload path traversal7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2018-0693
18Synacor Zimbra Collaboration Interface cross-site request forgery6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2015-6541
19FileZilla Server information disclosure4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03
20D-Link DIR-550A/DIR-604M HTTP Request command injection7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.05CVE-2018-10967

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • NightScout

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/cgi-bin/wapopenpredictiveHigh
3Filexxxxxxxxxxxx.xxxpredictiveHigh
4Filexxxxx_xxxxxxx.xxxpredictiveHigh
5Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
6ArgumentxxxxxxxxxxpredictiveMedium
7ArgumentxxxpredictiveLow
8Input Value../..predictiveLow
9Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!