NightScout Analysis

IOB - Indicator of Behavior (23)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn18
us4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Acrobat Reader2
Commvault2
Rabbitmq Docker Image2
Apache CouchDB2
Apache Struts2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Juniper Junos Pulse Secure Access Service SSL VPN Web Server cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01055CVE-2013-5649
2Apache CouchDB insecure default initialization of resource6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.93016CVE-2022-24706
3Apache Struts Incomplete Fix CVE-2020-17530 injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.69867CVE-2021-31805
4Metabase Custom GeoJSON Map file inclusion8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.16531CVE-2021-41277
5Rabbitmq Docker Image hard-coded password9.89.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01055CVE-2020-35196
6RabbitMQ Security Vulnerability uncontrolled search path5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01036CVE-2020-5419
7Boa Webserver GET wapopen path traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.38457CVE-2017-9833
8Commvault CVDataPipe.dll command injection8.58.2$0-$5k$0-$5kHighOfficial Fix0.020.67202CVE-2017-18044
9Pulse Secure Pulse Connect Secure login_meeting.cgi input validation9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2018-20813
10QNAP QTS input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.010.01055CVE-2019-7193
11Adobe Acrobat Reader privileges management7.06.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.040.01046CVE-2020-9613
12UEditor IFRAME cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2017-14744
13Alcatel-Lucent CellPipe 7130 Router Port Triggering Menu cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.050.01055CVE-2015-4587
14Qualcomm Snapdragon Auto WMA Event memory corruption6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00885CVE-2018-11923
15Oracle E-Business Suite Scripting iesfootprint.jsp access control9.18.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.12885CVE-2017-3549
16Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.01136CVE-2014-2120
17ProFTPD mod_copy access control8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.70009CVE-2019-12815
18FileZen File Upload path traversal7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.030.01055CVE-2018-0693
19Synacor Zimbra Collaboration Interface cross-site request forgery7.57.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.08382CVE-2015-6541
20FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2015-10003

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • NightScout

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/cgi-bin/wapopenpredictiveHigh
3Filexxxxxxxxxxxx.xxxpredictiveHigh
4Filexxxxx_xxxxxxx.xxxpredictiveHigh
5Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
6ArgumentxxxxxxxxxxpredictiveMedium
7ArgumentxxxpredictiveLow
8Input Value../..predictiveLow
9Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!