NightScout Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn18
us6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NightScout2
Mustang Panda1
PlugX1
PingPull1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Router Operating System4
Web Server2
Supply Chain Management Software2
Virtualization Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
D-Link2
Juniper2
ASUS2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Metabase2
D-Link DIR-550A2
D-Link DIR-604M2
Juniper Junos Pulse Secure Access Service2
Boa Webserver2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Juniper Junos Pulse Secure Access Service SSL VPN Web Server cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00135CVE-2013-5649
2ASUS RT-AC51U Network Request cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00062CVE-2023-29772
3Asus RT-AC2900 input validation8.58.2$0-$5kCalculatingNot DefinedOfficial Fix0.020.15182CVE-2018-8826
4Apache CouchDB insecure default initialization of resource6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97472CVE-2022-24706
5Apache Struts Incomplete Fix CVE-2020-17530 injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.18558CVE-2021-31805
6Metabase Custom GeoJSON Map file inclusion8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.95622CVE-2021-41277
7Rabbitmq Docker Image hard-coded password9.89.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00661CVE-2020-35196
8RabbitMQ Security Vulnerability uncontrolled search path5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00044CVE-2020-5419
9Boa Webserver GET wapopen path traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.73540CVE-2017-9833
10Commvault CVDataPipe.dll command injection8.58.4$0-$5kCalculatingHighOfficial Fix0.020.06430CVE-2017-18044
11Pulse Secure Pulse Connect Secure login_meeting.cgi input validation9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00194CVE-2018-20813
12QNAP QTS input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.060.12427CVE-2019-7193
13Adobe Acrobat Reader privileges management7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00083CVE-2020-9613
14UEditor IFRAME cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00070CVE-2017-14744
15Alcatel-Lucent CellPipe 7130 Router Port Triggering Menu cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00155CVE-2015-4587
16Qualcomm Snapdragon Auto WMA Event memory corruption6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.000.00044CVE-2018-11923
17Oracle E-Business Suite Scripting iesfootprint.jsp access control9.18.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.01331CVE-2017-3549
18Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00192CVE-2014-2120
19ProFTPD mod_copy access control8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.94462CVE-2019-12815
20FileZen File Upload path traversal7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00198CVE-2018-0693

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • NightScout

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.158.32.65NightScoutNightScout05/31/2021verifiedHigh
2XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxx05/31/2021verifiedHigh
3XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxx05/31/2021verifiedHigh
4XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/cgi-bin/wapopenpredictiveHigh
3Filexxxxxxxxxxxx.xxxpredictiveHigh
4Filexxxxx_xxxxxxx.xxxpredictiveHigh
5Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveHigh
6ArgumentxxxxxxxxxxpredictiveMedium
7ArgumentxxxpredictiveLow
8Input Value../..predictiveLow
9Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!