Noon Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en46
jp6
zh6
sv4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CA: Canada12
JP: Japan6
US: USA4
SV: El Salvador4
DE: Germany2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Noon3
Mars Stealer1
Shiz1
XLoader1
Loki Password Stealer (PWS)1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Forum Software10
Virtualization Software4
Programming Language Software4
Content Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Invision Power Services8
Linux Foundation2
DZCP2
Alex Heiphetz Group2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Invision Power Services IP.Board8
vBulletin2
Linux Foundation Xen2
DZCP deV!L`z Clanportal2
PHP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot definedNot defined 0.002350.05CVE-2018-19464
2gnuboard5 Web Page Generation cross site scripting5.35.2$0-$5k$0-$5kNot definedOfficial fix 0.019730.00CVE-2021-3831
3GNUBOARD5 Parameter move_update.php cross site scripting4.84.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.002750.00CVE-2020-18663
4SkullSplitter PHP Guestbook guestbook.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.010300.00CVE-2006-1256
5ZyXEL PK5001Z credentials management8.88.4$5k-$25k$0-$5kProof-of-ConceptNot definedpossible0.416250.09CVE-2016-10401
6Cannot PHP infoBoard access control7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.014800.00CVE-2008-4334
7JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.063100.64CVE-2010-5048
8LEMON-S PHP Simple Oekaki BBS index.php cross site scripting4.34.1$0-$5k$0-$5kNot definedOfficial fix 0.003220.00CVE-2015-2969
9CuteNews show_archives.php command injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.08
10Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable 0.042130.00CVE-2006-6746
11CMS Made Simple News Module Time-Based sql injection7.77.7$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.920210.24CVE-2019-9053
12CMS Made Simple File Upload cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.000840.00CVE-2023-36970
13CMS Made Simple adduser.php cross site scripting5.85.8$0-$5k$0-$5kNot definedNot defined 0.000570.00CVE-2024-1529
14Apache HTTP Server UNC server-side request forgery7.47.2$5k-$25k$5k-$25kNot definedOfficial fixexpected0.835410.24CVE-2024-38472
15Apache HTTP Server mod_proxy_uwsgi request smuggling7.17.0$25k-$100k$5k-$25kNot definedOfficial fix 0.006950.00CVE-2023-27522
16PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.140280.88CVE-2007-1287
17DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.16CVE-2010-0966
18D-Link DIR-2150 anweb action_handler stack-based overflow8.07.6$5k-$25k$0-$5kNot definedOfficial fix 0.002990.02CVE-2022-40717
19Microsoft Internet Explorer FTP Client onerror cross site scripting6.36.0$5k-$25k$0-$5kNot definedOfficial fix 0.000000.02
20Invision Power Services IP.Board URL resource management5.35.1$0-$5k$0-$5kNot definedOfficial fix 0.004910.00CVE-2015-6812

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.84.69Noon12/06/2021verifiedLow
269.172.201.218Noon04/12/2022verifiedLow
3XX.XX.XXX.XXxxxxx.xxxxxxxxx.xxxXxxx04/12/2022verifiedLow
4XX.XX.XXX.XXXxxx04/12/2022verifiedLow
5XX.XXX.XXX.XXXXxxx04/12/2022verifiedLow
6XXX.X.XX.XXXxxx12/06/2021verifiedLow
7XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxx12/06/2021verifiedLow
8XXX.XXX.XX.XXXxxx04/12/2022verifiedLow

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCAPEC-XXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (37)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/adduser.phppredictiveHigh
2File/uncpath/predictiveMedium
3Fileadd_comment.phppredictiveHigh
4Fileadd_quiz.phppredictiveMedium
5Fileadmin.jcomments.phppredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
8Filexxxx/xxxxxx/xxxxxx_xxxxxxxxxxxxxxx_xxx_xxxxxpredictiveHigh
9Filexxxx/xxx/xx.xpredictiveHigh
10Filexxx/xxxx_xxxxxx.xxxpredictiveHigh
11Filexxxxxxxx/xxxxxx/predictiveHigh
12Filexxxxxxxxxxx.xpredictiveHigh
13Filexxxxxxxxx.xxxpredictiveHigh
14Filexxx/xxxxxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxxx/xxxxxxx/xx_xxxxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
18Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxpredictiveHigh
19Filexxxx_xxxxxxxx.xxxpredictiveHigh
20Filexxxxxx.xxxpredictiveMedium
21ArgumentxxxpredictiveLow
22ArgumentxxxxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24Argumentxxxxx_xxxxxxxxpredictiveHigh
25ArgumentxxxxpredictiveLow
26Argumentxx_xxxxpredictiveLow
27Argumentxx_xxxxxxpredictiveMedium
28ArgumentxxxxpredictiveLow
29ArgumentxxxxxxxpredictiveLow
30ArgumentxxxxxxxpredictiveLow
31ArgumentxxxxxxxxpredictiveMedium
32ArgumentxxxxxxxxpredictiveMedium
33Argumentxxxxx/xxxxxxxxxxxpredictiveHigh
34ArgumentxxxpredictiveLow
35Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
36Input ValuexxxxxxxxpredictiveMedium
37Network PortxxxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!