Noon Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
jp4
zh2
ar2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ca22
jp4
us4
ar2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Noon3
Mars Stealer1
Shiz1
XLoader1
Loki Password Stealer (PWS)1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Programming Language Software8
Forum Software4
Content Management System4
Database Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
Sun2
Linux Foundation2
Upoint2
DZCP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Sun MySQL2
Linux Foundation Xen2
Upoint @1 File Store2
vBulletin2
DZCP deV!L`z Clanportal2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00054CVE-2018-19464
2gnuboard5 Web Page Generation cross site scripting5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00068CVE-2021-3831
3GNUBOARD5 Parameter move_update.php cross site scripting3.53.3$0-$5kCalculatingProof-of-ConceptNot Defined0.000.00100CVE-2020-18663
4SkullSplitter PHP Guestbook guestbook.php cross site scripting4.34.1$0-$5kCalculatingProof-of-ConceptNot Defined0.050.00814CVE-2006-1256
5ZyXEL PK5001Z credentials management8.88.3$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.94119CVE-2016-10401
6Cannot PHP infoBoard access control7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.000.01049CVE-2008-4334
7JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00489CVE-2010-5048
8LEMON-S PHP Simple Oekaki BBS index.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00192CVE-2015-2969
9CuteNews show_archives.php command injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
10Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.020.00599CVE-2006-6746
11PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.02101CVE-2007-1287
12DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.830.00943CVE-2010-0966
13D-Link DIR-2150 anweb action_handler stack-based overflow8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00089CVE-2022-40717
14Microsoft Internet Explorer FTP Client onerror cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00000
15Invision Power Services IP.Board URL resource management5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00164CVE-2015-6812
16Invision Power Services IP.Board cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.020.00000
17Invision Power Services IP.Board index.php cross site scripting4.34.2$0-$5k$0-$5kHighWorkaround0.070.00192CVE-2014-5106
18Invision Power Services IP.Board cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00112CVE-2015-6810
19Upoint @1 File Store signup.php cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00614CVE-2006-1277
20vBulletin subWidgets Data widget_tabbedcontainer_tab_panel command injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.83101CVE-2020-7373

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.84.69Noon12/06/2021verifiedHigh
269.172.201.218Noon04/12/2022verifiedHigh
3XX.XX.XXX.XXxxxxx.xxxxxxxxx.xxxXxxx04/12/2022verifiedHigh
4XX.XX.XXX.XXXxxx04/12/2022verifiedHigh
5XX.XXX.XXX.XXXXxxx04/12/2022verifiedHigh
6XXX.X.XX.XXXxxx12/06/2021verifiedHigh
7XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxx12/06/2021verifiedHigh
8XXX.XXX.XX.XXXxxx04/12/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileadd_comment.phppredictiveHigh
3Fileadd_quiz.phppredictiveMedium
4Fileadmin.jcomments.phppredictiveHigh
5Fileadmin.phppredictiveMedium
6Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
7Filexxxx/xxxxxx/xxxxxx_xxxxxxxxxxxxxxx_xxx_xxxxxpredictiveHigh
8Filexxxx/xxx/xx.xpredictiveHigh
9Filexxx/xxxx_xxxxxx.xxxpredictiveHigh
10Filexxxxxxxx/xxxxxx/predictiveHigh
11Filexxxxxxxxxxx.xpredictiveHigh
12Filexxxxxxxxx.xxxpredictiveHigh
13Filexxx/xxxxxx.xxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxx/xxxxxxx/xx_xxxxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
17Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxpredictiveHigh
18Filexxxx_xxxxxxxx.xxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20ArgumentxxxpredictiveLow
21ArgumentxxxxxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23Argumentxxxxx_xxxxxxxxpredictiveHigh
24ArgumentxxxxpredictiveLow
25Argumentxx_xxxxpredictiveLow
26ArgumentxxxxpredictiveLow
27ArgumentxxxxxxxpredictiveLow
28ArgumentxxxxxxxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxxxxpredictiveMedium
31Argumentxxxxx/xxxxxxxxxxxpredictiveHigh
32ArgumentxxxpredictiveLow
33Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
34Input ValuexxxxxxxxpredictiveMedium
35Network PortxxxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!