Notezilla Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (76)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en76

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA74
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Notezilla3
Hook1
catDDoS1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Content Management System4
Auction Software2
Photo Gallery Software2
Programming Language Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Kaqoo2
MGB2
GetSimple2
DZCP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Kaqoo Auction Software2
SPIP2
MGB OpenSource Guestbook2
Phpwebgallery2
GetSimple CMS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.26CVE-2010-0966
3DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.086880.22CVE-2007-1167
4jforum username User input validation5.35.3$0-$5k$0-$5kNot definedNot defined 0.004430.02CVE-2019-7550
5SSL-Explorer redirect.do memory corruption4.64.2$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.004090.00CVE-2007-2907
6PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.140280.54CVE-2007-1287
7MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.018020.11CVE-2007-0354
8phpPgAds adclick.php5.35.3$0-$5k$0-$5kNot definedNot defined 0.003360.03CVE-2005-3791
9Horde go.php readfile information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.232170.00CVE-2006-1260
10WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable 0.009960.00CVE-2006-5509
11FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.002020.04CVE-2008-5928
12Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.02
13Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.000000.61
14SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.023051.08CVE-2022-28959
15Ubiquiti EdgeRouter X Web Management Interface command injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.010450.04CVE-2023-2376
16MikroTik RouterOS Packet netwatch denial of service6.56.4$0-$5k$0-$5kNot definedNot defined 0.001020.04CVE-2022-36522
17Firmer Aurora Vision Web UI improper authentication6.36.0$0-$5k$0-$5kNot definedOfficial fix 0.001880.00CVE-2021-33210
18Apple Safari Service Workers History information disclosure5.35.1$5k-$25k$0-$5kNot definedOfficial fix 0.002370.00CVE-2019-8725
19Maran PHP Shop prod.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.001670.06CVE-2008-4879
20PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot definedNot defined 0.004000.04CVE-2015-4134

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.180.185.42Notezilla06/30/2024verifiedVery High
250.2.108.102neapons.comNotezilla06/30/2024verifiedVery High
350.2.191.154deanhipei.onlineNotezilla06/30/2024verifiedVery High
4XXX.XXX.XX.XXXXxxxxxxxx06/30/2024verifiedVery High
5XXX.XXX.X.XXxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxx06/30/2024verifiedVery High
6XXX.XXX.XX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxxxx06/30/2024verifiedHigh
7XXX.XXX.XX.XXXXxxxxxxxx06/30/2024verifiedVery High
8XXX.XXX.XXX.XXXxxx.xxxxxxx.xxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxxx06/30/2024verifiedVery High
9XXX.XXX.XX.XXXxxxxxxxxxxx.xxxxxxxx.xxxXxxxxxxxx06/30/2024verifiedVery High
10XXX.XXX.XXX.XXXxxxxxxxx06/30/2024verifiedVery High
11XXX.XX.XXX.XXXXxxxxxxxx06/30/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/advanced-tools/nova/bin/netwatchpredictiveHigh
3File/horde/util/go.phppredictiveHigh
4File/spip.phppredictiveMedium
5Fileadclick.phppredictiveMedium
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxx.xxxpredictiveMedium
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxx.xxxpredictiveMedium
11Filexx.xxxpredictiveLow
12Filexxxx.xxxpredictiveMedium
13Filexxx/xxxxxx.xxxpredictiveHigh
14Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
15Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxxx.xxpredictiveMedium
20Filexxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
23Filexxxxxx/xxxxxxxx.xxxpredictiveHigh
24Filexx-xxxxxxxx.xxxpredictiveHigh
25ArgumentxxxxxxxxpredictiveMedium
26ArgumentxxxpredictiveLow
27ArgumentxxxxxxxxxxpredictiveMedium
28ArgumentxxxpredictiveLow
29ArgumentxxxxpredictiveLow
30ArgumentxxxxxxxxxpredictiveMedium
31ArgumentxxpredictiveLow
32Argumentxxxxxxx_xxxxpredictiveMedium
33ArgumentxxxxpredictiveLow
34ArgumentxxxpredictiveLow
35ArgumentxxxpredictiveLow
36Argumentxxxx_xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!