Novter Analysis

IOB - Indicator of Behavior (703)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

pl448
en188
zh46
ru10
de6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

pl448
cn102
us66
ru24
gb4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Novter11
SideWinder3
Conti2
Bunitu2
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined164
Operating System18
WordPress Plugin16
Content Management System12
Application Server Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined92
Microsoft26
Apple8
Apache8
Joomla6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
Microsoft IIS8
Apple macOS6
Joomla CMS6
Redis4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Hiox India Guest Book gb.php memory corruption7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.090.07687CVE-2007-1998
2Visual Form Builder Plugin csv injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.01440CVE-2022-0142
3jax guestbook jax_guestbook.php cross site scripting4.34.2$0-$5kCalculatingHighUnavailable0.020.01917CVE-2005-4879
4Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.210.01055CVE-2005-4222
5ASPjar ASPjar Guestbook login.asp sql injection5.35.3$0-$5kCalculatingNot DefinedNot Defined0.000.01213CVE-2005-0423
6DM Guestbook admin.guestbook.php path traversal7.36.9$0-$5kCalculatingProof-of-ConceptNot Defined0.020.07197CVE-2007-5821
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
8Qt-cute QuickTalk guestbook qtg_msg_view.php sql injection7.37.1$0-$5kCalculatingHighUnavailable0.020.01213CVE-2007-3538
9Professional Home Page Tools Professional Home Page Tools Guestbook delcookie.php unknown vulnerability5.34.6$0-$5kCalculatingUnprovenOfficial Fix0.010.01018CVE-2006-3837
10XAMPP Apache Distribution cds.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01917CVE-2005-1077
11Papoo guestbook.php sql injection6.36.0$0-$5kCalculatingProof-of-ConceptNot Defined0.030.00000
12AN Guestbook sign1.php cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.010.01213CVE-2009-0424
13FAC Guestbook information disclosure9.89.5$0-$5kCalculatingHighUnavailable0.020.01136CVE-2007-2101
14AFGB AFGB GUESTBOOK add.php file inclusion7.36.7$0-$5kCalculatingProof-of-ConceptUnavailable0.070.10995CVE-2006-5307
15SignKorn Guestbook preview.php privileges management5.35.3$0-$5kCalculatingNot DefinedNot Defined0.020.00000
16episodex episodex guestbook default.asp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.030.01055CVE-2005-1684
17Planetmoon Guestbook passwd.txt Password access control5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.06790CVE-2003-1541
18MPM Guestbook cross site scripting4.34.3$0-$5kCalculatingNot DefinedNot Defined0.010.01917CVE-2003-1182
19MPC SoftWeb Guestbook insertguest.asp cross site scripting4.34.3$0-$5kCalculatingNot DefinedNot Defined0.000.00000
20Big Sam Guestbook bigsam_guestbook.php denial of service3.33.2$0-$5kCalculatingProof-of-ConceptNot Defined0.010.00000

IOC - Indicator of Compromise (68)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
11.88.24.27NovterverifiedHigh
22.58.80.150NovterverifiedHigh
32.196.217.25NovterverifiedHigh
43.128.83.132ec2-3-128-83-132.us-east-2.compute.amazonaws.comNovterverifiedMedium
55.61.40.95NovterverifiedHigh
65.61.42.103NovterverifiedHigh
75.61.42.111box.invfx.euNovterverifiedHigh
85.61.42.116NovterverifiedHigh
95.61.48.155NovterverifiedHigh
105.61.48.156192.64.119.156NovterverifiedHigh
116.217.158.104NovterverifiedHigh
127.130.244.4NovterverifiedHigh
1313.158.242.227NovterverifiedHigh
1420.56.162.154NovterverifiedHigh
15XX.XX.XXX.XXXxxxxxverifiedHigh
16XX.XXX.XX.XXXxxxxxverifiedHigh
17XX.XXX.XX.XXXXxxxxxverifiedHigh
18XX.XXX.XXX.XXXXxxxxxverifiedHigh
19XX.XX.XX.XXXxxx.xx.xx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxverifiedMedium
20XX.X.XXX.XXXXxxxxxverifiedHigh
21XX.XXX.X.XXxxxxxxxxxxx.xxxXxxxxxverifiedHigh
22XX.XXX.XX.XXXxxxxxverifiedHigh
23XX.XX.XXX.XXXxxxxxverifiedHigh
24XX.XXX.XXX.XXXxxxxxverifiedHigh
25XX.XXX.X.XXXxxxxxverifiedHigh
26XX.XX.XX.XXXxx-xx-xx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
27XX.XX.XX.XXXXxxxxxverifiedHigh
28XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
29XX.XXX.XXX.XXXXxxxxxverifiedHigh
30XX.XX.XX.XXXxxxxxverifiedHigh
31XX.XX.XXX.XXx-xx-xx-xxx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxverifiedHigh
32XX.XX.XXX.XXXxxxxxxxxxxx-xxx-x-xx-xxx.xxx-xx.xxx.xxxxxxx.xxXxxxxxverifiedHigh
33XX.XX.XXX.Xxxxxx-xx-xxx-x.xxxxx.xxx-xxx.xxXxxxxxverifiedHigh
34XX.XXX.XX.XXxxxxxxxxxx.xxxXxxxxxverifiedHigh
35XX.XXX.XX.XXxxxxxxxxxx.xxxXxxxxxverifiedHigh
36XX.XXX.XX.XXxxxx.xxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
37XX.XX.XXX.XXXxxxx-xxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxxxxxx-xx.xxXxxxxxverifiedHigh
38XX.XX.X.XXXXxxxxxverifiedHigh
39XXX.XX.XXX.XXxxxx-xxx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxverifiedHigh
40XXX.XXX.X.XXXxxxxxverifiedHigh
41XXX.XXX.XX.XXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxxxxverifiedHigh
42XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxxxxverifiedHigh
43XXX.XX.XXX.XXXXxxxxxverifiedHigh
44XXX.XXX.XX.XXXXxxxxxverifiedHigh
45XXX.XXX.XX.XXXxxxxxverifiedHigh
46XXX.XXX.XX.XXXXxxxxxverifiedHigh
47XXX.XXX.XXX.XXXXxxxxxverifiedHigh
48XXX.XX.XX.XXxxxx-xxx-xxx.xx-xxxxxxxx.xxXxxxxxverifiedHigh
49XXX.XXX.XXX.XXXXxxxxxverifiedHigh
50XXX.XX.X.XXXXxxxxxverifiedHigh
51XXX.XX.XX.XXxxxxxverifiedHigh
52XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxx.xxx.xxXxxxxxverifiedHigh
53XXX.XX.XXX.XXXXxxxxxverifiedHigh
54XXX.XXX.XXX.XXXxxxxxverifiedHigh
55XXX.XX.XX.XXXXxxxxxverifiedHigh
56XXX.XXX.XX.XXxx-xx-xxx-xxx.xxxxxxx.xxx.xxXxxxxxverifiedHigh
57XXX.XX.XXX.XXXXxxxxxverifiedHigh
58XXX.X.XXX.XXXxxxxxxxxx.xxxx-xxxxx.xxXxxxxxverifiedHigh
59XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxx.xxxXxxxxxverifiedHigh
60XXX.XX.XXX.XXXXxxxxxverifiedHigh
61XXX.XX.XXX.XXXXxxxxxverifiedHigh
62XXX.XXX.XXX.XXXxxxxxverifiedHigh
63XXX.XX.XXX.XXXXxxxxxverifiedHigh
64XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxverifiedHigh
65XXX.XXX.XXX.XXXXxxxxxverifiedHigh
66XXX.XX.XX.XXXxxxxxverifiedHigh
67XXX.XX.XX.XXxxxxxverifiedHigh
68XXX.XXX.XXX.XXXXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (170)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/adfs/lspredictiveMedium
3File/carbon/mediation_secure_vault/properties/ajaxprocessor.jsppredictiveHigh
4File/getcfg.phppredictiveMedium
5File/Home/debit_credit_ppredictiveHigh
6File/index.php/weblinks-categoriespredictiveHigh
7File/iwguestbook/admin/messages_edit.asppredictiveHigh
8File/login/index.phppredictiveHigh
9File/odfs/classes/Master.php?f=delete_teampredictiveHigh
10File/public/plugins/predictiveHigh
11File/scripts/iisadmin/bdir.htrpredictiveHigh
12File/wp-content/plugins/updraftplus/admin.phppredictiveHigh
13Fileadd.phppredictiveLow
14Fileadmin.cgi/config.cgipredictiveHigh
15Fileadmin/admin.guestbook.phppredictiveHigh
16Fileadmin/auth.phppredictiveHigh
17Fileadmin/backupdb.phppredictiveHigh
18Fileadmin/login.asppredictiveHigh
19Fileadmin/preview.phppredictiveHigh
20Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
21Filearchive_read_support_format_rar.cpredictiveHigh
22Filexxxx.xxpredictiveLow
23Filexxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxx/xxxx_xxx.xxxpredictiveHigh
25Filexxxxxx_xxxxxxxxx.xxxpredictiveHigh
26Filexxx.xxxpredictiveLow
27Filexxxxxxx.xxxxpredictiveMedium
28Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xpredictiveHigh
31Filexxxxx-xxxxxxx.xxxpredictiveHigh
32Filex_xxxxxxpredictiveMedium
33Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexx/xx.xxxpredictiveMedium
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxxxxxx.xxxpredictiveHigh
37Filexxxx.xxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxx/xxxx/xxxx.xpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexxxxx/xxxxxx.xxxpredictiveHigh
42Filexx_xxxxxxxpredictiveMedium
43Filexxxxx/xxxxx_xxxxx_xpredictiveHigh
44Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
45Filexx.xxxpredictiveLow
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxx/xxxxxxxxpredictiveHigh
48Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
49Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxpredictiveHigh
50Filexxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxx/xxxxxxxxx.xxx.xxxpredictiveHigh
53Filexxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxxx.xxxpredictiveHigh
55Filexxxx/xx/xxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxxxxx.xxpredictiveMedium
58Filexxx/xxxxxx.xxxpredictiveHigh
59Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
60Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
61Filexxxxxxxx/xxxxxxxxx.xxxxx.xxxpredictiveHigh
62Filexxxxxxxx/xxxxxx/xxxx/xxxxx.xxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxx/xxx_xxxx_xxxx.xpredictiveHigh
66Filexxx/xxxxxxxx.xxxpredictiveHigh
67Filexxx_xxxxxxxxx.xxxpredictiveHigh
68Filexxx.x/xxxxxx.xpredictiveHigh
69Filexxx.xpredictiveLow
70Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
71Filexxxxx.xxxpredictiveMedium
72Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
73Filexxx/xxxx/xxxxxx.xpredictiveHigh
74Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveHigh
75Filexxx_xxxx.xxxpredictiveMedium
76Filexxxxxxxxxxx.xxxpredictiveHigh
77Filexxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxx.xxxpredictiveMedium
79Filexxxxxxx\xxx_xxxxxx.xxxpredictiveHigh
80Filexxx_xxx_xxxx.xxxpredictiveHigh
81Filexx.xxxpredictiveLow
82Filexxxxxx/xxx/xx/xxx.xxpredictiveHigh
83Filexxxxxxxxx.xxxxpredictiveHigh
84Filexxxxxx.xxxpredictiveMedium
85Filexxxx_xxxxx.xxxpredictiveHigh
86Filexxxxxxxxxxxx.xxxpredictiveHigh
87Filexxxxxxxxx.xxxpredictiveHigh
88Filexxxx-xxx/predictiveMedium
89Filexxxxx.xxxpredictiveMedium
90Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
91Filexxxxx.xxxpredictiveMedium
92Filexxxxxx_xxx.xxxpredictiveHigh
93Filexxxxxxx.xxxxpredictiveMedium
94Filexxxxxx.xxxpredictiveMedium
95Filexxxxxxxxxx.xxxxpredictiveHigh
96Filexx-xxxxx/xxxx.xxxpredictiveHigh
97Filexx-xxxxx.xxxpredictiveMedium
98Filexxxxxx.xxxpredictiveMedium
99Filexxxxxxxxxxxxx.xxxpredictiveHigh
100Library/xxxxx/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
101Libraryxxxxxx-xx/xxx/xxx-xxxxxx-xxxxx-xx.xxxpredictiveHigh
102Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
103Libraryxxxxxx.xxxpredictiveMedium
104Libraryxxx/xxx/xxxx/predictiveHigh
105ArgumentxxxxxxxpredictiveLow
106ArgumentxxxxxxxxpredictiveMedium
107ArgumentxxxxxpredictiveLow
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxpredictiveLow
110ArgumentxxxxxxxpredictiveLow
111ArgumentxxxxxxxxxxxxxpredictiveHigh
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxxxxxpredictiveLow
114Argumentxxxxxxx_xxxx_xxx_xxxxxxpredictiveHigh
115ArgumentxxxxxpredictiveLow
116Argumentxxx_xxxxpredictiveMedium
117ArgumentxxxxxxxpredictiveLow
118Argumentxxxx_xxxxx_xxxxpredictiveHigh
119ArgumentxxxxpredictiveLow
120Argumentxx_xxpredictiveLow
121Argumentxx_xxxxpredictiveLow
122ArgumentxxpredictiveLow
123Argumentx_xxxxxxxpredictiveMedium
124ArgumentxxxxpredictiveLow
125ArgumentxxxxxpredictiveLow
126ArgumentxxpredictiveLow
127ArgumentxxxxxpredictiveLow
128ArgumentxxxpredictiveLow
129Argumentxxx_xxxpredictiveLow
130ArgumentxxxxxpredictiveLow
131Argumentxxxxxxx_xxxxpredictiveMedium
132ArgumentxxxxxxpredictiveLow
133ArgumentxxxpredictiveLow
134ArgumentxxxxxxpredictiveLow
135ArgumentxxxxxxxpredictiveLow
136ArgumentxxxxxxxxxpredictiveMedium
137Argumentxxx_xxpredictiveLow
138ArgumentxxxxpredictiveLow
139ArgumentxxxxxxpredictiveLow
140ArgumentxxxxxpredictiveLow
141ArgumentxxxxpredictiveLow
142Argumentxxxx[xx]predictiveMedium
143Argumentxxxxx_xxxx_xxxxpredictiveHigh
144ArgumentxxxxxxpredictiveLow
145Argumentxxx-xxxxxxpredictiveMedium
146Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
147Argumentxxxxxx_xxxxxxpredictiveHigh
148Argumentxxxxxx_xxxxxpredictiveMedium
149Argumentxxxxxx_xxxxpredictiveMedium
150ArgumentxxxxxxxxpredictiveMedium
151ArgumentxxxxpredictiveLow
152Argumentxxxx_xxpredictiveLow
153ArgumentxxxpredictiveLow
154ArgumentxxxxxpredictiveLow
155ArgumentxxxxxxxpredictiveLow
156ArgumentxxxxxpredictiveLow
157ArgumentxxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxxxxxpredictiveMedium
159ArgumentxxxxxxpredictiveLow
160ArgumentxxxxxxxxpredictiveMedium
161Argumentxxxxx/xxxxxxpredictiveMedium
162Argumentxxx_xxx_xxxxxxxx_xxxpredictiveHigh
163Argumentx_xxxxxxxxpredictiveMedium
164Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
165Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh
166Input Value??x:\predictiveLow
167Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
168Network Portxxx/xx (xxx)predictiveMedium
169Network Portxxx/xxxxpredictiveMedium
170Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!