Novter Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

pl461
en130
zh34
ru14
de6

Country

pl460
cn97
us42
ru21
gb5

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Hiox India Guest Book gb.php memory corruption7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.06CVE-2007-1998
2Visual Form Builder Plugin csv injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.12CVE-2022-0142
3jax guestbook jax_guestbook.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.03CVE-2005-4879
4Lars Ellingsen Guestserver guestbook.cgi cross site scriting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2005-4222
5ASPjar ASPjar Guestbook login.asp sql injection5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2005-0423
6DM Guestbook admin.guestbook.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2007-5821
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
8Qt-cute QuickTalk guestbook qtg_msg_view.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.03CVE-2007-3538
9Professional Home Page Tools Professional Home Page Tools Guestbook delcookie.php unknown vulnerability5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.07CVE-2006-3837
10XAMPP Apache Distribution cds.php cross site scriting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2005-1077
11Papoo guestbook.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.09
12AN Guestbook sign1.php cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.00CVE-2009-0424
13FAC Guestbook information disclosure9.89.5$0-$5k$0-$5kHighUnavailable0.00CVE-2007-2101
14AFGB AFGB GUESTBOOK add.php file inclusion7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.06CVE-2006-5307
15SignKorn Guestbook preview.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.04
16episodex episodex guestbook default.asp cross site scriting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2005-1684
17Planetmoon Guestbook passwd.txt Password access control5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2003-1541
18MPM Guestbook cross site scriting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2003-1182
19MPC SoftWeb Guestbook insertguest.asp cross site scriting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.05
20Big Sam Guestbook bigsam_guestbook.php denial of service3.33.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.06

IOC - Indicator of Compromise (68)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
11.88.24.27NovterHigh
22.58.80.150NovterHigh
32.196.217.25NovterHigh
43.128.83.132ec2-3-128-83-132.us-east-2.compute.amazonaws.comNovterMedium
55.61.40.95NovterHigh
65.61.42.103NovterHigh
75.61.42.111box.invfx.euNovterHigh
85.61.42.116NovterHigh
95.61.48.155NovterHigh
105.61.48.156192.64.119.156NovterHigh
116.217.158.104NovterHigh
127.130.244.4NovterHigh
1313.158.242.227NovterHigh
1420.56.162.154NovterHigh
15XX.XX.XXX.XXXxxxxxHigh
16XX.XXX.XX.XXXxxxxxHigh
17XX.XXX.XX.XXXXxxxxxHigh
18XX.XXX.XXX.XXXXxxxxxHigh
19XX.XX.XX.XXXxxx.xx.xx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxxxxMedium
20XX.X.XXX.XXXXxxxxxHigh
21XX.XXX.X.XXxxxxxxxxxxx.xxxXxxxxxHigh
22XX.XXX.XX.XXXxxxxxHigh
23XX.XX.XXX.XXXxxxxxHigh
24XX.XXX.XXX.XXXxxxxxHigh
25XX.XXX.X.XXXxxxxxHigh
26XX.XX.XX.XXXxx-xx-xx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxxxHigh
27XX.XX.XX.XXXXxxxxxHigh
28XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxHigh
29XX.XXX.XXX.XXXXxxxxxHigh
30XX.XX.XX.XXXxxxxxHigh
31XX.XX.XXX.XXx-xx-xx-xxx-xx.xxxx.xx.xxxxxxx.xxxXxxxxxHigh
32XX.XX.XXX.XXXxxxxxxxxxxx-xxx-x-xx-xxx.xxx-xx.xxx.xxxxxxx.xxXxxxxxHigh
33XX.XX.XXX.Xxxxxx-xx-xxx-x.xxxxx.xxx-xxx.xxXxxxxxHigh
34XX.XXX.XX.XXxxxxxxxxxx.xxxXxxxxxHigh
35XX.XXX.XX.XXxxxxxxxxxx.xxxXxxxxxHigh
36XX.XXX.XX.XXxxxx.xxxxxxxxxxxxx.xxxXxxxxxHigh
37XX.XX.XXX.XXXxxxx-xxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxxxxxx-xx.xxXxxxxxHigh
38XX.XX.X.XXXXxxxxxHigh
39XXX.XX.XXX.XXxxxx-xxx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxxHigh
40XXX.XXX.X.XXXxxxxxHigh
41XXX.XXX.XX.XXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxxxxHigh
42XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxxxxx.xxxxx.xxxXxxxxxHigh
43XXX.XX.XXX.XXXXxxxxxHigh
44XXX.XXX.XX.XXXXxxxxxHigh
45XXX.XXX.XX.XXXxxxxxHigh
46XXX.XXX.XX.XXXXxxxxxHigh
47XXX.XXX.XXX.XXXXxxxxxHigh
48XXX.XX.XX.XXxxxx-xxx-xxx.xx-xxxxxxxx.xxXxxxxxHigh
49XXX.XXX.XXX.XXXXxxxxxHigh
50XXX.XX.X.XXXXxxxxxHigh
51XXX.XX.XX.XXxxxxxHigh
52XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxx.xxx.xxXxxxxxHigh
53XXX.XX.XXX.XXXXxxxxxHigh
54XXX.XXX.XXX.XXXxxxxxHigh
55XXX.XX.XX.XXXXxxxxxHigh
56XXX.XXX.XX.XXxx-xx-xxx-xxx.xxxxxxx.xxx.xxXxxxxxHigh
57XXX.XX.XXX.XXXXxxxxxHigh
58XXX.X.XXX.XXXxxxxxxxxx.xxxx-xxxxx.xxXxxxxxHigh
59XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxx.xxxXxxxxxHigh
60XXX.XX.XXX.XXXXxxxxxHigh
61XXX.XX.XXX.XXXXxxxxxHigh
62XXX.XXX.XXX.XXXxxxxxHigh
63XXX.XX.XXX.XXXXxxxxxHigh
64XXX.XXX.XX.XXXxxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxHigh
65XXX.XXX.XXX.XXXXxxxxxHigh
66XXX.XX.XX.XXXxxxxxHigh
67XXX.XX.XX.XXxxxxxHigh
68XXX.XXX.XXX.XXXXxxxxxHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (156)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File.htaccessMedium
2File/adfs/lsMedium
3File/getcfg.phpMedium
4File/index.php/weblinks-categoriesHigh
5File/iwguestbook/admin/messages_edit.aspHigh
6File/public/plugins/High
7File/scripts/iisadmin/bdir.htrHigh
8File/wp-content/plugins/updraftplus/admin.phpHigh
9Fileadd.phpLow
10Fileadmin.cgi/config.cgiHigh
11Fileadmin/admin.guestbook.phpHigh
12Fileadmin/auth.phpHigh
13Fileadmin/backupdb.phpHigh
14Fileadmin/login.aspHigh
15Fileadmin/preview.phpHigh
16Fileadministrator/components/com_media/helpers/media.phpHigh
17Filearchive_read_support_format_rar.cHigh
18Fileauth.pyLow
19Fileauthenticate.phpHigh
20Fileauto/glob_new.phpHigh
21Filexxxxxx_xxxxxxxxx.xxxHigh
22Filexxx.xxxLow
23Filexxxxxxx.xxxxMedium
24Filexxxxxxxxxxxxxxxx.xxxHigh
25Filexxxxxxx/xxxxxxxxxx.xxxHigh
26Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xHigh
27Filexxxxx-xxxxxxx.xxxHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
29Filexx/xx.xxxMedium
30Filexxxxxxx.xxxMedium
31Filexxxxxxxxx.xxxHigh
32Filexxxx.xxxMedium
33Filexxxxx.xxxMedium
34Filexxx/xxxx/xxxx.xHigh
35Filexxxxxxx.xxxMedium
36Filexxxxx/xxxxxx.xxxHigh
37Filexx_xxxxxxxMedium
38Filexxxxx/xxxxx_xxxxx_xHigh
39Filexxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxxHigh
40Filexx.xxxLow
41Filexxxxx.xxxMedium
42Filexxxx_xxxxxxx.xxx.xxxHigh
43Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxHigh
44Filexxxxxxxxx.xxxHigh
45Filexxxxxxxxx.xxxHigh
46Filexxxxxxxxx/xxxxxxxxx.xxx.xxxHigh
47Filexxxxxxxxxxxx.xxxHigh
48Filexxxxxxxxx.xxxHigh
49Filexxxx/xx/xxxxxxxxxx.xxxHigh
50Filexxxxxxxx.xxxMedium
51Filexxxxxxxxx.xxMedium
52Filexxx/xxxxxx.xxxHigh
53Filexxx/xxxxxxxxxxx/xxxxxxx.xxxHigh
54Filexxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxxHigh
55Filexxxxxxxx/xxxxxxxxx.xxxxx.xxxHigh
56Filexxxxxxxx/xxxxxx/xxxx/xxxxx.xxx.xxxHigh
57Filexxxxx.xxxMedium
58Filexxxxxxxxxxx.xxxHigh
59Filexxx/xxxxxxxx.xxxHigh
60Filexxx_xxxxxxxxx.xxxHigh
61Filexxx.x/xxxxxx.xHigh
62Filexxx.xLow
63Filexxxxxxxxxxxxxxxxxxxx.xxxxHigh
64Filexxxxx.xxxMedium
65Filexxxxxxxx_xxxxxx.xxxHigh
66Filexxx/xxxx/xxxxxx.xHigh
67Filexxx_xxxx_xxx_xxxxxxxxxx.xHigh
68Filexxx_xxxx.xxxMedium
69Filexxxxxxxxxxx.xxxHigh
70Filexxxxxxxxxxxx.xxxHigh
71Filexxxxxx.xxxMedium
72Filexxxxxxx\xxx_xxxxxx.xxxHigh
73Filexxx_xxx_xxxx.xxxHigh
74Filexx.xxxLow
75Filexxxxxx/xxx/xx/xxx.xxHigh
76Filexxxxxxxxx.xxxxHigh
77Filexxxxxx.xxxMedium
78Filexxxx_xxxxx.xxxHigh
79Filexxxxxxxxxxxx.xxxHigh
80Filexxxxxxxxx.xxxHigh
81Filexxxx-xxx/Medium
82Filexxxxx.xxxMedium
83Filexxxxxxxx_xxxxxxxxx.xxxHigh
84Filexxxxx.xxxMedium
85Filexxxxxx_xxx.xxxHigh
86Filexxxxxxx.xxxxMedium
87Filexxxxxx.xxxMedium
88Filexxxxxxxxxx.xxxxHigh
89Filexx-xxxxx/xxxx.xxxHigh
90Filexxxxxxxxxxxxx.xxxHigh
91Library/xxxxx/xxxxxxxx/xxxxxxx.xxxHigh
92Libraryxxxxxx-xx/xxx/xxx-xxxxxx-xxxxx-xx.xxxHigh
93Libraryxxxxxxx.xxx.xx.xxxHigh
94Libraryxxxxxx.xxxMedium
95Libraryxxx/xxx/xxxx/High
96ArgumentxxxxxxxLow
97ArgumentxxxxxxxxMedium
98ArgumentxxxxxLow
99ArgumentxxxxxxxxMedium
100ArgumentxxxLow
101ArgumentxxxxxxxLow
102ArgumentxxxxxxxxxxxxxHigh
103ArgumentxxxxxxLow
104ArgumentxxxxxxxLow
105Argumentxxxxxxx_xxxx_xxx_xxxxxxHigh
106ArgumentxxxxxLow
107Argumentxxx_xxxxMedium
108ArgumentxxxxxxxLow
109Argumentxxxx_xxxxx_xxxxHigh
110ArgumentxxxxLow
111Argumentxx_xxLow
112Argumentxx_xxxxLow
113ArgumentxxLow
114Argumentx_xxxxxxxMedium
115ArgumentxxxxxLow
116ArgumentxxLow
117ArgumentxxxxxLow
118ArgumentxxxLow
119Argumentxxx_xxxLow
120Argumentxxxxxxx_xxxxMedium
121ArgumentxxxxxxLow
122ArgumentxxxLow
123ArgumentxxxxxxLow
124ArgumentxxxxxxxLow
125ArgumentxxxxxxxxxMedium
126Argumentxxx_xxLow
127ArgumentxxxxLow
128ArgumentxxxxxxLow
129ArgumentxxxxxLow
130ArgumentxxxxLow
131Argumentxxxx[xx]Medium
132Argumentxxxxx_xxxx_xxxxHigh
133ArgumentxxxxxxLow
134Argumentxxx-xxxxxxMedium
135Argumentxxxxxx_xxxxxxHigh
136Argumentxxxxxx_xxxxxMedium
137Argumentxxxxxx_xxxxMedium
138ArgumentxxxxxxxxMedium
139ArgumentxxxxLow
140Argumentxxxx_xxLow
141ArgumentxxxLow
142ArgumentxxxxxLow
143ArgumentxxxxxLow
144ArgumentxxxxxxxxxMedium
145ArgumentxxxxxxxxxxxMedium
146ArgumentxxxxxxLow
147ArgumentxxxxxxxxMedium
148Argumentxxxxx/xxxxxxMedium
149Argumentx_xxxxxxxxMedium
150Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxHigh
151Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#High
152Input Value??x:\Low
153Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxHigh
154Network Portxxx/xx (xxx)Medium
155Network Portxxx/xxxxMedium
156Network Portxxx xxxxxx xxxxHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!