Novter Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

pl	461
en	130
zh	34
ru	14
de	6

Country

pl	460
cn	97
us	42
ru	21
gb	5

Actors

Novter	617
FIN7	13
Cobalt Strike	8
Lyceum	3
Gaza Cybergang	2

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	CTI	CVE
1	Hiox India Guest Book gb.php memory corruption	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.06	CVE-2007-1998
2	Visual Form Builder Plugin csv injection	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.12	CVE-2022-0142
3	jax guestbook jax_guestbook.php cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.03	CVE-2005-4879
4	Lars Ellingsen Guestserver guestbook.cgi cross site scriting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	CVE-2005-4222
5	ASPjar ASPjar Guestbook login.asp sql injection	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	CVE-2005-0423
6	DM Guestbook admin.guestbook.php path traversal	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	CVE-2007-5821
7	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.05	CVE-2007-1192
8	Qt-cute QuickTalk guestbook qtg_msg_view.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.03	CVE-2007-3538
9	Professional Home Page Tools Professional Home Page Tools Guestbook delcookie.php unknown vulnerability	5.3	4.6	$0-$5k	$0-$5k	Unproven	Official Fix	0.07	CVE-2006-3837
10	XAMPP Apache Distribution cds.php cross site scriting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	CVE-2005-1077
11	Papoo guestbook.php sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.09
12	AN Guestbook sign1.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.00	CVE-2009-0424
13	FAC Guestbook information disclosure	9.8	9.5	$0-$5k	$0-$5k	High	Unavailable	0.00	CVE-2007-2101
14	AFGB AFGB GUESTBOOK add.php file inclusion	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.06	CVE-2006-5307
15	SignKorn Guestbook preview.php privileges management	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04
16	episodex episodex guestbook default.asp cross site scriting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	CVE-2005-1684
17	Planetmoon Guestbook passwd.txt Password access control	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	CVE-2003-1541
18	MPM Guestbook cross site scriting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	CVE-2003-1182
19	MPC SoftWeb Guestbook insertguest.asp cross site scriting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05
20	Big Sam Guestbook bigsam_guestbook.php denial of service	3.3	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06

IOC - Indicator of Compromise (68)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Confidence
1	1.88.24.27		Novter	High
2	2.58.80.150		Novter	High
3	2.196.217.25		Novter	High
4	3.128.83.132	ec2-3-128-83-132.us-east-2.compute.amazonaws.com	Novter	Medium
5	5.61.40.95		Novter	High
6	5.61.42.103		Novter	High
7	5.61.42.111	box.invfx.eu	Novter	High
8	5.61.42.116		Novter	High
9	5.61.48.155		Novter	High
10	5.61.48.156	192.64.119.156	Novter	High
11	6.217.158.104		Novter	High
12	7.130.244.4		Novter	High
13	13.158.242.227		Novter	High
14	20.56.162.154		Novter	High
15	XX.XX.XXX.XX		Xxxxxx	High
16	XX.XXX.XX.XX		Xxxxxx	High
17	XX.XXX.XX.XXX		Xxxxxx	High
18	XX.XXX.XXX.XXX		Xxxxxx	High
19	XX.XX.XX.XXX	xxx.xx.xx.xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxxxx	Medium
20	XX.X.XXX.XXX		Xxxxxx	High
21	XX.XXX.X.XX	xxxxxxxxxxx.xxx	Xxxxxx	High
22	XX.XXX.XX.XX		Xxxxxx	High
23	XX.XX.XXX.XX		Xxxxxx	High
24	XX.XXX.XXX.XX		Xxxxxx	High
25	XX.XXX.X.XX		Xxxxxx	High
26	XX.XX.XX.XXX	xx-xx-xx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxx	Xxxxxx	High
27	XX.XX.XX.XXX		Xxxxxx	High
28	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxx.xxxxxxxxx.xxx	Xxxxxx	High
29	XX.XXX.XXX.XXX		Xxxxxx	High
30	XX.XX.XX.XX		Xxxxxx	High
31	XX.XX.XXX.XX	x-xx-xx-xxx-xx.xxxx.xx.xxxxxxx.xxx	Xxxxxx	High
32	XX.XX.XXX.XXX	xxxxxxxxxxx-xxx-x-xx-xxx.xxx-xx.xxx.xxxxxxx.xx	Xxxxxx	High
33	XX.XX.XXX.X	xxxxx-xx-xxx-x.xxxxx.xxx-xxx.xx	Xxxxxx	High
34	XX.XXX.XX.XX	xxxxxxxxxx.xxx	Xxxxxx	High
35	XX.XXX.XX.XX	xxxxxxxxxx.xxx	Xxxxxx	High
36	XX.XXX.XX.XX	xxxx.xxxxxxxxxxxxx.xxx	Xxxxxx	High
37	XX.XX.XXX.XXX	xxxx-xxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxxxxxx-xx.xx	Xxxxxx	High
38	XX.XX.X.XXX		Xxxxxx	High
39	XXX.XX.XXX.XX	xxxx-xxx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxx	Xxxxxx	High
40	XXX.XXX.X.XX		Xxxxxx	High
41	XXX.XXX.XX.XX	xxxxxxxxxxxxxxxxxxxx.xxxxx.xxx	Xxxxxx	High
42	XXX.XXX.XXX.XX	xxxxxxxxxxxxxxxxxxxx.xxxxx.xxx	Xxxxxx	High
43	XXX.XX.XXX.XXX		Xxxxxx	High
44	XXX.XXX.XX.XXX		Xxxxxx	High
45	XXX.XXX.XX.XX		Xxxxxx	High
46	XXX.XXX.XX.XXX		Xxxxxx	High
47	XXX.XXX.XXX.XXX		Xxxxxx	High
48	XXX.XX.XX.XX	xxxx-xxx-xxx.xx-xxxxxxxx.xx	Xxxxxx	High
49	XXX.XXX.XXX.XXX		Xxxxxx	High
50	XXX.XX.X.XXX		Xxxxxx	High
51	XXX.XX.XX.X		Xxxxxx	High
52	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxxxx.xxxxxx.xxx.xx	Xxxxxx	High
53	XXX.XX.XXX.XXX		Xxxxxx	High
54	XXX.XXX.XXX.XX		Xxxxxx	High
55	XXX.XX.XX.XXX		Xxxxxx	High
56	XXX.XXX.XX.XX	xx-xx-xxx-xxx.xxxxxxx.xxx.xx	Xxxxxx	High
57	XXX.XX.XXX.XXX		Xxxxxx	High
58	XXX.X.XXX.XXX	xxxxxxxxx.xxxx-xxxxx.xx	Xxxxxx	High
59	XXX.XXX.XXX.XX	xxxxxx.xxxxxxxxxx.xxx	Xxxxxx	High
60	XXX.XX.XXX.XXX		Xxxxxx	High
61	XXX.XX.XXX.XXX		Xxxxxx	High
62	XXX.XXX.XXX.XX		Xxxxxx	High
63	XXX.XX.XXX.XXX		Xxxxxx	High
64	XXX.XXX.XX.XXX	xxx.xx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxx	High
65	XXX.XXX.XXX.XXX		Xxxxxx	High
66	XXX.XX.XX.XX		Xxxxxx	High
67	XXX.XX.XX.X		Xxxxxx	High
68	XXX.XXX.XXX.XXX		Xxxxxx	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilities	Access Vector	Confidence
1	T1059.007	CWE-79, CWE-80	Cross Site Scripting	High
2	T1068	CWE-250, CWE-264, CWE-284	Execution with Unnecessary Privileges	High
3	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx	High
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	High
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	High
6	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	High
7	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	High

IOA - Indicator of Attack (156)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Confidence
1	File	.htaccess	Medium
2	File	/adfs/ls	Medium
3	File	/getcfg.php	Medium
4	File	/index.php/weblinks-categories	High
5	File	/iwguestbook/admin/messages_edit.asp	High
6	File	/public/plugins/	High
7	File	/scripts/iisadmin/bdir.htr	High
8	File	/wp-content/plugins/updraftplus/admin.php	High
9	File	add.php	Low
10	File	admin.cgi/config.cgi	High
11	File	admin/admin.guestbook.php	High
12	File	admin/auth.php	High
13	File	admin/backupdb.php	High
14	File	admin/login.asp	High
15	File	admin/preview.php	High
16	File	administrator/components/com_media/helpers/media.php	High
17	File	archive_read_support_format_rar.c	High
18	File	auth.py	Low
19	File	authenticate.php	High
20	File	auto/glob_new.php	High
21	File	xxxxxx_xxxxxxxxx.xxx	High
22	File	xxx.xxx	Low
23	File	xxxxxxx.xxxx	Medium
24	File	xxxxxxxxxxxxxxxx.xxx	High
25	File	xxxxxxx/xxxxxxxxxx.xxx	High
26	File	xxxxxxx/xxxx/xxxxxx/xxxxxx.x	High
27	File	xxxxx-xxxxxxx.xxx	High
28	File	xxxx/xxxxxxxxxxxxxxx.xxx	High
29	File	xx/xx.xxx	Medium
30	File	xxxxxxx.xxx	Medium
31	File	xxxxxxxxx.xxx	High
32	File	xxxx.xxx	Medium
33	File	xxxxx.xxx	Medium
34	File	xxx/xxxx/xxxx.x	High
35	File	xxxxxxx.xxx	Medium
36	File	xxxxx/xxxxxx.xxx	High
37	File	xx_xxxxxxx	Medium
38	File	xxxxx/xxxxx_xxxxx_x	High
39	File	xxxxxxxx/xxxxxxx/xxxxxxxxxxxx.xxx	High
40	File	xx.xxx	Low
41	File	xxxxx.xxx	Medium
42	File	xxxx_xxxxxxx.xxx.xxx	High
43	File	xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxx	High
44	File	xxxxxxxxx.xxx	High
45	File	xxxxxxxxx.xxx	High
46	File	xxxxxxxxx/xxxxxxxxx.xxx.xxx	High
47	File	xxxxxxxxxxxx.xxx	High
48	File	xxxxxxxxx.xxx	High
49	File	xxxx/xx/xxxxxxxxxx.xxx	High
50	File	xxxxxxxx.xxx	Medium
51	File	xxxxxxxxx.xx	Medium
52	File	xxx/xxxxxx.xxx	High
53	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	High
54	File	xxxxxxx/xxxxxxx/xxxxxxxx_xxxxxxxx.xxx.xxx	High
55	File	xxxxxxxx/xxxxxxxxx.xxxxx.xxx	High
56	File	xxxxxxxx/xxxxxx/xxxx/xxxxx.xxx.xxx	High
57	File	xxxxx.xxx	Medium
58	File	xxxxxxxxxxx.xxx	High
59	File	xxx/xxxxxxxx.xxx	High
60	File	xxx_xxxxxxxxx.xxx	High
61	File	xxx.x/xxxxxx.x	High
62	File	xxx.x	Low
63	File	xxxxxxxxxxxxxxxxxxxx.xxxx	High
64	File	xxxxx.xxx	Medium
65	File	xxxxxxxx_xxxxxx.xxx	High
66	File	xxx/xxxx/xxxxxx.x	High
67	File	xxx_xxxx_xxx_xxxxxxxxxx.x	High
68	File	xxx_xxxx.xxx	Medium
69	File	xxxxxxxxxxx.xxx	High
70	File	xxxxxxxxxxxx.xxx	High
71	File	xxxxxx.xxx	Medium
72	File	xxxxxxx\xxx_xxxxxx.xxx	High
73	File	xxx_xxx_xxxx.xxx	High
74	File	xx.xxx	Low
75	File	xxxxxx/xxx/xx/xxx.xx	High
76	File	xxxxxxxxx.xxxx	High
77	File	xxxxxx.xxx	Medium
78	File	xxxx_xxxxx.xxx	High
79	File	xxxxxxxxxxxx.xxx	High
80	File	xxxxxxxxx.xxx	High
81	File	xxxx-xxx/	Medium
82	File	xxxxx.xxx	Medium
83	File	xxxxxxxx_xxxxxxxxx.xxx	High
84	File	xxxxx.xxx	Medium
85	File	xxxxxx_xxx.xxx	High
86	File	xxxxxxx.xxxx	Medium
87	File	xxxxxx.xxx	Medium
88	File	xxxxxxxxxx.xxxx	High
89	File	xx-xxxxx/xxxx.xxx	High
90	File	xxxxxxxxxxxxx.xxx	High
91	Library	/xxxxx/xxxxxxxx/xxxxxxx.xxx	High
92	Library	xxxxxx-xx/xxx/xxx-xxxxxx-xxxxx-xx.xxx	High
93	Library	xxxxxxx.xxx.xx.xxx	High
94	Library	xxxxxx.xxx	Medium
95	Library	xxx/xxx/xxxx/	High
96	Argument	xxxxxxx	Low
97	Argument	xxxxxxxx	Medium
98	Argument	xxxxx	Low
99	Argument	xxxxxxxx	Medium
100	Argument	xxx	Low
101	Argument	xxxxxxx	Low
102	Argument	xxxxxxxxxxxxx	High
103	Argument	xxxxxx	Low
104	Argument	xxxxxxx	Low
105	Argument	xxxxxxx_xxxx_xxx_xxxxxx	High
106	Argument	xxxxx	Low
107	Argument	xxx_xxxx	Medium
108	Argument	xxxxxxx	Low
109	Argument	xxxx_xxxxx_xxxx	High
110	Argument	xxxx	Low
111	Argument	xx_xx	Low
112	Argument	xx_xxxx	Low
113	Argument	xx	Low
114	Argument	x_xxxxxxx	Medium
115	Argument	xxxxx	Low
116	Argument	xx	Low
117	Argument	xxxxx	Low
118	Argument	xxx	Low
119	Argument	xxx_xxx	Low
120	Argument	xxxxxxx_xxxx	Medium
121	Argument	xxxxxx	Low
122	Argument	xxx	Low
123	Argument	xxxxxx	Low
124	Argument	xxxxxxx	Low
125	Argument	xxxxxxxxx	Medium
126	Argument	xxx_xx	Low
127	Argument	xxxx	Low
128	Argument	xxxxxx	Low
129	Argument	xxxxx	Low
130	Argument	xxxx	Low
131	Argument	xxxx[xx]	Medium
132	Argument	xxxxx_xxxx_xxxx	High
133	Argument	xxxxxx	Low
134	Argument	xxx-xxxxxx	Medium
135	Argument	xxxxxx_xxxxxx	High
136	Argument	xxxxxx_xxxxx	Medium
137	Argument	xxxxxx_xxxx	Medium
138	Argument	xxxxxxxx	Medium
139	Argument	xxxx	Low
140	Argument	xxxx_xx	Low
141	Argument	xxx	Low
142	Argument	xxxxx	Low
143	Argument	xxxxx	Low
144	Argument	xxxxxxxxx	Medium
145	Argument	xxxxxxxxxxx	Medium
146	Argument	xxxxxx	Low
147	Argument	xxxxxxxx	Medium
148	Argument	xxxxx/xxxxxx	Medium
149	Argument	x_xxxxxxxx	Medium
150	Input Value	x%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xx	High
151	Input Value	x+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#	High
152	Input Value	??x:\	Low
153	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	High
154	Network Port	xxx/xx (xxx)	Medium
155	Network Port	xxx/xxxx	Medium
156	Network Port	xxx xxxxxx xxxx	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!