NetTraveler تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (148)

التسلسل الزمني

اللغة

en146
zh2

البلد

us102
cn2

الفاعلين

NetTraveler5
Emotet1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined46
Router Operating System10
Content Management System6
Endpoint Management Software4
Image Processing Software2

المجهز

Not Defined24
Intel4
Microsoft4
Juniper4
Icewarp2

منتج

WordPress4
Juniper Junos4
Icewarp Server2
GNU Bash2
Samsung S7 Edge2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.640.00943CVE-2010-0966
3Moxa IKS/EDS سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00078CVE-2019-6565
4PHP Template Store Script Profile سكربتات مشتركة4.44.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00108CVE-2018-14869
5WoltLab Burning Book addentry.php حقن إس كيو إل7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
6ImageMagick pcd.c DecodeImage الحرمان من الخدمة6.46.3$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00565CVE-2019-7175
7Gurunavi App SSL Certificate Validator توثيق ضعيف5.75.5$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00110CVE-2015-7778
8Quizlord Plugin admin.php Stored سكربتات مشتركة4.44.0$0-$5kجاري الحسابProof-of-ConceptNot Defined0.000.00105CVE-2018-17140
9Microsoft Visual Studio تجاوز الصلاحيات7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.06292CVE-2018-8172
10Juniper Junos Sun/MS-RPC ALG الحرمان من الخدمة6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00105CVE-2017-10608
11lshell تجاوز الصلاحيات8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00348CVE-2016-6902
12jforum User تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.050.00289CVE-2019-7550
13D-Link DIR-878 HTTP Header strncpy تلف الذاكرة8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00581CVE-2019-9125
14FSB Dequeen Mobile Banking App X.509 Certificate توثيق ضعيف5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00077CVE-2017-9566
15Intel McAfee ePolicy Orchestrator حقن إس كيو إل7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.62446CVE-2016-8027
16Intel McAfee ePolicy Orchestrator Apache Commons Collections Library تجاوز الصلاحيات8.37.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00203CVE-2015-8765
17Icewarp Server سكربتات مشتركة5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00420CVE-2018-16324
18Huawei Smarthome Encryption Key Stored الكشف عن المعلومات6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00107CVE-2017-2704
19ImageMagick dib.c WriteDIBImage تلف الذاكرة7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00444CVE-2018-12600
20KDE Plasma Workspace Notifications notificationsengine.cpp IP Address الكشف عن المعلومات4.84.7$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00528CVE-2018-6790

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
161.178.77.111NetTraveler27/03/2022verifiedعالي
267.198.140.14867.198.140.148.static.krypt.comNetTraveler27/03/2022verifiedعالي
396.44.179.2696.44.179.26.static.quadranet.comNetTraveler27/03/2022verifiedعالي
496.46.4.23796-46-4-237.res.trstrm.netNetTraveler27/03/2022verifiedعالي
5XX.XXX.XXX.XXxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxxxxxx27/03/2022verifiedعالي
6XXX.XX.XXX.XXXxxxxxxxxxx27/03/2022verifiedعالي
7XXX.XXX.XX.XXXXxxxxxxxxxx27/03/2022verifiedعالي
8XXX.XX.XXX.XXXxxxxxxxxxx27/03/2022verifiedعالي
9XXX.XX.XX.XXXXxxxxxxxxxx01/01/2021verifiedعالي
10XXX.XXX.XX.XXXXxxxxxxxxxx27/03/2022verifiedعالي
11XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxxx27/03/2022verifiedعالي
12XXX.X.XX.XXxxxxxxxxxx27/03/2022verifiedعالي
13XXX.XX.XX.XXXxxxxxxxxxx27/03/2022verifiedعالي
14XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxx27/03/2022verifiedعالي
15XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxx.xxxx.xxxXxxxxxxxxxx27/03/2022verifiedعالي
16XXX.XXX.XXX.XXXxxxxxxxxxx27/03/2022verifiedعالي
17XXX.XXX.X.XXXxxx-xxx-x-xxx.xx.xxxxxxxxxxx.xxXxxxxxxxxxx27/03/2022verifiedعالي
18XXX.XX.XX.XXXxxxxxxxxxx01/01/2021verifiedعالي
19XXX.XX.XXX.XXXxxxxxxxxxx27/03/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059CWE-94Argument Injectionpredictiveعالي
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
3TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (71)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/bin/login.phppredictiveعالي
2File/see_more_details.phppredictiveعالي
3File/start-stoppredictiveمتوسط
4File/uncpath/predictiveمتوسط
5File/webmail/predictiveمتوسط
6Fileaddentry.phppredictiveمتوسط
7Fileadmin.remository.phppredictiveعالي
8Fileadmin/index.phppredictiveعالي
9Fileapply.cgipredictiveمتوسط
10Filexxx\xxxxxxx\xxxxxx_xxxxxxxx.xxxpredictiveعالي
11Filexxxxx-xxx.xpredictiveمتوسط
12Filexx_xxxx.xxxpredictiveمتوسط
13Filexxxxxx/xxx.xpredictiveمتوسط
14Filexxxxxx/xxx.xpredictiveمتوسط
15Filexxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveعالي
16Filexxxxxxx_xx.xxxpredictiveعالي
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
18Filexxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
19Filexxxxx/xxxxxxx.xxpredictiveعالي
20Filexxxxxx.xxxpredictiveمتوسط
21Filexxxx/xxxxxxxxxx/xxxxxx-xxxx.xpredictiveعالي
22Filexxx/xxxx/xxxx.xpredictiveعالي
23Filexxxxxxxx.xxxpredictiveمتوسط
24Filexxxx.xxxpredictiveمتوسط
25Filexxxxxxxxx.xxxpredictiveعالي
26Filexxxxxxxxxxxx.xxxpredictiveعالي
27Filexxx/xxxxxx.xxxpredictiveعالي
28Filexxxxx.xxxpredictiveمتوسط
29Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveعالي
30Filexxxxxxxxx.xxpredictiveمتوسط
31Filexxxxxx/xxxx.xpredictiveعالي
32Filexxxx.xxxpredictiveمتوسط
33Filexxxxxxx.xpredictiveمتوسط
34Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveعالي
35Filexxxx_xxxxxxxx.xxxpredictiveعالي
36Filexxxxxxx.xxxpredictiveمتوسط
37Filexxxxxxxxx.xxx/xxxxxxx.xxxpredictiveعالي
38Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveعالي
39Filexxxxxxxx/xxxxxxxxxx.xpredictiveعالي
40Filexxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
41Filexx/xxx.xpredictiveمتوسط
42Filexxxx.xxxpredictiveمتوسط
43Filexxxx-xxx.xxxpredictiveمتوسط
44Filexxxx-xxx.xxx xxxxxxpredictiveعالي
45Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxxx.xxxpredictiveعالي
46Filexx-xxxxx/xxxxx.xxxpredictiveعالي
47Filexx-xxxxxxxxx.xxxpredictiveعالي
48Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxx.xxxpredictiveعالي
49Libraryxxxxxx.xxxpredictiveمتوسط
50Argumentxxxxxxx xxxx x/xxxxxxx xxxx x/xxxx xxxx/x/x xxxxxx xxxxpredictiveعالي
51Argumentxxxxxxxxpredictiveمتوسط
52Argumentxxxxxxxxx/xxxxpredictiveعالي
53Argumentxxxxxxxxpredictiveمتوسط
54Argumentxxxxxxxxxxxpredictiveمتوسط
55Argumentxxxx_xxxxpredictiveمتوسط
56Argumentxxpredictiveواطئ
57Argumentxxxxxxxxxpredictiveمتوسط
58Argumentxxxxxpredictiveواطئ
59Argumentxxxx_xxpredictiveواطئ
60Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveعالي
61Argumentxxxxpredictiveواطئ
62Argumentxxxxxxxxxpredictiveمتوسط
63Argumentxxxxxx_xxxpredictiveمتوسط
64Argumentxxxxxxxxx/xxxpredictiveعالي
65Argumentxxxxpredictiveواطئ
66Argumentxxxpredictiveواطئ
67Argumentxxxxxxxxxxpredictiveمتوسط
68Argumentxx_xxpredictiveواطئ
69Argumentxxxxxpredictiveواطئ
70Argumentxxxpredictiveواطئ
71Argumentxxxxxxxxpredictiveمتوسط

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!