NightScout تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

التسلسل الزمني

اللغة

en24
zh2

البلد

cn24
us2

الفاعلين

NightScout2
Mustang Panda1
PlugX1
PingPull1
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined8
Router Operating System6
Web Server2
Application Server Software2
Document Reader Software2

المجهز

Not Defined8
Juniper2
ASUS2
D-Link2
Alcatel-Lucent2

منتج

Boa Webserver2
Juniper Junos Pulse Secure Access Service2
ASUS RT-AC51U2
D-Link DIR-550A2
D-Link DIR-604M2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Juniper Junos Pulse Secure Access Service SSL VPN Web Server سكربتات مشتركة6.36.0$5k-$25kجاري الحسابNot DefinedOfficial Fix0.000.00135CVE-2013-5649
2ASUS RT-AC51U Network Request سكربتات مشتركة3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00062CVE-2023-29772
3Asus RT-AC2900 تجاوز الصلاحيات8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.08597CVE-2018-8826
4Apache CouchDB تجاوز الصلاحيات6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97472CVE-2022-24706
5Apache Struts Incomplete Fix CVE-2020-17530 تجاوز الصلاحيات6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.18558CVE-2021-31805
6Metabase Custom GeoJSON Map تجاوز الصلاحيات8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.95622CVE-2021-41277
7Rabbitmq Docker Image توثيق ضعيف9.89.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00661CVE-2020-35196
8RabbitMQ Security Vulnerability تجاوز الصلاحيات5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00044CVE-2020-5419
9Boa Webserver GET wapopen اجتياز الدليل6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.73540CVE-2017-9833
10Commvault CVDataPipe.dll تجاوز الصلاحيات8.58.4$0-$5k$0-$5kHighOfficial Fix0.020.06430CVE-2017-18044
11Pulse Secure Pulse Connect Secure login_meeting.cgi تجاوز الصلاحيات9.89.4$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00194CVE-2018-20813
12QNAP QTS تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.060.12427CVE-2019-7193
13Adobe Acrobat Reader تجاوز الصلاحيات7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00083CVE-2020-9613
14UEditor IFRAME سكربتات مشتركة5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00070CVE-2017-14744
15Alcatel-Lucent CellPipe 7130 Router Port Triggering Menu سكربتات مشتركة4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00155CVE-2015-4587
16Qualcomm Snapdragon Auto WMA Event تلف الذاكرة6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00044CVE-2018-11923
17Oracle E-Business Suite Scripting iesfootprint.jsp تجاوز الصلاحيات9.18.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.01331CVE-2017-3549
18Cisco ASA WebVPN Login Page logon.html سكربتات مشتركة4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00192CVE-2014-2120
19ProFTPD mod_copy تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.94462CVE-2019-12815
20FileZen File Upload اجتياز الدليل7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.000.00198CVE-2018-0693

حملات (1)

These are the campaigns that can be associated with the actor:

  • NightScout

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.158.32.65NightScoutNightScout31/05/2021verifiedعالي
2XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxx31/05/2021verifiedعالي
3XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxx31/05/2021verifiedعالي
4XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxx31/05/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/+CSCOE+/logon.htmlpredictiveعالي
2File/cgi-bin/wapopenpredictiveعالي
3Filexxxxxxxxxxxx.xxxpredictiveعالي
4Filexxxxx_xxxxxxx.xxxpredictiveعالي
5Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveعالي
6Argumentxxxxxxxxxxpredictiveمتوسط
7Argumentxxxpredictiveواطئ
8Input Value../..predictiveواطئ
9Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!