Wild Neutron تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

التسلسل الزمني

اللغة

en870
zh56
fr16
de12
es12

البلد

nl992
om4
gb2
us2

الفاعلين

RedLine Stealer7
Mylobot3
Dorkbot3
Domestic Kitten3
Charming Kitten2

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined224
Operating System140
Content Management System58
Firewall Software40
WordPress Plugin34

المجهز

Not Defined220
Microsoft146
Cisco38
Linux36
Google32

منتج

Microsoft Windows94
Linux Kernel36
WordPress22
Google Android20
Apache HTTP Server12

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.86CVE-2020-12440
2Huawei ACXXXX/SXXXX SSH Packet تجاوز الصلاحيات7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.02CVE-2014-8572
3Microsoft Windows WPAD تجاوز الصلاحيات8.07.9$25k-$100k$0-$5kHighOfficial Fix0.909620.03CVE-2016-3213
4Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.035230.03CVE-2021-34530
5Microsoft Windows Event Tracing Privilege Escalation7.36.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34487
6Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.17CVE-2017-0055
7Cisco Secure Email and Web Manager Web-based Management Interface توثيق ضعيف9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003370.02CVE-2022-20798
8nginx Log File تجاوز الصلاحيات7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.04CVE-2016-1247
9Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.09CVE-2020-1927
10Microsoft .NET Core/Visual Studio الحرمان من الخدمة6.45.5$5k-$25k$0-$5kUnprovenOfficial Fix0.001950.07CVE-2021-26423
11Microsoft Windows TCP/IP Stack Privilege Escalation9.98.6$100k أو أكثر$5k-$25kUnprovenOfficial Fix0.021830.04CVE-2021-26424
12Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k أو أكثر$5k-$25kUnprovenOfficial Fix0.000440.00CVE-2021-26425
13Microsoft Windows Bluetooth Driver Privilege Escalation8.37.3$100k أو أكثر$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34537
14Microsoft Dynamics 365 Privilege Escalation8.57.4$25k-$100k$0-$5kUnprovenOfficial Fix0.007360.00CVE-2021-34524
15Microsoft Windows Storage Spaces Controller Local Privilege Escalation7.86.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2021-34536
16Microsoft Windows Graphics Remote Code Execution7.06.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.035230.00CVE-2021-34533
17Microsoft Windows Services for NFS ONCRPC XDR Driver الكشف عن المعلومات6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011080.00CVE-2021-36926
18Microsoft ASP.NET Core/Visual Studio الكشف عن المعلومات4.94.3$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.04CVE-2021-34532
19Microsoft Windows Services for NFS ONCRPC XDR Driver الكشف عن المعلومات6.45.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.011080.00CVE-2021-36933
20Microsoft Windows Remote Desktop Client Remote Code Execution8.87.9$100k أو أكثر$5k-$25kProof-of-ConceptOfficial Fix0.052520.02CVE-2021-34535

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
146.183.217.132skalli.pereformed.comWild Neutron24/12/2020verifiedعالي
2XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxxx.xxxXxxx Xxxxxxx24/12/2020verifiedعالي
3XX.XX.XXX.XXxx-xx-xxx-xx.xxxxxx.xxxXxxx Xxxxxxx24/12/2020verifiedعالي
4XXX.XX.XX.XXXxxx.xxxxxxxxxxxxx.xxx.xxXxxx Xxxxxxx24/12/2020verifiedعالي
5XXX.XX.X.XXxxxxxxxx.xxxxxxxxxxx.xxXxxx Xxxxxxx24/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictiveعالي
2T1040CWE-294Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CWE-94Argument Injectionpredictiveعالي
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictiveعالي
13TXXXXCWE-XX, CWE-XXXxx Xxxxxxxxxpredictiveعالي
14TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
15TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
17TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
18TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveعالي
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (234)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File.travis.ymlpredictiveمتوسط
2File/.envpredictiveواطئ
3File/admin.phppredictiveمتوسط
4File/admin/subnets/ripe-query.phppredictiveعالي
5File/apply.cgipredictiveمتوسط
6File/core/conditions/AbstractWrapper.javapredictiveعالي
7File/debug/pprofpredictiveمتوسط
8File/exportpredictiveواطئ
9File/file?action=download&filepredictiveعالي
10File/hardwarepredictiveمتوسط
11File/librarian/bookdetails.phppredictiveعالي
12File/medical/inventories.phppredictiveعالي
13File/monitoringpredictiveمتوسط
14File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveعالي
15File/plugin/LiveChat/getChat.json.phppredictiveعالي
16File/plugins/servlet/audit/resourcepredictiveعالي
17File/plugins/servlet/project-config/PROJECT/rolespredictiveعالي
18File/replicationpredictiveمتوسط
19File/RestAPIpredictiveمتوسط
20File/tmp/speedtest_urls.xmlpredictiveعالي
21File/tmp/zarafa-vacation-*predictiveعالي
22File/uncpath/predictiveمتوسط
23File/uploadpredictiveواطئ
24File/user/loader.php?api=1predictiveعالي
25File/var/log/nginxpredictiveعالي
26File/var/run/watchman.pidpredictiveعالي
27File/xxxxxx/xxxxxx.xxxxpredictiveعالي
28File/xx-xxxx/xxxxxx/x.x/xxxxx?xxxpredictiveعالي
29Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
30Filexxxxx-xxxx.xxx?xxxxxx=xxx_xxxxxxx xxxxx[x][xxx]predictiveعالي
31Filexxxxxxx.xxxpredictiveمتوسط
32Filexxxxxxx.xxxpredictiveمتوسط
33Filexxx/xxx/xxxx-xxxpredictiveعالي
34Filexxx/xx/xxxxxxpredictiveعالي
35Filexxxxx.xxxpredictiveمتوسط
36Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
37Filexxxx/xxxxxxx/xxx/xxxxxx_xxxx.xpredictiveعالي
38Filexxxx-xxxx.xpredictiveمتوسط
39Filexxxx/xxxxxxx.xxxpredictiveعالي
40Filex:\xxxxxxx xxxxx\xxxxxx xxxxx\xxx\xxxxxxx.xxxpredictiveعالي
41Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveعالي
42Filexxxx.xxxpredictiveمتوسط
43Filexxx-xxx/xx.xxxpredictiveعالي
44Filexxx/xxxxxxx.xxpredictiveعالي
45Filexxxxx.xxxpredictiveمتوسط
46Filexxxxxx.xxxpredictiveمتوسط
47Filexxx_xxxxxx.xxxpredictiveعالي
48Filexxx.xxxpredictiveواطئ
49Filexxxxxx.xxxpredictiveمتوسط
50Filexxxxxxxx.xxpredictiveمتوسط
51Filexxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/predictiveعالي
52Filex_xxxxxxpredictiveمتوسط
53Filexxxxxx.xxxpredictiveمتوسط
54Filexxxxxxx.xxxpredictiveمتوسط
55Filexxxxxxx/xxxxx/xxxxxx.xpredictiveعالي
56Filexxxxxxx/xxx/xxxxxxx/xxxx.xpredictiveعالي
57Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictiveعالي
58Filexxxx_xxxxx.xxxpredictiveعالي
59Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xpredictiveعالي
60Filexxxxxxxx.xpredictiveمتوسط
61Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
62Filexx/xxxxxxxxx.xpredictiveعالي
63Filexx/xxxxx.xpredictiveمتوسط
64Filexx/xxxxx/xxxxxxx.xpredictiveعالي
65Filexxxxx.xxxpredictiveمتوسط
66Filexxxxxxxxxx.xxpredictiveعالي
67Filexxxx/xxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveعالي
68Filexxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
69Filexxxxx-xxxxx.xpredictiveعالي
70Filexxxxxx_xxxxx_xxxxxxx.xpredictiveعالي
71Filexxxxx-xxxxxxxxxx.xpredictiveعالي
72Filexxxxxxx/xxxx.xxxpredictiveعالي
73Filexxxxx.xxxpredictiveمتوسط
74Filexxxxx.xxx?xx=xxxxxxxx.xxxxxxpredictiveعالي
75Filexxxxx:/xxxxxxxx/xxxxxxxxxxxx.xxxxpredictiveعالي
76Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveعالي
77Filexxxx_xxxx.xxxpredictiveعالي
78Filexxxx_xxxxxx.xxpredictiveعالي
79Filexxxxxx/xxx/xxxxxxxx.xpredictiveعالي
80Filexxxxxx/xxxxx/xxxxx_xxxxxx_xxxxxx.xpredictiveعالي
81Filexxxxxxx/xx_xxx.xpredictiveعالي
82Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveعالي
83Filexxxx.xxxpredictiveمتوسط
84Filexxxxx.xxxpredictiveمتوسط
85Filexxxxx.xxxpredictiveمتوسط
86Filexxxxxxxxxx/xxx.xpredictiveعالي
87Filexxxx.xpredictiveواطئ
88Filexxxx.xxxpredictiveمتوسط
89Filexxxxxx_xxxxx_xxxxxxx.xpredictiveعالي
90Filexxxxxxxxxxxxxxxx.xpredictiveعالي
91Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveعالي
92Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveعالي
93Filexxxx.xxxpredictiveمتوسط
94Filexxx_xxxxxxx.xpredictiveعالي
95Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveعالي
96Filexxx_xx.xpredictiveمتوسط
97Filexxxxxxxxxxxxxxxxx.xxxpredictiveعالي
98Filexxxxxxxxx.xxx.xxxpredictiveعالي
99Filexxxxxxx.xxxpredictiveمتوسط
100Filexxxxxxxx.xxxxpredictiveعالي
101Filexxxxxxxxxxxx.xxxpredictiveعالي
102Filexxxxxxxxxxxxx.xxxxpredictiveعالي
103Filexxxxxx.xpredictiveمتوسط
104Filexxxxx.xxxpredictiveمتوسط
105Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveعالي
106Filexxxxxxxx.xxxpredictiveمتوسط
107Filexxxxxxx.xpredictiveمتوسط
108Filexxxxxxx.xxxpredictiveمتوسط
109Filexxxxxxx.xpredictiveمتوسط
110Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveعالي
111Filexxxx_xxx_xx.xpredictiveعالي
112Filexx_xxx.xpredictiveمتوسط
113Filexxx.xpredictiveواطئ
114Filexxxxxx.xpredictiveمتوسط
115Filexxxxx.xxxpredictiveمتوسط
116Filexxxx-xxxxxx.xpredictiveعالي
117Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveعالي
118Filexxxxxxx.xpredictiveمتوسط
119Filexxx/xxx_xxxxx.xpredictiveعالي
120Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveعالي
121Filexx.xxxpredictiveواطئ
122Filexxxxxx.xxxpredictiveمتوسط
123Filexxxxxxxx.xxxpredictiveمتوسط
124Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxx.xxxpredictiveعالي
125Filexxxx.xxxxxxxxx.xxxpredictiveعالي
126Filexxxx_xxxx.xxxpredictiveعالي
127Filexxxxxx.xxxpredictiveمتوسط
128Filexxx.xxxpredictiveواطئ
129Filexxxxx.xxxpredictiveمتوسط
130Filexxxxxx/xx/xxxx.xxxpredictiveعالي
131Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveعالي
132Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
133Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveعالي
134Filexx-xxxxxxxx/xxxx.xxxpredictiveعالي
135Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveعالي
136Filexx/xx/xxxxxpredictiveمتوسط
137Filexx_xxxxxxx.xpredictiveمتوسط
138File_xxxxxxxx/xxxxxxxx.xxxpredictiveعالي
139File~/xxxx/xxx/xxxxxxx/xxxxxxxxxx/xxxxxx.xxxpredictiveعالي
140Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveعالي
141Libraryxxxxxxxxx.xxxpredictiveعالي
142Libraryxxxxxxxx.xxxpredictiveمتوسط
143Libraryxxxxxxxxxx/xxxxxxxx.xpredictiveعالي
144Libraryxxxxxxxx.xxxpredictiveمتوسط
145Libraryxxxxxxxxx.xxxpredictiveعالي
146Libraryxxxxxxxx.xxxpredictiveمتوسط
147Libraryxxxxxx.xxx.xxx.xxxpredictiveعالي
148Libraryxxxxxxxx.xxxpredictiveمتوسط
149Libraryxxxxxxxx.xxxpredictiveمتوسط
150Argument-xpredictiveواطئ
151Argumentxx_xxxxx_xxx_xxxxpredictiveعالي
152Argumentxxxxxx_xxxxpredictiveمتوسط
153Argumentxxxpredictiveواطئ
154Argumentxxxxxpredictiveواطئ
155Argumentxxx_xxpredictiveواطئ
156Argumentxxxxxxxxxxxxxxxpredictiveعالي
157Argumentxxxx_xxpredictiveواطئ
158Argumentxxxxxxpredictiveواطئ
159Argumentxxxxxxx xxxxpredictiveمتوسط
160Argumentxxxxxxxxxxpredictiveمتوسط
161Argumentxxxxxxxpredictiveواطئ
162Argumentxxxxxxx_xxxx->xxx($xxxxxxxx)predictiveعالي
163Argumentxxxxxxpredictiveواطئ
164Argumentxxxxxxxxxxxpredictiveمتوسط
165Argumentxxxxxx_xxxxpredictiveمتوسط
166Argumentxxxxxxxxx->xxxxxxxxxpredictiveعالي
167Argumentxxpredictiveواطئ
168Argumentxxpredictiveواطئ
169Argumentxxxxxxxxxxxxxxpredictiveعالي
170Argumentxxxxxxxpredictiveواطئ
171Argumentxxxxx[xxxxx][xx]predictiveعالي
172Argumentxxxx_xxxxxx_xxxxpredictiveعالي
173Argumentxxxx x xxxxpredictiveمتوسط
174Argumentxxxxxxxxx/xxxxxxxxxpredictiveعالي
175Argumentxxxpredictiveواطئ
176Argumentxx_xxxxpredictiveواطئ
177Argumentxx[xxxx]predictiveمتوسط
178Argumentxxxxpredictiveواطئ
179Argumentxxxxxxxxxxxxxxxxxxxxpredictiveعالي
180Argumentxxpredictiveواطئ
181Argumentxxxxxxx/xxxx/xxxxxxxxpredictiveعالي
182Argumentxxxxxpredictiveواطئ
183Argumentxxxxx/xxxxxxpredictiveمتوسط
184Argumentxxxxpredictiveواطئ
185Argumentxxxx_xxxxpredictiveمتوسط
186Argumentxxxxxxxxpredictiveمتوسط
187Argumentxxxxxxxxpredictiveمتوسط
188Argumentxxxxxxxxpredictiveمتوسط
189Argumentxxxxxxxxxpredictiveمتوسط
190Argumentxxx_xxxpredictiveواطئ
191Argumentxxxxxxpredictiveواطئ
192Argumentxxxxxxpredictiveواطئ
193Argumentxx_xxxxxxx_xxxxxxxpredictiveعالي
194Argumentxxxxxxxxxxxxxpredictiveعالي
195Argumentxxxxxpredictiveواطئ
196Argumentxxxxxxx_xxxpredictiveمتوسط
197Argumentxxxxpredictiveواطئ
198Argumentxxxxxxxpredictiveواطئ
199Argumentxxxxxxpredictiveواطئ
200Argumentxxxxxxxx_xxxxxpredictiveعالي
201Argumentxxxxxxpredictiveواطئ
202Argumentxxxpredictiveواطئ
203Argumentxxxxxxxxxxxxpredictiveمتوسط
204Argumentxxxxxxpredictiveواطئ
205Argumentxxxxxxxxxpredictiveمتوسط
206Argumentxxxpredictiveواطئ
207Argumentxxxxxxpredictiveواطئ
208Argumentxxxpredictiveواطئ
209Argumentxxxxpredictiveواطئ
210Argumentxxxxxxxx-xxxxxxxxpredictiveعالي
211Argumentxxxpredictiveواطئ
212Argumentxxxxpredictiveواطئ
213Argumentxxxxxxxxpredictiveمتوسط
214Argumentxxxxxxxpredictiveواطئ
215Argumentxxxx->xxxxxxxpredictiveعالي
216Argumentx-xxxxxxxxx-xxxpredictiveعالي
217Argumentxxxpredictiveواطئ
218Argument\xxxxxx\predictiveمتوسط
219Argument_xxx_xxxxxxx_xxxxxxx_xxxxxxxxxxxxx_xxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxpredictiveعالي
220Argument_xxx_xxxxxxxxxxx_predictiveعالي
221Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveعالي
222Input Value.%xx.../.%xx.../predictiveعالي
223Input Valuexxx xxxxxxxxpredictiveمتوسط
224Input Valuexxxxxxxxpredictiveمتوسط
225Input Valuexxxxxxxxx' xxx 'x'='xpredictiveعالي
226Input Valuexxxxxpredictiveواطئ
227Input Valuexxxxxxx_xxxxx.xxxxxxx_xxxxxxxpredictiveعالي
228Input Value\xpredictiveواطئ
229Input Value….//predictiveواطئ
230Pattern|xx|predictiveواطئ
231Network Portxxxxxpredictiveواطئ
232Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveعالي
233Network Portxxx/xx (xxxxxx)predictiveعالي
234Network Portxxx xxxxxx xxxxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!