Necurs Analyse

IOB - Indicator of Behavior (41)

Zeitverlauf

Sprache

en36
it2
jp2
sv2

Land

us34
fr6
gb2

Akteure

Aktivitäten

Interesse

Zeitverlauf

Typ

Hersteller

Produkt

Cutephp CuteNews2
DZCP deV!L`z Clanportal2
FLDS2
Thomas R. Pasawicz HyperBook Guestbook2
IBM Lotus Domino2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.340.00943CVE-2010-0966
3Joomla CMS Login SQL Injection9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.000.00194CVE-2006-1047
4WPFront Scroll Top Plugin Image Cross Site Scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00058CVE-2021-24564
5PHP-Nuke Addressbook Module Dateieinbindung7.37.1$25k-$100k$0-$5kFunctionalUnavailable0.000.04741CVE-2007-1720
6Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation8.37.3$100k und mehr$5k-$25kUnprovenOfficial Fix0.020.00046CVE-2021-31969
7LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.510.00000
8Maran PHP Shop prod.php SQL Injection7.37.3$0-$5kWird berechnetHighUnavailable0.040.00137CVE-2008-4879
9DUware DUpaypal detail.asp SQL Injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00421CVE-2006-6365
10PHP Arena paBugs MySQL class.mysql.php erweiterte Rechte7.36.8$0-$5kWird berechnetFunctionalUnavailable0.020.07369CVE-2006-5079
11ShopStoreNow E-commerce Shopping Cart orange.asp SQL Injection7.37.1$0-$5k$0-$5kHighUnavailable0.000.00811CVE-2007-0142
12Motorola SBG6580 Web Access login Denial of Service7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000.00000
13Pixelpost Cross Site Request Forgery7.06.4$0-$5kWird berechnetProof-of-ConceptNot Defined0.020.01219CVE-2010-3305
14Check Point VPN-1 UTM Edge Administrator Account WizU.html Cross Site Request Forgery8.88.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.01277CVE-2007-3489
15Qualcomm Snapdragon Automobile Register erweiterte Rechte5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2017-11004
16WoltLab Burning Book addentry.php SQL Injection7.36.8$0-$5kWird berechnetFunctionalUnavailable0.020.00804CVE-2006-5509
17OpenBB read.php SQL Injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00250CVE-2005-1612
18lshell erweiterte Rechte8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00348CVE-2016-6902
19Wesley Destailleur forum todooforum.php Cross Site Scripting4.34.3$0-$5kWird berechnetNot DefinedNot Defined0.000.00195CVE-2013-3538
20GetSimpleCMS index.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.050.00123CVE-2019-9915

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
140.121.206.97Necurs13.06.2021verifiziertHigh
262.212.154.98ns1.crossdns.comNecurs01.04.2022verifiziertHigh
364.47.209.23Necurs13.06.2021verifiziertHigh
464.63.188.85Necurs13.06.2021verifiziertHigh
564.231.250.149bas3-toronto12-64-231-250-149.dsl.bell.caNecurs13.06.2021verifiziertHigh
6XX.XX.XX.XXxxxxxxxx-xxxxxx.xx.xxxXxxxxx13.06.2021verifiziertHigh
7XX.XXX.XXX.XXXXxxxxx13.06.2021verifiziertHigh
8XX.X.XX.XXXXxxxxx13.06.2021verifiziertHigh
9XX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxxXxxxxx01.04.2022verifiziertHigh
10XX.XXX.XXX.XXXxxxxx13.06.2021verifiziertHigh
11XX.XXX.XX.XXxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxx01.04.2022verifiziertHigh
12XX.XXX.XXX.XXxxx-xxxxxxxx.xxx.xxxxxxxxx.xxxXxxxxx13.06.2021verifiziertHigh
13XX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxxxxxxxxxxx.xxxXxxxxx13.06.2021verifiziertHigh
14XX.XX.XXX.XXXXxxxxx13.06.2021verifiziertHigh
15XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxx.xxxx.xxxxxxx.xxxXxxxxx13.06.2021verifiziertHigh
16XX.XX.XX.XXXxxxx.xxxxxxxxxxxxxx-xxxxx.xx.xx.xxxXxxxxx13.06.2021verifiziertHigh
17XX.XXX.XX.XXXxx-xxx-xx-xxx.xxx.xxxxx.xxxXxxxxx01.04.2022verifiziertHigh
18XX.XXX.XX.XXXxxxxx.xxxxxxxxx.xxxXxxxxx01.04.2022verifiziertHigh
19XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxx06.04.2022verifiziertHigh
20XX.XXX.XXX.XXxxxxx-xxxxxxxxxxx.xxxXxxxxx01.04.2022verifiziertHigh
21XX.XXX.XXX.XXXxxxxx-xxxxxxxxxxx.xxxXxxxxx08.04.2022verifiziertHigh
22XXX.XXX.XX.XXXXxxxxx06.04.2022verifiziertHigh
23XXX.XXX.XXX.XXxxxxxxxxxx.xxx.xxx-xxxxxx.xxx.xxXxxxxx01.04.2022verifiziertHigh
24XXX.XXX.XXX.XXXxxxxx01.04.2022verifiziertHigh
25XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxXxxxxx06.04.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1059CWE-94Argument InjectionprädiktivHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
6TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/forum/away.phpprädiktivHigh
2File/goform/loginprädiktivHigh
3Fileaddentry.phpprädiktivMedium
4Fileaddressbook.phpprädiktivHigh
5Filexxxxx/xxxxx.xxxprädiktivHigh
6Filexxxxx.xxxxx.xxxprädiktivHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
8Filexxxxxx.xxxprädiktivMedium
9Filexxxxxx.xxxprädiktivMedium
10Filexxx/xxxxxx.xxxprädiktivHigh
11Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xprädiktivHigh
12Filexxxxxx.xxxprädiktivMedium
13Filexxx/xxxx.xxxxprädiktivHigh
14Filexxxx.xxxprädiktivMedium
15Filexxxx.xxxprädiktivMedium
16Filexxxxx.xxxprädiktivMedium
17Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxprädiktivHigh
18Filexxxx_xxxxxxxx.xxxprädiktivHigh
19Filexxxxxxxxxx.xxxprädiktivHigh
20ArgumentxxxxxxxxprädiktivMedium
21ArgumentxxxprädiktivLow
22ArgumentxxxxxprädiktivLow
23ArgumentxxxxxxxxprädiktivMedium
24ArgumentxxprädiktivLow
25ArgumentxxxxprädiktivLow
26Argumentxxxxxx_xxxxprädiktivMedium
27Argumentxxxx_xx_xx_xxxprädiktivHigh
28ArgumentxxprädiktivLow
29ArgumentxxxxxxxxprädiktivMedium
30ArgumentxxxxxxxxprädiktivMedium
31ArgumentxxxprädiktivLow
32Network Portxxx xxxxxx xxxxprädiktivHigh

Referenzen (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!