NetTraveler Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (148)

Sprache

en	138
it	6
zh	2
de	2

Land

us	100
cn	2

Akteure

NetTraveler	4

Interesse

Typ

Not Defined	40
Router Operating System	8
WordPress Plugin	6
Smartphone Operating System	4
Web Server	4

Hersteller

Not Defined	36
Microsoft	6
Itech	2
TP-LINK	2
Samsung	2

Produkt

Microsoft Windows	4
Gurunavi App	2
Itech Dating Script	2
PrivateTunnel	2
TP-LINK TL-WVR	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.47	CVE-2010-0966
3	Moxa IKS/EDS Cross Site Scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.00	CVE-2019-6565
4	PHP Template Store Script Profile Cross Site Scripting	4.4	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00108	0.00	CVE-2018-14869
5	WoltLab Burning Book addentry.php SQL Injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.02	CVE-2006-5509
6	ImageMagick pcd.c DecodeImage Denial of Service	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00565	0.00	CVE-2019-7175
7	Gurunavi App SSL Certificate Validator schwache Authentisierung	5.7	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00110	0.00	CVE-2015-7778
8	Quizlord Plugin admin.php Stored Cross Site Scripting	4.4	4.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00105	0.00	CVE-2018-17140
9	Microsoft Visual Studio erweiterte Rechte	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06292	0.03	CVE-2018-8172
10	Juniper Junos Sun/MS-RPC ALG Denial of Service	6.4	6.1	$5k-$25k	Wird berechnet	Not Defined	Official Fix	0.00105	0.00	CVE-2017-10608
11	lshell erweiterte Rechte	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00348	0.01	CVE-2016-6902
12	jforum User erweiterte Rechte	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.06	CVE-2019-7550
13	D-Link DIR-878 HTTP Header strncpy Pufferüberlauf	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00581	0.00	CVE-2019-9125
14	FSB Dequeen Mobile Banking App X.509 Certificate schwache Authentisierung	5.7	5.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00077	0.03	CVE-2017-9566
15	Intel McAfee ePolicy Orchestrator SQL Injection	7.6	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.62446	0.00	CVE-2016-8027
16	Intel McAfee ePolicy Orchestrator Apache Commons Collections Library erweiterte Rechte	8.3	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00203	0.00	CVE-2015-8765
17	Icewarp Server Cross Site Scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00420	0.00	CVE-2018-16324
18	Huawei Smarthome Encryption Key Stored Information Disclosure	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00107	0.02	CVE-2017-2704
19	ImageMagick dib.c WriteDIBImage Pufferüberlauf	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00444	0.00	CVE-2018-12600
20	KDE Plasma Workspace Notifications notificationsengine.cpp IP Address Information Disclosure	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00528	0.00	CVE-2018-6790

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	61.178.77.111		NetTraveler	27.03.2022	verifiziert	High
2	67.198.140.148	67.198.140.148.static.krypt.com	NetTraveler	27.03.2022	verifiziert	High
3	96.44.179.26	96.44.179.26.static.quadranet.com	NetTraveler	27.03.2022	verifiziert	High
4	96.46.4.237	96-46-4-237.res.trstrm.net	NetTraveler	27.03.2022	verifiziert	High
5	XX.XXX.XXX.XX	xxxx.xxxxxxxxxxxxxxx.xxx	Xxxxxxxxxxx	27.03.2022	verifiziert	High
6	XXX.XX.XXX.XX		Xxxxxxxxxxx	27.03.2022	verifiziert	High
7	XXX.XXX.XX.XXX		Xxxxxxxxxxx	27.03.2022	verifiziert	High
8	XXX.XX.XXX.XX		Xxxxxxxxxxx	27.03.2022	verifiziert	High
9	XXX.XX.XX.XXX		Xxxxxxxxxxx	01.01.2021	verifiziert	High
10	XXX.XXX.XX.XXX		Xxxxxxxxxxx	27.03.2022	verifiziert	High
11	XXX.XX.XX.XXX	xxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxxxxxx	27.03.2022	verifiziert	High
12	XXX.X.XX.X		Xxxxxxxxxxx	27.03.2022	verifiziert	High
13	XXX.XX.XX.XX		Xxxxxxxxxxx	27.03.2022	verifiziert	High
14	XXX.XX.XXX.XX	xx-xxx-xx-xxx-xx.xx.xxxxxxxxxxxx.xxx	Xxxxxxxxxxx	27.03.2022	verifiziert	High
15	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxxxx.xxxx.xxx	Xxxxxxxxxxx	27.03.2022	verifiziert	High
16	XXX.XXX.XXX.XX		Xxxxxxxxxxx	27.03.2022	verifiziert	High
17	XXX.XXX.X.XXX	xxx-xxx-x-xxx.xx.xxxxxxxxxxx.xx	Xxxxxxxxxxx	27.03.2022	verifiziert	High
18	XXX.XX.XX.XX		Xxxxxxxxxxx	01.01.2021	verifiziert	High
19	XXX.XX.XXX.XX		Xxxxxxxxxxx	27.03.2022	verifiziert	High

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1059	CWE-94	Argument Injection	prädiktiv	High
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
7	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	prädiktiv	High
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High
10	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High

IOA - Indicator of Attack (71)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/bin/login.php	prädiktiv	High
2	File	/see_more_details.php	prädiktiv	High
3	File	/start-stop	prädiktiv	Medium
4	File	/uncpath/	prädiktiv	Medium
5	File	/webmail/	prädiktiv	Medium
6	File	addentry.php	prädiktiv	Medium
7	File	admin.remository.php	prädiktiv	High
8	File	admin/index.php	prädiktiv	High
9	File	apply.cgi	prädiktiv	Medium
10	File	xxx\xxxxxxx\xxxxxx_xxxxxxxx.xxx	prädiktiv	High
11	File	xxxxx-xxx.x	prädiktiv	Medium
12	File	xx_xxxx.xxx	prädiktiv	Medium
13	File	xxxxxx/xxx.x	prädiktiv	Medium
14	File	xxxxxx/xxx.x	prädiktiv	Medium
15	File	xxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxx	prädiktiv	High
16	File	xxxxxxx_xx.xxx	prädiktiv	High
17	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
18	File	xxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxx	prädiktiv	High
19	File	xxxxx/xxxxxxx.xx	prädiktiv	High
20	File	xxxxxx.xxx	prädiktiv	Medium
21	File	xxxx/xxxxxxxxxx/xxxxxx-xxxx.x	prädiktiv	High
22	File	xxx/xxxx/xxxx.x	prädiktiv	High
23	File	xxxxxxxx.xxx	prädiktiv	Medium
24	File	xxxx.xxx	prädiktiv	Medium
25	File	xxxxxxxxx.xxx	prädiktiv	High
26	File	xxxxxxxxxxxx.xxx	prädiktiv	High
27	File	xxx/xxxxxx.xxx	prädiktiv	High
28	File	xxxxx.xxx	prädiktiv	Medium
29	File	xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx	prädiktiv	High
30	File	xxxxxxxxx.xx	prädiktiv	Medium
31	File	xxxxxx/xxxx.x	prädiktiv	High
32	File	xxxx.xxx	prädiktiv	Medium
33	File	xxxxxxx.x	prädiktiv	Medium
34	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	prädiktiv	High
35	File	xxxx_xxxxxxxx.xxx	prädiktiv	High
36	File	xxxxxxx.xxx	prädiktiv	Medium
37	File	xxxxxxxxx.xxx/xxxxxxx.xxx	prädiktiv	High
38	File	xxxxxxxx-xxxxxxxxxxx.xxx	prädiktiv	High
39	File	xxxxxxxx/xxxxxxxxxx.x	prädiktiv	High
40	File	xxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx	prädiktiv	High
41	File	xx/xxx.x	prädiktiv	Medium
42	File	xxxx.xxx	prädiktiv	Medium
43	File	xxxx-xxx.xxx	prädiktiv	Medium
44	File	xxxx-xxx.xxx xxxxxx	prädiktiv	High
45	File	xxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxxx.xxx	prädiktiv	High
46	File	xx-xxxxx/xxxxx.xxx	prädiktiv	High
47	File	xx-xxxxxxxxx.xxx	prädiktiv	High
48	Library	/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxx.xxx	prädiktiv	High
49	Library	xxxxxx.xxx	prädiktiv	Medium
50	Argument	xxxxxxx xxxx x/xxxxxxx xxxx x/xxxx xxxx/x/x xxxxxx xxxx	prädiktiv	High
51	Argument	xxxxxxxx	prädiktiv	Medium
52	Argument	xxxxxxxxx/xxxx	prädiktiv	High
53	Argument	xxxxxxxx	prädiktiv	Medium
54	Argument	xxxxxxxxxxx	prädiktiv	Medium
55	Argument	xxxx_xxxx	prädiktiv	Medium
56	Argument	xx	prädiktiv	Low
57	Argument	xxxxxxxxx	prädiktiv	Medium
58	Argument	xxxxx	prädiktiv	Low
59	Argument	xxxx_xx	prädiktiv	Low
60	Argument	xxxxxxxxx_xxxxxxxx_xxxx	prädiktiv	High
61	Argument	xxxx	prädiktiv	Low
62	Argument	xxxxxxxxx	prädiktiv	Medium
63	Argument	xxxxxx_xxx	prädiktiv	Medium
64	Argument	xxxxxxxxx/xxx	prädiktiv	High
65	Argument	xxxx	prädiktiv	Low
66	Argument	xxx	prädiktiv	Low
67	Argument	xxxxxxxxxx	prädiktiv	Medium
68	Argument	xx_xx	prädiktiv	Low
69	Argument	xxxxx	prädiktiv	Low
70	Argument	xxx	prädiktiv	Low
71	Argument	xxxxxxxx	prädiktiv	Medium

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!