Neutrino Exploit Kit Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (99)

Zeitverlauf

Sprache

en90
fr6
de2
pl2

Land

us40
ir24
ca8
fr4
pl2

Akteure

Neutrino Exploit Kit3

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined42
Programming Language Software8
Content Management System6
File Transfer Software4
Bug Tracking Software4

Hersteller

Not Defined24
Midicart Software6
Ipswitch4
Microsoft4
Atlassian4

Produkt

Ipswitch WS_FTP Server4
SolarWinds Orion Platform2
jco.ir Karma2
Allegro RomPager2
Google Android2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.610.00943CVE-2010-0966
3FLDS redir.php SQL Injection7.37.3$0-$5k$0-$5kHighUnavailable0.090.00203CVE-2008-5928
4Squid Web Proxy SSL Certificate Validation Information Disclosure7.17.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00610CVE-2023-46724
5Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration erweiterte Rechte4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00083CVE-2021-3617
6Fortinet FortiMail HTTPS SQL Injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00677CVE-2021-24007
7Netgear NMS300 erweiterte Rechte9.89.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00516CVE-2020-35797
8rConfig sudoers erweiterte Rechte6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00166CVE-2019-19585
9vBulletin moderation.php SQL Injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.010.00284CVE-2016-6195
10PHP unserialize Pufferüberlauf7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.030.00000
11Apache Tomcat CORS Filter erweiterte Rechte8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.07849CVE-2018-8014
12D-Link DSL-2875AL/DSL-2877AL Web Management Server index.asp schwache Verschlüsselung6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00291CVE-2019-15656
13HTTP/2 Window Size Denial of Service6.86.7$5k-$25k$0-$5kNot DefinedWorkaround0.000.09689CVE-2019-9511
14nginx HTTP/2 Denial of Service6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.09699CVE-2018-16843
15D-Link DIR-825 router_info.xml PIN erweiterte Rechte6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00390CVE-2019-9126
16D-Link DSL-2770L atbox.htm Credentials erweiterte Rechte7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00369CVE-2018-18007
17Magento SQL Injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00582CVE-2019-7139
18Atlassian JIRA Server/Data Center Jira Importers Plugin erweiterte Rechte7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01473CVE-2019-15001
19Apache HTTP Server mod_session erweiterte Rechte5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00176CVE-2018-1283
20Apache HTTP Server HTTP Digest Authentication Challenge schwache Authentisierung8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01815CVE-2018-1312

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
145.32.183.11845.32.183.118.vultrusercontent.comNeutrino Exploit Kit01.04.2022verifiziertHigh
278.136.221.141Neutrino Exploit Kit06.04.2022verifiziertHigh
3XX.XX.X.XXXxxxxxxx Xxxxxxx Xxx01.04.2022verifiziertHigh
4XX.XXX.XXX.Xxxxx-xxxxxxxx-xxxxxx.xxxx.xxxxxx.xxxXxxxxxxx Xxxxxxx Xxx06.04.2022verifiziertHigh
5XX.XXX.XXX.Xxxx.xxxxxx.xxXxxxxxxx Xxxxxxx Xxx06.04.2022verifiziertHigh
6XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxxxx Xxxxxxx Xxx06.04.2022verifiziertHigh
7XXX.XX.X.XXXXxxxxxxx Xxxxxxx Xxx06.04.2022verifiziertHigh
8XXX.X.XXX.XXxxxxxxx Xxxxxxx Xxx01.04.2022verifiziertHigh
9XXX.XXX.XXX.XXxxxxxx-xx.xxxxxx-xxxxx.xxxXxxxxxxx Xxxxxxx Xxx06.04.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CWE-94Argument InjectionprädiktivHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
12TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/etc/sudoersprädiktivMedium
2File/forum/away.phpprädiktivHigh
3File/uncpath/prädiktivMedium
4Filearch/x86/kernel/paravirt.cprädiktivHigh
5FileArchiveNews.aspxprädiktivHigh
6Fileatbox.htmprädiktivMedium
7Fileblank.phpprädiktivMedium
8Filexxx_xxxxxxxx.xxxprädiktivHigh
9Filexxxx/xxxxxxxxxxxxx.xxxprädiktivHigh
10Filexxxx/xxxxxxxxxxxxxxx.xxxprädiktivHigh
11Filexxx/xxxx/xxxx.xprädiktivHigh
12Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxprädiktivHigh
13Filexxxxxxxx.xxxprädiktivMedium
14Filexxxxx_xxxx.xxxprädiktivHigh
15Filexxx/xxxxxx.xxxprädiktivHigh
16Filexxxxx.xxxprädiktivMedium
17Filexxxxx.xxxprädiktivMedium
18Filexxxxxxx.xxxprädiktivMedium
19Filexxxx.xxxprädiktivMedium
20Filexxxx_xxxx.xxxprädiktivHigh
21Filexxxxxx/xxxxxxxxxx.xprädiktivHigh
22Filexxxx.xxxprädiktivMedium
23Filexxxxx.xxxprädiktivMedium
24Filexxxxxxx/xxxx/xxxxxxxxx_xxx.xxxprädiktivHigh
25Filexxxxx.xxxprädiktivMedium
26Filexxxxx.xxxprädiktivMedium
27Filexxxxxxxxxx.xxxprädiktivHigh
28Filexxxxxx.xprädiktivMedium
29Filexxxxxx.xxxprädiktivMedium
30Filexxxxxx_xxxx.xxxprädiktivHigh
31Filexxxxxx_xxxx.xxxprädiktivHigh
32Filexxxxxxxxx.xxxprädiktivHigh
33Filexxxxx/xxxxx.xxprädiktivHigh
34Libraryxxx/xx/xxxxxxx.xxprädiktivHigh
35Libraryxxxxxxxxxxxx.xxxprädiktivHigh
36Argument-x/-xprädiktivLow
37ArgumentxxxxxxxxprädiktivMedium
38Argumentxxxx_xxprädiktivLow
39Argumentxxxxxx_xxprädiktivMedium
40Argumentxxxx_xxxx/xxxxx/xxxxxxprädiktivHigh
41Argumentxxxx_xxxxxxxprädiktivMedium
42ArgumentxxprädiktivLow
43ArgumentxxxxxprädiktivLow
44ArgumentxxxxxxxxxprädiktivMedium
45Argumentxxxxx_xxxx_xxxprädiktivHigh
46ArgumentxxxxxxxprädiktivLow
47ArgumentxxxxxxxxxprädiktivMedium
48Argumentxxxxxx_xxxxprädiktivMedium
49ArgumentxxxxxxxxxxxxprädiktivMedium
50ArgumentxxxprädiktivLow
51ArgumentxxxprädiktivLow
52ArgumentxxxxprädiktivLow
53Argumentxxxxxxxx/xxxxprädiktivHigh
54Argumentxxxxxxxx_x/xxxxxxxx_xprädiktivHigh
55Argumentxxxx->xxxxxxxprädiktivHigh

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Interested in the pricing of exploits?

See the underground prices here!