Neutrino Exploit Kit Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (99)

Chronologie

Langue

en94
fr6

De campagne

us42
ir26
ca12
fr2
gr2

Acteurs

Neutrino Exploit Kit3

Activités

Intérêt

Chronologie

Taper

Not Defined34
Web Server8
Content Management System6
Operating System4
Programming Language Software4

Fournisseur

Not Defined30
Apache6
D-Link4
Netgear4
Microsoft4

Produit

Apache HTTP Server4
myPHPNuke2
D-Link DSL-2770L2
lwIP2
DeDeCMS2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.16CVE-2010-0966
3FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.09CVE-2008-5928
4Squid Web Proxy SSL Certificate Validation divulgation de l'information7.17.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006100.02CVE-2023-46724
5Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration elévation de privilèges4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000830.00CVE-2021-3617
6Fortinet FortiMail HTTPS sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006770.00CVE-2021-24007
7Netgear NMS300 elévation de privilèges9.89.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.005160.00CVE-2020-35797
8rConfig sudoers elévation de privilèges6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001660.04CVE-2019-19585
9vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.01CVE-2016-6195
10PHP unserialize buffer overflow7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.000000.02
11Apache Tomcat CORS Filter elévation de privilèges8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.078490.02CVE-2018-8014
12D-Link DSL-2875AL/DSL-2877AL Web Management Server index.asp chiffrement faible6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.002910.00CVE-2019-15656
13HTTP/2 Window Size dénie de service6.86.7$5k-$25k$0-$5kNot DefinedWorkaround0.096890.02CVE-2019-9511
14nginx HTTP/2 dénie de service6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.096990.04CVE-2018-16843
15D-Link DIR-825 router_info.xml PIN elévation de privilèges6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.003900.00CVE-2019-9126
16D-Link DSL-2770L atbox.htm Credentials elévation de privilèges7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.003690.00CVE-2018-18007
17Magento sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005820.03CVE-2019-7139
18Atlassian JIRA Server/Data Center Jira Importers Plugin elévation de privilèges7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014730.00CVE-2019-15001
19Apache HTTP Server mod_session elévation de privilèges5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001760.00CVE-2018-1283
20Apache HTTP Server HTTP Digest Authentication Challenge authentification faible8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.03CVE-2018-1312

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
145.32.183.11845.32.183.118.vultrusercontent.comNeutrino Exploit Kit01/04/2022verifiedÉlevé
278.136.221.141Neutrino Exploit Kit06/04/2022verifiedÉlevé
3XX.XX.X.XXXxxxxxxx Xxxxxxx Xxx01/04/2022verifiedÉlevé
4XX.XXX.XXX.Xxxxx-xxxxxxxx-xxxxxx.xxxx.xxxxxx.xxxXxxxxxxx Xxxxxxx Xxx06/04/2022verifiedÉlevé
5XX.XXX.XXX.Xxxx.xxxxxx.xxXxxxxxxx Xxxxxxx Xxx06/04/2022verifiedÉlevé
6XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxxxx Xxxxxxx Xxx06/04/2022verifiedÉlevé
7XXX.XX.X.XXXXxxxxxxx Xxxxxxx Xxx06/04/2022verifiedÉlevé
8XXX.X.XXX.XXxxxxxxx Xxxxxxx Xxx01/04/2022verifiedÉlevé
9XXX.XXX.XXX.XXxxxxxx-xx.xxxxxx-xxxxx.xxxXxxxxxxx Xxxxxxx Xxx06/04/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CWE-94Argument InjectionpredictiveÉlevé
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
12TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/etc/sudoerspredictiveMoyen
2File/forum/away.phppredictiveÉlevé
3File/uncpath/predictiveMoyen
4Filearch/x86/kernel/paravirt.cpredictiveÉlevé
5FileArchiveNews.aspxpredictiveÉlevé
6Fileatbox.htmpredictiveMoyen
7Fileblank.phppredictiveMoyen
8Filexxx_xxxxxxxx.xxxpredictiveÉlevé
9Filexxxx/xxxxxxxxxxxxx.xxxpredictiveÉlevé
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
11Filexxx/xxxx/xxxx.xpredictiveÉlevé
12Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveÉlevé
13Filexxxxxxxx.xxxpredictiveMoyen
14Filexxxxx_xxxx.xxxpredictiveÉlevé
15Filexxx/xxxxxx.xxxpredictiveÉlevé
16Filexxxxx.xxxpredictiveMoyen
17Filexxxxx.xxxpredictiveMoyen
18Filexxxxxxx.xxxpredictiveMoyen
19Filexxxx.xxxpredictiveMoyen
20Filexxxx_xxxx.xxxpredictiveÉlevé
21Filexxxxxx/xxxxxxxxxx.xpredictiveÉlevé
22Filexxxx.xxxpredictiveMoyen
23Filexxxxx.xxxpredictiveMoyen
24Filexxxxxxx/xxxx/xxxxxxxxx_xxx.xxxpredictiveÉlevé
25Filexxxxx.xxxpredictiveMoyen
26Filexxxxx.xxxpredictiveMoyen
27Filexxxxxxxxxx.xxxpredictiveÉlevé
28Filexxxxxx.xpredictiveMoyen
29Filexxxxxx.xxxpredictiveMoyen
30Filexxxxxx_xxxx.xxxpredictiveÉlevé
31Filexxxxxx_xxxx.xxxpredictiveÉlevé
32Filexxxxxxxxx.xxxpredictiveÉlevé
33Filexxxxx/xxxxx.xxpredictiveÉlevé
34Libraryxxx/xx/xxxxxxx.xxpredictiveÉlevé
35Libraryxxxxxxxxxxxx.xxxpredictiveÉlevé
36Argument-x/-xpredictiveFaible
37ArgumentxxxxxxxxpredictiveMoyen
38Argumentxxxx_xxpredictiveFaible
39Argumentxxxxxx_xxpredictiveMoyen
40Argumentxxxx_xxxx/xxxxx/xxxxxxpredictiveÉlevé
41Argumentxxxx_xxxxxxxpredictiveMoyen
42ArgumentxxpredictiveFaible
43ArgumentxxxxxpredictiveFaible
44ArgumentxxxxxxxxxpredictiveMoyen
45Argumentxxxxx_xxxx_xxxpredictiveÉlevé
46ArgumentxxxxxxxpredictiveFaible
47ArgumentxxxxxxxxxpredictiveMoyen
48Argumentxxxxxx_xxxxpredictiveMoyen
49ArgumentxxxxxxxxxxxxpredictiveMoyen
50ArgumentxxxpredictiveFaible
51ArgumentxxxpredictiveFaible
52ArgumentxxxxpredictiveFaible
53Argumentxxxxxxxx/xxxxpredictiveÉlevé
54Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveÉlevé
55Argumentxxxx->xxxxxxxpredictiveÉlevé

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!