NightScout Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Chronologie

Langue

en24
zh2

De campagne

cn20
us4
gb2

Acteurs

NightScout3
Mustang Panda1
PlugX1
PingPull1
Cobalt Strike1

Activités

Intérêt

Chronologie

Taper

Not Defined8
Router Operating System6
Network Attached Storage Software2
Document Reader Software2
File Transfer Software2

Fournisseur

Juniper2
QNAP2
Pulse Secure2
ASUS2
Adobe2

Produit

Juniper Junos Pulse Secure Access Service2
QNAP QTS2
Pulse Secure Pulse Connect Secure2
ASUS RT-AC51U2
Adobe Acrobat Reader2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Juniper Junos Pulse Secure Access Service SSL VPN Web Server cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001350.00CVE-2013-5649
2ASUS RT-AC51U Network Request cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000620.00CVE-2023-29772
3Asus RT-AC2900 elévation de privilèges8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.085970.02CVE-2018-8826
4Apache CouchDB elévation de privilèges6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.974720.02CVE-2022-24706
5Apache Struts Incomplete Fix CVE-2020-17530 elévation de privilèges6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.185580.03CVE-2021-31805
6Metabase Custom GeoJSON Map elévation de privilèges8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.954790.00CVE-2021-41277
7Rabbitmq Docker Image authentification faible9.89.8$0-$5k$0-$5kNot DefinedOfficial Fix0.006610.03CVE-2020-35196
8RabbitMQ Security Vulnerability elévation de privilèges5.45.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.06CVE-2020-5419
9Boa Webserver GET wapopen directory traversal6.46.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.735400.09CVE-2017-9833
10Commvault CVDataPipe.dll elévation de privilèges8.58.4$0-$5k$0-$5kHighOfficial Fix0.064300.02CVE-2017-18044
11Pulse Secure Pulse Connect Secure login_meeting.cgi elévation de privilèges9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001940.00CVE-2018-20813
12QNAP QTS elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.124270.06CVE-2019-7193
13Adobe Acrobat Reader elévation de privilèges7.06.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.000830.00CVE-2020-9613
14UEditor IFRAME cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000700.00CVE-2017-14744
15Alcatel-Lucent CellPipe 7130 Router Port Triggering Menu cross site scripting4.34.3$0-$5kCalculateurNot DefinedNot Defined0.001550.00CVE-2015-4587
16Qualcomm Snapdragon Auto WMA Event buffer overflow6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.000440.00CVE-2018-11923
17Oracle E-Business Suite Scripting iesfootprint.jsp elévation de privilèges9.18.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.013310.05CVE-2017-3549
18Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.09CVE-2014-2120
19ProFTPD mod_copy elévation de privilèges8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.944620.04CVE-2019-12815
20FileZen File Upload directory traversal7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.001980.04CVE-2018-0693

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • NightScout

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
145.158.32.65NightScoutNightScout31/05/2021verifiedÉlevé
2XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxx31/05/2021verifiedÉlevé
3XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxx31/05/2021verifiedÉlevé
4XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxx31/05/2021verifiedÉlevé

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveÉlevé
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/+CSCOE+/logon.htmlpredictiveÉlevé
2File/cgi-bin/wapopenpredictiveÉlevé
3Filexxxxxxxxxxxx.xxxpredictiveÉlevé
4Filexxxxx_xxxxxxx.xxxpredictiveÉlevé
5Libraryxxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxxpredictiveÉlevé
6ArgumentxxxxxxxxxxpredictiveMoyen
7ArgumentxxxpredictiveFaible
8Input Value../..predictiveFaible
9Input Valuexx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --predictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!