Neutrino Exploit Kit Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (99)

Linguaggio

en	94
fr	4
pl	2

Nazione

us	34
ir	30
ca	14
pl	2
gr	2

Attori

Neutrino Exploit Kit	3

Interesse

Genere

Not Defined	36
Programming Language Software	8
Content Management System	6
Bug Tracking Software	4
File Transfer Software	4

Fornitore

Not Defined	36
Microsoft	6
Google	4
Atlassian	4
Ipswitch	4

Prodotto

PHP	6
Ipswitch WS_FTP Server	4
Dropbear SSH	4
myPHPNuke	4
Microsoft Windows	4

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php escalazione di privilegi	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.46	CVE-2010-0966
3	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.07	CVE-2008-5928
4	Squid Web Proxy SSL Certificate Validation rivelazione di un 'informazione	7.1	7.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00610	0.02	CVE-2023-46724
5	Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration escalazione di privilegi	4.7	4.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00083	0.00	CVE-2021-3617
6	Fortinet FortiMail HTTPS sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00677	0.00	CVE-2021-24007
7	Netgear NMS300 escalazione di privilegi	9.8	9.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00516	0.00	CVE-2020-35797
8	rConfig sudoers escalazione di privilegi	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00166	0.04	CVE-2019-19585
9	vBulletin moderation.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00284	0.01	CVE-2016-6195
10	PHP unserialize buffer overflow	7.3	6.4	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00000	0.02
11	Apache Tomcat CORS Filter escalazione di privilegi	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07849	0.04	CVE-2018-8014
12	D-Link DSL-2875AL/DSL-2877AL Web Management Server index.asp crittografia debole	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00291	0.00	CVE-2019-15656
13	HTTP/2 Window Size denial of service	6.8	6.7	$5k-$25k	$0-$5k	Not Defined	Workaround	0.09689	0.02	CVE-2019-9511
14	nginx HTTP/2 denial of service	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09699	0.04	CVE-2018-16843
15	D-Link DIR-825 router_info.xml PIN escalazione di privilegi	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00390	0.00	CVE-2019-9126
16	D-Link DSL-2770L atbox.htm Credentials escalazione di privilegi	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00369	0.00	CVE-2018-18007
17	Magento sql injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00582	0.03	CVE-2019-7139
18	Atlassian JIRA Server/Data Center Jira Importers Plugin escalazione di privilegi	7.2	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01473	0.00	CVE-2019-15001
19	Apache HTTP Server mod_session escalazione di privilegi	5.8	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00176	0.00	CVE-2018-1283
20	Apache HTTP Server HTTP Digest Authentication Challenge autenticazione debole	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01815	0.07	CVE-2018-1312

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	45.32.183.118	45.32.183.118.vultrusercontent.com	Neutrino Exploit Kit	01/04/2022	verified	Alto
2	78.136.221.141		Neutrino Exploit Kit	06/04/2022	verified	Alto
3	XX.XX.X.XX		Xxxxxxxx Xxxxxxx Xxx	01/04/2022	verified	Alto
4	XX.XXX.XXX.X	xxxx-xxxxxxxx-xxxxxx.xxxx.xxxxxx.xxx	Xxxxxxxx Xxxxxxx Xxx	06/04/2022	verified	Alto
5	XX.XXX.XXX.X	xxx.xxxxxx.xx	Xxxxxxxx Xxxxxxx Xxx	06/04/2022	verified	Alto
6	XX.XX.XXX.XXX	xx-xx-xxx-xxx.xxxxx.xxx.xx	Xxxxxxxx Xxxxxxx Xxx	06/04/2022	verified	Alto
7	XXX.XX.X.XXX		Xxxxxxxx Xxxxxxx Xxx	06/04/2022	verified	Alto
8	XXX.X.XXX.X		Xxxxxxxx Xxxxxxx Xxx	01/04/2022	verified	Alto
9	XXX.XXX.XXX.XX	xxxxxx-xx.xxxxxx-xxxxx.xxx	Xxxxxxxx Xxxxxxx Xxx	06/04/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
10	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
12	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
13	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
14	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
15	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/etc/sudoers	predictive	Media
2	File	/forum/away.php	predictive	Alto
3	File	/uncpath/	predictive	Media
4	File	arch/x86/kernel/paravirt.c	predictive	Alto
5	File	ArchiveNews.aspx	predictive	Alto
6	File	atbox.htm	predictive	Media
7	File	blank.php	predictive	Media
8	File	xxx_xxxxxxxx.xxx	predictive	Alto
9	File	xxxx/xxxxxxxxxxxxx.xxx	predictive	Alto
10	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
11	File	xxx/xxxx/xxxx.x	predictive	Alto
12	File	xxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxx	predictive	Alto
13	File	xxxxxxxx.xxx	predictive	Media
14	File	xxxxx_xxxx.xxx	predictive	Alto
15	File	xxx/xxxxxx.xxx	predictive	Alto
16	File	xxxxx.xxx	predictive	Media
17	File	xxxxx.xxx	predictive	Media
18	File	xxxxxxx.xxx	predictive	Media
19	File	xxxx.xxx	predictive	Media
20	File	xxxx_xxxx.xxx	predictive	Alto
21	File	xxxxxx/xxxxxxxxxx.x	predictive	Alto
22	File	xxxx.xxx	predictive	Media
23	File	xxxxx.xxx	predictive	Media
24	File	xxxxxxx/xxxx/xxxxxxxxx_xxx.xxx	predictive	Alto
25	File	xxxxx.xxx	predictive	Media
26	File	xxxxx.xxx	predictive	Media
27	File	xxxxxxxxxx.xxx	predictive	Alto
28	File	xxxxxx.x	predictive	Media
29	File	xxxxxx.xxx	predictive	Media
30	File	xxxxxx_xxxx.xxx	predictive	Alto
31	File	xxxxxx_xxxx.xxx	predictive	Alto
32	File	xxxxxxxxx.xxx	predictive	Alto
33	File	xxxxx/xxxxx.xx	predictive	Alto
34	Library	xxx/xx/xxxxxxx.xx	predictive	Alto
35	Library	xxxxxxxxxxxx.xxx	predictive	Alto
36	Argument	-x/-x	predictive	Basso
37	Argument	xxxxxxxx	predictive	Media
38	Argument	xxxx_xx	predictive	Basso
39	Argument	xxxxxx_xx	predictive	Media
40	Argument	xxxx_xxxx/xxxxx/xxxxxx	predictive	Alto
41	Argument	xxxx_xxxxxxx	predictive	Media
42	Argument	xx	predictive	Basso
43	Argument	xxxxx	predictive	Basso
44	Argument	xxxxxxxxx	predictive	Media
45	Argument	xxxxx_xxxx_xxx	predictive	Alto
46	Argument	xxxxxxx	predictive	Basso
47	Argument	xxxxxxxxx	predictive	Media
48	Argument	xxxxxx_xxxx	predictive	Media
49	Argument	xxxxxxxxxxxx	predictive	Media
50	Argument	xxx	predictive	Basso
51	Argument	xxx	predictive	Basso
52	Argument	xxxx	predictive	Basso
53	Argument	xxxxxxxx/xxxx	predictive	Alto
54	Argument	xxxxxxxx_x/xxxxxxxx_x	predictive	Alto
55	Argument	xxxx->xxxxxxx	predictive	Alto

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!