Noon Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Sequenza temporale

Linguaggio

en40
zh6
sv4
de4
jp2

Nazione

ca12
sv4
de4
jp2
us2

Attori

Noon3
Mars Stealer1
Shiz1
XLoader1
Loki Password Stealer (PWS)1

Attività

Interesse

Sequenza temporale

Genere

Programming Language Software8
Not Defined8
Forum Software8
Virtualization Software4
Content Management System4

Fornitore

Not Defined10
Invision Power Services6
LEMON-S2
Upoint2
Linux Foundation2

Prodotto

Invision Power Services IP.Board6
LEMON-S PHP Simple Oekaki BBS2
Upoint @1 File Store2
Linux Foundation Xen2
GNUBOARD52

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2018-19464
2gnuboard5 Web Page Generation cross site scripting5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.00CVE-2021-3831
3GNUBOARD5 Parameter move_update.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.00CVE-2020-18663
4SkullSplitter PHP Guestbook guestbook.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.008140.05CVE-2006-1256
5ZyXEL PK5001Z escalazione di privilegi8.88.3$5k-$25k$0-$5kProof-of-ConceptNot Defined0.941190.00CVE-2016-10401
6Cannot PHP infoBoard escalazione di privilegi7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.010490.00CVE-2008-4334
7JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.04CVE-2010-5048
8LEMON-S PHP Simple Oekaki BBS index.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001920.04CVE-2015-2969
9CuteNews show_archives.php escalazione di privilegi6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.005990.07CVE-2006-6746
11PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
12DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.70CVE-2010-0966
13D-Link DIR-2150 anweb action_handler buffer overflow8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2022-40717
14Microsoft Internet Explorer FTP Client onerror cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.02
15Invision Power Services IP.Board URL denial of service5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001640.02CVE-2015-6812
16Invision Power Services IP.Board cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.000000.02
17Invision Power Services IP.Board index.php cross site scripting4.34.2$0-$5k$0-$5kHighWorkaround0.001920.07CVE-2014-5106
18Invision Power Services IP.Board cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001120.00CVE-2015-6810
19Upoint @1 File Store signup.php cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006140.02CVE-2006-1277
20vBulletin subWidgets Data widget_tabbedcontainer_tab_panel escalazione di privilegi8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.831010.02CVE-2020-7373

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
15.45.84.69Noon06/12/2021verifiedAlto
269.172.201.218Noon12/04/2022verifiedAlto
3XX.XX.XXX.XXxxxxx.xxxxxxxxx.xxxXxxx12/04/2022verifiedAlto
4XX.XX.XXX.XXXxxx12/04/2022verifiedAlto
5XX.XXX.XXX.XXXXxxx12/04/2022verifiedAlto
6XXX.X.XX.XXXxxx06/12/2021verifiedAlto
7XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxx06/12/2021verifiedAlto
8XXX.XXX.XX.XXXxxx12/04/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-0CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-215CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/uncpath/predictiveMedia
2Fileadd_comment.phppredictiveAlto
3Fileadd_quiz.phppredictiveMedia
4Fileadmin.jcomments.phppredictiveAlto
5Fileadmin.phppredictiveMedia
6Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveAlto
7Filexxxx/xxxxxx/xxxxxx_xxxxxxxxxxxxxxx_xxx_xxxxxpredictiveAlto
8Filexxxx/xxx/xx.xpredictiveAlto
9Filexxx/xxxx_xxxxxx.xxxpredictiveAlto
10Filexxxxxxxx/xxxxxx/predictiveAlto
11Filexxxxxxxxxxx.xpredictiveAlto
12Filexxxxxxxxx.xxxpredictiveAlto
13Filexxx/xxxxxx.xxxpredictiveAlto
14Filexxxxx.xxxpredictiveMedia
15Filexxxxxxxx.xxxpredictiveMedia
16Filexxxxxxx/xxxxxxx/xx_xxxxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveAlto
17Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxpredictiveAlto
18Filexxxx_xxxxxxxx.xxxpredictiveAlto
19Filexxxxxx.xxxpredictiveMedia
20ArgumentxxxpredictiveBasso
21ArgumentxxxxxpredictiveBasso
22ArgumentxxxxxxxxpredictiveMedia
23Argumentxxxxx_xxxxxxxxpredictiveAlto
24ArgumentxxxxpredictiveBasso
25Argumentxx_xxxxpredictiveBasso
26ArgumentxxxxpredictiveBasso
27ArgumentxxxxxxxpredictiveBasso
28ArgumentxxxxxxxpredictiveBasso
29ArgumentxxxxxxxxpredictiveMedia
30ArgumentxxxxxxxxpredictiveMedia
31Argumentxxxxx/xxxxxxxxxxxpredictiveAlto
32ArgumentxxxpredictiveBasso
33Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveAlto
34Input ValuexxxxxxxxpredictiveMedia
35Network PortxxxxxpredictiveBasso

Referenze (3)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Interested in the pricing of exploits?

See the underground prices here!