NightScout Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Język

en	22
zh	4

Kraj

cn	16
us	8
gb	2

Aktorzy

NightScout	3
Mustang Panda	1
PlugX	1
PingPull	1
Cobalt Strike	1

Wysiłek

Rodzaj

Not Defined	8
Application Server Software	2
Web Server	2
Router Operating System	2
Document Reader Software	2

Sprzedawca

Not Defined	8
Apache	6
D-Link	2
Adobe	2
FileZilla	2

Produkt

Apache Tomcat	2
RabbitMQ	2
Boa Webserver	2
D-Link DIR-550A	2
D-Link DIR-604M	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Juniper Junos Pulse Secure Access Service SSL VPN Web Server cross site scripting	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00135	0.00	CVE-2013-5649
2	ASUS RT-AC51U Network Request cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00062	0.00	CVE-2023-29772
3	Asus RT-AC2900 privilege escalation	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08597	0.02	CVE-2018-8826
4	Apache CouchDB privilege escalation	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97472	0.02	CVE-2022-24706
5	Apache Struts Incomplete Fix CVE-2020-17530 privilege escalation	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.18558	0.03	CVE-2021-31805
6	Metabase Custom GeoJSON Map privilege escalation	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.95479	0.00	CVE-2021-41277
7	Rabbitmq Docker Image weak authentication	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00661	0.02	CVE-2020-35196
8	RabbitMQ Security Vulnerability privilege escalation	5.4	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.06	CVE-2020-5419
9	Boa Webserver GET wapopen directory traversal	6.4	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.73540	0.09	CVE-2017-9833
10	Commvault CVDataPipe.dll privilege escalation	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.06430	0.02	CVE-2017-18044
11	Pulse Secure Pulse Connect Secure login_meeting.cgi privilege escalation	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00194	0.00	CVE-2018-20813
12	QNAP QTS privilege escalation	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.12427	0.06	CVE-2019-7193
13	Adobe Acrobat Reader privilege escalation	7.0	6.7	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00083	0.00	CVE-2020-9613
14	UEditor IFRAME cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.00	CVE-2017-14744
15	Alcatel-Lucent CellPipe 7130 Router Port Triggering Menu cross site scripting	4.3	4.3	$0-$5k	Obliczenie	Not Defined	Not Defined	0.00155	0.00	CVE-2015-4587
16	Qualcomm Snapdragon Auto WMA Event memory corruption	6.5	6.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00044	0.00	CVE-2018-11923
17	Oracle E-Business Suite Scripting iesfootprint.jsp privilege escalation	9.1	8.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01331	0.05	CVE-2017-3549
18	Cisco ASA WebVPN Login Page logon.html cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00192	0.03	CVE-2014-2120
19	ProFTPD mod_copy privilege escalation	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.94462	0.00	CVE-2019-12815
20	FileZen File Upload directory traversal	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00198	0.00	CVE-2018-0693

Kampanie (1)

These are the campaigns that can be associated with the actor:

NightScout

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	45.158.32.65	NightScout	NightScout	2021-05-31	verified	Wysoki
2	XXX.XXX.XXX.XXX	Xxxxxxxxxx	Xxxxxxxxxx	2021-05-31	verified	Wysoki
3	XXX.XXX.XXX.XXX	Xxxxxxxxxx	Xxxxxxxxxx	2021-05-31	verified	Wysoki
4	XXX.XXX.XX.XXX	Xxxxxxxxxx	Xxxxxxxxxx	2021-05-31	verified	Wysoki

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX.XXX	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Wysoki
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/+CSCOE+/logon.html	predictive	Wysoki
2	File	/cgi-bin/wapopen	predictive	Wysoki
3	File	xxxxxxxxxxxx.xxx	predictive	Wysoki
4	File	xxxxx_xxxxxxx.xxx	predictive	Wysoki
5	Library	xxxxxxxxxxxx/xxxx/xxxxxxxxxx.xxx	predictive	Wysoki
6	Argument	xxxxxxxxxx	predictive	Medium
7	Argument	xxx	predictive	Niski
8	Input Value	../..	predictive	Niski
9	Input Value	xx' xxx xxx_xxxx.xxxxxxx('xxxx://xxxxxxxxx_xxxx/xxxxx')='x' xxxxx xx xxxxx_xxxx)) --	predictive	Wysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!