Noon Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Język

en	38
it	6
jp	4
zh	4
de	4

Kraj

ca	14
it	6
jp	4
us	4
de	4

Aktorzy

Noon	3
Mars Stealer	1
Shiz	1
XLoader	1
Loki Password Stealer (PWS)	1

Wysiłek

Rodzaj

Not Defined	12
Forum Software	8
Programming Language Software	6
Content Management System	2
NPM Package	2

Sprzedawca

Not Defined	8
Invision Power Services	6
IBM	4
Microsoft	4
JoomlaTune	2

Produkt

Invision Power Services IP.Board	6
JoomlaTune Com Jcomments	2
Cisco Umbrella Enterprise Roaming Client	2
LEMON-S PHP Simple Oekaki BBS	2
Cannot PHP infoBoard	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Discuz! admin.php cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.02	CVE-2018-19464
2	gnuboard5 Web Page Generation cross site scripting	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.00	CVE-2021-3831
3	GNUBOARD5 Parameter move_update.php cross site scripting	3.5	3.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.00	CVE-2020-18663
4	SkullSplitter PHP Guestbook guestbook.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00814	0.05	CVE-2006-1256
5	ZyXEL PK5001Z privilege escalation	8.8	8.3	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.94119	0.00	CVE-2016-10401
6	Cannot PHP infoBoard privilege escalation	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01049	0.00	CVE-2008-4334
7	JoomlaTune Com Jcomments admin.jcomments.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00489	0.04	CVE-2010-5048
8	LEMON-S PHP Simple Oekaki BBS index.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00192	0.04	CVE-2015-2969
9	CuteNews show_archives.php privilege escalation	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
10	Dreaxteam Xt-News add_comment.php cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00599	0.07	CVE-2006-6746
11	PHP phpinfo cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.04	CVE-2007-1287
12	DZCP deV!L`z Clanportal config.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.44	CVE-2010-0966
13	D-Link DIR-2150 anweb action_handler memory corruption	8.0	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00089	0.00	CVE-2022-40717
14	Microsoft Internet Explorer FTP Client onerror cross site scripting	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
15	Invision Power Services IP.Board URL denial of service	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00164	0.02	CVE-2015-6812
16	Invision Power Services IP.Board cross site scripting	3.5	3.4	$0-$5k	$0-$5k	High	Official Fix	0.00000	0.02
17	Invision Power Services IP.Board index.php cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Workaround	0.00192	0.07	CVE-2014-5106
18	Invision Power Services IP.Board cross site scripting	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00112	0.00	CVE-2015-6810
19	Upoint @1 File Store signup.php cross site scripting	5.4	5.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00614	0.02	CVE-2006-1277
20	vBulletin subWidgets Data widget_tabbedcontainer_tab_panel privilege escalation	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.83101	0.02	CVE-2020-7373

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	5.45.84.69		Noon	2021-12-06	verified	Wysoki
2	69.172.201.218		Noon	2022-04-12	verified	Wysoki
3	XX.XX.XXX.XX	xxxxx.xxxxxxxxx.xxx	Xxxx	2022-04-12	verified	Wysoki
4	XX.XX.XXX.XX		Xxxx	2022-04-12	verified	Wysoki
5	XX.XXX.XXX.XXX		Xxxx	2022-04-12	verified	Wysoki
6	XXX.X.XX.XX		Xxxx	2021-12-06	verified	Wysoki
7	XXX.XX.XXX.XXX	xxxxxxxxxxx.xxxxxxxxx.xxx	Xxxx	2021-12-06	verified	Wysoki
8	XXX.XXX.XX.XX		Xxxx	2022-04-12	verified	Wysoki

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Wysoki
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Wysoki
3	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
8	TXXXX	CAPEC-215	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/uncpath/	predictive	Medium
2	File	add_comment.php	predictive	Wysoki
3	File	add_quiz.php	predictive	Medium
4	File	admin.jcomments.php	predictive	Wysoki
5	File	admin.php	predictive	Medium
6	File	xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx	predictive	Wysoki
7	File	xxxx/xxxxxx/xxxxxx_xxxxxxxxxxxxxxx_xxx_xxxxx	predictive	Wysoki
8	File	xxxx/xxx/xx.x	predictive	Wysoki
9	File	xxx/xxxx_xxxxxx.xxx	predictive	Wysoki
10	File	xxxxxxxx/xxxxxx/	predictive	Wysoki
11	File	xxxxxxxxxxx.x	predictive	Wysoki
12	File	xxxxxxxxx.xxx	predictive	Wysoki
13	File	xxx/xxxxxx.xxx	predictive	Wysoki
14	File	xxxxx.xxx	predictive	Medium
15	File	xxxxxxxx.xxx	predictive	Medium
16	File	xxxxxxx/xxxxxxx/xx_xxxxxxxxx/xxxxxxxx/xxxxxxxx.xxx	predictive	Wysoki
17	File	xxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxx	predictive	Wysoki
18	File	xxxx_xxxxxxxx.xxx	predictive	Wysoki
19	File	xxxxxx.xxx	predictive	Medium
20	Argument	xxx	predictive	Niski
21	Argument	xxxxx	predictive	Niski
22	Argument	xxxxxxxx	predictive	Medium
23	Argument	xxxxx_xxxxxxxx	predictive	Wysoki
24	Argument	xxxx	predictive	Niski
25	Argument	xx_xxxx	predictive	Niski
26	Argument	xxxx	predictive	Niski
27	Argument	xxxxxxx	predictive	Niski
28	Argument	xxxxxxx	predictive	Niski
29	Argument	xxxxxxxx	predictive	Medium
30	Argument	xxxxxxxx	predictive	Medium
31	Argument	xxxxx/xxxxxxxxxxx	predictive	Wysoki
32	Argument	xxx	predictive	Niski
33	Input Value	x" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="	predictive	Wysoki
34	Input Value	xxxxxxxx	predictive	Medium
35	Network Port	xxxxx	predictive	Niski

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!