NOTROBIN Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Curso de tempo

Idioma

en22
de2

País

cn18
sk2
us2

Actores

NOTROBIN2
Gafgyt_tor1
Mirai1
RedLine Stealer1
Quasar RAT1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined8
Content Management System6
Smartphone Operating System2
WordPress Plugin2
Firewall Software2

Fabricante

Intelliants6
Not Defined6
Google2
Thomas R. Pasawicz2
Cisco2

Produto

Intelliants Subrion CMS6
Google Android2
Page View Count Plugin2
Thomas R. Pasawicz HyperBook Guestbook2
SonarQube2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Intelliants Subrion CMS Salt Cookie Injecção SQL7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.00CVE-2015-4129
2Hibernate-Validator SafeHtml Validator Roteiro Cruzado de Sítios5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.002320.02CVE-2019-10219
3Allegro RomPager HTTP POST Request Falsificação de Pedido Cross Site5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.40CVE-2024-0522
4CodeCanyon RISE Rise Ultimate Project Manager signin Redirect5.65.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.04CVE-2024-0545
5Page View Count Plugin REST Endpoint Injecção SQL7.37.0$0-$5kCalculadoNot DefinedOfficial Fix0.040320.00CVE-2022-0434
6Intelliants Subrion CMS ia.core.users.php direitos alargados8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003140.02CVE-2017-5543
7Intelliants Subrion CMS Injecção SQL8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001960.00CVE-2017-6013
8Subrion CMS direitos alargados6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.03CVE-2020-12468
9Subrion CMS blocks.php direitos alargados6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2020-12469
10Subrion CMS PDO Connection Injecção SQL6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002030.00CVE-2020-18155
11Subrion CMS Visual-Mode Injecção SQL6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001140.07CVE-2021-41947
12Intelliants Subrion CMS Search search.php Injecção SQL8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.018000.00CVE-2017-11444
13SonarQube values Encriptação fraca5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.368800.01CVE-2020-27986
14Google Chrome Prompts Excesso de tampão6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003630.00CVE-2022-1635
15Google Android ParsedIntentInfo.java ParsedtentInfo direitos alargados6.56.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-0685
16PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.22CVE-2015-4134
17Allegro RomPager Embedded Web Server rom-0 Divulgação de Informação5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
18Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
19Oracle E-Business Suite direitos alargados5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005190.03CVE-2018-3167
20Cisco ASA WebVPN Login Page logon.html Roteiro Cruzado de Sítios4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.03CVE-2014-2120

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
180.240.31.21880.240.31.218.vultrusercontent.comNOTROBIN17/01/2020verifiedAlto
2XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx17/01/2020verifiedAlto
3XXX.X.X.Xxxxxxxxxx.xxx.xxxXxxxxxxx17/01/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
2T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/+CSCOE+/logon.htmlpredictiveAlto
2File/front/search.phppredictiveAlto
3File/index.php/signinpredictiveAlto
4File/xxx-xpredictiveBaixo
5Filexxxxx/xxxxxx.xxxpredictiveAlto
6Filexxxxx/xxxxxxxx/predictiveAlto
7Filexxx/xxxxxxxx/xxxxxxpredictiveAlto
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
9Filexxxx.xxxpredictiveMédio
10Filexxxxxxxx/xxxxxxx/xx.xxxx.xxxxx.xxxpredictiveAlto
11Filexxxxxxxxxxxxxxxx.xxxxpredictiveAlto
12Filexxxxxxx/xxx/predictiveMédio
13Filexxxxxxxxx.xxx?xxxxxx=xxxxxxpredictiveAlto
14Argument$_xxxpredictiveBaixo
15Argumentxxxx_xxxpredictiveMédio
16ArgumentxxxxxpredictiveBaixo
17ArgumentxxxxxxxxpredictiveMédio
18ArgumentxxxpredictiveBaixo
19ArgumentxxxxxxxxpredictiveMédio
20Input Valuexxxx://xxxx.xxxpredictiveAlto
21Network Portxxx xxxxxx xxxxpredictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!