Neutrino Exploit Kit Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (99)

Временная шкала

Язык

en90
fr4
de2
ru2
pl2

Страна

us40
ir28
ca10
ru2
pl2

Акторы

Neutrino Exploit Kit3

Деятельность

Интерес

Временная шкала

Тип

Not Defined40
Content Management System6
Programming Language Software6
Web Server6
Operating System4

Поставщик

Not Defined30
Microsoft6
Netgear6
D-Link4
VMware4

Продукт

WordPress4
Apache HTTP Server4
Flexera InstallShield2
Allegro RomPager2
jco.ir Karma2

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php эскалация привилегий7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.240.00943CVE-2010-0966
3FLDS redir.php sql-инъекция7.37.3$0-$5k$0-$5kHighUnavailable0.020.00203CVE-2008-5928
4Squid Web Proxy SSL Certificate Validation раскрытие информации7.17.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00610CVE-2023-46724
5Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration эскалация привилегий4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00083CVE-2021-3617
6Fortinet FortiMail HTTPS sql-инъекция7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00677CVE-2021-24007
7Netgear NMS300 эскалация привилегий9.89.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00516CVE-2020-35797
8rConfig sudoers эскалация привилегий6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00166CVE-2019-19585
9vBulletin moderation.php sql-инъекция7.37.0$0-$5k$0-$5kHighOfficial Fix0.010.00284CVE-2016-6195
10PHP unserialize повреждение памяти7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.030.00000
11Apache Tomcat CORS Filter эскалация привилегий8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.07849CVE-2018-8014
12D-Link DSL-2875AL/DSL-2877AL Web Management Server index.asp слабое шифрование6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00291CVE-2019-15656
13HTTP/2 Window Size отказ в обслуживании6.86.7$5k-$25k$0-$5kNot DefinedWorkaround0.020.09689CVE-2019-9511
14nginx HTTP/2 отказ в обслуживании6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.09699CVE-2018-16843
15D-Link DIR-825 router_info.xml PIN эскалация привилегий6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00390CVE-2019-9126
16D-Link DSL-2770L atbox.htm Credentials эскалация привилегий7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00369CVE-2018-18007
17Magento sql-инъекция8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00582CVE-2019-7139
18Atlassian JIRA Server/Data Center Jira Importers Plugin эскалация привилегий7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01473CVE-2019-15001
19Apache HTTP Server mod_session эскалация привилегий5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00176CVE-2018-1283
20Apache HTTP Server HTTP Digest Authentication Challenge слабая аутентификация8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01815CVE-2018-1312

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
145.32.183.11845.32.183.118.vultrusercontent.comNeutrino Exploit Kit01.04.2022verifiedВысокий
278.136.221.141Neutrino Exploit Kit06.04.2022verifiedВысокий
3XX.XX.X.XXXxxxxxxx Xxxxxxx Xxx01.04.2022verifiedВысокий
4XX.XXX.XXX.Xxxxx-xxxxxxxx-xxxxxx.xxxx.xxxxxx.xxxXxxxxxxx Xxxxxxx Xxx06.04.2022verifiedВысокий
5XX.XXX.XXX.Xxxx.xxxxxx.xxXxxxxxxx Xxxxxxx Xxx06.04.2022verifiedВысокий
6XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxxxx Xxxxxxx Xxx06.04.2022verifiedВысокий
7XXX.XX.X.XXXXxxxxxxx Xxxxxxx Xxx06.04.2022verifiedВысокий
8XXX.X.XXX.XXxxxxxxx Xxxxxxx Xxx01.04.2022verifiedВысокий
9XXX.XXX.XXX.XXxxxxxx-xx.xxxxxx-xxxxx.xxxXxxxxxxx Xxxxxxx Xxx06.04.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3T1059CWE-94Argument InjectionpredictiveВысокий
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
12TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
14TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
15TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/etc/sudoerspredictiveСредний
2File/forum/away.phppredictiveВысокий
3File/uncpath/predictiveСредний
4Filearch/x86/kernel/paravirt.cpredictiveВысокий
5FileArchiveNews.aspxpredictiveВысокий
6Fileatbox.htmpredictiveСредний
7Fileblank.phppredictiveСредний
8Filexxx_xxxxxxxx.xxxpredictiveВысокий
9Filexxxx/xxxxxxxxxxxxx.xxxpredictiveВысокий
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
11Filexxx/xxxx/xxxx.xpredictiveВысокий
12Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveВысокий
13Filexxxxxxxx.xxxpredictiveСредний
14Filexxxxx_xxxx.xxxpredictiveВысокий
15Filexxx/xxxxxx.xxxpredictiveВысокий
16Filexxxxx.xxxpredictiveСредний
17Filexxxxx.xxxpredictiveСредний
18Filexxxxxxx.xxxpredictiveСредний
19Filexxxx.xxxpredictiveСредний
20Filexxxx_xxxx.xxxpredictiveВысокий
21Filexxxxxx/xxxxxxxxxx.xpredictiveВысокий
22Filexxxx.xxxpredictiveСредний
23Filexxxxx.xxxpredictiveСредний
24Filexxxxxxx/xxxx/xxxxxxxxx_xxx.xxxpredictiveВысокий
25Filexxxxx.xxxpredictiveСредний
26Filexxxxx.xxxpredictiveСредний
27Filexxxxxxxxxx.xxxpredictiveВысокий
28Filexxxxxx.xpredictiveСредний
29Filexxxxxx.xxxpredictiveСредний
30Filexxxxxx_xxxx.xxxpredictiveВысокий
31Filexxxxxx_xxxx.xxxpredictiveВысокий
32Filexxxxxxxxx.xxxpredictiveВысокий
33Filexxxxx/xxxxx.xxpredictiveВысокий
34Libraryxxx/xx/xxxxxxx.xxpredictiveВысокий
35Libraryxxxxxxxxxxxx.xxxpredictiveВысокий
36Argument-x/-xpredictiveНизкий
37ArgumentxxxxxxxxpredictiveСредний
38Argumentxxxx_xxpredictiveНизкий
39Argumentxxxxxx_xxpredictiveСредний
40Argumentxxxx_xxxx/xxxxx/xxxxxxpredictiveВысокий
41Argumentxxxx_xxxxxxxpredictiveСредний
42ArgumentxxpredictiveНизкий
43ArgumentxxxxxpredictiveНизкий
44ArgumentxxxxxxxxxpredictiveСредний
45Argumentxxxxx_xxxx_xxxpredictiveВысокий
46ArgumentxxxxxxxpredictiveНизкий
47ArgumentxxxxxxxxxpredictiveСредний
48Argumentxxxxxx_xxxxpredictiveСредний
49ArgumentxxxxxxxxxxxxpredictiveСредний
50ArgumentxxxpredictiveНизкий
51ArgumentxxxpredictiveНизкий
52ArgumentxxxxpredictiveНизкий
53Argumentxxxxxxxx/xxxxpredictiveВысокий
54Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveВысокий
55Argumentxxxx->xxxxxxxpredictiveВысокий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Interested in the pricing of exploits?

See the underground prices here!