Necro Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (182)

Tidslinje

Lang

en180
ru2

Land

us34
ru12
de8
pl2
gb2

Skådespelare

Necro11
Mirai2
LimeRAT1
NetWire1
AsyncRAT1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined80
Content Management System16
WordPress Plugin10
Router Operating System8
Application Server Software8

Säljare

Not Defined50
D-Link8
Itech8
ISS6
Elefant6

Produkt

Cryptocat8
ISS BlackICE PC Protection6
Elefant CMS6
V-Zug Combi-Steam MSLQ6
WEKA INTEREST Security Scanner6

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1Symantec Endpoint Protection Manager Management Console secars.dll minneskorruption9.68.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.00666CVE-2013-1612
2OpenSSH Key Exchange Initialization kex_input_kexinit förnekande av tjänsten7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.78351CVE-2016-8858
3FileZilla Server PORT privilegier eskalering4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.150.00052CVE-2015-10003
4vsftpd deny_file okänd sårbarhet3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00312CVE-2015-1419
5Oracle PeopleSoft Enterprise PeopleTools Rich Text Editor privilegier eskalering6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00322CVE-2018-3132
6WordPress URL privilegier eskalering8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01530CVE-2019-17669
7Moodle sql injektion7.17.1$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00070CVE-2023-28329
8BrotherScripts Business Directory articlesdetails.php sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00122CVE-2010-4969
9SourceCodester Medical Hub Directory Site view_details.php sql injektion6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00190CVE-2022-28533
10pdfkit URL privilegier eskalering8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.020.28060CVE-2022-25765
11nginx privilegier eskalering6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.250.00241CVE-2020-12440
12D-Link Router alpha_auth_check privilegier eskalering9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.01314CVE-2013-6026
13OpenBB read.php sql injektion7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00250CVE-2005-1612
14package nested-object-assign Prototype privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00101CVE-2021-23329
15Backdoor.Win32.Anaptix.bd privilegier eskalering6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
16Apple Safari WebRTC minneskorruption6.36.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.01152CVE-2022-2294
17ISS BlackICE PC Protection Cross Site Scripting Detection privilegier eskalering5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.060.00186CVE-2003-5001
18ISS BlackICE PC Protection Update cross site scripting5.04.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.00067CVE-2003-5003
19ISS BlackICE PC Protection Update svag kryptering3.73.7$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00067CVE-2003-5002
20Mozilla Firefox String okänd sårbarhet4.34.1$25k-$100k$0-$5kProof-of-ConceptUnavailable0.030.00202CVE-2005-2602

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.145.185.83Necro11/02/2022verifiedHög
245.145.185.229Necro11/02/2022verifiedHög
352.3.115.71ec2-52-3-115-71.compute-1.amazonaws.comNecro11/02/2022verifiedMedium
454.161.239.214ec2-54-161-239-214.compute-1.amazonaws.comNecro11/02/2022verifiedMedium
5XX.XXX.XXX.XXXXxxxx11/02/2022verifiedHög
6XX.XXX.XX.XXXxxxx11/02/2022verifiedHög
7XX.XXX.XX.XXxxxxxx.xx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx11/02/2022verifiedHög
8XXX.XXX.XXX.XXXxxxx11/02/2022verifiedHög
9XXX.XXX.XXX.XXXxxxx11/02/2022verifiedHög
10XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxx11/02/2022verifiedHög
11XXX.XXX.XXX.XXxxx.xxx.xxXxxxx11/02/2022verifiedHög
12XXX.XX.XX.XXxxxx.xxxxxx.xxXxxxx11/02/2022verifiedHög
13XXX.XX.XXX.XXXxxxx11/02/2022verifiedHög
14XXX.XXX.XX.XXXXxxxx11/02/2022verifiedHög
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xxxXxxxx11/02/2022verifiedMedium
16XXX.XXX.XXX.XXXXxxxx11/02/2022verifiedHög
17XXX.X.XXX.XXXXxxxx11/02/2022verifiedHög
18XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxx.xxxxxxxxxxxxx.xxx.xxXxxxx11/02/2022verifiedHög
19XXX.XX.XX.XXxxxxxxxxxxxxxx.xxxxxxx.xxxxXxxxx11/02/2022verifiedHög
20XXX.XXX.XXX.XXXXxxxx11/02/2022verifiedHög

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-22Path TraversalpredictiveHög
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHög
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
4T1059CWE-94Argument InjectionpredictiveHög
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHög
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (92)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/adminpredictiveLåg
2File/admin/conferences/get-all-status/predictiveHög
3File/admin/conferences/list/predictiveHög
4File/admin/countrymanagement.phppredictiveHög
5File/admin/general/change-langpredictiveHög
6File/admin/group/list/predictiveHög
7File/admin/renewaldue.phppredictiveHög
8File/admin/usermanagement.phppredictiveHög
9File/artist-display.phppredictiveHög
10File/backups/predictiveMedium
11File/catcompany.phppredictiveHög
12File/xxx-xxx/xxxxxxxxxxxxpredictiveHög
13File/xxxx-xxxxxx.xxxpredictiveHög
14File/xxxxx/xxxxxxxx-xxxxxxx.xxxpredictiveHög
15File/xxxxxxxxx.xxxpredictiveHög
16File/xxxx/xxxxxx/xxxx_xxxxxxx.xxxpredictiveHög
17File/xxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHög
18File/xxxxx.xxxpredictiveMedium
19File/xxxx-xxxxxx-xxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHög
20File/xxxxxxxxx/xxxxx.xxxpredictiveHög
21File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
22File/xxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHög
23File/xxx/xxxx/_xxxxxxxx/xxxxxxxxxxxxx.xxx.xxxpredictiveHög
24File/xxxxxx/xxxx.xxxpredictiveHög
25File/xxxxxxx/?/xxxxx/xxxx/xxxpredictiveHög
26Filexxxxx/xxx/xxxxxxxxxxxxpredictiveHög
27Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveHög
28Filexxxxxxxxxxxxxxx.xxxpredictiveHög
29Filexxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxxpredictiveHög
30Filexxxxxxxxx.xpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filex:\predictiveLåg
33Filexxx-xxx/xxx/xxxxxxxx_xxx.xxxpredictiveHög
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxx.xxpredictiveMedium
36Filexxx_xxxxxx_xxxx_xxxxxx.xpredictiveHög
37Filexxxx_xxxxxxx.xxx.xxxpredictiveHög
38Filexxxxx.xxxpredictiveMedium
39Filexx-xxx-xxxxxxxxx.xpredictiveHög
40Filexxxx_xxxx.xxxpredictiveHög
41Filexx/xxxx.xxxpredictiveMedium
42Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHög
43Filexxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictiveHög
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxxxx.xxxxpredictiveHög
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxx.xxpredictiveMedium
48Filexxxx/xxx-xxx.xxxpredictiveHög
49Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHög
50Filexxxxxxxxx.xxxpredictiveHög
51Filexxxxxxx/xxxxx/xxxxx.xxxxpredictiveHög
52Filexx-xxxxx/xxxxx.xxxpredictiveHög
53Filexxxxx.xpredictiveLåg
54Libraryxxxxxxxxxxx.xxxpredictiveHög
55Libraryxxxxxx.xxxpredictiveMedium
56Argument--xx xxxpredictiveMedium
57ArgumentxxxpredictiveLåg
58ArgumentxxpredictiveLåg
59Argumentxxxxxxx_xxxxx_xxpredictiveHög
60Argumentxxxx_xxpredictiveLåg
61Argumentxxxxxxxxxxxx/xxxxxxxpredictiveHög
62ArgumentxxxxpredictiveLåg
63ArgumentxxxxxpredictiveLåg
64ArgumentxxxxxxpredictiveLåg
65Argumentxxxx/xxxxxx/xxxpredictiveHög
66ArgumentxxpredictiveLåg
67Argumentxxxx[]predictiveLåg
68ArgumentxxxxpredictiveLåg
69ArgumentxxxxpredictiveLåg
70Argumentxxxxx_xx/xxxxxpredictiveHög
71ArgumentxxxxxxxpredictiveLåg
72Argumentxxxxxxxx_xxxpredictiveMedium
73Argumentxxxxxxxx_xxxpredictiveMedium
74ArgumentxxxxxxpredictiveLåg
75ArgumentxxxxxxpredictiveLåg
76ArgumentxxxpredictiveLåg
77ArgumentxxxpredictiveLåg
78ArgumentxxxxxpredictiveLåg
79Argumentxxxxxx_xxxpredictiveMedium
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxxx_xxxxxpredictiveMedium
82Argument_xpredictiveLåg
83Input Value/'-xxxxx(xxxxxxxx.xxxxxx)-'x/x/x/predictiveHög
84Input Valuex' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHög
85Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHög
86Input ValuexxxxxxxxxxxxxxxxpredictiveHög
87Input Value</xxxxx><xxx xxx=xx xxxxxxx=xxxxx(x)>predictiveHög
88Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHög
89Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictiveHög
90Input ValuexxxxxxxxpredictiveMedium
91Input Valuexxxxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveHög
92Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!