Necurs Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (41)

Tidslinje

Lang

en36
it2
es2
fr2

Land

us34
fr6
gb2

Skådespelare

Necurs2

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined8
Content Management System6
Operating System4
E-Commerce Management Software2
Groupware Software2

Säljare

Cutephp4
Not Defined4
Linux2
ShopStoreNow2
Thomas R. Pasawicz2

Produkt

Cutephp CuteNews4
Linux Kernel2
ShopStoreNow E-commerce Shopping Cart2
Thomas R. Pasawicz HyperBook Guestbook2
WoltLab Burning Book2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25kBeräknandeHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.18CVE-2010-0966
3Joomla CMS Login sql injektion9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.002010.00CVE-2006-1047
4WPFront Scroll Top Plugin Image cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.02CVE-2021-24564
5Francisco Burzi PHP-Nuke Addressbook addressbook.php kataloggenomgång7.37.1$25k-$100k$0-$5kFunctionalUnavailable0.047410.00CVE-2007-1720
6Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation8.37.3$100k och mer$5k-$25kUnprovenOfficial Fix0.000460.02CVE-2021-31969
7LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.99
8Maran PHP Shop prod.php sql injektion7.37.3$0-$5k$0-$5kHighUnavailable0.001370.05CVE-2008-4879
9DUware DUpaypal detail.asp sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004210.02CVE-2006-6365
10PHP Arena paBugs MySQL class.mysql.php privilegier eskalering7.36.8$0-$5k$0-$5kFunctionalUnavailable0.073690.02CVE-2006-5079
11ShopStoreNow E-commerce Shopping Cart orange.asp sql injektion7.37.1$0-$5k$0-$5kHighUnavailable0.008110.00CVE-2007-0142
12Motorola SBG6580 Web Access login förnekande av tjänsten7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
13Pixelpost förfalskning på begäran över webbplatsen7.06.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.010980.02CVE-2010-3305
14Check Point VPN-1 UTM Edge Administrator Account WizU.html förfalskning på begäran över webbplatsen8.88.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.012770.00CVE-2007-3489
15Qualcomm Snapdragon Automobile Register privilegier eskalering5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2017-11004
16WoltLab Burning Book addentry.php sql injektion7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
17OpenBB read.php sql injektion7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
18lshell privilegier eskalering8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003480.01CVE-2016-6902
19Wesley Destailleur forum todooforum.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001950.00CVE-2013-3538
20GetSimpleCMS index.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001230.00CVE-2019-9915

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
140.121.206.97Necurs13/06/2021verifiedHög
262.212.154.98ns1.crossdns.comNecurs01/04/2022verifiedHög
364.47.209.23Necurs13/06/2021verifiedHög
464.63.188.85Necurs13/06/2021verifiedHög
564.231.250.149bas3-toronto12-64-231-250-149.dsl.bell.caNecurs13/06/2021verifiedHög
6XX.XX.XX.XXxxxxxxxx-xxxxxx.xx.xxxXxxxxx13/06/2021verifiedHög
7XX.XXX.XXX.XXXXxxxxx13/06/2021verifiedHög
8XX.X.XX.XXXXxxxxx13/06/2021verifiedHög
9XX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxxXxxxxx01/04/2022verifiedHög
10XX.XXX.XXX.XXXxxxxx13/06/2021verifiedHög
11XX.XXX.XX.XXxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxx01/04/2022verifiedHög
12XX.XXX.XXX.XXxxx-xxxxxxxx.xxx.xxxxxxxxx.xxxXxxxxx13/06/2021verifiedHög
13XX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxxxxxxxxxxx.xxxXxxxxx13/06/2021verifiedHög
14XX.XX.XXX.XXXXxxxxx13/06/2021verifiedHög
15XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxx.xxxx.xxxxxxx.xxxXxxxxx13/06/2021verifiedHög
16XX.XX.XX.XXXxxxx.xxxxxxxxxxxxxx-xxxxx.xx.xx.xxxXxxxxx13/06/2021verifiedHög
17XX.XXX.XX.XXXxx-xxx-xx-xxx.xxx.xxxxx.xxxXxxxxx01/04/2022verifiedHög
18XX.XXX.XX.XXXxxxxx.xxxxxxxxx.xxxXxxxxx01/04/2022verifiedHög
19XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxx06/04/2022verifiedHög
20XX.XXX.XXX.XXxxxxx-xxxxxxxxxxx.xxxXxxxxx01/04/2022verifiedHög
21XX.XXX.XXX.XXXxxxxx-xxxxxxxxxxx.xxxXxxxxx08/04/2022verifiedHög
22XXX.XXX.XX.XXXXxxxxx06/04/2022verifiedHög
23XXX.XXX.XXX.XXxxxxxxxxxx.xxx.xxx-xxxxxx.xxx.xxXxxxxx01/04/2022verifiedHög
24XXX.XXX.XXX.XXXxxxxx01/04/2022verifiedHög
25XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxXxxxxx06/04/2022verifiedHög

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-22Path TraversalpredictiveHög
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHög
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
4TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/forum/away.phppredictiveHög
2File/goform/loginpredictiveHög
3Fileaddentry.phppredictiveMedium
4Fileaddressbook.phppredictiveHög
5Filexxxxx/xxxxx.xxxpredictiveHög
6Filexxxxx.xxxxx.xxxpredictiveHög
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
8Filexxxxxx.xxxpredictiveMedium
9Filexxxxxx.xxxpredictiveMedium
10Filexxx/xxxxxx.xxxpredictiveHög
11Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHög
12Filexxxxxx.xxxpredictiveMedium
13Filexxx/xxxx.xxxxpredictiveHög
14Filexxxx.xxxpredictiveMedium
15Filexxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHög
18Filexxxx_xxxxxxxx.xxxpredictiveHög
19Filexxxxxxxxxx.xxxpredictiveHög
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxpredictiveLåg
22ArgumentxxxxxpredictiveLåg
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxpredictiveLåg
25ArgumentxxxxpredictiveLåg
26Argumentxxxxxx_xxxxpredictiveMedium
27Argumentxxxx_xx_xx_xxxpredictiveHög
28ArgumentxxpredictiveLåg
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxxxxpredictiveMedium
31ArgumentxxxpredictiveLåg
32Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (5)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!