Noon Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Tidslinje

Lang

en46
zh4
it4
de4
jp2

Land

ca18
us6
it4
de4
jp2

Skådespelare

Noon3
Shiz1
XLoader1
Loki Password Stealer (PWS)1
Cobalt Strike1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined10
Forum Software8
Programming Language Software6
Content Management System4
Application Server Software2

Säljare

Not Defined6
Invision Power Services4
IBM2
Razer2
Upoint2

Produkt

Invision Power Services IP.Board4
IBM WebSphere MQ2
vBulletin2
Razer Synapse2
Upoint @1 File Store2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.02CVE-2018-19464
2gnuboard5 Web Page Generation cross site scripting5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.00CVE-2021-3831
3GNUBOARD5 Parameter move_update.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.00CVE-2020-18663
4SkullSplitter PHP Guestbook guestbook.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.008140.05CVE-2006-1256
5ZyXEL PK5001Z privilegier eskalering8.88.3$5k-$25k$0-$5kProof-of-ConceptNot Defined0.941190.00CVE-2016-10401
6Cannot PHP infoBoard privilegier eskalering7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.010490.00CVE-2008-4334
7JoomlaTune Com Jcomments admin.jcomments.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004890.04CVE-2010-5048
8LEMON-S PHP Simple Oekaki BBS index.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001920.04CVE-2015-2969
9CuteNews show_archives.php privilegier eskalering6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.005990.07CVE-2006-6746
11PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
12DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.72CVE-2010-0966
13D-Link DIR-2150 anweb action_handler minneskorruption8.07.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2022-40717
14Microsoft Internet Explorer FTP Client onerror cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.02
15Invision Power Services IP.Board URL förnekande av tjänsten5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001640.02CVE-2015-6812
16Invision Power Services IP.Board cross site scripting3.53.4$0-$5k$0-$5kHighOfficial Fix0.000000.02
17Invision Power Services IP.Board index.php cross site scripting4.34.2$0-$5k$0-$5kHighWorkaround0.001920.07CVE-2014-5106
18Invision Power Services IP.Board cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001120.00CVE-2015-6810
19Upoint @1 File Store signup.php cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006140.02CVE-2006-1277
20vBulletin subWidgets Data widget_tabbedcontainer_tab_panel privilegier eskalering8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.831010.02CVE-2020-7373

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
15.45.84.69Noon06/12/2021verifiedHög
269.172.201.218Noon12/04/2022verifiedHög
3XX.XX.XXX.XXxxxxx.xxxxxxxxx.xxxXxxx12/04/2022verifiedHög
4XX.XX.XXX.XXXxxx12/04/2022verifiedHög
5XX.XXX.XXX.XXXXxxx12/04/2022verifiedHög
6XXX.X.XX.XXXxxx06/12/2021verifiedHög
7XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxxxx.xxxXxxx06/12/2021verifiedHög
8XXX.XXX.XX.XXXxxx12/04/2022verifiedHög

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-22Path TraversalpredictiveHög
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHög
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/uncpath/predictiveMedium
2Fileadd_comment.phppredictiveHög
3Fileadd_quiz.phppredictiveMedium
4Fileadmin.jcomments.phppredictiveHög
5Fileadmin.phppredictiveMedium
6Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHög
7Filexxxx/xxxxxx/xxxxxx_xxxxxxxxxxxxxxx_xxx_xxxxxpredictiveHög
8Filexxxx/xxx/xx.xpredictiveHög
9Filexxx/xxxx_xxxxxx.xxxpredictiveHög
10Filexxxxxxxx/xxxxxx/predictiveHög
11Filexxxxxxxxxxx.xpredictiveHög
12Filexxxxxxxxx.xxxpredictiveHög
13Filexxx/xxxxxx.xxxpredictiveHög
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxx/xxxxxxx/xx_xxxxxxxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHög
17Filexxxx-xx.xxx/xxx.xxxxx/xxx-xxxxxxxx-xxxx.xxxpredictiveHög
18Filexxxx_xxxxxxxx.xxxpredictiveHög
19Filexxxxxx.xxxpredictiveMedium
20ArgumentxxxpredictiveLåg
21ArgumentxxxxxpredictiveLåg
22ArgumentxxxxxxxxpredictiveMedium
23Argumentxxxxx_xxxxxxxxpredictiveHög
24ArgumentxxxxpredictiveLåg
25Argumentxx_xxxxpredictiveLåg
26ArgumentxxxxpredictiveLåg
27ArgumentxxxxxxxpredictiveLåg
28ArgumentxxxxxxxpredictiveLåg
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxxxxxxpredictiveMedium
31Argumentxxxxx/xxxxxxxxxxxpredictiveHög
32ArgumentxxxpredictiveLåg
33Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHög
34Input ValuexxxxxxxxpredictiveMedium
35Network PortxxxxxpredictiveLåg

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you need the next level of professionalism?

Upgrade your account now!