Necro 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (183)

时间轴

语言

en180
ru2
de2

国家/地区

us32
ru10
de4
rs2
ch2

演员

Necro13
Mirai2
AsyncRAT2
Ave Maria2
Azorult2

活动

利益

时间轴

类型

Not Defined80
Content Management System10
WordPress Plugin8
Router Operating System8
Application Server Software8

供应商

Not Defined48
WEKA6
D-Link6
JUNG4
Itech4

产品

WEKA INTEREST Security Scanner6
Cryptocat6
JUNG Smart Visu Server4
Telecommunication Software SAMwin Contact Center S ...4
ISS BlackICE PC Protection4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Symantec Endpoint Protection Manager Management Console secars.dll 内存损坏9.68.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.008390.00CVE-2013-1612
2OpenSSH Key Exchange Initialization kex_input_kexinit 拒绝服务7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.783510.01CVE-2016-8858
3FileZilla Server PORT 权限升级4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.09CVE-2015-10003
4vsftpd deny_file 未知漏洞3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.04CVE-2015-1419
5Sun Solaris Authentication 弱身份验证9.89.6$5k-$25k$0-$5kHighWorkaround0.012970.04CVE-1999-0502
6Oracle PeopleSoft Enterprise PeopleTools Rich Text Editor 权限升级6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003220.00CVE-2018-3132
7WordPress URL 权限升级8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015300.02CVE-2019-17669
8Moodle SQL注入7.17.1$5k-$25k$5k-$25kNot DefinedNot Defined0.001710.04CVE-2023-28329
9BrotherScripts Business Directory articlesdetails.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001220.00CVE-2010-4969
10SourceCodester Medical Hub Directory Site view_details.php SQL注入6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001900.00CVE-2022-28533
11pdfkit URL 权限升级8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.352960.02CVE-2022-25765
12nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002415.01CVE-2020-12440
13D-Link Router alpha_auth_check 权限升级9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.013140.00CVE-2013-6026
14OpenBB read.php SQL注入7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.04CVE-2005-1612
15package nested-object-assign Prototype 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001010.00CVE-2021-23329
16Backdoor.Win32.Anaptix.bd 权限升级6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
17Apple Safari WebRTC 内存损坏6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.011520.03CVE-2022-2294
18ISS BlackICE PC Protection Cross Site Scripting Detection 权限升级5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.001860.13CVE-2003-5001
19ISS BlackICE PC Protection Update 跨网站脚本5.04.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000670.40CVE-2003-5003
20ISS BlackICE PC Protection Update 弱加密3.73.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.27CVE-2003-5002

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
145.145.185.83Necro2022-02-11verified
245.145.185.229Necro2022-02-11verified
352.3.115.71ec2-52-3-115-71.compute-1.amazonaws.comNecro2022-02-11verified
454.161.239.214ec2-54-161-239-214.compute-1.amazonaws.comNecro2022-02-11verified
5XX.XXX.XXX.XXXXxxxx2022-02-11verified
6XX.XXX.XX.XXXxxxx2022-02-11verified
7XX.XXX.XX.XXxxxxxx.xx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx2022-02-11verified
8XXX.XXX.XXX.XXXxxxx2022-02-11verified
9XXX.XXX.XXX.XXXxxxx2022-02-11verified
10XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxx2022-02-11verified
11XXX.XXX.XXX.XXxxx.xxx.xxXxxxx2022-02-11verified
12XXX.XX.XX.XXxxxx.xxxxxx.xxXxxxx2022-02-11verified
13XXX.XX.XXX.XXXxxxx2022-02-11verified
14XXX.XXX.XX.XXXXxxxx2022-02-11verified
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xxxXxxxx2022-02-11verified
16XXX.XXX.XXX.XXXXxxxx2022-02-11verified
17XXX.X.XXX.XXXXxxxx2022-02-11verified
18XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxx.xxxxxxxxxxxxx.xxx.xxXxxxx2022-02-11verified
19XXX.XX.XX.XXxxxxxxxxxxxxxx.xxxxxxx.xxxxXxxxx2022-02-11verified
20XXX.XXX.XXX.XXXXxxxx2022-02-11verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCWE-XXXxx Xxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxpredictive
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/adminpredictive
2File/admin/conferences/get-all-status/predictive
3File/admin/conferences/list/predictive
4File/admin/countrymanagement.phppredictive
5File/admin/general/change-langpredictive
6File/admin/group/list/predictive
7File/admin/renewaldue.phppredictive
8File/admin/usermanagement.phppredictive
9File/artist-display.phppredictive
10File/backups/predictive
11File/catcompany.phppredictive
12File/xxx-xxx/xxxxxxxxxxxxpredictive
13File/xxxx-xxxxxx.xxxpredictive
14File/xxxxx/xxxxxxxx-xxxxxxx.xxxpredictive
15File/xxxxxxxxx.xxxpredictive
16File/xxxx/xxxxxx/xxxx_xxxxxxx.xxxpredictive
17File/xxxxxxx/xxxxxxx/xxxxx.xxxpredictive
18File/xxxxx.xxxpredictive
19File/xxxx-xxxxxx-xxxxxx/xxxxxx_xxxxxxxx.xxxpredictive
20File/xxxxxxxxx/xxxxx.xxxpredictive
21File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictive
22File/xxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxpredictive
23File/xxx/xxxx/_xxxxxxxx/xxxxxxxxxxxxx.xxx.xxxpredictive
24File/xxxxxx/xxxx.xxxpredictive
25File/xxxxxxx/?/xxxxx/xxxx/xxxpredictive
26Filexxxxx/xxx/xxxxxxxxxxxxpredictive
27Filexxxxx/xxxxxx-xxxxxx.xxxpredictive
28Filexxxxxxxxxxxxxxx.xxxpredictive
29Filexxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxxpredictive
30Filexxxxxxxxx.xpredictive
31Filexxxx.xxxpredictive
32Filex:\predictive
33Filexxx-xxx/xxx/xxxxxxxx_xxx.xxxpredictive
34Filexxxxxxx.xxxpredictive
35Filexxxxxxxxx.xxpredictive
36Filexxx_xxxxxx_xxxx_xxxxxx.xpredictive
37Filexxxx_xxxxxxx.xxx.xxxpredictive
38Filexxxxx.xxxpredictive
39Filexx-xxx-xxxxxxxxx.xpredictive
40Filexxxx_xxxx.xxxpredictive
41Filexx/xxxx.xxxpredictive
42Filexxx/xxxxxx/xx_xxxxxx.xpredictive
43Filexxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictive
44Filexxxx.xxxpredictive
45Filexxxxxxxxx.xxxxpredictive
46Filexxxxx.xxxpredictive
47Filexxxxxxx.xxpredictive
48Filexxxx/xxx-xxx.xxxpredictive
49Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
50Filexxxxxxxxx.xxxpredictive
51Filexxxxxxx/xxxxx/xxxxx.xxxxpredictive
52Filexx-xxxxx/xxxxx.xxxpredictive
53Filexxxxx.xpredictive
54Libraryxxxxxxxxxxx.xxxpredictive
55Libraryxxxxxx.xxxpredictive
56Argument--xx xxxpredictive
57Argumentxxxpredictive
58Argumentxxpredictive
59Argumentxxxxxxx_xxxxx_xxpredictive
60Argumentxxxx_xxpredictive
61Argumentxxxxxxxxxxxx/xxxxxxxpredictive
62Argumentxxxxpredictive
63Argumentxxxxxpredictive
64Argumentxxxxxxpredictive
65Argumentxxxx/xxxxxx/xxxpredictive
66Argumentxxpredictive
67Argumentxxxx[]predictive
68Argumentxxxxpredictive
69Argumentxxxxpredictive
70Argumentxxxxx_xx/xxxxxpredictive
71Argumentxxxxxxxxpredictive
72Argumentxxxxxxxpredictive
73Argumentxxxxxxxx_xxxpredictive
74Argumentxxxxxxxx_xxxpredictive
75Argumentxxxxxxpredictive
76Argumentxxxxxxpredictive
77Argumentxxxpredictive
78Argumentxxxpredictive
79Argumentxxxxxpredictive
80Argumentxxxxxx_xxxpredictive
81Argumentxxxxxxxxpredictive
82Argumentxxx_xxxxxpredictive
83Argument_xpredictive
84Input Value/'-xxxxx(xxxxxxxx.xxxxxx)-'x/x/x/predictive
85Input Valuex' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictive
86Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictive
87Input Valuexxxxxxxxxxxxxxxxpredictive
88Input Value</xxxxx><xxx xxx=xx xxxxxxx=xxxxx(x)>predictive
89Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictive
90Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictive
91Input Valuexxxxxxxxpredictive
92Input Valuexxxxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictive
93Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!