Necurs 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (41)

时间轴

语言

en36
de2
it2
es2

国家/地区

us34
fr6

演员

Necurs2

活动

利益

时间轴

类型

Not Defined12
Content Management System8
Programming Language Software4
Network Encryption Software2
Groupware Software2

供应商

Not Defined8
PHP Arena2
Maran2
Check Point2
DZCP2

产品

OpenBB2
PHP Arena paBugs2
Maran PHP Shop2
Check Point VPN-1 UTM Edge2
DZCP deV!L`z Clanportal2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.15CVE-2010-0966
3Joomla CMS Login SQL注入9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.001940.00CVE-2006-1047
4WPFront Scroll Top Plugin Image 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.02CVE-2021-24564
5Francisco Burzi PHP-Nuke Addressbook addressbook.php 目录遍历7.37.1$25k-$100k$0-$5kFunctionalUnavailable0.047410.00CVE-2007-1720
6Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation8.37.3$100k 以及更多$5k-$25kUnprovenOfficial Fix0.000460.02CVE-2021-31969
7LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.88
8Maran PHP Shop prod.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.001370.03CVE-2008-4879
9DUware DUpaypal detail.asp SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.004210.02CVE-2006-6365
10PHP Arena paBugs MySQL class.mysql.php 权限升级7.36.8$0-$5k$0-$5kFunctionalUnavailable0.073690.02CVE-2006-5079
11ShopStoreNow E-commerce Shopping Cart orange.asp SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.008110.00CVE-2007-0142
12Motorola SBG6580 Web Access login 拒绝服务7.56.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
13Pixelpost 跨网站请求伪造7.06.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.010980.02CVE-2010-3305
14Check Point VPN-1 UTM Edge Administrator Account WizU.html 跨网站请求伪造8.88.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.012770.03CVE-2007-3489
15Qualcomm Snapdragon Automobile Register 权限升级5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2017-11004
16WoltLab Burning Book addentry.php SQL注入7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
17OpenBB read.php SQL注入7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.04CVE-2005-1612
18lshell 权限升级8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003480.01CVE-2016-6902
19Wesley Destailleur forum todooforum.php 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001950.00CVE-2013-3538
20GetSimpleCMS index.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001230.00CVE-2019-9915

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
140.121.206.97Necurs2021-06-13verified
262.212.154.98ns1.crossdns.comNecurs2022-04-01verified
364.47.209.23Necurs2021-06-13verified
464.63.188.85Necurs2021-06-13verified
564.231.250.149bas3-toronto12-64-231-250-149.dsl.bell.caNecurs2021-06-13verified
6XX.XX.XX.XXxxxxxxxx-xxxxxx.xx.xxxXxxxxx2021-06-13verified
7XX.XXX.XXX.XXXXxxxxx2021-06-13verified
8XX.X.XX.XXXXxxxxx2021-06-13verified
9XX.XX.XXX.XXXxxxxxxxx.xxxxxxxxxxxxx.xxxxXxxxxx2022-04-01verified
10XX.XXX.XXX.XXXxxxxx2021-06-13verified
11XX.XXX.XX.XXxxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxx2022-04-01verified
12XX.XXX.XXX.XXxxx-xxxxxxxx.xxx.xxxxxxxxx.xxxXxxxxx2021-06-13verified
13XX.XX.XXX.XXXxxx-xx-xxx-xxx.xxx.xxxxxxxxxxxx.xxxXxxxxx2021-06-13verified
14XX.XX.XXX.XXXXxxxxx2021-06-13verified
15XX.XX.XXX.XXXxxxx-xx-xx-xxx-xxx.xxxxx.xxxx.xxxxxxx.xxxXxxxxx2021-06-13verified
16XX.XX.XX.XXXxxxx.xxxxxxxxxxxxxx-xxxxx.xx.xx.xxxXxxxxx2021-06-13verified
17XX.XXX.XX.XXXxx-xxx-xx-xxx.xxx.xxxxx.xxxXxxxxx2022-04-01verified
18XX.XXX.XX.XXXxxxxx.xxxxxxxxx.xxxXxxxxx2022-04-01verified
19XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxx2022-04-06verified
20XX.XXX.XXX.XXxxxxx-xxxxxxxxxxx.xxxXxxxxx2022-04-01verified
21XX.XXX.XXX.XXXxxxxx-xxxxxxxxxxx.xxxXxxxxx2022-04-08verified
22XXX.XXX.XX.XXXXxxxxx2022-04-06verified
23XXX.XXX.XXX.XXxxxxxxxxxx.xxx.xxx-xxxxxx.xxx.xxXxxxxx2022-04-01verified
24XXX.XXX.XXX.XXXxxxxx2022-04-01verified
25XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxXxxxxx2022-04-06verified

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXxx Xxxxxxxxxpredictive
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/forum/away.phppredictive
2File/goform/loginpredictive
3Fileaddentry.phppredictive
4Fileaddressbook.phppredictive
5Filexxxxx/xxxxx.xxxpredictive
6Filexxxxx.xxxxx.xxxpredictive
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
8Filexxxxxx.xxxpredictive
9Filexxxxxx.xxxpredictive
10Filexxx/xxxxxx.xxxpredictive
11Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictive
12Filexxxxxx.xxxpredictive
13Filexxx/xxxx.xxxxpredictive
14Filexxxx.xxxpredictive
15Filexxxx.xxxpredictive
16Filexxxxx.xxxpredictive
17Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictive
18Filexxxx_xxxxxxxx.xxxpredictive
19Filexxxxxxxxxx.xxxpredictive
20Argumentxxxxxxxxpredictive
21Argumentxxxpredictive
22Argumentxxxxxpredictive
23Argumentxxxxxxxxpredictive
24Argumentxxpredictive
25Argumentxxxxpredictive
26Argumentxxxxxx_xxxxpredictive
27Argumentxxxx_xx_xx_xxxpredictive
28Argumentxxpredictive
29Argumentxxxxxxxxpredictive
30Argumentxxxxxxxxpredictive
31Argumentxxxpredictive
32Network Portxxx xxxxxx xxxxpredictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!