Neutrino Exploit Kit Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (99)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en90
fr8
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us42
ir22
ca8
fr6
gr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Neutrino Exploit Kit3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined36
Content Management System10
SSH Server Software6
Programming Language Software6
Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined38
Apache6
Linux4
Midicart Software4
Netgear4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dropbear SSH4
PHP4
Linux Kernel4
WordPress4
Google Android2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.53CVE-2010-0966
3FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.07CVE-2008-5928
4Squid Web Proxy SSL Certificate Validation out-of-bounds7.17.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006100.08CVE-2023-46724
5Lenovo Smart Camera X3/Smart Camera X5/Smart Camera C2E Network Configuration os command injection4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2021-3617
6Fortinet FortiMail HTTPS sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006770.00CVE-2021-24007
7Netgear NMS300 command injection9.89.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.005160.00CVE-2020-35797
8rConfig sudoers privileges management6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001660.04CVE-2019-19585
9vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.00CVE-2016-6195
10PHP unserialize use after free7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.000000.05
11Apache Tomcat CORS Filter 7pk security8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.078490.05CVE-2018-8014
12D-Link DSL-2875AL/DSL-2877AL Web Management Server index.asp cleartext storage6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.002910.00CVE-2019-15656
13HTTP/2 Window Size resource consumption6.86.7$5k-$25k$0-$5kNot DefinedWorkaround0.096890.02CVE-2019-9511
14nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.083940.04CVE-2018-16843
15D-Link DIR-825 router_info.xml PIN access control6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.003900.00CVE-2019-9126
16D-Link DSL-2770L atbox.htm Credentials credentials management7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.003690.00CVE-2018-18007
17Magento sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.099120.03CVE-2019-7139
18Atlassian JIRA Server/Data Center Jira Importers Plugin injection7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014730.00CVE-2019-15001
19Apache HTTP Server mod_session input validation5.85.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001760.00CVE-2018-1283
20Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.08CVE-2018-1312

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.183.11845.32.183.118.vultrusercontent.comNeutrino Exploit Kit04/01/2022verifiedHigh
278.136.221.141Neutrino Exploit Kit04/06/2022verifiedHigh
3XX.XX.X.XXXxxxxxxx Xxxxxxx Xxx04/01/2022verifiedHigh
4XX.XXX.XXX.Xxxxx-xxxxxxxx-xxxxxx.xxxx.xxxxxx.xxxXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
5XX.XXX.XXX.Xxxx.xxxxxx.xxXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
6XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
7XXX.XX.X.XXXXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh
8XXX.X.XXX.XXxxxxxxx Xxxxxxx Xxx04/01/2022verifiedHigh
9XXX.XXX.XXX.XXxxxxxx-xx.xxxxxx-xxxxx.xxxXxxxxxxx Xxxxxxx Xxx04/06/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/forum/away.phppredictiveHigh
3File/uncpath/predictiveMedium
4Filearch/x86/kernel/paravirt.cpredictiveHigh
5FileArchiveNews.aspxpredictiveHigh
6Fileatbox.htmpredictiveMedium
7Fileblank.phppredictiveMedium
8Filexxx_xxxxxxxx.xxxpredictiveHigh
9Filexxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxx/xxxx/xxxx.xpredictiveHigh
12Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxx_xxxx.xxxpredictiveHigh
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxxx_xxxx.xxxpredictiveHigh
21Filexxxxxx/xxxxxxxxxx.xpredictiveHigh
22Filexxxx.xxxpredictiveMedium
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxx/xxxx/xxxxxxxxx_xxx.xxxpredictiveHigh
25Filexxxxx.xxxpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxx.xpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxx_xxxx.xxxpredictiveHigh
31Filexxxxxx_xxxx.xxxpredictiveHigh
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxxxx/xxxxx.xxpredictiveHigh
34Libraryxxx/xx/xxxxxxx.xxpredictiveHigh
35Libraryxxxxxxxxxxxx.xxxpredictiveHigh
36Argument-x/-xpredictiveLow
37ArgumentxxxxxxxxpredictiveMedium
38Argumentxxxx_xxpredictiveLow
39Argumentxxxxxx_xxpredictiveMedium
40Argumentxxxx_xxxx/xxxxx/xxxxxxpredictiveHigh
41Argumentxxxx_xxxxxxxpredictiveMedium
42ArgumentxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44ArgumentxxxxxxxxxpredictiveMedium
45Argumentxxxxx_xxxx_xxxpredictiveHigh
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxxxxxxpredictiveMedium
48Argumentxxxxxx_xxxxpredictiveMedium
49ArgumentxxxxxxxxxxxxpredictiveMedium
50ArgumentxxxpredictiveLow
51ArgumentxxxpredictiveLow
52ArgumentxxxxpredictiveLow
53Argumentxxxxxxxx/xxxxpredictiveHigh
54Argumentxxxxxxxx_x/xxxxxxxx_xpredictiveHigh
55Argumentxxxx->xxxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!