Necro Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (183)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en172
de4
ru4
es2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us46
ru8
pl4
ch2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Necro11
Mirai2
AsyncRAT2
Ave Maria2
Azorult2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined96
WordPress Plugin12
Content Management System6
Application Server Software6
Programming Language Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined56
Microsoft6
Itech6
Solare4
Axios Italia4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cryptocat14
Solare Solar-Log4
Axios Italia Axios RE4
CoreHR Core Portal4
ISS BlackICE PC Protection4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Symantec Endpoint Protection Manager Management Console secars.dll memory corruption9.68.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.009970.00CVE-2013-1612
2OpenSSH Key Exchange Initialization kex_input_kexinit resource management7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.783510.01CVE-2016-8858
3FileZilla Server PORT confused deputy4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.06CVE-2015-10003
4vsftpd deny_file unknown vulnerability3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.09CVE-2015-1419
5Sun Solaris Authentication improper authentication9.89.6$5k-$25k$0-$5kHighWorkaround0.012970.00CVE-1999-0502
6Oracle PeopleSoft Enterprise PeopleTools Rich Text Editor access control6.16.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003220.00CVE-2018-3132
7WordPress URL server-side request forgery8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015300.04CVE-2019-17669
8Moodle sql injection7.17.1$5k-$25k$5k-$25kNot DefinedNot Defined0.001710.04CVE-2023-28329
9BrotherScripts Business Directory articlesdetails.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.05CVE-2010-4969
10SourceCodester Medical Hub Directory Site view_details.php sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.001900.00CVE-2022-28533
11pdfkit URL command injection8.18.1$0-$5k$0-$5kNot DefinedNot Defined0.386670.00CVE-2022-25765
12nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.88CVE-2020-12440
13D-Link Router alpha_auth_check access control9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.018080.00CVE-2013-6026
14OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
15package nested-object-assign Prototype code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001010.00CVE-2021-23329
16Backdoor.Win32.Anaptix.bd permission6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
17Apple Safari WebRTC memory corruption6.36.0$5k-$25k$5k-$25kHighOfficial Fix0.011520.00CVE-2022-2294
18ISS BlackICE PC Protection Cross Site Scripting Detection privileges management5.34.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.001860.15CVE-2003-5001
19ISS BlackICE PC Protection Update cross site scripting5.04.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000670.06CVE-2003-5003
20ISS BlackICE PC Protection Update cleartext transmission3.73.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.09CVE-2003-5002

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.145.185.83Necro02/11/2022verifiedHigh
245.145.185.229Necro02/11/2022verifiedHigh
352.3.115.71ec2-52-3-115-71.compute-1.amazonaws.comNecro02/11/2022verifiedMedium
454.161.239.214ec2-54-161-239-214.compute-1.amazonaws.comNecro02/11/2022verifiedMedium
5XX.XXX.XXX.XXXXxxxx02/11/2022verifiedHigh
6XX.XXX.XX.XXXxxxx02/11/2022verifiedHigh
7XX.XXX.XX.XXxxxxxx.xx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxx02/11/2022verifiedHigh
8XXX.XXX.XXX.XXXxxxx02/11/2022verifiedHigh
9XXX.XXX.XXX.XXXxxxx02/11/2022verifiedHigh
10XXX.XX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxx02/11/2022verifiedHigh
11XXX.XXX.XXX.XXxxx.xxx.xxXxxxx02/11/2022verifiedHigh
12XXX.XX.XX.XXxxxx.xxxxxx.xxXxxxx02/11/2022verifiedHigh
13XXX.XX.XXX.XXXxxxx02/11/2022verifiedHigh
14XXX.XXX.XX.XXXXxxxx02/11/2022verifiedHigh
15XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xxxXxxxx02/11/2022verifiedMedium
16XXX.XXX.XXX.XXXXxxxx02/11/2022verifiedHigh
17XXX.X.XXX.XXXXxxxx02/11/2022verifiedHigh
18XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxx.xxxxxxxxxxxxx.xxx.xxXxxxx02/11/2022verifiedHigh
19XXX.XX.XX.XXxxxxxxxxxxxxxx.xxxxxxx.xxxxXxxxx02/11/2022verifiedHigh
20XXX.XXX.XXX.XXXXxxxx02/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (93)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adminpredictiveLow
2File/admin/conferences/get-all-status/predictiveHigh
3File/admin/conferences/list/predictiveHigh
4File/admin/countrymanagement.phppredictiveHigh
5File/admin/general/change-langpredictiveHigh
6File/admin/group/list/predictiveHigh
7File/admin/renewaldue.phppredictiveHigh
8File/admin/usermanagement.phppredictiveHigh
9File/artist-display.phppredictiveHigh
10File/backups/predictiveMedium
11File/catcompany.phppredictiveHigh
12File/xxx-xxx/xxxxxxxxxxxxpredictiveHigh
13File/xxxx-xxxxxx.xxxpredictiveHigh
14File/xxxxx/xxxxxxxx-xxxxxxx.xxxpredictiveHigh
15File/xxxxxxxxx.xxxpredictiveHigh
16File/xxxx/xxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
17File/xxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
18File/xxxxx.xxxpredictiveMedium
19File/xxxx-xxxxxx-xxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
20File/xxxxxxxxx/xxxxx.xxxpredictiveHigh
21File/xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
22File/xxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
23File/xxx/xxxx/_xxxxxxxx/xxxxxxxxxxxxx.xxx.xxxpredictiveHigh
24File/xxxxxx/xxxx.xxxpredictiveHigh
25File/xxxxxxx/?/xxxxx/xxxx/xxxpredictiveHigh
26Filexxxxx/xxx/xxxxxxxxxxxxpredictiveHigh
27Filexxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxxpredictiveHigh
30Filexxxxxxxxx.xpredictiveMedium
31Filexxxx.xxxpredictiveMedium
32Filex:\predictiveLow
33Filexxx-xxx/xxx/xxxxxxxx_xxx.xxxpredictiveHigh
34Filexxxxxxx.xxxpredictiveMedium
35Filexxxxxxxxx.xxpredictiveMedium
36Filexxx_xxxxxx_xxxx_xxxxxx.xpredictiveHigh
37Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexx-xxx-xxxxxxxxx.xpredictiveHigh
40Filexxxx_xxxx.xxxpredictiveHigh
41Filexx/xxxx.xxxpredictiveMedium
42Filexxx/xxxxxx/xx_xxxxxx.xpredictiveHigh
43Filexxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxxxx.xxxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxx.xxpredictiveMedium
48Filexxxx/xxx-xxx.xxxpredictiveHigh
49Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
50Filexxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxx/xxxxx/xxxxx.xxxxpredictiveHigh
52Filexx-xxxxx/xxxxx.xxxpredictiveHigh
53Filexxxxx.xpredictiveLow
54Libraryxxxxxxxxxxx.xxxpredictiveHigh
55Libraryxxxxxx.xxxpredictiveMedium
56Argument--xx xxxpredictiveMedium
57ArgumentxxxpredictiveLow
58ArgumentxxpredictiveLow
59Argumentxxxxxxx_xxxxx_xxpredictiveHigh
60Argumentxxxx_xxpredictiveLow
61Argumentxxxxxxxxxxxx/xxxxxxxpredictiveHigh
62ArgumentxxxxpredictiveLow
63ArgumentxxxxxpredictiveLow
64ArgumentxxxxxxpredictiveLow
65Argumentxxxx/xxxxxx/xxxpredictiveHigh
66ArgumentxxpredictiveLow
67Argumentxxxx[]predictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70Argumentxxxxx_xx/xxxxxpredictiveHigh
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxpredictiveLow
73Argumentxxxxxxxx_xxxpredictiveMedium
74Argumentxxxxxxxx_xxxpredictiveMedium
75ArgumentxxxxxxpredictiveLow
76ArgumentxxxxxxpredictiveLow
77ArgumentxxxpredictiveLow
78ArgumentxxxpredictiveLow
79ArgumentxxxxxpredictiveLow
80Argumentxxxxxx_xxxpredictiveMedium
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxx_xxxxxpredictiveMedium
83Argument_xpredictiveLow
84Input Value/'-xxxxx(xxxxxxxx.xxxxxx)-'x/x/x/predictiveHigh
85Input Valuex' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
86Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
87Input ValuexxxxxxxxxxxxxxxxpredictiveHigh
88Input Value</xxxxx><xxx xxx=xx xxxxxxx=xxxxx(x)>predictiveHigh
89Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
90Input Valuexxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x)predictiveHigh
91Input ValuexxxxxxxxpredictiveMedium
92Input Valuexxxxxx_xxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
93Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!