NetSupport Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (203)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en194
zh6
fr2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us98
cn52
tr2
gb2
ce2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike12
NetSupportManager RAT11
Raccoon9
SideWinder8
RecordBreaker8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined76
Firewall Software12
Router Operating System10
Content Management System8
WordPress Plugin6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined58
Microsoft12
Linksys6
Computrols4
QNAP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

cPanel4
Computrols CBAS4
QNAP QTS4
Microsoft Windows4
asith-eranga ISIC Tour Booking4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.39CVE-2010-0966
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
3Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001120.03CVE-2021-3056
4WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.11CVE-2022-21664
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
6Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
7Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.14CVE-2024-1406
8Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.121490.04CVE-2019-10232
9Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.974340.00CVE-2022-1040
10CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.021070.08CVE-2019-11447
11WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.004320.04CVE-2022-21663
12Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.3$25k-$100k$0-$5kHighOfficial Fix0.070840.05CVE-2022-26923
13QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.015750.03CVE-2017-13067
14OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.29CVE-2016-6210
15Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2019-19795
16Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000870.00CVE-2017-15648
17Simple and Beautiful Shopping Cart System uploadera.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001700.00CVE-2023-1558
18RealNetworks RealServer Port 7070 Service denial of service7.57.3$0-$5k$0-$5kNot DefinedWorkaround0.021160.07CVE-2000-0272
19Microsoft Windows Themes information disclosure5.95.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.001280.04CVE-2024-21320
20Royal Elementor Addons and Templates Plugin unrestricted upload8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.967230.03CVE-2023-5360

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.225.17.53xyftjms.cnNetSupport10/20/2019verifiedHigh
2XXX.XXX.XX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxx10/20/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (94)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/apply.cgipredictiveMedium
3File/netflow/jspui/editProfile.jsppredictiveHigh
4File/php/ping.phppredictiveHigh
5File/rapi/read_urlpredictiveHigh
6File/scripts/unlock_tasks.phppredictiveHigh
7File/SysInfo1.htmpredictiveHigh
8File/sysinfo_json.cgipredictiveHigh
9File/system/user/modules/mod_users/controller.phppredictiveHigh
10File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
11Fileappserv/main.phppredictiveHigh
12Filexxx-xxx/xxxxx_xxx_xxxpredictiveHigh
13Filexxxxxx/xxx.xpredictiveMedium
14Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
15Filexxxxxxxxx.xxx.xxxpredictiveHigh
16Filexxxxx/xxxxx.xxxpredictiveHigh
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxx_xxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxxx.xxxpredictiveMedium
21Filexx/xx-xx.xpredictiveMedium
22Filexxx/xxxx_xxxx.xpredictiveHigh
23Filexxxxxx/xxxxxxxxxxxpredictiveHigh
24Filexxxx_xxxxxx.xpredictiveHigh
25Filexxxx/xxxxxxx.xpredictiveHigh
26Filexxx/xxxxxx.xxxpredictiveHigh
27Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
28Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
29Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
32Filexxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxx/xxx.xxxpredictiveMedium
37Filexxxx_xxxxxxx.xxxpredictiveHigh
38Filexxx%xx.xxxpredictiveMedium
39Filexxxxxx.xpredictiveMedium
40Filexxxx.xxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxx.xxxpredictiveMedium
45Filexxxxx/xxxxx.xxxpredictiveHigh
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxx.xxxpredictiveHigh
49Filexxxx.xpredictiveLow
50FilexxxxxxxxxxpredictiveMedium
51Filexxxxxxx/xxxxx.xxxpredictiveHigh
52ArgumentxxxxxxpredictiveLow
53Argumentxxxxxxx_xxxxpredictiveMedium
54Argumentxxxxxx_xxxxpredictiveMedium
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxpredictiveLow
57ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
58ArgumentxxxxxpredictiveLow
59Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
60Argumentxxxxxx_xxpredictiveMedium
61ArgumentxxxxpredictiveLow
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxxpredictiveLow
64ArgumentxxxxpredictiveLow
65ArgumentxxpredictiveLow
66Argumentxxxxx_xxxxpredictiveMedium
67Argumentxxxxxxxx[xx]predictiveMedium
68ArgumentxxxpredictiveLow
69ArgumentxxxxxxxpredictiveLow
70Argumentxxx_xxxxpredictiveMedium
71Argumentxxxx_xxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73Argumentxxxxxxx/xxxxxpredictiveHigh
74ArgumentxxxxxxxxxxpredictiveMedium
75Argumentxxxxxx_xxxpredictiveMedium
76Argumentxxxx_xxpredictiveLow
77Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
78ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
79Argumentxxxx_xxpredictiveLow
80ArgumentxxxpredictiveLow
81ArgumentxxxxpredictiveLow
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxxxx/xx/xxxx/xxxpredictiveHigh
85Input Value.%xx.../.%xx.../predictiveHigh
86Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
87Input Valuexxxxxxx -xxxpredictiveMedium
88Input ValuexxxxxxxxxxpredictiveMedium
89Network PortxxxxpredictiveLow
90Network PortxxxxpredictiveLow
91Network Portxxxx xxxxpredictiveMedium
92Network Portxxx/xxxpredictiveLow
93Network Portxxx/xxxpredictiveLow
94Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!