NetTraveler Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (148)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en138
it4
es2
zh2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us114
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NetTraveler5
Emotet1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined42
Router Operating System10
Content Management System6
Web Server4
Web Browser4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Microsoft8
Juniper4
GNU4
AIRTAME2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Juniper Junos4
WordPress4
Microsoft Windows4
AIRTAME HDMI Dongle2
Itech Dating Script2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.84CVE-2010-0966
3Moxa IKS/EDS cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2019-6565
4PHP Template Store Script Profile cross site scripting4.44.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.00CVE-2018-14869
5WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
6ImageMagick pcd.c DecodeImage resource management6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005650.00CVE-2019-7175
7Gurunavi App SSL Certificate Validator certificate validation5.75.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001100.00CVE-2015-7778
8Quizlord Plugin admin.php Stored cross site scripting4.44.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001050.00CVE-2018-17140
9Microsoft Visual Studio input validation7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.061100.03CVE-2018-8172
10Juniper Junos Sun/MS-RPC ALG resource consumption6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001050.00CVE-2017-10608
11lshell access control8.18.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003480.01CVE-2016-6902
12jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
13D-Link DIR-878 HTTP Header strncpy memory corruption8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.005810.00CVE-2019-9125
14FSB Dequeen Mobile Banking App X.509 Certificate certificate validation5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000770.03CVE-2017-9566
15Intel McAfee ePolicy Orchestrator sql injection7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.624460.00CVE-2016-8027
16Intel McAfee ePolicy Orchestrator Apache Commons Collections Library deserialization8.37.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001980.00CVE-2015-8765
17Icewarp Server cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002750.00CVE-2018-16324
18Huawei Smarthome Encryption Key Stored information disclosure6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001070.02CVE-2017-2704
19ImageMagick dib.c WriteDIBImage out-of-bounds write7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004440.00CVE-2018-12600
20KDE Plasma Workspace Notifications notificationsengine.cpp IP Address information disclosure4.84.7$0-$5k$0-$5kNot DefinedOfficial Fix0.005280.00CVE-2018-6790

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
161.178.77.111NetTraveler03/27/2022verifiedHigh
267.198.140.14867.198.140.148.static.krypt.comNetTraveler03/27/2022verifiedHigh
396.44.179.2696.44.179.26.static.quadranet.comNetTraveler03/27/2022verifiedHigh
496.46.4.23796-46-4-237.res.trstrm.netNetTraveler03/27/2022verifiedHigh
5XX.XXX.XXX.XXxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxxxxxx03/27/2022verifiedHigh
6XXX.XX.XXX.XXXxxxxxxxxxx03/27/2022verifiedHigh
7XXX.XXX.XX.XXXXxxxxxxxxxx03/27/2022verifiedHigh
8XXX.XX.XXX.XXXxxxxxxxxxx03/27/2022verifiedHigh
9XXX.XX.XX.XXXXxxxxxxxxxx01/01/2021verifiedHigh
10XXX.XXX.XX.XXXXxxxxxxxxxx03/27/2022verifiedHigh
11XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxxxxxx03/27/2022verifiedHigh
12XXX.X.XX.XXxxxxxxxxxx03/27/2022verifiedHigh
13XXX.XX.XX.XXXxxxxxxxxxx03/27/2022verifiedHigh
14XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxx03/27/2022verifiedHigh
15XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxx.xxxx.xxxXxxxxxxxxxx03/27/2022verifiedHigh
16XXX.XXX.XXX.XXXxxxxxxxxxx03/27/2022verifiedHigh
17XXX.XXX.X.XXXxxx-xxx-x-xxx.xx.xxxxxxxxxxx.xxXxxxxxxxxxx03/27/2022verifiedHigh
18XXX.XX.XX.XXXxxxxxxxxxx01/01/2021verifiedHigh
19XXX.XX.XXX.XXXxxxxxxxxxx03/27/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
8TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (71)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bin/login.phppredictiveHigh
2File/see_more_details.phppredictiveHigh
3File/start-stoppredictiveMedium
4File/uncpath/predictiveMedium
5File/webmail/predictiveMedium
6Fileaddentry.phppredictiveMedium
7Fileadmin.remository.phppredictiveHigh
8Fileadmin/index.phppredictiveHigh
9Fileapply.cgipredictiveMedium
10Filexxx\xxxxxxx\xxxxxx_xxxxxxxx.xxxpredictiveHigh
11Filexxxxx-xxx.xpredictiveMedium
12Filexx_xxxx.xxxpredictiveMedium
13Filexxxxxx/xxx.xpredictiveMedium
14Filexxxxxx/xxx.xpredictiveMedium
15Filexxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
16Filexxxxxxx_xx.xxxpredictiveHigh
17Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx/xxxxxxx.xxpredictiveHigh
20Filexxxxxx.xxxpredictiveMedium
21Filexxxx/xxxxxxxxxx/xxxxxx-xxxx.xpredictiveHigh
22Filexxx/xxxx/xxxx.xpredictiveHigh
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxx.xxxpredictiveMedium
25Filexxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxxxx.xxxpredictiveHigh
27Filexxx/xxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
30Filexxxxxxxxx.xxpredictiveMedium
31Filexxxxxx/xxxx.xpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxx.xpredictiveMedium
34Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
35Filexxxx_xxxxxxxx.xxxpredictiveHigh
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxxxxxxx.xxx/xxxxxxx.xxxpredictiveHigh
38Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxxx/xxxxxxxxxx.xpredictiveHigh
40Filexxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexx/xxx.xpredictiveMedium
42Filexxxx.xxxpredictiveMedium
43Filexxxx-xxx.xxxpredictiveMedium
44Filexxxx-xxx.xxx xxxxxxpredictiveHigh
45Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxxx.xxxpredictiveHigh
46Filexx-xxxxx/xxxxx.xxxpredictiveHigh
47Filexx-xxxxxxxxx.xxxpredictiveHigh
48Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
49Libraryxxxxxx.xxxpredictiveMedium
50Argumentxxxxxxx xxxx x/xxxxxxx xxxx x/xxxx xxxx/x/x xxxxxx xxxxpredictiveHigh
51ArgumentxxxxxxxxpredictiveMedium
52Argumentxxxxxxxxx/xxxxpredictiveHigh
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxxxxpredictiveMedium
55Argumentxxxx_xxxxpredictiveMedium
56ArgumentxxpredictiveLow
57ArgumentxxxxxxxxxpredictiveMedium
58ArgumentxxxxxpredictiveLow
59Argumentxxxx_xxpredictiveLow
60Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
61ArgumentxxxxpredictiveLow
62ArgumentxxxxxxxxxpredictiveMedium
63Argumentxxxxxx_xxxpredictiveMedium
64Argumentxxxxxxxxx/xxxpredictiveHigh
65ArgumentxxxxpredictiveLow
66ArgumentxxxpredictiveLow
67ArgumentxxxxxxxxxxpredictiveMedium
68Argumentxx_xxpredictiveLow
69ArgumentxxxxxpredictiveLow
70ArgumentxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!