NOTROBIN Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (23)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn18
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NOTROBIN2
Gafgyt_tor1
Mirai1
RedLine Stealer1
Quasar RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Content Management System10
Not Defined4
Firewall Software2
Smartphone Operating System2
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Subrion4
Google4
Cisco2
Intelliants2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Subrion CMS4
Subrion CMS4
Cisco ASA2
Intelliants Subrion CMS2
Google Android2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Intelliants Subrion CMS Salt Cookie sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.00CVE-2015-4129
2Hibernate-Validator SafeHtml Validator HTML injection5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.002320.02CVE-2019-10219
3Allegro RomPager HTTP POST Request cross-site request forgery5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.09CVE-2024-0522
4CodeCanyon RISE Rise Ultimate Project Manager signin redirect5.65.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000460.03CVE-2024-0545
5Page View Count Plugin REST Endpoint sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040320.08CVE-2022-0434
6Intelliants Subrion CMS ia.core.users.php code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003140.02CVE-2017-5543
7Intelliants Subrion CMS sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001960.00CVE-2017-6013
8Subrion CMS injection6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001120.03CVE-2020-12468
9Subrion CMS blocks.php deserialization6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2020-12469
10Subrion CMS PDO Connection sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002030.00CVE-2020-18155
11Subrion CMS Visual-Mode sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001140.07CVE-2021-41947
12Intelliants Subrion CMS Search search.php sql injection8.58.1$0-$5k$0-$5kNot DefinedOfficial Fix0.018000.00CVE-2017-11444
13SonarQube values missing encryption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.368800.01CVE-2020-27986
14Google Chrome Prompts use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.003630.00CVE-2022-1635
15Google Android ParsedIntentInfo.java ParsedtentInfo deserialization6.56.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-0685
16PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.03CVE-2015-4134
17Allegro RomPager Embedded Web Server rom-0 information disclosure5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.06
18Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
19Oracle E-Business Suite access control5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.005190.03CVE-2018-3167
20Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.04CVE-2014-2120

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
180.240.31.21880.240.31.218.vultrusercontent.comNOTROBIN01/17/2020verifiedHigh
2XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxx01/17/2020verifiedHigh
3XXX.X.X.Xxxxxxxxxx.xxx.xxxXxxxxxxx01/17/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/front/search.phppredictiveHigh
3File/index.php/signinpredictiveHigh
4File/xxx-xpredictiveLow
5Filexxxxx/xxxxxx.xxxpredictiveHigh
6Filexxxxx/xxxxxxxx/predictiveHigh
7Filexxx/xxxxxxxx/xxxxxxpredictiveHigh
8Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxx.xxxpredictiveMedium
10Filexxxxxxxx/xxxxxxx/xx.xxxx.xxxxx.xxxpredictiveHigh
11Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
12Filexxxxxxx/xxx/predictiveMedium
13Filexxxxxxxxx.xxx?xxxxxx=xxxxxxpredictiveHigh
14Argument$_xxxpredictiveLow
15Argumentxxxx_xxxpredictiveMedium
16ArgumentxxxxxpredictiveLow
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxpredictiveLow
19ArgumentxxxxxxxxpredictiveMedium
20Input Valuexxxx://xxxx.xxxpredictiveHigh
21Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!