Necurs Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (41)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	34
fr	2
jp	2
sv	2
it	2

Country

us	36
gb	2
fr	2

Actors

Necurs	3

Activities

Interest

Timeline

Type

Not Defined	8
Firewall Software	4
E-Commerce Management Software	2
Content Management System	2
Programming Language Software	2

Vendor

Not Defined	6
ShopStoreNow	2
WoltLab	2
PHP Arena	2
Cisco	2

Product

ShopStoreNow E-commerce Shopping Cart	2
WoltLab Burning Book	2
PHP Arena paBugs	2
Cisco ASA	2
Pixelpost	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Calculating	High	Workaround	0.02016	0.00	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.53	CVE-2010-0966
3	Joomla CMS Login sql injection	9.8	9.8	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00201	0.00	CVE-2006-1047
4	WPFront Scroll Top Plugin Image cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00058	0.00	CVE-2021-24564
5	Francisco Burzi PHP-Nuke Addressbook addressbook.php path traversal	7.3	7.1	$25k-$100k	$0-$5k	Functional	Unavailable	0.04741	0.00	CVE-2007-1720
6	Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation	8.3	7.3	$100k and more	$5k-$25k	Unproven	Official Fix	0.00046	0.05	CVE-2021-31969
7	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	3.12
8	Maran PHP Shop prod.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00137	0.04	CVE-2008-4879
9	DUware DUpaypal detail.asp sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00421	0.02	CVE-2006-6365
10	PHP Arena paBugs MySQL class.mysql.php file inclusion	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.07369	0.02	CVE-2006-5079
11	ShopStoreNow E-commerce Shopping Cart orange.asp sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00811	0.00	CVE-2007-0142
12	Motorola SBG6580 Web Access login denial of service	7.5	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.00
13	Pixelpost cross-site request forgery	7.0	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01098	0.02	CVE-2010-3305
14	Check Point VPN-1 UTM Edge Administrator Account WizU.html cross-site request forgery	8.8	8.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01310	0.00	CVE-2007-3489
15	Qualcomm Snapdragon Automobile Register access control	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2017-11004
16	WoltLab Burning Book addentry.php sql injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.00	CVE-2006-5509
17	OpenBB read.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00248	0.04	CVE-2005-1612
18	lshell access control	8.1	8.1	$0-$5k	Calculating	Not Defined	Official Fix	0.00348	0.01	CVE-2016-6902
19	Wesley Destailleur forum todooforum.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00195	0.00	CVE-2013-3538
20	GetSimpleCMS index.php redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00123	0.00	CVE-2019-9915

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	40.121.206.97		Necurs	06/13/2021	verified	High
2	62.212.154.98	ns1.crossdns.com	Necurs	04/01/2022	verified	High
3	64.47.209.23		Necurs	06/13/2021	verified	High
4	64.63.188.85		Necurs	06/13/2021	verified	High
5	64.231.250.149	bas3-toronto12-64-231-250-149.dsl.bell.ca	Necurs	06/13/2021	verified	High
6	XX.XX.XX.XX	xxxxxxxx-xxxxxx.xx.xxx	Xxxxxx	06/13/2021	verified	High
7	XX.XXX.XXX.XXX		Xxxxxx	06/13/2021	verified	High
8	XX.X.XX.XXX		Xxxxxx	06/13/2021	verified	High
9	XX.XX.XXX.XXX	xxxxxxxx.xxxxxxxxxxxxx.xxxx	Xxxxxx	04/01/2022	verified	High
10	XX.XXX.XXX.XX		Xxxxxx	06/13/2021	verified	High
11	XX.XXX.XX.XX	xxxxxxxxxxxxxxxxxxxxxx.xxx	Xxxxxx	04/01/2022	verified	High
12	XX.XXX.XXX.XX	xxx-xxxxxxxx.xxx.xxxxxxxxx.xxx	Xxxxxx	06/13/2021	verified	High
13	XX.XX.XXX.XXX	xxx-xx-xxx-xxx.xxx.xxxxxxxxxxxx.xxx	Xxxxxx	06/13/2021	verified	High
14	XX.XX.XXX.XXX		Xxxxxx	06/13/2021	verified	High
15	XX.XX.XXX.XXX	xxxx-xx-xx-xxx-xxx.xxxxx.xxxx.xxxxxxx.xxx	Xxxxxx	06/13/2021	verified	High
16	XX.XX.XX.XXX	xxxx.xxxxxxxxxxxxxx-xxxxx.xx.xx.xxx	Xxxxxx	06/13/2021	verified	High
17	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xxx.xxxxx.xxx	Xxxxxx	04/01/2022	verified	High
18	XX.XXX.XX.XXX	xxxxx.xxxxxxxxx.xxx	Xxxxxx	04/01/2022	verified	High
19	XX.XXX.XX.XXX	xxxxx.xx-xx-xxx-xx.xx	Xxxxxx	04/06/2022	verified	High
20	XX.XXX.XXX.XX	xxxxx-xxxxxxxxxxx.xxx	Xxxxxx	04/01/2022	verified	High
21	XX.XXX.XXX.XXX	xxxxx-xxxxxxxxxxx.xxx	Xxxxxx	04/08/2022	verified	High
22	XXX.XXX.XX.XXX		Xxxxxx	04/06/2022	verified	High
23	XXX.XXX.XXX.XX	xxxxxxxxxx.xxx.xxx-xxxxxx.xxx.xx	Xxxxxx	04/01/2022	verified	High
24	XXX.XXX.XXX.XX		Xxxxxx	04/01/2022	verified	High
25	XXX.XXX.XXX.XXX	xxxxx.xx-xxx-xxx-xxx.xx	Xxxxxx	04/06/2022	verified	High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/forum/away.php	predictive	High
2	File	/goform/login	predictive	High
3	File	addentry.php	predictive	Medium
4	File	addressbook.php	predictive	High
5	File	xxxxx/xxxxx.xxx	predictive	High
6	File	xxxxx.xxxxx.xxx	predictive	High
7	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
8	File	xxxxxx.xxx	predictive	Medium
9	File	xxxxxx.xxx	predictive	Medium
10	File	xxx/xxxxxx.xxx	predictive	High
11	File	xxx/xxxx/xxxx_xxxxxxxxxx_xxxx.x	predictive	High
12	File	xxxxxx.xxx	predictive	Medium
13	File	xxx/xxxx.xxxx	predictive	High
14	File	xxxx.xxx	predictive	Medium
15	File	xxxx.xxx	predictive	Medium
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxx	predictive	High
18	File	xxxx_xxxxxxxx.xxx	predictive	High
19	File	xxxxxxxxxx.xxx	predictive	High
20	Argument	xxxxxxxx	predictive	Medium
21	Argument	xxx	predictive	Low
22	Argument	xxxxx	predictive	Low
23	Argument	xxxxxxxx	predictive	Medium
24	Argument	xx	predictive	Low
25	Argument	xxxx	predictive	Low
26	Argument	xxxxxx_xxxx	predictive	Medium
27	Argument	xxxx_xx_xx_xxx	predictive	High
28	Argument	xx	predictive	Low
29	Argument	xxxxxxxx	predictive	Medium
30	Argument	xxxxxxxx	predictive	Medium
31	Argument	xxx	predictive	Low
32	Network Port	xxx xxxxxx xxxx	predictive	High

References (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!