Ngoiweb Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (134)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en112
fr12
zh4
de2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

gb60
us46
cn2
it2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Ngoiweb11
TA5052
APT282
APT291
Ammyy (SettingContent-MS)1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined62
Operating System10
WordPress Plugin8
Content Management System6
Programming Language Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined42
Linux6
Microsoft6
Oracle6
Totolink6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel6
PHP4
WordPress4
Microsoft Windows4
Zoom Desktop Client2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.04CVE-2007-1287
2Linux Kernel IPsec nfp_cppcore.c area_cache_get use after free6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.05CVE-2022-3545
3e-Quick Cart shoptellafriend.asp cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.04
4Anserv PHP LOW BIDS viewfaqs.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.000870.04CVE-2011-0646
5Adobe Dreamweaver untrusted search path5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000570.04CVE-2021-21055
6Linux Kernel Bluetooth l2cap_core.c l2cap_reassemble_sdu use after free6.36.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.09CVE-2022-3564
7Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002510.04CVE-2013-5033
8X.org Server xkb.c _GetCountedString buffer overflow6.96.9$0-$5k$0-$5kNot DefinedOfficial Fix0.005230.05CVE-2022-3550
9LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000004.01
10Google Chrome Animation use after free6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.070580.07CVE-2022-0609
11DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.97CVE-2010-0966
12WSO2 API Manager File Upload unrestricted upload9.89.8$0-$5k$0-$5kHighNot Defined0.973110.04CVE-2022-29464
13Keysight IXIA Hawkeye licenses cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000830.04CVE-2023-1860
14Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-1783
15Google Chrome Index DB use after free6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002380.00CVE-2022-1853
16Totolink T6 HTTP POST Request main buffer overflow9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000790.04CVE-2023-7221
17Zoom Desktop Client/VDI Client/Meeting SDK/Rooms Client Zoom Meeting input validation7.97.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-24691
18Fortinet FortiSIEM API Request os command injection9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.04CVE-2024-23108
19PHPmybibli cart.php code injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.053940.05CVE-2006-5402
20PHPGurukul Dairy Farm Shop Management System add-category.php sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.03CVE-2024-0355

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.125.125.5Ngoiweb06/23/2019verifiedHigh
25.135.35.160ip160.ip-5-135-35.euNgoiweb06/23/2019verifiedHigh
35.135.58.119u.competitionhumourumbrella.cityNgoiweb06/23/2019verifiedHigh
45.135.58.121760.impulseratecloud.storeNgoiweb06/23/2019verifiedHigh
55.135.58.12395p0.impulseratecloud.storeNgoiweb06/23/2019verifiedHigh
65.135.58.124pwtu32k.groupsensefixed.meNgoiweb06/23/2019verifiedHigh
75.196.194.209ip209.ip-5-196-194.euNgoiweb06/23/2019verifiedHigh
8XX.XX.XX.XXXxxxxxx.xxxxxxxxxxxx.xxxXxxxxxx06/23/2019verifiedHigh
9XX.XXX.XXX.XXxxxxxxxxxxxxx.xxxxxxx.xxxx.xxxx.xx.xxXxxxxxx06/23/2019verifiedHigh
10XX.XX.XXX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxxx06/23/2019verifiedHigh
11XX.XXX.XX.XXxxxx.xx-xx-xxx-xx.xxXxxxxxx06/23/2019verifiedHigh
12XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxx06/23/2019verifiedHigh
13XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxx06/23/2019verifiedHigh
14XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxx06/23/2019verifiedHigh
15XX.XX.XXX.XXxxxx.xx-xx-xx-xxx.xxXxxxxxx06/23/2019verifiedHigh
16XX.XX.XX.XXxxxxxx.xxxxxx.xxxXxxxxxx06/23/2019verifiedHigh
17XX.XX.XXX.XXxxxxxx.xx.xxx.xx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx06/23/2019verifiedHigh
18XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxxx06/23/2019verifiedHigh
19XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxxxx06/23/2019verifiedHigh
20XX.XXX.XXX.XXxxx.xxxxx.xxxxXxxxxxx06/23/2019verifiedHigh
21XX.XXX.XXX.XXxxxx.xx-xx-xxx-xxx.xxXxxxxxx06/23/2019verifiedHigh
22XXX.XXX.XXX.XXXXxxxxxx06/23/2019verifiedHigh
23XXX.XXX.XXX.XXXxxxxxxx-xxx.xxxxxxxxxxx.xxxXxxxxxx06/23/2019verifiedHigh
24XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxxxxxxxxxxx.xxXxxxxxx06/23/2019verifiedHigh
25XXX.XXX.XXX.XXXxxx.xx.xxxxxxxxxx.xxxXxxxxxx06/23/2019verifiedHigh
26XXX.XX.XXX.XXXxxxxx.xxxxx.xxxXxxxxxx06/23/2019verifiedHigh
27XXX.XX.XXX.XXXxxxxx.xxxxxxxxx.xxxXxxxxxx06/23/2019verifiedHigh
28XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxxx06/23/2019verifiedHigh
29XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxXxxxxxx06/23/2019verifiedHigh
30XXX.XXX.XXX.XXxxxxxxxxxx.xxxxXxxxxxx06/23/2019verifiedHigh
31XXX.XXX.X.XXXxxxxx.xx-xxx-xxx-x.xxXxxxxxx06/23/2019verifiedHigh
32XXX.XXX.XXX.XXxxxx.xx-xxx-xxx-xxx.xxXxxxxxx06/23/2019verifiedHigh
33XXX.XX.XX.XXXxxxxx.xx-xxx-xx-xx.xxXxxxxxx06/23/2019verifiedHigh
34XXX.XXX.XXX.XXxxxxxx.xxxxxxxxx.xxxXxxxxxx06/23/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/apply/index.phppredictiveHigh
2File/catcompany.phppredictiveHigh
3File/cgi-bin/adm.cgipredictiveHigh
4File/cgi-bin/cstecgi.cgipredictiveHigh
5File/cgi-bin/cstecgi.cgi?action=loginpredictiveHigh
6File/eclime/manufacturers.phppredictiveHigh
7File/forum/away.phppredictiveHigh
8File/include/file.phppredictiveHigh
9File/licensespredictiveMedium
10File/LoginpredictiveLow
11File/xxxxxxx/predictiveMedium
12File/xxx/xxx/xxxxxxpredictiveHigh
13Filexxx-xxxxxxxx.xxxpredictiveHigh
14Filexxxxx/xxx/xxxx.xxx.xxxpredictiveHigh
15Filexxxxxxxxx.xxxpredictiveHigh
16Filexxxx_xxxxxxx.xxxpredictiveHigh
17Filexxxx_xxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxx.xxxpredictiveHigh
19Filexxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxxxxx/xxxx-xxx-xxxx/xxxxxx/xxxxx/xxx/xxxx/xxxxxx.xxxpredictiveHigh
21Filexxxxxxx.xxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxx_xxxxxxxxx.xxxpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexxxxx.xxxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxx/xxxx/xxxx.xpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxx.xxx?xxx=xxxx&xxxxxx=xxxxxxxxxpredictiveHigh
34Filexxxx.xpredictiveLow
35Filexxx/xxxxxx.xxxpredictiveHigh
36Filexxxxx.xxpredictiveMedium
37Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxx/xxxxxxxxx/xxxxx_xxxx.xpredictiveHigh
41Filexxx-xxx.xxxx.xxpredictiveHigh
42Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
43Filexxxx_xxx_xx.xpredictiveHigh
44Filexxxxxx.xxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxx/xxxxxxx/xxxxx/xxxxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxx/xxx.xpredictiveMedium
50Filexx/xxx.xxxpredictiveMedium
51ArgumentxxxxxxxxxpredictiveMedium
52ArgumentxxxxpredictiveLow
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxxxxxpredictiveMedium
55ArgumentxxxxxxxxxxxxxpredictiveHigh
56ArgumentxxxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxpredictiveMedium
59ArgumentxxxxxxpredictiveLow
60ArgumentxxxxxxpredictiveLow
61ArgumentxxxxxxxxpredictiveMedium
62Argumentxxxx_xxxxxxxxpredictiveHigh
63ArgumentxxxxxpredictiveLow
64ArgumentxxxxpredictiveLow
65ArgumentxxxxxpredictiveLow
66ArgumentxxxxxpredictiveLow
67Argumentxxxx_xxxxpredictiveMedium
68ArgumentxxpredictiveLow
69Argumentxxxxxxx_xxxxpredictiveMedium
70ArgumentxxxxpredictiveLow
71Argumentxxxxxxxxxxxxx_xxpredictiveHigh
72ArgumentxxxxxxpredictiveLow
73ArgumentxxpredictiveLow
74Argumentxx_xxpredictiveLow
75ArgumentxxxxpredictiveLow
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxxxxpredictiveLow
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxxxpredictiveLow
81ArgumentxxxxpredictiveLow
82Argumentxxxxxxxxxxx/xxxxxxxxxpredictiveHigh
83ArgumentxxxpredictiveLow
84ArgumentxxxxpredictiveLow
85ArgumentxxxpredictiveLow
86ArgumentxxxxpredictiveLow
87Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh
88Input Valuexxxxx%'/**/xxx/**/(xxxxxx/**/xxxx/**/xxxx/**/(xxxxxx(xxxxx(x)))xxxx)/**/xxx/**/'xxxx%'='xxxxpredictiveHigh
89Input Valuexxxxx"><xxxxxx>xxxxx(%xxxxxxxxxxxx%xx)</xxxxxx>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!