ioc[.]one - OSINT Cyber Threat Intelligence Database

Ngioweb Remains Active 7 Years Later

Tags

cmtmf-attack-pattern:	Exploit Public-Facing Application Resource Hijacking
country:	Australia Canada India Japan Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Botnet - T1583.005 Botnet - T1584.005 Create Or Modify System Process - T1543 Disable Or Modify Tools - T1562.001 Disable Or Modify Tools - T1629.003 Dns - T1071.004 Dns - T1590.002 Domain Generation Algorithms (Dga) - T1323 Domains - T1583.001 Domains - T1584.001 Drive-By Compromise - T1456 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 File And Directory Permissions Modification - T1222 Hardware - T1592.001 Impair Defenses - T1562 Impair Defenses - T1629 Launch Agent - T1543.001 Linux And Mac File And Directory Permissions Modification - T1222.002 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Resource Hijacking - T1496 Server - T1583.004 Server - T1584.004 Software - T1592.002 System Checks - T1633.001 System Checks - T1497.001 Virtualization/Sandbox Evasion - T1497 Vulnerabilities - T1588.006 Virtualization/Sandbox Evasion - T1633 Connection Proxy - T1090 Deobfuscate/Decode Files Or Information - T1140 Drive-By Compromise - T1189 Exploit Public-Facing Application - T1190 Exploitation Of Remote Services - T1210 Launch Agent - T1159 System Information Discovery - T1082 Drive-By Compromise Exploit Public-Facing Application

Show in Graph

Common Information

Type	Value
UUID	ba145e61-4d7f-439c-845b-0c0159dcc38a
Fingerprint	b6f41a1b8925f7e3
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 1, 2024, 9:25 p.m.
Added to db	Nov. 1, 2024, 11:13 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Ngioweb Remains Active 7 Years Later
Title	Ngioweb Remains Active 7 Years Later
Detected Hints/Tags/Attributes	125/4/43

Source URLs

	Redirection	Url
Details	Source	https://malware.news/t/ngioweb-remains-active-7-years-later/88061

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	12	cve-2019-7256
Details	CVE	4	cve-2023-28769
Details	CVE	5	cve-2023-28770
Details	CVE	3	cve-2022-45440
Details	Domain	8	www.zyxel.com
Details	Domain	141	research.checkpoint.com
Details	Domain	38	blog.netlab.360.com
Details	Domain	604	www.trendmicro.com
Details	Domain	19	cybersecurity.att.com
Details	File	218	min.js
Details	File	7	request.js
Details	File	3	piwik.js
Details	File	2	pendo.js
Details	File	2	card_scan_decoder.php
Details	File	2	00-06-card_scan_decoder.php
Details	File	2	-command-injection.html
Details	File	6	router-roulette.html
Details	md5	2	53009eb13c9beacd2d3437d61a4ab262
Details	sha256	3	be285b77211d1a33b7ae1665623a9526f58219e20a685b6548bc2d8e857b6b44
Details	IPv4	3	154.7.253.113
Details	IPv4	3	216.107.139.52
Details	MITRE ATT&CK Techniques	109	T1210
Details	MITRE ATT&CK Techniques	183	T1189
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	122	T1543
Details	MITRE ATT&CK Techniques	10	T1543.001
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	238	T1497
Details	MITRE ATT&CK Techniques	97	T1497.001
Details	MITRE ATT&CK Techniques	265	T1222
Details	MITRE ATT&CK Techniques	35	T1222.002
Details	MITRE ATT&CK Techniques	235	T1562
Details	MITRE ATT&CK Techniques	298	T1562.001
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	152	T1090
Details	MITRE ATT&CK Techniques	107	T1496
Details	Url	2	https://www.zyxel.com/service-provider/emea/en/zyxel-security-advisory-multiple-vulnerabilities.
Details	Url	2	https://research.checkpoint.com/2018/ramnits-network-proxy-servers
Details	Url	2	https://blog.netlab.360.com/an-analysis-of-linux-ngioweb-botnet-en
Details	Url	2	https://blog.netlab.360.com/linux-ngioweb-v2-going-after-iot-devices-en
Details	Url	3	https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian
Details	Url	5	https://www.trendmicro.com/en_us/research/24/e/router-roulette.html
Details	Url	1	https://cybersecurity.att.com/blogs/labs-research/ngioweb-remains-active-7-years-later