AZORult and NanoCore Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (12)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	6
ja	4
de	2

Country

US: USA	10
DE: Germany	2

Actors

Nanocore RAT	2
AZORult and NanoCore	1
FIN12	1
Feodo	1
Cobalt Strike	1

Activities

Interest

Timeline

Type

Operating System	4
Not Defined	4
Chip Software	2

Vendor

Microsoft	4
Not Defined	2
Business-DNA Solutions	2
Qualcomm	2

Product

Microsoft Windows	4
OpenResty	2
Business-DNA Solutions TopEase Platform	2
Qualcomm Snapdragon Auto	2
Qualcomm Snapdragon Connectivity	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	jforum username User input validation	5.3	5.3	$0-$5k	$0-$5k	Not defined	Not defined		0.00443	0.02	CVE-2019-7550
2	PHP Scripts Mall Entrepreneur Job Portal Script Category Name categories_industry.php cross site scripting	4.1	4.1	$0-$5k	$0-$5k	Not defined	Not defined		0.00235	0.02	CVE-2018-7469
3	Microsoft Windows Win32k out-of-bounds write	7.2	7.0	$25k-$100k	$0-$5k	Attacked	Official fix	verified	0.89101	0.00	CVE-2022-21882
4	Qualcomm Snapdragon Auto Channel Switch Announcement IE denial of service	5.3	5.2	$5k-$25k	$0-$5k	Not defined	Official fix		0.00216	0.06	CVE-2021-1903
5	ShowDoc cross-site request forgery	5.0	5.0	$0-$5k	$0-$5k	Not defined	Official fix		0.00161	0.00	CVE-2021-3993
6	Qualcomm Snapdragon Auto use after free	7.0	6.8	$5k-$25k	$0-$5k	Not defined	Official fix		0.00036	0.03	CVE-2021-30264
7	Douzone NeoRS ActiveX Module input validation	7.9	7.8	$0-$5k	$0-$5k	Not defined	Not defined		0.00734	0.00	CVE-2020-7880
8	Business-DNA Solutions TopEase Platform Structure Component cross site scripting	5.7	5.7	$0-$5k	$0-$5k	Not defined	Not defined		0.00255	0.06	CVE-2021-42118
9	OpenResty ngx.req.get_post_args sql injection	9.0	8.9	$0-$5k	$0-$5k	Not defined	Official fix	possible	0.43848	0.02	CVE-2018-9230
10	Microsoft Windows improper authentication	6.5	6.2	$25k-$100k	$0-$5k	Not defined	Official fix		0.22683	0.00	CVE-2004-0540

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	23.81.246.150		AZORult and NanoCore	04/20/2020	verified	Low
2	XX.XXX.XXX.XX	xxxx-xxxxxx.xxxxxxxxxx.xxx	Xxxxxxx Xxx Xxxxxxxx	04/20/2020	verified	Low
3	XXX.XXX.XXX.X		Xxxxxxx Xxx Xxxxxxxx	04/20/2020	verified	Low

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059.007	CAPEC-209	CWE-79	Basic Cross Site Scripting	predictive	High
2	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	admin/categories_industry.php	predictive	High
2	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
3	Argument	x_xxxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!