Nansh0u Analysis

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en16
es4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tiki Wiki CMS Groupware2
Oracle Communications Cloud Native Core Security E ...2
Dell EMC Update Package Framework2
Linux Directory Penguin Traceroute Script2
InHand InRouter 3022

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.040.01018CVE-2010-4240
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
3InHand InRouter 302/InRouter 615 MQTT random values9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2023-22601
4Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP code injection10.09.7$100k and more$5k-$25kNot DefinedOfficial Fix0.040.95613CVE-2022-22947
5CentOS-WebPanel.com CentOS Web Panel Domain input validation4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.030.00890CVE-2019-14730
6Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix1.240.00954CVE-2015-5911
7Sun Solaris IP Packet denial of service5.95.2$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.02172CVE-2007-2045
8Zoho ManageEngine ServiceDesk Plus access control6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.010.29982CVE-2019-12252
9HotelDruid creaprezzi.php cross site scripting5.44.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.02173CVE-2019-8937
10Cisco Prime Infrastructure/Evolved Programmable Network Web-based Management Interface input validation9.39.3$5k-$25k$5k-$25kNot DefinedNot Defined0.010.95089CVE-2019-1821
11Accellion FTA find.api escape output8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01702CVE-2017-8303
12Apache Hadoop fsimage memory corruption7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.010.03032CVE-2018-11768
13Bento4 Encryption Ap4Atom.cpp AddField out-of-bounds6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2019-17530
14SoftEther VPN Server See.sys Kernel 7pk security6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00890CVE-2019-11868
15Dell EMC Update Package Framework uncontrolled search path6.05.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01036CVE-2019-3726
16Linux Directory Penguin Traceroute Script traceroute.pl privileges management9.89.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.06523CVE-2002-0488
17Netgear Arlo/Arlo Q/Arlo Q Plus hard-coded credentials8.58.3$5k-$25k$0-$5kNot DefinedWorkaround0.000.01136CVE-2016-10115
18PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.090.40738CVE-2006-0996

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1FileCore/Ap4Atom.cpppredictiveHigh
2Filecreaprezzi.phppredictiveHigh
3Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
4Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveHigh
5Filexxxx/xxxx/xxxx.xxxpredictiveHigh
6Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxx.xxpredictiveHigh
8Libraryxxx.xxxpredictiveLow
9ArgumentxxxxpredictiveLow
10ArgumentxxxxxxpredictiveLow
11Argumentxxxxxx/xxxxxxx/xxxx_xxxx/xxxxxxx/xxxxpredictiveHigh
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxxxpredictiveLow
14Input ValuexxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!