Nansh0u Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (36)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30
es2
ko2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us22
es2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Nansh0u3
Purple Fox1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Network Management Software4
Hospitality Software2
Cloud Software2
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
SourceCodester4
Cisco2
Thomas R. Pasawicz2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Cisco Prime Infrastructure2
Cisco Evolved Programmable Network2
Thomas R. Pasawicz HyperBook Guestbook2
SourceCodester Canteen Management System2
HotelDruid2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Tiki Wiki CMS Groupware tiki-edit_wiki_section.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001100.00CVE-2010-4240
2Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.07CVE-2018-25085
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
4SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.58CVE-2022-28959
5ZKTeco ZKBio ECO ADMS cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000560.00CVE-2022-44213
6SourceCodester Canteen Management System categories.php builtin_echo cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000590.04CVE-2022-4252
7Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.34CVE-2020-15906
8SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.06CVE-2023-2090
9Thomson TWC305/TWC315/TCW690 HTTP Server memory corruption5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.061330.08CVE-2003-1085
10Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47166
11CropImage component admin.cropcanvas.php file inclusion7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.085630.05CVE-2006-4363
12Andreas Robertz PHPNews file inclusion7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.071280.00CVE-2007-4232
13Metalinks Metacart2 productsbycategory.asp sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.001420.04CVE-2005-1363
14MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.93CVE-2007-0354
15PhotoPost PHP Pro zipndownload.php file inclusion7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.051090.02CVE-2006-4828
16Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.29
17InHand InRouter 302/InRouter 615 MQTT random values9.59.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.00CVE-2023-22601
18Oracle Communications Cloud Native Core Security Edge Protection Proxy SEPP code injection10.09.7$100k and more$5k-$25kNot DefinedOfficial Fix0.974990.00CVE-2022-22947
19CentOS-WebPanel.com CentOS Web Panel Domain input validation4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.000860.00CVE-2019-14730
20Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.15CVE-2015-5911

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1102.165.51.80Nansh0u02/13/2022verifiedHigh
2102.165.51.106Nansh0u02/13/2022verifiedHigh
3XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxx02/13/2022verifiedHigh
4XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxx02/13/2022verifiedHigh
5XXX.XX.XXX.XXXxxxxxx02/13/2022verifiedHigh
6XXX.XX.XX.XXXXxxxxxx02/13/2022verifiedHigh
7XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxxx02/13/2022verifiedHigh
8XXX.XXX.XXX.XXXXxxxxxx02/13/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/spip.phppredictiveMedium
3Fileadmin.cropcanvas.phppredictiveHigh
4Filecategories.phppredictiveHigh
5Filexxxx/xxxxxxx.xxxpredictiveHigh
6Filexxxxxxxxxx.xxxpredictiveHigh
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxx.xxxpredictiveMedium
9Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
11Filexxxxxxxx.xx?xxxxxxxxxxxx=xxxxxxxx&xxxx=x-xxxx&xxxxxxxx=xxxxxxxxxx&xxpredictiveHigh
12Filexxxx/xxxx/xxxx.xxxpredictiveHigh
13Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
14Filexxxx-xxxxx.xxxpredictiveHigh
15Filexxxxxxxxxx.xxpredictiveHigh
16Filexxxxxxxxxxxx.xxxpredictiveHigh
17Libraryxxx.xxxpredictiveLow
18ArgumentxxxxxxxxxxxxpredictiveMedium
19Argumentxxxxxx_xxxxxpredictiveMedium
20ArgumentxxxxpredictiveLow
21ArgumentxxpredictiveLow
22ArgumentxxxxxxxxxpredictiveMedium
23ArgumentxxxxxxpredictiveLow
24Argumentxxxxxx/xxxxxxx/xxxx_xxxx/xxxxxxx/xxxxpredictiveHigh
25ArgumentxxxxxxxxpredictiveMedium
26Argumentxx_xxxxpredictiveLow
27ArgumentxxxxpredictiveLow
28Input ValuexxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!