Nemucod Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en146
zh130
ru80
ja76
fr76

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

RU: Russia84
ES: Spain74
AR: Argentina74
FR: France74
PT: Portugal74

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Rhadamanthys2
RedLine Stealer2
Sandworm1
Grizzly Steppe1
Wannacry1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined100
WordPress Plugin36
Operating System6
Content Management System6
Learning Management Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined68
Tenda26
Kashipara8
Microsoft6
PHPGurukul4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda i218
Tenda W15E8
MailCleaner6
FreeBSD4
Kashipara College Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.11CVE-2024-4327
2MailCleaner Email os command injection9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.04CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.15CVE-2024-4348
4MailCleaner Admin Interface cross site scripting5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.07CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.30CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.04CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3074
9Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-33688
10Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.00CVE-2021-44790
11Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
12Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-41561
13Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-32955
14Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-28976
15Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-33690
16ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
17AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
18Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948
19Dell Repository Manager Logger Module improper authorization3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-28977
20Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32775

IOC - Indicator of Compromise (37)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
124.96.108.157static-24-96-108-157.knology.netNemucod04/01/2022verifiedMedium
261.134.39.188Nemucod04/01/2022verifiedMedium
362.173.145.104sadovaya-mebel.comNemucod04/13/2022verifiedMedium
476.73.17.194Nemucod04/13/2022verifiedMedium
578.129.150.54Nemucod04/13/2022verifiedMedium
682.192.94.125Nemucod04/13/2022verifiedMedium
785.93.145.251mail.boanywhere.comNemucod04/13/2022verifiedMedium
886.59.21.38tor.noreply.orgNemucod04/13/2022verifiedLow
9XX.XX.XXX.XXXxxxxxx.xxxxxxxx.xxxXxxxxxx04/13/2022verifiedMedium
10XX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx04/13/2022verifiedMedium
11XXX.XX.XXX.XXXxxxxxx04/13/2022verifiedMedium
12XXX.XX.XXX.XXXxxxxxx04/13/2022verifiedMedium
13XXX.XX.XX.XXXXxxxxxx04/13/2022verifiedMedium
14XXX.XX.XX.XXXXxxxxxx04/13/2022verifiedMedium
15XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxx.xxxx.xxXxxxxxx04/13/2022verifiedMedium
16XXX.XX.X.XXxxxxxxxx.xxxxx.xxx.xxxXxxxxxx04/13/2022verifiedMedium
17XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxx.xxx-xxxxxxxx.xxXxxxxxx04/13/2022verifiedMedium
18XXX.XX.XXX.XXXxxxxxx04/01/2022verifiedMedium
19XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxXxxxxxx04/13/2022verifiedMedium
20XXX.XXX.XX.XXXxxxxxxx.xxxxxx.xxxXxxxxxx04/01/2022verifiedMedium
21XXX.XXX.XXX.XXxxxxx.xxxxxxxxx.xxxXxxxxxx04/13/2022verifiedMedium
22XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxxXxxxxxx04/12/2022verifiedMedium
23XXX.XXX.XXX.XXXxxxx.xxx.xx.xxXxxxxxx04/13/2022verifiedMedium
24XXX.XX.XX.Xxxxxxxxxx.xxxxxxx.xxXxxxxxx04/13/2022verifiedMedium
25XXX.XX.XXX.Xxxxxxxxx.xxxx.xxXxxxxxx04/13/2022verifiedMedium
26XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxx.xxxxxxxxx.xxxXxxxxxx04/13/2022verifiedMedium
27XXX.XXX.XX.XXXxxxxxxxx.xxxx.xxXxxxxxx04/12/2022verifiedMedium
28XXX.XXX.XXX.XXX.Xxxxxxx08/29/2021verifiedMedium
29XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxxx08/29/2021verifiedMedium
30XXX.XXX.XX.XXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxx08/29/2021verifiedMedium
31XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxXxxxxxx04/13/2022verifiedLow
32XXX.XXX.XXX.XXXxxxxxx.xxxxx.xxxXxxxxxx04/13/2022verifiedMedium
33XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxxxxxxx.xxXxxxxxx04/12/2022verifiedLow
34XXX.XX.XXX.XXxxxx.xxxXxxxxxx04/13/2022verifiedMedium
35XXX.XXX.XXX.Xxxxx-xxxxxxx.xxXxxxxxx04/13/2022verifiedMedium
36XXX.XX.XXX.XXXXxxxxxx08/29/2021verifiedMedium
37XXX.XX.XXX.XXXXxxxxxx08/29/2021verifiedMedium

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (119)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.phppredictiveHigh
2File/admin/normal-bwdates-reports-details.phppredictiveHigh
3File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
4File/catalog/all-productspredictiveHigh
5File/changePasswordpredictiveHigh
6File/forum/away.phppredictiveHigh
7File/goform/addIpMacBindpredictiveHigh
8File/goform/DelDhcpRulepredictiveHigh
9File/goform/delIpMacBindpredictiveHigh
10File/goform/DelPortMappingpredictiveHigh
11File/goform/modifyDhcpRulepredictiveHigh
12File/goform/modifyIpMacBindpredictiveHigh
13File/goform/setBlackRulepredictiveHigh
14File/goform/SetDDNSCfgpredictiveHigh
15File/xxxxxx/xxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxxxpredictiveHigh
20File/xxxxxxx/xxxx.xxxpredictiveHigh
21File/xxxxx.xxx?xxx=xxxx&xxx=xxxxxxx_xxxxxxxx&xx=xxxxxxxx_xxxxpredictiveHigh
22File/xx/xxxxxx/xxxxxxxx/xxxx/?xx=xxxxpredictiveHigh
23File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
24File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
25File/xxxxxx_xx.xxxpredictiveHigh
26File/xxx.xxxpredictiveMedium
27File/xxxxx.xxxx.xxxpredictiveHigh
28File/xxxxxxxx.xxxpredictiveHigh
29File/xxx/xxxxxxx/xxxpredictiveHigh
30File/xxxx.xxxpredictiveMedium
31File/xxxxxx.xx/_xxxx/xxxxxpredictiveHigh
32File/xxxxxx/xxxxxxxx/xxxxxxxxxxxxpredictiveHigh
33File/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
34File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
35File/xxxx/xxxxxx_xxx.xxxpredictiveHigh
36File/xxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
37Filexxx-xxxxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxxx.xxpredictiveMedium
40Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexx/xxxxxxx.xpredictiveMedium
44Filexxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxx.xxxpredictiveMedium
47Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
48Filexx.xxxpredictiveLow
49Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
50Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxxx.xxxx.xxxpredictiveHigh
54Filexxx.xxpredictiveLow
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxxxxx_xx.xxxpredictiveHigh
58Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
60Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
61Filexxxxxx_xxxxx.xxxpredictiveHigh
62Filexxxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
63Filexxxx-xxxxx.xxxpredictiveHigh
64Filexxxx-xxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxxx/xx_xxxxxxxxx.xxxpredictiveHigh
66Filexxxx_xxxx_xxxxxxx.xxxpredictiveHigh
67Argumentxxxxx_xxxxpredictiveMedium
68Argumentxxxxx_xxxxxpredictiveMedium
69ArgumentxxxxxxxxxxxxxpredictiveHigh
70ArgumentxxxpredictiveLow
71ArgumentxxxpredictiveLow
72Argumentxxxxx_xxxxpredictiveMedium
73ArgumentxxxxxxxpredictiveLow
74ArgumentxxxxxxxxxpredictiveMedium
75ArgumentxxxxxpredictiveLow
76ArgumentxxxxxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxpredictiveLow
79ArgumentxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxpredictiveLow
82ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxx/xxxxpredictiveLow
85ArgumentxxxxxxxpredictiveLow
86Argumentxxxxxxxxxxx.xxxxxxx_xxxxpredictiveHigh
87ArgumentxxpredictiveLow
88ArgumentxxpredictiveLow
89ArgumentxxxxxpredictiveLow
90Argumentxx xxxxxxxpredictiveMedium
91ArgumentxxxxxxxxxxxxxxpredictiveHigh
92ArgumentxxxxxxxxxxxxxpredictiveHigh
93Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
94ArgumentxxxxxxxxxxpredictiveMedium
95ArgumentxxxxxxxxxxxxpredictiveMedium
96Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
97Argumentxx_xxxxxpredictiveMedium
98ArgumentxxxxpredictiveLow
99Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
100ArgumentxxxxxxxxxxxpredictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
103Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
104ArgumentxxxxxxpredictiveLow
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
107ArgumentxxxxxxxxxpredictiveMedium
108Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
109ArgumentxxxpredictiveLow
110ArgumentxxxxxxxxxpredictiveMedium
111ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
112ArgumentxxxxpredictiveLow
113ArgumentxxxxxxxxxxpredictiveMedium
114ArgumentxxxpredictiveLow
115Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
116Argumentxxx_xxxpredictiveLow
117Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh
118Input Value(xxxxxx(x)xxxx(xxxxxx(xxxxx(xx)))x)predictiveHigh
119Input Value{{`xx`}predictiveLow

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!