Nobelium Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (485)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en428
de26
zh12
ja6
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA148
CH: Switzerland50
CN: China32
AT: Austria30
GB: Great Britain12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Nobelium19
Cobalt Strike6
Mirai3
RedLine Stealer2
BianLian2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined190
Operating System40
Content Management System20
Smartphone Operating System14
Web Server14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined136
Microsoft38
Linux20
Apache14
IBM12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel20
Microsoft Windows12
Microsoft IIS6
Google Android6
Apache Tomcat6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround 0.000000.00
3nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.61CVE-2020-12440
4Itechscripts School Management Software notice-edit.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000370.00CVE-2017-20196
5CA Internet Security Suite input validation4.03.8$5k-$25k$0-$5kNot definedOfficial fix 0.000610.00CVE-2009-0682
6WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot definedOfficial fixpossible0.386900.00CVE-2021-44223
7Joomla sql injection6.36.3$5k-$25k$5k-$25kNot definedNot defined 0.000420.07CVE-2022-23797
8Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial fix 0.127740.04CVE-2023-36434
9Synacor Zimbra Collaboration sfdc_preauth.jsp privilege escalation7.67.6$0-$5k$0-$5kNot definedNot defined 0.020550.00CVE-2023-29382
10RARLabs WinRAR ZIP Archive data authenticity7.37.2$0-$5k$0-$5kHighOfficial fixverified0.935620.00CVE-2023-38831
11Linux Kernel NILFS File System inode.c security_inode_alloc use after free8.38.1$25k-$100k$0-$5kNot definedOfficial fix 0.000140.07CVE-2022-2978
12Crow HTTP Pipelining use after free8.58.4$0-$5k$0-$5kNot definedOfficial fix 0.005080.00CVE-2022-38667
13mySCADA myPRO command injection9.29.0$0-$5k$0-$5kNot definedOfficial fix 0.029730.00CVE-2022-2234
14GNU Bash Environment Variable variables.c Shellshock os command injection9.89.6$25k-$100k$0-$5kHighOfficial fixverified0.942200.09CVE-2014-6271
15Apache HTTP Server mod_rewrite redirect6.76.7$5k-$25k$5k-$25kNot definedNot defined 0.154890.20CVE-2020-1927
16Asus AsusWRT start_apply.htm os command injection8.58.5$0-$5k$0-$5kNot definedNot defined 0.068190.03CVE-2018-20334
17Microsoft IIS uncpath cross site scripting5.25.0$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.013870.00CVE-2017-0055
18PRTG Network Monitor login.htm access control9.08.9$0-$5k$0-$5kHighOfficial fixverified0.833610.08CVE-2018-19410
19Apple iOS Telephony memory corruption8.07.7$25k-$100k$5k-$25kNot definedOfficial fix 0.023760.00CVE-2017-8248
20Zeus Zeus Web Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial fixpossible0.380430.05CVE-2010-0359

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Tomiris

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.67.239.91Nobelium07/31/2022verifiedMedium
231.42.177.78contact8.mxweb4.websiteNobelium11/28/2022verifiedMedium
337.120.247.135Nobelium07/13/2022verifiedMedium
445.14.70.186Nobelium11/28/2022verifiedMedium
545.32.59.3145.32.59.31.vultrusercontent.comNobelium07/31/2022verifiedLow
645.135.167.2727.167.135.45.vikhost.comNobelium07/13/2022verifiedMedium
7XX.XXX.XX.XXxxxx-xx-xxx-xx-xx.xx-xxxxx.xxxxxxxx.xxxXxxxxxxx07/31/2022verifiedMedium
8XX.XXX.XXX.XXXXxxxxxxx11/28/2022verifiedMedium
9XX.XX.XX.XXXxxxxx.xx-xx-xx-xx.xxXxxxxxxx07/13/2022verifiedMedium
10XX.XXX.XX.XXXxxxxx.xxxxxx.xxxXxxxxxxxXxxxxxx03/22/2022verifiedLow
11XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxxxxx07/13/2022verifiedMedium
12XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx05/30/2021verifiedLow
13XX.XXX.XX.XXXxxxxxx-xx.xxxxxxxx.xxXxxxxxxx11/28/2022verifiedLow
14XXX.XXX.XX.XXXXxxxxxxx07/31/2022verifiedMedium
15XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx07/31/2022verifiedMedium
16XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx07/31/2022verifiedMedium
17XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxx11/28/2022verifiedMedium
18XXX.XX.XXX.XXXxxxxxxx07/31/2022verifiedMedium
19XXX.XXX.XXX.XXXXxxxxxxx07/13/2022verifiedMedium
20XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx03/22/2022verifiedLow
21XXX.XXX.XXX.XXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx03/22/2022verifiedLow
22XXX.XXX.XX.XXxxxx-xx-xx-xx.xxxxxxx.xxxXxxxxxxx08/10/2022verifiedMedium
23XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx05/30/2021verifiedLow
24XXX.XX.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx11/28/2022verifiedMedium
25XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx11/28/2022verifiedMedium
26XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/13/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
23TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
24TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (186)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/edit.phppredictiveHigh
2File/admin/functions.phppredictiveHigh
3File/admin/user/manage_user.phppredictiveHigh
4File/cgi-bin/cstecgi.cgipredictiveHigh
5File/cgi-bin/webadminget.cgipredictiveHigh
6File/dashboard/updatelogo.phppredictiveHigh
7File/etc/networkd-dispatcherpredictiveHigh
8File/etc/openshift/server_priv.pempredictiveHigh
9File/etc/shadow.samplepredictiveHigh
10File/guest_auth/cfg/upLoadCfg.phppredictiveHigh
11File/index.phppredictiveMedium
12File/Interface/DevManage/EC.php?cmd=uploadpredictiveHigh
13File/MicroStrategyWS/happyaxis.jsppredictiveHigh
14File/mkshop/Men/profile.phppredictiveHigh
15File/notice-edit.phppredictiveHigh
16File/Noxen-master/users.phppredictiveHigh
17File/opt/teradata/gsctools/bin/t2a.plpredictiveHigh
18File/public/login.htmpredictiveHigh
19File/start_apply.htmpredictiveHigh
20File/uncpath/predictiveMedium
21File/uploadpredictiveLow
22File/xxxxxx/xxxx.xxxpredictiveHigh
23File/xxxxx/xxxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
24File/xx-xxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxx_xxxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxx.xxx?xxxx=xxxx-xxxxxpredictiveHigh
30Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
31Filexxxxx/xxxxx.xxxpredictiveHigh
32Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx_xxxxxx.xxxpredictiveHigh
34Filexxxx/xxx/xxxxx/xxxxx_xx.xpredictiveHigh
35Filexxxx-xxxx.xpredictiveMedium
36Filexxxxx-xxx.xpredictiveMedium
37Filexxxxxx.xxxxpredictiveMedium
38Filexxxx.xpredictiveLow
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxxxx.xxxpredictiveMedium
42Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexx.xpredictiveLow
44Filexxx_xxxxx.xxxpredictiveHigh
45Filexxxxxxx/xxx/xxx/xxx/xxx_xx.xpredictiveHigh
46Filexxxxxxx/xxx/xxx/xxxx_xxxxxx.xpredictiveHigh
47Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveHigh
48Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxx-xxxx.xpredictiveHigh
49Filexxxxxxx/xxx/xxxx/xxxx_xxxx.xpredictiveHigh
50Filexxxxxxx/xxx/xx/xx.xpredictiveHigh
51Filexxxxxxx/xxx/xxxx/xxxxx.xpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxx.xpredictiveLow
55Filexxx/xxxx/xxxx_xxxxxxx.xpredictiveHigh
56Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexx/xxxxx.xpredictiveMedium
58Filexx/xxxxx/xxxxxxx/xxxxxxxxxxx.xpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxxxxxxxxx.xxxpredictiveHigh
61Filexxxx.xxxpredictiveMedium
62Filexxxx_xxxx.xpredictiveMedium
63Filexxxxxxx-xxxxpredictiveMedium
64Filexxx/xxxxxx.xxxpredictiveHigh
65Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxxpredictiveHigh
67Filexxxxx.xxxpredictiveMedium
68Filexxxx.xxxpredictiveMedium
69Filexxxxx.xpredictiveLow
70Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
71Filexxxxxxx_xxxx.xpredictiveHigh
72Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
73Filexxxxx.xxxpredictiveMedium
74Filexxxxxx.xxxpredictiveMedium
75Filexxxx.xxxpredictiveMedium
76Filexxxxxxxx/xxxx?xxxxxx=xxpredictiveHigh
77Filexxx/xxxxx.xxxxpredictiveHigh
78Filexxxxx/xxxx_xxxxxx/x_xxxx/xxx_xxxxxxx.xxxpredictiveHigh
79Filexxxxxx/xxxxxxxx/xxxxpredictiveHigh
80Filexx_xxxxxxxxxxpredictiveHigh
81Filexxxxxxx.xxxpredictiveMedium
82Filexxxxx_xxxxxxx.xxxpredictiveHigh
83Filexxxxxxxx.xxpredictiveMedium
84Filexxxxxxxxxxxxx.xxxpredictiveHigh
85Filexxxx.xxxpredictiveMedium
86Filexxxxxx.xxpredictiveMedium
87Filexxxxxx.xpredictiveMedium
88Filexxxxx/xxxxx-xxxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
89Filexxxx_xxxxxxx.xxxpredictiveHigh
90Filexxxx.xxxpredictiveMedium
91Filexxxx_xxxxx.xxxxpredictiveHigh
92Filexxxxx_xxxx_xxx.xxxpredictiveHigh
93Filexxx/xxxx.xxxpredictiveMedium
94Filexxxxxx.xpredictiveMedium
95Filexxxxx-xxxx.xxxpredictiveHigh
96Filexxxx-xxxxx.xxxpredictiveHigh
97Filexxxx-xxxxxxxx.xxxpredictiveHigh
98Filexx/xxxxxxxx/xxxxxxpredictiveHigh
99Filexxxx.xxxpredictiveMedium
100Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
101Filexxxxxxxxx.xpredictiveMedium
102Filexxxxxxx.xxxpredictiveMedium
103Filexxxxxxx.xxxpredictiveMedium
104Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxx_xxxxxxxxpredictiveHigh
105FilexxxxpredictiveLow
106File~/.xxxxxxxpredictiveMedium
107Libraryxxxxxxxx.xxxpredictiveMedium
108Libraryxxx/xxx.xxpredictiveMedium
109Libraryxxx/xxxxxxxxxx.xxxpredictiveHigh
110Libraryxxxxxxx.xpredictiveMedium
111Libraryxxxxxxxx.xxxpredictiveMedium
112Libraryxxxxxxxx.xxxpredictiveMedium
113Libraryxxxxxx.xxxxx.xxxxxxxxpredictiveHigh
114Argument/xpredictiveLow
115ArgumentxxxxpredictiveLow
116ArgumentxxxpredictiveLow
117Argumentxxxxx_xxxxxxxxxpredictiveHigh
118ArgumentxxxxxxxxpredictiveMedium
119ArgumentxxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121ArgumentxxxpredictiveLow
122ArgumentxxxxxxxpredictiveLow
123ArgumentxxxxxxxpredictiveLow
124Argumentxxxxxxx-xxxxxxxxxxxpredictiveHigh
125Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
126Argumentxxxx_xxxpredictiveMedium
127Argumentxxxxxx/xxxxxxpredictiveHigh
128Argumentxxxxxx xxpredictiveMedium
129Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
130Argumentxxx_xxxxx_xxxxpredictiveHigh
131Argumentxxxxx xxpredictiveMedium
132ArgumentxxxxxxxxxxxpredictiveMedium
133Argumentxx_xxxxxpredictiveMedium
134ArgumentxxxxpredictiveLow
135ArgumentxxxxxxxxpredictiveMedium
136Argumentxxxx_xxpredictiveLow
137Argumentxxxx/xxxxxx/xxxpredictiveHigh
138ArgumentxxpredictiveLow
139ArgumentxxpredictiveLow
140ArgumentxxxxxxxxxxpredictiveMedium
141Argumentxxxxxxxx_xxxxxxxx_xpredictiveHigh
142ArgumentxxxpredictiveLow
143Argumentxxx_xxxxxxxxpredictiveMedium
144Argumentxxxxxxx_xxxpredictiveMedium
145Argumentxxx_xxpredictiveLow
146Argumentxx_xxxx_xxxxpredictiveMedium
147Argumentxxxxxxx[xxxxxx_xxxxx]predictiveHigh
148ArgumentxxxxpredictiveLow
149ArgumentxxxxxxxxpredictiveMedium
150ArgumentxxxxpredictiveLow
151ArgumentxxxpredictiveLow
152Argumentxxxx-xxxxxxxpredictiveMedium
153ArgumentxxxxxpredictiveLow
154ArgumentxxxxxxxxpredictiveMedium
155ArgumentxxxxxxxpredictiveLow
156Argumentxxxxxx_xxxxpredictiveMedium
157ArgumentxxxxxxpredictiveLow
158ArgumentxxxxxxpredictiveLow
159ArgumentxxxxxxxpredictiveLow
160ArgumentxxxpredictiveLow
161ArgumentxxxxpredictiveLow
162Argumentxxxx/xxxxxxxxpredictiveHigh
163Argumentxxxxx_xxxxpredictiveMedium
164ArgumentxxxxpredictiveLow
165ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
166ArgumentxxxxpredictiveLow
167Argumentxxxxxxxxx_xxxxxpredictiveHigh
168ArgumentxxxpredictiveLow
169ArgumentxxxpredictiveLow
170ArgumentxxxxxxxxpredictiveMedium
171ArgumentxxxxxpredictiveLow
172ArgumentxxxxxxxpredictiveLow
173Argumentx-xxxxxxxxxpredictiveMedium
174Argumentxxxxx/xxxxxpredictiveMedium
175Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxxxxpredictiveHigh
176Argument__xxxxxxpredictiveMedium
177Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
178Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
179Input Value./../../xxx/xxpredictiveHigh
180Input Value/%xxpredictiveLow
181Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
182Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
183Input ValuexxxxxxpredictiveLow
184Pattern() {predictiveLow
185Network Portxxx/xxxxpredictiveMedium
186Network Portxxx/x (xxxxxxx)predictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!