Nobelium Analysis

IOB - Indicator of Behavior (463)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en398
de32
zh12
pl6
sv4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us142
ch44
at42
cn24
gb10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows16
Google Android10
Linux Kernel8
Google Chrome8
GetSimple CMS6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Backdoor.Win32.Tiny.c Service Port 7778 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.00
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.22CVE-2020-12440
4School Management Software notice-edit.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
5CA Internet Security Suite input validation4.03.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.04CVE-2009-0682
6WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.007080.06CVE-2021-44223
7Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.05CVE-2022-23797
8Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.001620.13CVE-2023-36434
9Synacor Zimbra Collaboration sfdc_preauth.jsp Privilege Escalation7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001860.05CVE-2023-29382
10RARLabs WinRAR ZIP Archive Remote Code Execution6.36.0$0-$5k$0-$5kHighOfficial Fix0.000000.05CVE-2023-38831
11Linux Kernel NILFS File System inode.c security_inode_alloc use after free8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-2978
12Crow HTTP Pipelining use after free8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007910.04CVE-2022-38667
13mySCADA myPRO command injection9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.03CVE-2022-2234
14GNU Bash Environment Variable variables.c Shellshock os command injection9.89.6$25k-$100k$0-$5kHighOfficial Fix0.975590.09CVE-2014-6271
15Apache HTTP Server mod_rewrite redirect6.76.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002580.09CVE-2020-1927
16Asus AsusWRT start_apply.htm os command injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.013500.05CVE-2018-20334
17Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.21CVE-2017-0055
18PRTG Network Monitor login.htm access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003100.04CVE-2018-19410
19Apple iOS Telephony memory corruption8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.009760.00CVE-2017-8248
20Zeus Zeus Web Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.287980.00CVE-2010-0359

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Tomiris

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
113.67.239.91Nobelium07/31/2022verifiedHigh
231.42.177.78contact8.mxweb4.websiteNobelium11/28/2022verifiedHigh
337.120.247.135Nobelium07/13/2022verifiedHigh
445.14.70.186Nobelium11/28/2022verifiedHigh
545.32.59.3145.32.59.31.vultrusercontent.comNobelium07/31/2022verifiedHigh
645.135.167.2727.167.135.45.vikhost.comNobelium07/13/2022verifiedHigh
7XX.XXX.XX.XXxxxx-xx-xxx-xx-xx.xx-xxxxx.xxxxxxxx.xxxXxxxxxxx07/31/2022verifiedHigh
8XX.XXX.XXX.XXXXxxxxxxx11/28/2022verifiedHigh
9XX.XX.XX.XXXxxxxx.xx-xx-xx-xx.xxXxxxxxxx07/13/2022verifiedHigh
10XX.XXX.XX.XXXxxxxx.xxxxxx.xxxXxxxxxxxXxxxxxx03/22/2022verifiedHigh
11XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxxxxx07/13/2022verifiedHigh
12XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx05/30/2021verifiedHigh
13XX.XXX.XX.XXXxxxxxx-xx.xxxxxxxx.xxXxxxxxxx11/28/2022verifiedHigh
14XXX.XXX.XX.XXXXxxxxxxx07/31/2022verifiedHigh
15XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx07/31/2022verifiedHigh
16XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx07/31/2022verifiedHigh
17XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxx11/28/2022verifiedHigh
18XXX.XX.XXX.XXXxxxxxxx07/31/2022verifiedHigh
19XXX.XXX.XXX.XXXXxxxxxxx07/13/2022verifiedHigh
20XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx03/22/2022verifiedHigh
21XXX.XXX.XXX.XXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx03/22/2022verifiedHigh
22XXX.XXX.XX.XXxxxx-xx-xx-xx.xxxxxxx.xxxXxxxxxxx08/10/2022verifiedHigh
23XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx05/30/2021verifiedHigh
24XXX.XX.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx11/28/2022verifiedHigh
25XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx11/28/2022verifiedHigh
26XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/13/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
13TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
14TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-466CWE-XXX, CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
23TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (175)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/edit.phppredictiveHigh
2File/admin/functions.phppredictiveHigh
3File/admin/user/manage_user.phppredictiveHigh
4File/cgi-bin/webadminget.cgipredictiveHigh
5File/dashboard/updatelogo.phppredictiveHigh
6File/etc/networkd-dispatcherpredictiveHigh
7File/etc/openshift/server_priv.pempredictiveHigh
8File/etc/shadow.samplepredictiveHigh
9File/guest_auth/cfg/upLoadCfg.phppredictiveHigh
10File/index.phppredictiveMedium
11File/Interface/DevManage/EC.php?cmd=uploadpredictiveHigh
12File/MicroStrategyWS/happyaxis.jsppredictiveHigh
13File/mkshop/Men/profile.phppredictiveHigh
14File/notice-edit.phppredictiveHigh
15File/Noxen-master/users.phppredictiveHigh
16File/opt/teradata/gsctools/bin/t2a.plpredictiveHigh
17File/public/login.htmpredictiveHigh
18File/start_apply.htmpredictiveHigh
19File/uncpath/predictiveMedium
20File/uploadpredictiveLow
21File/xxxxxx/xxxx.xxxpredictiveHigh
22File/xx-xxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxxxxxx.xxxpredictiveMedium
25Filexxx_xxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxxxx.xxx?xxxx=xxxx-xxxxxpredictiveHigh
28Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
29Filexxxxx/xxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxx_xxxxxx.xxxpredictiveHigh
32Filexxxx/xxx/xxxxx/xxxxx_xx.xpredictiveHigh
33Filexxxx-xxxx.xpredictiveMedium
34Filexxxxx-xxx.xpredictiveMedium
35Filexxxxxx.xxxxpredictiveMedium
36Filexxxx.xpredictiveLow
37Filexxxxxxx.xxxpredictiveMedium
38Filexxxxxxxxx.xxxpredictiveHigh
39Filexxxxx.xxxpredictiveMedium
40Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexx.xpredictiveLow
42Filexxx_xxxxx.xxxpredictiveHigh
43Filexxxxxxx/xxx/xxx/xxx/xxx_xx.xpredictiveHigh
44Filexxxxxxx/xxx/xxx/xxxx_xxxxxx.xpredictiveHigh
45Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveHigh
46Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxx-xxxx.xpredictiveHigh
47Filexxxxxxx/xxx/xxxx/xxxx_xxxx.xpredictiveHigh
48Filexxxxxxx/xxx/xx/xx.xpredictiveHigh
49Filexxxxxxx/xxx/xxxx/xxxxx.xpredictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxx.xpredictiveLow
53Filexxx/xxxx/xxxx_xxxxxxx.xpredictiveHigh
54Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
55Filexx/xxxxx.xpredictiveMedium
56Filexx/xxxxx/xxxxxxx/xxxxxxxxxxx.xpredictiveHigh
57Filexxxx.xxxpredictiveMedium
58Filexxxxxxxxxx.xxxpredictiveHigh
59Filexxxx_xxxx.xpredictiveMedium
60Filexxxxxxx-xxxxpredictiveMedium
61Filexxx/xxxxxx.xxxpredictiveHigh
62Filexxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxxpredictiveHigh
64Filexxxxx.xxxpredictiveMedium
65Filexxxx.xxxpredictiveMedium
66Filexxxxx.xpredictiveLow
67Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxx_xxxx.xpredictiveHigh
69Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
70Filexxxxx.xxxpredictiveMedium
71Filexxxxxx.xxxpredictiveMedium
72Filexxxx.xxxpredictiveMedium
73Filexxxxxxxx/xxxx?xxxxxx=xxpredictiveHigh
74Filexxx/xxxxx.xxxxpredictiveHigh
75Filexxxxx/xxxx_xxxxxx/x_xxxx/xxx_xxxxxxx.xxxpredictiveHigh
76Filexxxxxx/xxxxxxxx/xxxxpredictiveHigh
77Filexx_xxxxxxxxxxpredictiveHigh
78Filexxxxxxx.xxxpredictiveMedium
79Filexxxxx_xxxxxxx.xxxpredictiveHigh
80Filexxxxxxxx.xxpredictiveMedium
81Filexxxxxxxxxxxxx.xxxpredictiveHigh
82Filexxxx.xxxpredictiveMedium
83Filexxxxxx.xxpredictiveMedium
84Filexxxxxx.xpredictiveMedium
85Filexxxxx/xxxxx-xxxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
86Filexxxx_xxxxxxx.xxxpredictiveHigh
87Filexxxx.xxxpredictiveMedium
88Filexxxx_xxxxx.xxxxpredictiveHigh
89Filexxxxx_xxxx_xxx.xxxpredictiveHigh
90Filexxx/xxxx.xxxpredictiveMedium
91Filexxxxxx.xpredictiveMedium
92Filexxxxx-xxxx.xxxpredictiveHigh
93Filexxxx-xxxxxxxx.xxxpredictiveHigh
94Filexx/xxxxxxxx/xxxxxxpredictiveHigh
95Filexxxx.xxxpredictiveMedium
96Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
97Filexxxxxxxxx.xpredictiveMedium
98Filexxxxxxx.xxxpredictiveMedium
99Filexxxxxxx.xxxpredictiveMedium
100Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxx_xxxxxxxxpredictiveHigh
101FilexxxxpredictiveLow
102File~/.xxxxxxxpredictiveMedium
103Libraryxxxxxxxx.xxxpredictiveMedium
104Libraryxxx/xxx.xxpredictiveMedium
105Libraryxxx/xxxxxxxxxx.xxxpredictiveHigh
106Libraryxxxxxxx.xpredictiveMedium
107Libraryxxxxxxxx.xxxpredictiveMedium
108Libraryxxxxxxxx.xxxpredictiveMedium
109Libraryxxxxxx.xxxxx.xxxxxxxxpredictiveHigh
110Argument/xpredictiveLow
111ArgumentxxxxpredictiveLow
112ArgumentxxxpredictiveLow
113Argumentxxxxx_xxxxxxxxxpredictiveHigh
114ArgumentxxxxxxxxpredictiveMedium
115ArgumentxxxxpredictiveLow
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxpredictiveLow
118ArgumentxxxxxxxpredictiveLow
119Argumentxxxxxxx-xxxxxxxxxxxpredictiveHigh
120Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
121Argumentxxxx_xxxpredictiveMedium
122Argumentxxxxxx/xxxxxxpredictiveHigh
123Argumentxxxxxx xxpredictiveMedium
124Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
125Argumentxxx_xxxxx_xxxxpredictiveHigh
126Argumentxxxxx xxpredictiveMedium
127ArgumentxxxxxxxxxxxpredictiveMedium
128Argumentxx_xxxxxpredictiveMedium
129ArgumentxxxxpredictiveLow
130ArgumentxxxxxxxxpredictiveMedium
131Argumentxxxx_xxpredictiveLow
132Argumentxxxx/xxxxxx/xxxpredictiveHigh
133ArgumentxxpredictiveLow
134ArgumentxxpredictiveLow
135ArgumentxxxxxxxxxxpredictiveMedium
136Argumentxxxxxxxx_xxxxxxxx_xpredictiveHigh
137ArgumentxxxpredictiveLow
138Argumentxxxxxxx_xxxpredictiveMedium
139Argumentxxx_xxpredictiveLow
140Argumentxx_xxxx_xxxxpredictiveMedium
141Argumentxxxxxxx[xxxxxx_xxxxx]predictiveHigh
142ArgumentxxxxpredictiveLow
143ArgumentxxxxxxxxpredictiveMedium
144ArgumentxxxxpredictiveLow
145ArgumentxxxpredictiveLow
146Argumentxxxx-xxxxxxxpredictiveMedium
147ArgumentxxxxxpredictiveLow
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxxxxpredictiveLow
150Argumentxxxxxx_xxxxpredictiveMedium
151ArgumentxxxxxxpredictiveLow
152ArgumentxxxxxxpredictiveLow
153ArgumentxxxpredictiveLow
154ArgumentxxxxpredictiveLow
155ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
156ArgumentxxxxpredictiveLow
157Argumentxxxxxxxxx_xxxxxpredictiveHigh
158ArgumentxxxpredictiveLow
159ArgumentxxxpredictiveLow
160ArgumentxxxxxxxxpredictiveMedium
161ArgumentxxxxxpredictiveLow
162ArgumentxxxxxxxpredictiveLow
163Argumentxxxxx/xxxxxpredictiveMedium
164Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxxxxpredictiveHigh
165Argument__xxxxxxpredictiveMedium
166Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
167Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
168Input Value./../../xxx/xxpredictiveHigh
169Input Value/%xxpredictiveLow
170Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
171Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveHigh
172Input ValuexxxxxxpredictiveLow
173Pattern() {predictiveLow
174Network Portxxx/xxxxpredictiveMedium
175Network Portxxx/x (xxxxxxx)predictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!