Nokoyawa Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (96)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en82
zh10
es2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us82
gb4
cn4
ru4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike4
IcedID4
PhotoLoader3
BumbleBee2
IcedID Downloader2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined34
Operating System8
Groupware Software4
WordPress Plugin4
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Microsoft14
Hassan Consulting2
Cisco2
PuneethReddyHC2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Microsoft Exchange Server4
Hassan Consulting Shopping Cart2
Cisco node-jose2
PuneethReddyHC online-shopping-system-advanced2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.790.00954CVE-2010-0966
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.690.03468CVE-2007-0354
3Microsoft Windows TCP/IP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.41865CVE-2022-34718
4Microsoft Windows Kernel Cryptography Driver cng.sys CfgAdtpFormatPropertyBlock buffer overflow7.97.9$25k-$100k$25k-$100kProof-of-ConceptOfficial Fix0.040.02132CVE-2020-17087
5Microsoft Windows Netlogon Zerologon privileges management8.48.0$25k-$100k$0-$5kHighOfficial Fix0.000.97369CVE-2020-1472
6Microsoft Windows Event Logging Service denial of service4.34.0$5k-$25k$5k-$25kUnprovenOfficial Fix0.030.00061CVE-2022-37981
7FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable1.040.00203CVE-2008-5928
8Microsoft Exchange Server Privilege Escalation9.08.5$25k-$100k$5k-$25kUnprovenOfficial Fix0.070.00960CVE-2022-41080
9PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.410.00334CVE-2007-0529
10Caucho Resin HTTP Request pathname traversal6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.100.00991CVE-2021-44138
11Adiscon LogAnalyzer sql injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00076CVE-2023-34600
12Microsoft Windows Win32k Privilege Escalation7.26.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.050.01799CVE-2022-21882
13Oracle ZFS Storage Appliance Kit Operating System Image privileges management10.09.5$100k and more$5k-$25kNot DefinedOfficial Fix0.030.97369CVE-2020-1472
14Microsoft Windows Print Spooler Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.00052CVE-2022-38028
15Microsoft Office information disclosure3.83.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00051CVE-2022-41043
16Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.100.00103CVE-2022-30209
17Microsoft Exchange Server Privilege Escalation7.26.6$5k-$25k$5k-$25kUnprovenOfficial Fix0.000.00379CVE-2023-21710
18Citrix ADC/Gateway NSIP/SNIP incorrect check of function return value5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00087CVE-2023-24487
19Citrix Gateway/ADC VPN authentication bypass8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00196CVE-2022-27510
20LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable2.640.00000

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Nokoyawa

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.8.18.242Cobalt StrikeNokoyawa05/22/2023verifiedHigh
223.29.115.15223-29-115-152.static.hvvc.usCobalt StrikeNokoyawa05/22/2023verifiedHigh
3XX.XX.XXX.XXXxxxxxxxxx.xxxXxxxxxXxxxxxxx05/22/2023verifiedHigh
4XX.X.XXX.XXXxxxxx-x.xxxxxxxxxx.xxxXxxxxx XxxxxxXxxxxxxx05/22/2023verifiedHigh
5XXX.XX.XXX.XXXXxxxxxXxxxxxxx05/22/2023verifiedHigh
6XXX.XX.XXX.XXXXxxxxxXxxxxxxx05/22/2023verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxxx07/29/2022verifiedHigh
8XXX.XXX.XXX.XXXxxxxxXxxxxxxx05/22/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (51)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/homeaction.phppredictiveHigh
3File/librarian/bookdetails.phppredictiveHigh
4File/modules/projects/vw_files.phppredictiveHigh
5File/out.phppredictiveMedium
6Fileadclick.phppredictiveMedium
7Fileadmin.phppredictiveMedium
8Filexxxxx.xxxxxxx.xxxx.xxxpredictiveHigh
9Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
10Filexx_xxxxx_xxxxx.xxxpredictiveHigh
11Filexxx-xxx/xxxxxxx.xxpredictiveHigh
12Filexxxxx-xx-xxxx-xxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxx.xxxpredictiveLow
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxxxx.xxxxpredictiveMedium
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxx.xxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxx.xxxpredictiveMedium
27Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
28Filexx-xxxxx/xxxx.xxx?xxxx_xxxx=xxxxxpredictiveHigh
29File~/xxxxx.xxxpredictiveMedium
30ArgumentxxxxpredictiveLow
31ArgumentxxxpredictiveLow
32ArgumentxxxxxxpredictiveLow
33ArgumentxxxxxxxxpredictiveMedium
34Argumentxxx_xxxpredictiveLow
35ArgumentxxxxxxxxxxpredictiveMedium
36Argumentxxx_xxpredictiveLow
37Argumentxxxxxxxxx_xxxpredictiveHigh
38ArgumentxxxxxxpredictiveLow
39Argumentxxxx_xxxxxpredictiveMedium
40Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
41ArgumentxxxxxpredictiveLow
42ArgumentxxxxxxxxpredictiveMedium
43ArgumentxxxxpredictiveLow
44ArgumentxxpredictiveLow
45ArgumentxxpredictiveLow
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxpredictiveLow
48ArgumentxxxxxxxxxpredictiveMedium
49Argumentxxxxx_xxxx_xxxxpredictiveHigh
50ArgumentxxxxxxxxpredictiveMedium
51Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!