NSO Group Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

de258
en228
zh8
es7
pl4

Country

de255
us154
cn22
ch15
gb6

Actors

NSO Group500
Agent3

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.37CVE-2010-0966
3Cisco Email Security Appliance Attachment Detection input validation6.36.3$25k-$100k$25k-$100kNot DefinedNot Defined0.04CVE-2019-1844
4OpenX adclick.php redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.04CVE-2014-2230
5jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-7550
6JetBrains Kotlin Build HTTP cryptographic issues6.86.5$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-10101
7My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.12
8Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.35CVE-2020-1927
9PHPUnit HTTP POST eval-stdin.php code injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.19CVE-2017-9841
10nginx HTTP2 resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-16843
11DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.08CVE-2007-1167
12Zeus Zeus Web Server memory corruption10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2010-0359
13PHPWind goto.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2015-4135
14Apache maven-shared-utils Quoted String Commandline command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix1.77CVE-2022-29599
15Cambium cnMaestro Package os command injection5.75.6$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2022-1362
16Fidelis Network and Deception Web Interface os command injection8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-24393
17Ransom.REvil winhttp.dll untrusted search path6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.03
18Ransom.REvil winhttp.dll untrusted search path4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.00
19Microstrategy Web SDK fileToUpload cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-22987
20AMD CPU Trusted OS denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2021-26368

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
13.13.132.96ec2-3-13-132-96.us-east-2.compute.amazonaws.comNSO GroupPegasusverifiedMedium
23.16.75.157ec2-3-16-75-157.us-east-2.compute.amazonaws.comNSO GroupPegasusverifiedMedium
313.58.85.100ec2-13-58-85-100.us-east-2.compute.amazonaws.comNSO GroupPegasusverifiedMedium
413.59.79.240ec2-13-59-79-240.us-east-2.compute.amazonaws.comNSO GroupPegasusverifiedMedium
518.191.63.125ec2-18-191-63-125.us-east-2.compute.amazonaws.comNSO GroupPegasusverifiedMedium
618.217.13.50ec2-18-217-13-50.us-east-2.compute.amazonaws.comNSO GroupPegasusverifiedMedium
718.225.12.72ec2-18-225-12-72.us-east-2.compute.amazonaws.comNSO GroupPegasusverifiedMedium
823.239.16.143li685-143.members.linode.comNSO GroupPegasusverifiedHigh
9XX.XX.XXX.XXXxx XxxxxverifiedHigh
10XX.XX.XXX.XXXxx XxxxxverifiedHigh
11XX.XX.XXX.XXxxxxx.xxxxxxxxx.xxxXxx XxxxxXxxxxxxverifiedHigh
12XX.X.XX.XXXxxx-xx-x-xx-xxx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxx XxxxxXxxxxxx XxxxxxverifiedMedium
13XX.X.XXX.XXxxx-xx-x-xxx-xx.xx-xxxx-x.xxxxxxx.xxxxxxxxx.xxxXxx XxxxxXxxxxxx XxxxxxverifiedMedium
14XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xx-xxxxxxxxx-x.xxxxxxx.xxxxxxxxx.xxxXxx XxxxxXxxxxxx XxxxxxverifiedMedium
15XX.XXX.XXX.XXXxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxx XxxxxXxxxxxxverifiedHigh
16XX.XXX.XXX.XXXXxx XxxxxXxxxxxxverifiedHigh
17XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxx.xxxxxxxx.xxxXxx XxxxxXxxxxxx XxxxxxverifiedHigh
18XX.XX.XXX.XXXxxxxx.xxxxxxxx.xxxXxx XxxxxXxxxxxx XxxxxxverifiedHigh
19XX.XXX.XX.XXXxxx.xx-xx-xxx-xx.xxXxx XxxxxXxxxxxxverifiedHigh
20XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxx.xxxXxx XxxxxXxxxxxxverifiedMedium
21XX.XXX.XX.XXXxxxxxx-xx.xxxxxxxx.xxXxx XxxxxXxxxxxx Xxxxxxxxxxxxx XxxxxxxverifiedHigh
22XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxx.xxxxxxxxxxxxx.xxxXxx XxxxxXxxxxxxverifiedHigh
23XXX.XXX.XXX.XXXXxx XxxxxXxxxxxxverifiedHigh
24XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxx.xxxXxx XxxxxXxxxxxxverifiedMedium
25XXX.XXX.XXX.XXXXxx XxxxxXxxxxxxverifiedHigh
26XXX.XXX.XXX.XXXXxx XxxxxXxxxxxxverifiedHigh
27XXX.XX.XX.XXXXxx XxxxxXxxxxxxverifiedHigh
28XXX.XX.XXX.XXXXxx XxxxxXxxxxxxverifiedHigh
29XXX.XXX.XXX.XXXxx XxxxxXxxxxxxverifiedHigh
30XXX.XXX.XX.XXXxx XxxxxXxxxxxxverifiedHigh
31XXX.XXX.XXX.XXXxx XxxxxXxxxxxx XxxxxxverifiedHigh
32XXX.XXX.XX.XXxxxxx-xx-xx-xx-xxxx-xxxxxxxx-xx.xx.xxxxxxxxxx.xxxxxXxx XxxxxXxxxxxxverifiedHigh
33XXX.XXX.XX.XXXXxx XxxxxXxxxxxxverifiedHigh
34XXX.XX.XXX.XXXxx XxxxxXxxxxxxverifiedHigh
35XXX.XXX.XXX.XXXXxx XxxxxXxxxxxxverifiedHigh
36XXX.XXX.XXX.XXxxxxxxx-xxxxxxxxxxx.xxXxx XxxxxXxxxxxxverifiedHigh
37XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxx XxxxxXxxxxxxverifiedMedium
38XXX.XXX.XXX.XXXxx XxxxxXxxxxxxverifiedHigh
39XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxx.xxxXxx XxxxxXxxxxxxverifiedMedium

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1040CWE-294Authentication Bypass by Capture-replaypredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
4TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxx Xx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (165)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/info.phppredictiveHigh
2File/cgi?predictiveLow
3File/etc/controller-agent/agent.confpredictiveHigh
4File/forms/web_importTFTPpredictiveHigh
5File/forum/away.phppredictiveHigh
6File/graphqlpredictiveMedium
7File/jeecg-boot/jmreport/viewpredictiveHigh
8File/localhost/upredictiveMedium
9File/out.phppredictiveMedium
10File/PluXml/core/admin/parametres_edittpl.phppredictiveHigh
11File/public_html/admin/plugins/bad_behavior2/blacklist.phppredictiveHigh
12File/rom-0predictiveLow
13File/root/run/adm.php?admin-ediy&part=exdiypredictiveHigh
14File/v2/devices/addpredictiveHigh
15File/var/ipfire/backup/bin/backup.plpredictiveHigh
16File/wp-json/wc/v3/webhookspredictiveHigh
17Fileadclick.phppredictiveMedium
18FileAddEvent.phppredictiveMedium
19Fileadmin.phppredictiveMedium
20Fileadmin/scripts/FileUploader/php.phppredictiveHigh
21Filexxxxx/xxxx_xxxx.xxxpredictiveHigh
22Filexxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx_xxx.xxxpredictiveHigh
24Filexxx_xxxxxxxpredictiveMedium
25Filexxx.xpredictiveLow
26Filexxxxxx/xxxxxx/predictiveHigh
27Filexxxxxx/xxxxx.xpredictiveHigh
28Filex:\xxxxxxpredictiveMedium
29Filexxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxx/xxx.xpredictiveMedium
31Filexxx.xxxxxxxxxx.xxxxxxxxxxx.xxxxxxxxxxxxpredictiveHigh
32Filexxxxxxxx/xxxxxxxx/xxxxxxxxxx_xxx.xxxpredictiveHigh
33Filexxxxxx.xxxpredictiveMedium
34Filexxxxxx/xxxxxx.xpredictiveHigh
35Filexxxxx.xpredictiveLow
36Filexxxxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
37Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
39Filexx.xxxpredictiveLow
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxx.xxxpredictiveMedium
43Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
44Filexxxxxxxxxxx.xpredictiveHigh
45Filexxxxxxxxx.xxxpredictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexxxxx/xxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxx.xxxpredictiveHigh
49Filexxxxx-xxxxxxxxx.xxxxpredictiveHigh
50Filexxxx_xxxx.xpredictiveMedium
51Filexxxxx.xxxpredictiveMedium
52Filexxx/xxxxxx.xxxpredictiveHigh
53Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxxxx.xxx?x=xxxxx&x=xxx&x=xxx_xxxxpredictiveHigh
56Filexxxx.xxxpredictiveMedium
57Filexxxxxx.xpredictiveMedium
58Filexxxxxxxxx/xxx.xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
59Filexxxxx.xxx.xxxpredictiveHigh
60Filexxxxxxxx_xxxxxxxx.xxxpredictiveHigh
61Filexxxxxxx.xxxpredictiveMedium
62Filexxxxx_xxxxx.xxxpredictiveHigh
63Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
64Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxpredictiveHigh
65FilexxxxxxxxpredictiveMedium
66Filexxxxxxxx.xxpredictiveMedium
67Filexxxxxxxxx.xpredictiveMedium
68Filexxxxxxx.xxxpredictiveMedium
69Filexxxxxx_xxx_xxxxxx.xpredictiveHigh
70Filexxxxx.xxxpredictiveMedium
71Filexxxxxxxx.xxpredictiveMedium
72Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
73Filexxxx/xxx/xxx.xxxpredictiveHigh
74Filexxxx.xxxpredictiveMedium
75Filexxxx-xxxxxx.xpredictiveHigh
76Filexxxxxxxxxxxx.xxxpredictiveHigh
77Filexxxx-x.xxxpredictiveMedium
78Filexxx_xxxx.xpredictiveMedium
79Filexx.xxxpredictiveLow
80Filexxxx/xxxxx.xxxpredictiveHigh
81Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
82Filexxxxxxxxx.xxxpredictiveHigh
83Filexxxxxxxxx.xxxpredictiveHigh
84Filexxxx_xxxxxxxxx.xxpredictiveHigh
85Filexxxxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxxxx.xxxpredictiveHigh
87Filexx-xxxxx/xxxxx.xxxpredictiveHigh
88Filexx-xxxxx/xxxxx.xxx?xxxx=xxx-xxxxxxxxx-xxxxxxxx-xxxxxxxxpredictiveHigh
89Filexx-xxx.xxxpredictiveMedium
90Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
91Filexx-xxxxx.xxxpredictiveMedium
92Filexxxxxx.xxxpredictiveMedium
93Libraryxxxxxx.xxxpredictiveMedium
94Libraryxxx/xxx.xxpredictiveMedium
95Libraryxxx/xxxx/xxxxxx/xxxx.xpredictiveHigh
96Libraryxxx/xxxx.xpredictiveMedium
97Libraryxxx/xxxxxxxxxx.xpredictiveHigh
98Libraryxxxxxxxx.xxxpredictiveMedium
99Libraryxxxxxxx.xxxpredictiveMedium
100Argument$xxx_xxxx)predictiveMedium
101ArgumentxxxxxxxpredictiveLow
102ArgumentxxxxpredictiveLow
103ArgumentxxxxxxxxxxxxxxxpredictiveHigh
104ArgumentxxxxxxxxpredictiveMedium
105Argumentxxxxx-xxxxxpredictiveMedium
106Argumentxxxx_xxxxxpredictiveMedium
107Argumentxxxx_xxpredictiveLow
108ArgumentxxxxxxxxpredictiveMedium
109Argumentxxx_xxxxxpredictiveMedium
110ArgumentxxxxxxxxxpredictiveMedium
111ArgumentxxxxpredictiveLow
112ArgumentxxxxxxxxxxxpredictiveMedium
113ArgumentxxxxxxpredictiveLow
114ArgumentxxxxpredictiveLow
115Argumentxxx_xxxx/xxx_xxxxxxxpredictiveHigh
116Argumentxxx/xxxxxxxpredictiveMedium
117Argumentxxxxxxxx_xxxxpredictiveHigh
118Argumentxxxxxx/xxxxpredictiveMedium
119ArgumentxxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121Argumentxxxxxxxx/xxx/xxxxxx/xxxxxxxpredictiveHigh
122ArgumentxxxxxxxxxpredictiveMedium
123ArgumentxxxxxxpredictiveLow
124ArgumentxxxxpredictiveLow
125ArgumentxxpredictiveLow
126ArgumentxxxpredictiveLow
127Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
128Argumentxxxxxxxxx_xxxxpredictiveHigh
129ArgumentxxxxpredictiveLow
130ArgumentxxxpredictiveLow
131ArgumentxxxxxxxpredictiveLow
132Argumentxxxxxx xxxxpredictiveMedium
133ArgumentxxxpredictiveLow
134ArgumentxxxxpredictiveLow
135Argumentxxxx/xxxxxxxpredictiveMedium
136ArgumentxxxxxxxxpredictiveMedium
137Argumentx_xxxxpredictiveLow
138Argumentxxxx_xxxpredictiveMedium
139Argumentxxxx xxxxxxxxpredictiveHigh
140ArgumentxxxxxxxxpredictiveMedium
141ArgumentxxxxxxxxpredictiveMedium
142ArgumentxxxpredictiveLow
143ArgumentxxxxxxxxxpredictiveMedium
144ArgumentxxxpredictiveLow
145ArgumentxxxxxxpredictiveLow
146Argumentxxxxxx_xxxxxxxxxx/xxxxxx_xxxxxxpredictiveHigh
147Argumentxxxxxx/xxxxxxxxxxxx/xxxxxxxxpredictiveHigh
148Argumentxxxxx_xxxxxxpredictiveMedium
149Argumentxxx_xxxxpredictiveMedium
150ArgumentxxxxpredictiveLow
151ArgumentxxxxpredictiveLow
152ArgumentxxxxxxxxpredictiveMedium
153ArgumentxxxxxxxpredictiveLow
154ArgumentxxxpredictiveLow
155Argumentxxxx_xxpredictiveLow
156Argumentxxxxx_xxpredictiveMedium
157ArgumentxxpredictiveLow
158ArgumentxxxpredictiveLow
159ArgumentxxxxxxxxpredictiveMedium
160ArgumentxxxxxxxxpredictiveMedium
161Argumentxxxx_xxxx_xxxxpredictiveHigh
162ArgumentxxxxxxxpredictiveLow
163Argumentxxx_xxxxpredictiveMedium
164Network Portxxx/xxxxpredictiveMedium
165Network Portxxx xxxxxx xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!