Nymaim Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en837
es112
pt28
fr11
de6

Country

us929
si9
bg6
es3
lk2

Actors

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix1.09CVE-2017-0055
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.64CVE-2020-12440
3nginx Error Page request smuggling6.36.1$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2019-20372
4polkit pkexec access control8.88.1$0-$5k$0-$5kProof-of-ConceptWorkaround0.18CVE-2021-4034
5Microsoft Windows MSHTML Remote Code Execution8.87.9$100k and more$25k-$100kProof-of-ConceptOfficial Fix0.04CVE-2021-40444
6Apache Tomcat HTTP Header request smuggling7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.03CVE-2021-33037
7Linux Kernel Pipe Dirty Pipe Privilege Escalation6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.30CVE-2022-0847
8Apache HTTP Server mod_rewrite redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.73CVE-2020-1927
9Google Chrome v8 type confusion6.35.9$25k-$100k$5k-$25kFunctionalOfficial Fix0.18CVE-2022-1096
10VMware Spring Cloud Function SpEL Expression code injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2022-22963
11HP Integrated Lights-Out IPMI Protocol credentials management8.28.0$5k-$25k$0-$5kHighWorkaround0.09CVE-2013-4786
12Apache log4j JNDI LDAP Server Lookup Log4Shell/LogJam deserialization8.68.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2021-44228
13McAfee Agent Deployment cleanup.exe code injection8.17.5$5k-$25k$5k-$25kProof-of-ConceptOfficial Fix0.12CVE-2021-31854
14FasterXML jackson-databind Java denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-36518
15Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.06CVE-2014-4078
16Microsoft Windows Win32k Privilege Escalation7.26.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.30CVE-2022-21882
17Oracle Java SE libxml out-of-bounds write8.68.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.04CVE-2021-3517
18Apache Log4j JMSSink deserialization6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2022-23302
19Apache Log4j Incomplete Fix CVE-2021-44228 deserialization4.54.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-45046
20Microsoft Windows Volume Shadow Copy SAM SeriousSAM/HiveNightmare permission6.05.6$25k-$100k$0-$5kProof-of-ConceptWorkaround0.04CVE-2021-36934

IOC - Indicator of Compromise (39)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
134.227.185.153ec2-34-227-185-153.compute-1.amazonaws.comNymaimverifiedMedium
237.152.176.90NymaimverifiedHigh
346.4.52.109witntech.devNymaimverifiedHigh
446.47.98.12846-47-98-128.stz.ddns.bulsat.comNymaimverifiedHigh
546.238.18.157ip-46-238-18-157.home.megalan.bgNymaimverifiedHigh
647.91.242.212NymaimverifiedHigh
750.22.169.261a.a9.1632.ip4.static.sl-reverse.comNymaimverifiedHigh
851.218.181.145NymaimverifiedHigh
9XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxverifiedHigh
10XX.XXX.XXX.XXXxxxxxverifiedHigh
11XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
12XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
13XX.XX.XX.XXxxxxxverifiedHigh
14XX.XX.XXX.XXXxxxxxverifiedHigh
15XX.XX.XX.XXxxxxxx.xxxxx.xxxxxxxxxxxxx.xxXxxxxxverifiedHigh
16XX.XX.XXX.XXXXxxxxxverifiedHigh
17XX.XXX.XXX.XXxxxxxxxxx.xxxx.x-xxxxxxxxx.xxXxxxxxverifiedHigh
18XX.X.XX.XXXxxxxxxxxxxx.xxxxx.x-xxxxxx.xxXxxxxxverifiedHigh
19XX.XX.XX.XXxxx-xx-xx-xx.xxxxxx.xxxx.xxxXxxxxxverifiedHigh
20XX.XXX.XXX.XXXXxxxxxverifiedHigh
21XX.XXX.XX.XXXxxxxxverifiedHigh
22XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx.xxXxxxxxverifiedHigh
23XX.XXX.XXX.XXXXxxxxxverifiedHigh
24XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxxx.xxXxxxxxverifiedHigh
25XX.XXX.XX.XXXXxxxxxverifiedHigh
26XX.XX.XXX.XXXXxxxxxverifiedHigh
27XXX.XX.XXX.XXXxxxxxverifiedHigh
28XXX.XX.XX.XXXXxxxxxverifiedHigh
29XXX.XXX.XX.XXXXxxxxxverifiedHigh
30XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxxxverifiedHigh
31XXX.X.XXX.XXXxxxx.xxxxxxxxx.xxxXxxxxxverifiedHigh
32XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh
33XXX.XXX.XX.XXXXxxxxxverifiedHigh
34XXX.XX.XXX.XXXXxxxxxverifiedHigh
35XXX.XXX.XX.Xxxxxxxxxxxxx.xxxxx.x-xxxxxx.xxXxxxxxverifiedHigh
36XXX.XX.XXX.XXXxxxxxverifiedHigh
37XXX.XXX.XXX.XXXXxxxxxverifiedHigh
38XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxxverifiedHigh
39XXX.XXX.XXX.XXxxxx-xx.xxxxxxxxxxxx.xxxXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (230)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//predictiveLow
2File/adfs/lspredictiveMedium
3File/admin/doctors/view_doctor.phppredictiveHigh
4File/appliance/users?action=editpredictiveHigh
5File/config/getuserpredictiveHigh
6File/data-service/users/predictiveHigh
7File/IISADMPWDpredictiveMedium
8File/js/app.jspredictiveMedium
9File/loginpredictiveLow
10File/monitor/s_headmodel.phppredictiveHigh
11File/pro/repo-create.htmlpredictiveHigh
12File/public/plugins/predictiveHigh
13File/rest/api/1.0/issues/{id}/ActionsAndOperationspredictiveHigh
14File/rest/api/latest/projectvalidate/keypredictiveHigh
15File/rest/collectors/1.0/template/custompredictiveHigh
16File/SAP_Information_System/controllers/add_admin.phppredictiveHigh
17File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
18File/server-infopredictiveMedium
19File/servicespredictiveMedium
20File/test/cookie/predictiveHigh
21File/uncpath/predictiveMedium
22File/usr/bin/atpredictiveMedium
23File/usr/bin/pkexecpredictiveHigh
24File/WEB-INF/web.xmlpredictiveHigh
25Fileadmin-ajax.phppredictiveHigh
26Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxx/xxxx/xxxxxxxx/xxxx.xxxpredictiveHigh
28Filexxxx_xxx.xxpredictiveMedium
29Filexxxxxx.xpredictiveMedium
30Filexx-xxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
31Filex:/xxxx.xxx"predictiveMedium
32Filex:\xxxxxxxxpredictiveMedium
33Filex:\xxxxxxx\xxxxxxxx\xxxxxx\xxxpredictiveHigh
34Filexxxxxxxxx.xpredictiveMedium
35Filexxxxxxx.xxxpredictiveMedium
36Filexxxxxx.xxxpredictiveMedium
37Filexxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxxxxxxxxxxxxxx.xxx.xxxpredictiveHigh
42Filexxxxxxxxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
43Filexxxxxxx.xpredictiveMedium
44Filexxxxxx_xx/xxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
45Filexxx_xx_xxx.xpredictiveMedium
46Filexxxx-xx/xxxx/xxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxx_x_x.xxxpredictiveHigh
48Filexxxxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx/xxxxx/xxx.xpredictiveHigh
50Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
54Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexx/xxx.xpredictiveMedium
58Filexx/xxxxx/xxxxx_xxxx.xpredictiveHigh
59Filexxxxxxxxx/xxxx-xxxxxxx-xxx.xxxpredictiveHigh
60Filexx.xxxxx.xxxpredictiveMedium
61Filexxxxxx/xxxxxxxxxxxxxpredictiveHigh
62Filexxxxxxxx/xxxx_xxxxpredictiveHigh
63Filexx.xxxpredictiveLow
64Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
65Filexxxx/x.xpredictiveMedium
66Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
67Filexxx_xxxxxxx.xxxpredictiveHigh
68Filexxxxxxx/xxxxx/xxxxx.xpredictiveHigh
69Filexxxxx.xxpredictiveMedium
70Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
71Filexxxxxxx.xpredictiveMedium
72Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
73Filexxx/xxxx_xxxx.xpredictiveHigh
74Filexxx/xxxx/xxx.x/xxxx_xxxxxx.xpredictiveHigh
75Filexxx/xxxx/xxxxxx.xpredictiveHigh
76Filexxxxxxx.xpredictiveMedium
77Filexxxxxxxxxxx.xxpredictiveHigh
78Filexxxxxxx/xxxxxxxx.xpredictiveHigh
79Filexxxxx.xxxpredictiveMedium
80Filexxxxxxxxxxxxxx.xxxx#xxxxxx/xxxxxpredictiveHigh
81Filexxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
82Filexxxxxx.xxxpredictiveMedium
83Filexxxxxxxx.xxxpredictiveMedium
84Filexxxx.xxxpredictiveMedium
85Filexxx/xxxxxxxxx/x_xxxxxx.xpredictiveHigh
86Filexxx/xxx/xxxxxxx.xpredictiveHigh
87Filexxx/xxxx/xxxxxx.xpredictiveHigh
88Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
89Filexxx/xxxxxxxx/xxxx-xxx.xpredictiveHigh
90Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveHigh
91Filexx_xxxxxx_xxxxxxx.xxxpredictiveHigh
92Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
93Filexxxxxxx.xxxpredictiveMedium
94Filexxxxxx.xxxpredictiveMedium
95Filexxx/xxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
96Filexxxx_xxxxxxx.xpredictiveHigh
97Filexxxxxxxxxxxxxx.xxxpredictiveHigh
98Filexxxxx/xxxxxxx.xpredictiveHigh
99Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
100Filexxxxx-xxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
101Filexxx_xxxxxx.xxxxpredictiveHigh
102Filexxxxxxxx.xxxpredictiveMedium
103Filexxxxxxx.xxxpredictiveMedium
104Filexxxxx.xxxpredictiveMedium
105Filexxxxxx_xxxxxx.xxpredictiveHigh
106Filexxxxxx.xpredictiveMedium
107Filexxxxxxxx.xpredictiveMedium
108Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
109Filexxxxxx/xxxxx/xxxxx.xpredictiveHigh
110Filexxx.xxxxxpredictiveMedium
111Filexxxxx.xxxpredictiveMedium
112Filexxxxxxxxx.xxxpredictiveHigh
113Filexxx.xpredictiveLow
114Filexxxxx.xxxpredictiveMedium
115Filexxxxx.xxxpredictiveMedium
116Filexxx.xxxxpredictiveMedium
117Filexxxx-xxxxxxxpredictiveMedium
118Filexxxxxxx.xxxpredictiveMedium
119Filexxxxxx.xpredictiveMedium
120Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
121Filexxxxxxxxx.xxxpredictiveHigh
122Filexxx/xxx/xxx-xxxxxxpredictiveHigh
123Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
124Filexxxxxxxx.xxxpredictiveMedium
125Filexxxxxxx.xxxpredictiveMedium
126Filexxxxxxxxxxxxxx.xxxpredictiveHigh
127Filexxxx.xxxpredictiveMedium
128Filexxxxxxxx.xpredictiveMedium
129Filexxxxxxx.xxxpredictiveMedium
130Filexx-xxxxx/xxxxx-xxxx.xxx?xxx_xxxxx=xxxx_xxxxxxxpredictiveHigh
131Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveHigh
132Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
133Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
134Filexxxxxxxx.xpredictiveMedium
135Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHigh
136File_xxxxxx/xxxxxxxx.xpredictiveHigh
137File~/xxxxxxxx/xxx-xxxxxxxxx/xxxxx/xxxxx-xxx-xxxxx-xxxxxxxx.xxxpredictiveHigh
138Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
139Libraryxxx/xxxxxxx/xxxx.xpredictiveHigh
140Libraryxxxxxxxxxxxx.xxxpredictiveHigh
141Libraryxxxxxx.xxxpredictiveMedium
142Libraryxxx.xxxpredictiveLow
143Libraryxxxxxx.xxxpredictiveMedium
144Libraryxxxxxxxxxxxxxx.xxxpredictiveHigh
145Libraryxxx/xxxxxxxxx/xxxxxxxxxxx.xpredictiveHigh
146Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
147Libraryxxxxxxxxxxxx.xxxpredictiveHigh
148Libraryxxxxx.xxxpredictiveMedium
149LibraryxxxxpredictiveLow
150Argument${xxx}predictiveLow
151Argument--xxxxxxx-xxx=)predictiveHigh
152Argument/((?:x?+(?:^(?(x)x+\){xx}-))(?x)(?x(?x/xx/((?xx(?x\){xx)?x)?x)(?x(?x\){xx|(:(?|(?x)(\xx)|((?x)))xxx)(xx))))))/predictiveHigh
153Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
154ArgumentxxpredictiveLow
155ArgumentxxxxxxpredictiveLow
156Argumentxxxxxx_xxxxpredictiveMedium
157Argumentxxxxxxxxxx_xxxxpredictiveHigh
158ArgumentxxxpredictiveLow
159Argumentxxxxx.xxxxxxxxxxx.xxxx[x]=xxxpredictiveHigh
160ArgumentxxxxxxxxxpredictiveMedium
161ArgumentxxxpredictiveLow
162Argumentxxxxxxxxx.xxxxpredictiveHigh
163Argumentxxxxxx_xxx_xxxxxxxxxxxpredictiveHigh
164ArgumentxxxxxxpredictiveLow
165Argumentxxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
166Argumentx_xxxxxx.xxxx_xxxxxpredictiveHigh
167ArgumentxxxxxxxxxxxxpredictiveMedium
168Argumentxxxxxxxx_xxxxpredictiveHigh
169ArgumentxxxxxxxxxxxpredictiveMedium
170Argumentxxxx_xxxxxx=xxxxpredictiveHigh
171ArgumentxxxxxxxxxxxxxxxpredictiveHigh
172Argumentxx_xxxxxxxpredictiveMedium
173ArgumentxxxxpredictiveLow
174ArgumentxxxxxxxxpredictiveMedium
175Argumentxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
176ArgumentxxpredictiveLow
177Argumentxx_xxxxx_xxxxxx/xx_xxxxxxx_xxxxxxxxpredictiveHigh
178ArgumentxxxxxxpredictiveLow
179Argumentxxxx_xx_xxx_xxx/xxxx_xxxxxxxxxxxxpredictiveHigh
180ArgumentxxxxpredictiveLow
181Argumentxxxxxx xxxxxxpredictiveHigh
182ArgumentxxxxxxxxxxpredictiveMedium
183ArgumentxxxxpredictiveLow
184ArgumentxxxxxxxxpredictiveMedium
185ArgumentxxxxxxxxpredictiveMedium
186ArgumentxxxxpredictiveLow
187Argumentxxxx_xxxxxxpredictiveMedium
188ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
189Argumentx_xxxxxx_xxxpredictiveMedium
190ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
191Argumentxxxxxx_xxxxpredictiveMedium
192Argumentxxxxxxx_xxxpredictiveMedium
193ArgumentxxxxxxpredictiveLow
194ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
195ArgumentxxxxxxpredictiveLow
196Argumentxxxx.xxxpredictiveMedium
197Argumentxxxxxxxx[xxxx xxxxxxx][xxxxxxxxxxxxxxxxxx]predictiveHigh
198ArgumentxxxxxpredictiveLow
199Argumentxxx_xxxpredictiveLow
200ArgumentxxxxxxxxxxxxxxpredictiveHigh
201ArgumentxxxxxxxxpredictiveMedium
202ArgumentxxxxxxxxpredictiveMedium
203Argumentxxxxx/xxxxxxxpredictiveHigh
204Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
205Argumentxxxx_xxpredictiveLow
206ArgumentxxxxxxxxxxxpredictiveMedium
207ArgumentxxxxpredictiveLow
208ArgumentxxxpredictiveLow
209ArgumentxxxxxxxxpredictiveMedium
210ArgumentxxxxxxxxpredictiveMedium
211ArgumentxxxxpredictiveLow
212Argumentx-xxxxxxxxx-xxxpredictiveHigh
213ArgumentxxxxpredictiveLow
214Argument_xxx_xxxxxxxxxxx_predictiveHigh
215Argument__xxxxxxxxxpredictiveMedium
216Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
217Input Value/..predictiveLow
218Input Value<xxxxxx>xxxxx('xxxxxxxx.xxxxxx='+xxxxxxxx.xxxxxx)</xxxxxx>.xxxxxpredictiveHigh
219Input ValuexxxxxpredictiveLow
220Input Valuex:/xxx/xxxxxpredictiveMedium
221Input ValuexxxxxxpredictiveLow
222Input Valuexxxxxxxxx/../xxxxxpredictiveHigh
223Input ValuexxxxxxxxxxxxxxxxxxxpredictiveHigh
224Network Portxxxxx xxx-xxx, xxxpredictiveHigh
225Network Portxxx/xx (xxx)predictiveMedium
226Network Portxxx/xx (xxxx)predictiveHigh
227Network Portxxx/xxxpredictiveLow
228Network Portxxx/xxx (xxx)predictiveHigh
229Network Portxxx/xxxxpredictiveMedium
230Network Portxxx/xxx (xxxx)predictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!