Nymaim Analysis
Activities
Timeline
The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.
Activities
Interest
Vulnerabilities
IOC - Indicator of Compromise (39)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (10)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Vulnerabilities | Access Vector | Type | Confidence |
---|---|---|---|---|---|
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | predictive | High |
2 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | predictive | High |
3 | TXXXX.XXX | CWE-XXX, CWE-XXX | Xxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx Xxxxxxxx | predictive | High |
4 | TXXXX | CWE-XXX | 7xx Xxxxxxxx Xxxxxxxx | predictive | High |
5 | TXXXX | CWE-XXX | Xxxxxxxxxx Xxxxxx | predictive | High |
6 | TXXXX.XXX | CWE-XXX | Xxxxxxxx Xxxxxxxxxxxxx | predictive | High |
7 | TXXXX | CWE-XXX, CWE-XXX | Xxxxxxxxxxx Xxxxxxx Xx Xxxxxxxxxxx | predictive | High |
8 | TXXXX | CWE-XXX | Xxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxx | predictive | High |
9 | TXXXX.XXX | CWE-XXX, CWE-XXX | Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx | predictive | High |
10 | TXXXX | CWE-XXX, CWE-XXX, CWE-XXX | Xxxxxxxxxxxxx Xxxxxx | predictive | High |
IOA - Indicator of Attack (230)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | // | predictive | Low |
2 | File | /adfs/ls | predictive | Medium |
3 | File | /admin/doctors/view_doctor.php | predictive | High |
4 | File | /appliance/users?action=edit | predictive | High |
5 | File | /config/getuser | predictive | High |
6 | File | /data-service/users/ | predictive | High |
7 | File | /IISADMPWD | predictive | Medium |
8 | File | /js/app.js | predictive | Medium |
9 | File | /login | predictive | Low |
10 | File | /monitor/s_headmodel.php | predictive | High |
11 | File | /pro/repo-create.html | predictive | High |
12 | File | /public/plugins/ | predictive | High |
13 | File | /rest/api/1.0/issues/{id}/ActionsAndOperations | predictive | High |
14 | File | /rest/api/latest/projectvalidate/key | predictive | High |
15 | File | /rest/collectors/1.0/template/custom | predictive | High |
16 | File | /SAP_Information_System/controllers/add_admin.php | predictive | High |
17 | File | /secure/admin/InsightDefaultCustomFieldConfig.jspa | predictive | High |
18 | File | /server-info | predictive | Medium |
19 | File | /services | predictive | Medium |
20 | File | /test/cookie/ | predictive | High |
21 | File | /uncpath/ | predictive | Medium |
22 | File | /usr/bin/at | predictive | Medium |
23 | File | /usr/bin/pkexec | predictive | High |
24 | File | /WEB-INF/web.xml | predictive | High |
25 | File | admin-ajax.php | predictive | High |
26 | File | xxxxxxxxxxxxxxx.xxx | predictive | High |
27 | File | xxx/xxxx/xxxxxxxx/xxxx.xxx | predictive | High |
28 | File | xxxx_xxx.xx | predictive | Medium |
29 | File | xxxxxx.x | predictive | Medium |
30 | File | xx-xxxxxx/xxxxxxxx.xxxxx.xxx | predictive | High |
31 | File | x:/xxxx.xxx" | predictive | Medium |
32 | File | x:\xxxxxxxx | predictive | Medium |
33 | File | x:\xxxxxxx\xxxxxxxx\xxxxxx\xxx | predictive | High |
34 | File | xxxxxxxxx.x | predictive | Medium |
35 | File | xxxxxxx.xxx | predictive | Medium |
36 | File | xxxxxx.xxx | predictive | Medium |
37 | File | xxxxx.xxxxxxxxxxx.xxxx[x]=xxx | predictive | High |
38 | File | xxxxxxx.xxx | predictive | Medium |
39 | File | xxxxxxxxxxxxxxxx.xxx | predictive | High |
40 | File | xxxxxxxxx.xxx | predictive | High |
41 | File | xxxxxxxxxxxxxxxxxxxxxxxx.xxx.xxx | predictive | High |
42 | File | xxxxxxxxxxx/xxxxx/xxxxxxx.xxx | predictive | High |
43 | File | xxxxxxx.x | predictive | Medium |
44 | File | xxxxxx_xx/xxxxxxxxxxxxxxxxxxxxxxxxx | predictive | High |
45 | File | xxx_xx_xxx.x | predictive | Medium |
46 | File | xxxx-xx/xxxx/xxxxxxxxxxx.xxx | predictive | High |
47 | File | xxxxxx_x_x.xxx | predictive | High |
48 | File | xxxxxxxxxx.xxx | predictive | High |
49 | File | xxxxxxx/xxxxx/xxx.x | predictive | High |
50 | File | xxxxxxx/xxx/xxx-xx.x | predictive | High |
51 | File | xxxxx.xxx | predictive | Medium |
52 | File | xxxxxxxxxxxxx.xxx | predictive | High |
53 | File | xxxxxxxxxxxxxxxxx.xxxx | predictive | High |
54 | File | xxxxxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
55 | File | xxxxxxxx.xxx | predictive | Medium |
56 | File | xxxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
57 | File | xx/xxx.x | predictive | Medium |
58 | File | xx/xxxxx/xxxxx_xxxx.x | predictive | High |
59 | File | xxxxxxxxx/xxxx-xxxxxxx-xxx.xxx | predictive | High |
60 | File | xx.xxxxx.xxx | predictive | Medium |
61 | File | xxxxxx/xxxxxxxxxxxxx | predictive | High |
62 | File | xxxxxxxx/xxxx_xxxx | predictive | High |
63 | File | xx.xxx | predictive | Low |
64 | File | xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxx.xx | predictive | High |
65 | File | xxxx/x.x | predictive | Medium |
66 | File | xxxxxxxxxxxxxxxxx.xxxx | predictive | High |
67 | File | xxx_xxxxxxx.xxx | predictive | High |
68 | File | xxxxxxx/xxxxx/xxxxx.x | predictive | High |
69 | File | xxxxx.xx | predictive | Medium |
70 | File | xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx | predictive | High |
71 | File | xxxxxxx.x | predictive | Medium |
72 | File | xxxxxx/xxx/xxxxxxxx.x | predictive | High |
73 | File | xxx/xxxx_xxxx.x | predictive | High |
74 | File | xxx/xxxx/xxx.x/xxxx_xxxxxx.x | predictive | High |
75 | File | xxx/xxxx/xxxxxx.x | predictive | High |
76 | File | xxxxxxx.x | predictive | Medium |
77 | File | xxxxxxxxxxx.xx | predictive | High |
78 | File | xxxxxxx/xxxxxxxx.x | predictive | High |
79 | File | xxxxx.xxx | predictive | Medium |
80 | File | xxxxxxxxxxxxxx.xxxx#xxxxxx/xxxxx | predictive | High |
81 | File | xxxxxxxxxxx/xxxxxxx.xxx | predictive | High |
82 | File | xxxxxx.xxx | predictive | Medium |
83 | File | xxxxxxxx.xxx | predictive | Medium |
84 | File | xxxx.xxx | predictive | Medium |
85 | File | xxx/xxxxxxxxx/x_xxxxxx.x | predictive | High |
86 | File | xxx/xxx/xxxxxxx.x | predictive | High |
87 | File | xxx/xxxx/xxxxxx.x | predictive | High |
88 | File | xxx/xxx_xxxxx/xx_xxxxx.x | predictive | High |
89 | File | xxx/xxxxxxxx/xxxx-xxx.x | predictive | High |
90 | File | xxx_xxxx_xxx_xxxxxxxxxx.x | predictive | High |
91 | File | xx_xxxxxx_xxxxxxx.xxx | predictive | High |
92 | File | xxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
93 | File | xxxxxxx.xxx | predictive | Medium |
94 | File | xxxxxx.xxx | predictive | Medium |
95 | File | xxx/xxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
96 | File | xxxx_xxxxxxx.x | predictive | High |
97 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
98 | File | xxxxx/xxxxxxx.x | predictive | High |
99 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | predictive | High |
100 | File | xxxxx-xxxxxxxxx-xxxxxxxxx.xxx | predictive | High |
101 | File | xxx_xxxxxx.xxxx | predictive | High |
102 | File | xxxxxxxx.xxx | predictive | Medium |
103 | File | xxxxxxx.xxx | predictive | Medium |
104 | File | xxxxx.xxx | predictive | Medium |
105 | File | xxxxxx_xxxxxx.xx | predictive | High |
106 | File | xxxxxx.x | predictive | Medium |
107 | File | xxxxxxxx.x | predictive | Medium |
108 | File | xxxxxxxxxxxxxxxxx.xxx | predictive | High |
109 | File | xxxxxx/xxxxx/xxxxx.x | predictive | High |
110 | File | xxx.xxxxx | predictive | Medium |
111 | File | xxxxx.xxx | predictive | Medium |
112 | File | xxxxxxxxx.xxx | predictive | High |
113 | File | xxx.x | predictive | Low |
114 | File | xxxxx.xxx | predictive | Medium |
115 | File | xxxxx.xxx | predictive | Medium |
116 | File | xxx.xxxx | predictive | Medium |
117 | File | xxxx-xxxxxxx | predictive | Medium |
118 | File | xxxxxxx.xxx | predictive | Medium |
119 | File | xxxxxx.x | predictive | Medium |
120 | File | xxxxxxx.xxx.xx.xxxxxxxxxxx.xxx | predictive | High |
121 | File | xxxxxxxxx.xxx | predictive | High |
122 | File | xxx/xxx/xxx-xxxxxx | predictive | High |
123 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | High |
124 | File | xxxxxxxx.xxx | predictive | Medium |
125 | File | xxxxxxx.xxx | predictive | Medium |
126 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
127 | File | xxxx.xxx | predictive | Medium |
128 | File | xxxxxxxx.x | predictive | Medium |
129 | File | xxxxxxx.xxx | predictive | Medium |
130 | File | xx-xxxxx/xxxxx-xxxx.xxx?xxx_xxxxx=xxxx_xxxxxxx | predictive | High |
131 | File | xx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxx | predictive | High |
132 | File | xx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxx | predictive | High |
133 | File | xx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxx | predictive | High |
134 | File | xxxxxxxx.x | predictive | Medium |
135 | File | xxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=x | predictive | High |
136 | File | _xxxxxx/xxxxxxxx.x | predictive | High |
137 | File | ~/xxxxxxxx/xxx-xxxxxxxxx/xxxxx/xxxxx-xxx-xxxxx-xxxxxxxx.xxx | predictive | High |
138 | Library | /_xxx_xxx/xxxxx.xxx | predictive | High |
139 | Library | xxx/xxxxxxx/xxxx.x | predictive | High |
140 | Library | xxxxxxxxxxxx.xxx | predictive | High |
141 | Library | xxxxxx.xxx | predictive | Medium |
142 | Library | xxx.xxx | predictive | Low |
143 | Library | xxxxxx.xxx | predictive | Medium |
144 | Library | xxxxxxxxxxxxxx.xxx | predictive | High |
145 | Library | xxx/xxxxxxxxx/xxxxxxxxxxx.x | predictive | High |
146 | Library | xxxxxxx.xxx.xx.xxx | predictive | High |
147 | Library | xxxxxxxxxxxx.xxx | predictive | High |
148 | Library | xxxxx.xxx | predictive | Medium |
149 | Library | xxxx | predictive | Low |
150 | Argument | ${xxx} | predictive | Low |
151 | Argument | --xxxxxxx-xxx=) | predictive | High |
152 | Argument | /((?:x?+(?:^(?(x)x+\){xx}-))(?x)(?x(?x/xx/((?xx(?x\){xx)?x)?x)(?x(?x\){xx|(:(?|(?x)(\xx)|((?x)))xxx)(xx))))))/ | predictive | High |
153 | Argument | ?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=x | predictive | High |
154 | Argument | xx | predictive | Low |
155 | Argument | xxxxxx | predictive | Low |
156 | Argument | xxxxxx_xxxx | predictive | Medium |
157 | Argument | xxxxxxxxxx_xxxx | predictive | High |
158 | Argument | xxx | predictive | Low |
159 | Argument | xxxxx.xxxxxxxxxxx.xxxx[x]=xxx | predictive | High |
160 | Argument | xxxxxxxxx | predictive | Medium |
161 | Argument | xxx | predictive | Low |
162 | Argument | xxxxxxxxx.xxxx | predictive | High |
163 | Argument | xxxxxx_xxx_xxxxxxxxxxx | predictive | High |
164 | Argument | xxxxxx | predictive | Low |
165 | Argument | xxxxxxxxxxxx/xxxxxxxxxxx | predictive | High |
166 | Argument | x_xxxxxx.xxxx_xxxxx | predictive | High |
167 | Argument | xxxxxxxxxxxx | predictive | Medium |
168 | Argument | xxxxxxxx_xxxx | predictive | High |
169 | Argument | xxxxxxxxxxx | predictive | Medium |
170 | Argument | xxxx_xxxxxx=xxxx | predictive | High |
171 | Argument | xxxxxxxxxxxxxxx | predictive | High |
172 | Argument | xx_xxxxxxx | predictive | Medium |
173 | Argument | xxxx | predictive | Low |
174 | Argument | xxxxxxxx | predictive | Medium |
175 | Argument | xxx/xxxxxxxx/xxxxxxxx | predictive | High |
176 | Argument | xx | predictive | Low |
177 | Argument | xx_xxxxx_xxxxxx/xx_xxxxxxx_xxxxxxxx | predictive | High |
178 | Argument | xxxxxx | predictive | Low |
179 | Argument | xxxx_xx_xxx_xxx/xxxx_xxxxxxxxxxxx | predictive | High |
180 | Argument | xxxx | predictive | Low |
181 | Argument | xxxxxx xxxxxx | predictive | High |
182 | Argument | xxxxxxxxxx | predictive | Medium |
183 | Argument | xxxx | predictive | Low |
184 | Argument | xxxxxxxx | predictive | Medium |
185 | Argument | xxxxxxxx | predictive | Medium |
186 | Argument | xxxx | predictive | Low |
187 | Argument | xxxx_xxxxxx | predictive | Medium |
188 | Argument | xxxxxxxxxxxxxxxxxx | predictive | High |
189 | Argument | x_xxxxxx_xxx | predictive | Medium |
190 | Argument | xxxxxxxxxxxxxxxx | predictive | High |
191 | Argument | xxxxxx_xxxx | predictive | Medium |
192 | Argument | xxxxxxx_xxx | predictive | Medium |
193 | Argument | xxxxxx | predictive | Low |
194 | Argument | xxxxxxxxxxxxxxxxxxx | predictive | High |
195 | Argument | xxxxxx | predictive | Low |
196 | Argument | xxxx.xxx | predictive | Medium |
197 | Argument | xxxxxxxx[xxxx xxxxxxx][xxxxxxxxxxxxxxxxxx] | predictive | High |
198 | Argument | xxxxx | predictive | Low |
199 | Argument | xxx_xxx | predictive | Low |
200 | Argument | xxxxxxxxxxxxxx | predictive | High |
201 | Argument | xxxxxxxx | predictive | Medium |
202 | Argument | xxxxxxxx | predictive | Medium |
203 | Argument | xxxxx/xxxxxxx | predictive | High |
204 | Argument | xxxxxxxx-xxxxxxxx | predictive | High |
205 | Argument | xxxx_xx | predictive | Low |
206 | Argument | xxxxxxxxxxx | predictive | Medium |
207 | Argument | xxxx | predictive | Low |
208 | Argument | xxx | predictive | Low |
209 | Argument | xxxxxxxx | predictive | Medium |
210 | Argument | xxxxxxxx | predictive | Medium |
211 | Argument | xxxx | predictive | Low |
212 | Argument | x-xxxxxxxxx-xxx | predictive | High |
213 | Argument | xxxx | predictive | Low |
214 | Argument | _xxx_xxxxxxxxxxx_ | predictive | High |
215 | Argument | __xxxxxxxxx | predictive | Medium |
216 | Input Value | %xxxxxx+-x+x+xx.x.xx.xxx%xx%xx | predictive | High |
217 | Input Value | /.. | predictive | Low |
218 | Input Value | <xxxxxx>xxxxx('xxxxxxxx.xxxxxx='+xxxxxxxx.xxxxxx)</xxxxxx>.xxxxx | predictive | High |
219 | Input Value | xxxxx | predictive | Low |
220 | Input Value | x:/xxx/xxxxx | predictive | Medium |
221 | Input Value | xxxxxx | predictive | Low |
222 | Input Value | xxxxxxxxx/../xxxxx | predictive | High |
223 | Input Value | xxxxxxxxxxxxxxxxxxx | predictive | High |
224 | Network Port | xxxxx xxx-xxx, xxx | predictive | High |
225 | Network Port | xxx/xx (xxx) | predictive | Medium |
226 | Network Port | xxx/xx (xxxx) | predictive | High |
227 | Network Port | xxx/xxx | predictive | Low |
228 | Network Port | xxx/xxx (xxx) | predictive | High |
229 | Network Port | xxx/xxxx | predictive | Medium |
230 | Network Port | xxx/xxx (xxxx) | predictive | High |
References (9)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
- https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html
- https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html
- https://blog.talosintelligence.com/2020/02/threat-roundup-0214-0221.html
- https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html
- https://blog.talosintelligence.com/2021/06/threat-roundup-0528-0604.html
- https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html
- https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/Nymaim