Russian Nexus Analysis

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en50
de12
it4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Piwigo4
Apache HTTP Server4
Adobe Acrobat Reader4
Microsoft Windows4
vu Mass Mailer2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.220.00308CVE-2017-0055
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.920.01086CVE-2010-0966
3Apple macOS Sudo out-of-bounds write6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.94383CVE-2021-3156
4Web2py information disclosure6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00626CVE-2016-4806
5Microsoft IIS FastCGI memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.16878CVE-2010-2730
6Microsoft Windows Kernel access control6.46.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00058CVE-2018-8347
7vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00176CVE-2007-6138
8PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00302CVE-2020-36326
9Medix orgot Password Appstore Module access control7.16.8$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00104CVE-2021-25672
10Magento getCsvFile sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.95966CVE-2015-1397
11Apple macOS BOM access control6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00048CVE-2022-22616
12Apple Mac OS X IOHIDFamily memory corruption10.09.5$25k-$100k$0-$5kHighOfficial Fix0.030.00510CVE-2014-4404
13PHP Path readlink data processing7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.02135CVE-2015-4025
14phpMyAdmin Error Message AES.php Path information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00535CVE-2016-2042
15Apple iOS/iPadOS IOMobileFrameBuffer memory corruption7.87.5$25k-$100k$0-$5kHighOfficial Fix0.030.00077CVE-2021-30807
16Synology Photo Station HTTP Header login.php command injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.02932CVE-2016-10329
17Umi UMI.CMS Administrator Account cross-site request forgery6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.01099CVE-2013-2754
18phpPgAdmin sql.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01354CVE-2001-0479
19Microsoft .NET Framework XML File code injection8.57.9$5k-$25k$0-$5kFunctionalOfficial Fix0.030.81743CVE-2020-1147
20Joomlahbs Hotel Booking Reservation System index.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00103CVE-2008-5874

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2File5.2.9\syscrb.exepredictiveHigh
3Fileadmin/languages.phppredictiveHigh
4Fileeditcgi.cgipredictiveMedium
5Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
6Filexxx/xxxx/xxxx.xpredictiveHigh
7Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
8Filexxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxx.xxxpredictiveLow
15Filexxxxxxxxxxx.xpredictiveHigh
16Filexxx.xxxpredictiveLow
17Filexx-xxxxxxxx-xxxx.xxxpredictiveHigh
18Libraryxxxxxxxxx/xxxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
19ArgumentxxxxxxxxpredictiveMedium
20ArgumentxxpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxxxxxxxx[xxxxx_xxxx]predictiveHigh
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxpredictiveLow
25Argumentx-xxxxxxxxx-xxxpredictiveHigh
26Input Value'/x'predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!