Russian Nexus Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (80)

Zeitverlauf

Sprache

en58
de12
es4
ru2
pl2

Land

us60
gb6
ru4
pl2
it2

Akteure

Grizzly Steppe4
Russian Nexus3
Wizard Spider2
OceanLotus1
BumbleBee1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined26
Programming Language Software8
Operating System8
Content Management System6
Photo Gallery Software4

Hersteller

Not Defined34
Microsoft6
Apple4
Joomlahbs2
TP-LINK2

Produkt

PHP8
Microsoft Windows4
Apple macOS4
Piwigo4
Web2py4

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1Microsoft IIS Cross Site Scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.00CVE-2017-0055
2vu Mass Mailer Login Page redir.asp SQL Injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.00CVE-2007-6138
3DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.33CVE-2010-0966
4Apple macOS Sudo Pufferüberlauf6.56.4$0-$5k$0-$5kHighOfficial Fix0.970510.00CVE-2021-3156
5Web2py Information Disclosure6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.006260.01CVE-2016-4806
6Microsoft IIS FastCGI Request Header Pufferüberlauf7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.282640.04CVE-2010-2730
7Microsoft Windows Kernel erweiterte Rechte6.46.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000880.03CVE-2018-8347
8SourceCodester Kortex Lite Advocate Office Management System register_case.php SQL Injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-3621
9Nuked-Klan Partenaires module clic.php SQL Injection7.37.1$0-$5k$0-$5kHighUnavailable0.001340.06CVE-2010-4925
10LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.61
11Joomla CMS Custom Field erweiterte Rechte7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005970.04CVE-2019-14654
12Dnsmasq EDNS.0 UDP Packet Size Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002400.00CVE-2023-28450
13Node.js IsAllowedHost erweiterte Rechte6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003780.04CVE-2022-43548
14TP-LINK TL-WR841N Firmware Directory Traversal7.57.5$0-$5k$0-$5kHighNot Defined0.029520.05CVE-2012-5687
15Mustache Pix Helper exploitable erweiterte Rechte7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.003120.04CVE-2023-28333
16Moodle Enrolled Course SQL Injection8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.04CVE-2021-36392
17TikiWiki tiki-register.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010756.26CVE-2006-6168
18Starface schwache Authentisierung5.04.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.018880.05CVE-2023-33243
19PHPMailer Phar Deserialization addAttachment erweiterte Rechte5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
20Medix orgot Password Appstore Module erweiterte Rechte7.16.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-25672

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
180.255.12.237Russian Nexus04.08.2022verifiziertHigh
2XX.XX.XX.XXXxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxxx Xxxxx04.08.2022verifiziertHigh
3XX.XX.XXX.XXXXxxxxxx Xxxxx04.08.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassifizierungSchwachstellenZugriffsartTypAkzeptanz
1T1006CAPEC-126CWE-22Path TraversalprädiktivHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3T1059CAPEC-242CWE-94Argument InjectionprädiktivHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxprädiktivHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxprädiktivHigh
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxprädiktivHigh
11TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxprädiktivHigh
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxprädiktivHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/control/register_case.phpprädiktivHigh
2File/forum/away.phpprädiktivHigh
3File/uncpath/prädiktivMedium
4File5.2.9\syscrb.exeprädiktivHigh
5Filexxxxx/xxxxxxxxx.xxxprädiktivHigh
6Filexxxx.xxxprädiktivMedium
7Filexxxxxxx.xxxprädiktivMedium
8Filexxx/xxxx/xxx/xxxxx_xxxx.xprädiktivHigh
9Filexxx/xxxx/xxxx.xprädiktivHigh
10Filexxx/xxxxxxxx/xxxx_xxxxx.xprädiktivHigh
11Filexxxxxxxxxxxxxx.xxxprädiktivHigh
12Filexxxxxxxxxxx/xxxxxxxxxxxprädiktivHigh
13Filexxx/xxxxxx.xxxprädiktivHigh
14Filexxxxx.xxxprädiktivMedium
15Filexxxxxxx.xxxprädiktivMedium
16Filexxxxx.xxxprädiktivMedium
17Filexxxxx.xxxprädiktivMedium
18Filexxx.xxxprädiktivLow
19Filexxxxxxxxxxx.xprädiktivHigh
20Filexxxx-xxxxxxxx.xxxprädiktivHigh
21Filexxx.xxxprädiktivLow
22Filexx-xxxxxxxx-xxxx.xxxprädiktivHigh
23Libraryxxxxxxxxx/xxxxxxxxx/xxxxx/xxx.xxxprädiktivHigh
24ArgumentxxxxxxxxprädiktivMedium
25ArgumentxxprädiktivLow
26ArgumentxxxxxxxxprädiktivMedium
27Argumentxxxxxxxxxx[xxxxx_xxxx]prädiktivHigh
28ArgumentxxxxxxxxprädiktivMedium
29ArgumentxxxprädiktivLow
30Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxprädiktivHigh
31Argumentx-xxxxxxxxx-xxxprädiktivHigh
32Input Value'/x'prädiktivLow

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!