Nexus Zeta Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

Langue

en	32

De campagne

cn	4

Acteurs

Nexus Zeta	1

Intérêt

Taper

Not Defined	6
Content Management System	6
Operating System	6
Anti-Malware Software	2
Automation Software	2

Fournisseur

Not Defined	8
IBM	4
Apple	4
Huawei	2
Delta Industrial Automation	2

Produit

Huawei HarmonyOS	2
CuteNews	2
Virus.Win32.Renamer.a	2
Delta Industrial Automation DOPSoft	2
Oracle Java SE	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Community plugin Album elévation de privilèges	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.00	CVE-2020-9468
2	Mozilla Firefox/Firefox ESR divulgation de l'information	5.8	5.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00790	0.00	CVE-2019-17021
3	Adobe Shockwave Player elévation de privilèges	10.0	9.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.35702	0.00	CVE-2010-2876
4	Joomla CMS elévation de privilèges	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00370	0.00	CVE-2007-6644
5	Photopost PhotoPost PHP Pro member.php sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00300	0.00	CVE-2005-0774
6	Francisco Burzi PHP-Nuke Statistics Module index.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01051	0.00	CVE-2004-2020
7	Icecast Web Server list.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00207	0.00	CVE-2004-0781
8	Clearswift MAILsweeper MIME elévation de privilèges	7.3	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.00797	0.00	CVE-2003-1016
9	Oracle Java SE/JRockit/Java SE Embedded AWT dénie de service	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.13292	0.00	CVE-2013-6954
10	Microsoft Windows RDP Restricted Admin Mode authentification faible	9.8	8.1	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
11	Linux Kernel file_ns_capable elévation de privilèges	4.9	4.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00061	0.00	CVE-2013-1959
12	Apple Mac OS X GPU Driver dénie de service	4.8	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00867	0.00	CVE-2012-5131
13	Apple Mac OS X cross site scripting	4.3	4.1	$25k-$100k	$0-$5k	High	Official Fix	0.00477	0.03	CVE-2009-1578
14	IBM AIX rpc buffer overflow	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.02	CVE-2003-0954
15	IBM Security Guardium Insights divulgation de l'information	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00103	0.00	CVE-2020-4599
16	Delta Industrial Automation DOPSoft Project File dénie de service	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00105	0.00	CVE-2020-27277
17	GitLab cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00067	0.00	CVE-2020-13345
18	EdgeMAX EdgeSwitch HTTP Interface elévation de privilèges	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00402	0.03	CVE-2020-8233
19	Apple macOS AppleUSBNetworking dénie de service	4.6	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00056	0.00	CVE-2020-9804
20	IBM Spectrum Protect Plus directory traversal	6.9	6.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00613	0.04	CVE-2020-4240

Campagnes (1)

These are the campaigns that can be associated with the actor:

CVE-2017-17215

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	7.59.177.0		Nexus Zeta	CVE-2017-17215	12/02/2022	verified	Élevé
2	XX.XX.XXX.X	xx-xx-xxx-x.xxxxx.xxxxxxx.xx.xx	Xxxxx Xxxx	Xxx-xxxx-xxxxx	12/02/2022	verified	Élevé
3	XXX.XXX.XX.X		Xxxxx Xxxx	Xxx-xxxx-xxxxx	12/02/2022	verified	Élevé
4	XXX.XXX.XX.X		Xxxxx Xxxx	Xxx-xxxx-xxxxx	12/02/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Élevé
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	admin/index.php	predictive	Élevé
2	File	fs/ext4/xattr.c	predictive	Élevé
3	File	xxxxx.xxx	predictive	Moyen
4	File	xx/xxxxxxx.x	predictive	Moyen
5	File	xxxx.xxx	predictive	Moyen
6	File	xxxxxx.xxx	predictive	Moyen
7	Argument	xxxxxx/xxxxx	predictive	Moyen
8	Argument	xxxx	predictive	Faible
9	Argument	xxxxx_xx	predictive	Moyen
10	Argument	xxx	predictive	Faible
11	Argument	xxxxxxxxx	predictive	Moyen
12	Argument	xxxxxxxx	predictive	Moyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!