Nobelium Analisi

IOB - Indicator of Behavior (459)

Sequenza temporale

Linguaggio

en406
de28
zh14
es4
ja4

Nazione

us134
ch44
cn32
at30
gb14

Attori

Attività

Interesse

Sequenza temporale

Genere

Fornitore

Prodotto

Google Chrome14
Linux Kernel12
Microsoft Windows10
Google Android6
Apple iTunes4

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.080.02016CVE-2007-1192
2Backdoor.Win32.Tiny.c Service Port 7778 escalazione di privilegi7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000.00000
3School Management Software notice-edit.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00000
4WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00607CVE-2021-44223
5Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.080.00142CVE-2022-23797
6Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.00101CVE-2023-36434
7Synacor Zimbra Collaboration sfdc_preauth.jsp Privilege Escalation7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.020.00134CVE-2023-29382
8RARLabs WinRAR ZIP Archive Remote Code Execution6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.26605CVE-2023-38831
9nginx escalazione di privilegi6.96.9$0-$5k$0-$5kNot DefinedNot Defined2.420.00000CVE-2020-12440
10Linux Kernel NILFS File System inode.c security_inode_alloc buffer overflow8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.00042CVE-2022-2978
11Crow HTTP Pipelining buffer overflow8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00215CVE-2022-38667
12mySCADA myPRO escalazione di privilegi9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00097CVE-2022-2234
13GNU Bash Environment Variable variables.c Shellshock escalazione di privilegi9.89.3$100k et plus$0-$5kHighOfficial Fix0.040.97559CVE-2014-6271
14Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.020.00189CVE-2020-1927
15Asus AsusWRT start_apply.htm escalazione di privilegi8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01350CVE-2018-20334
16Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.100.00568CVE-2017-0055
17PRTG Network Monitor login.htm escalazione di privilegi8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00561CVE-2018-19410
18Apple iOS Telephony buffer overflow8.07.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00976CVE-2017-8248
19Zeus Zeus Web Server buffer overflow10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.74749CVE-2010-0359
20Intel CPU Speculative Execution rivelazione di un 'informazione5.45.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.050.00159CVE-2018-3639

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Tomiris

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
113.67.239.91Nobelium31/07/2022verifiedAlto
231.42.177.78contact8.mxweb4.websiteNobelium28/11/2022verifiedAlto
337.120.247.135Nobelium13/07/2022verifiedAlto
445.14.70.186Nobelium28/11/2022verifiedAlto
545.32.59.3145.32.59.31.vultrusercontent.comNobelium31/07/2022verifiedAlto
645.135.167.2727.167.135.45.vikhost.comNobelium13/07/2022verifiedAlto
7XX.XXX.XX.XXxxxx-xx-xxx-xx-xx.xx-xxxxx.xxxxxxxx.xxxXxxxxxxx31/07/2022verifiedAlto
8XX.XXX.XXX.XXXXxxxxxxx28/11/2022verifiedAlto
9XX.XX.XX.XXXxxxxx.xx-xx-xx-xx.xxXxxxxxxx13/07/2022verifiedAlto
10XX.XXX.XX.XXXxxxxx.xxxxxx.xxxXxxxxxxxXxxxxxx22/03/2022verifiedAlto
11XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxxxxx13/07/2022verifiedAlto
12XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx30/05/2021verifiedAlto
13XX.XXX.XX.XXXxxxxxx-xx.xxxxxxxx.xxXxxxxxxx28/11/2022verifiedAlto
14XXX.XXX.XX.XXXXxxxxxxx31/07/2022verifiedAlto
15XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx31/07/2022verifiedAlto
16XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx31/07/2022verifiedAlto
17XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxx28/11/2022verifiedAlto
18XXX.XX.XXX.XXXxxxxxxx31/07/2022verifiedAlto
19XXX.XXX.XXX.XXXXxxxxxxx13/07/2022verifiedAlto
20XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx22/03/2022verifiedAlto
21XXX.XXX.XXX.XXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx22/03/2022verifiedAlto
22XXX.XXX.XX.XXxxxx-xx-xx-xx.xxxxxxx.xxxXxxxxxxx10/08/2022verifiedAlto
23XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx30/05/2021verifiedAlto
24XXX.XX.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx28/11/2022verifiedAlto
25XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx28/11/2022verifiedAlto
26XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx13/07/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (175)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/admin/edit.phppredictiveAlto
2File/admin/functions.phppredictiveAlto
3File/admin/user/manage_user.phppredictiveAlto
4File/cgi-bin/webadminget.cgipredictiveAlto
5File/dashboard/updatelogo.phppredictiveAlto
6File/etc/networkd-dispatcherpredictiveAlto
7File/etc/openshift/server_priv.pempredictiveAlto
8File/etc/shadow.samplepredictiveAlto
9File/guest_auth/cfg/upLoadCfg.phppredictiveAlto
10File/index.phppredictiveMedia
11File/Interface/DevManage/EC.php?cmd=uploadpredictiveAlto
12File/MicroStrategyWS/happyaxis.jsppredictiveAlto
13File/mkshop/Men/profile.phppredictiveAlto
14File/notice-edit.phppredictiveAlto
15File/Noxen-master/users.phppredictiveAlto
16File/opt/teradata/gsctools/bin/t2a.plpredictiveAlto
17File/public/login.htmpredictiveAlto
18File/start_apply.htmpredictiveAlto
19File/uncpath/predictiveMedia
20File/uploadpredictiveBasso
21File/xxxxxx/xxxx.xxxpredictiveAlto
22File/xx-xxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx.xxxpredictiveAlto
23Filexxxxxxx.xxxpredictiveMedia
24Filexxxxxxx.xxxpredictiveMedia
25Filexxx_xxxxxxx.xxxpredictiveAlto
26Filexxxxx.xxxpredictiveMedia
27Filexxxxx.xxx?xxxx=xxxx-xxxxxpredictiveAlto
28Filexxxxx/xxxxx_xxxxx.xxxpredictiveAlto
29Filexxxxx/xxxxx.xxxpredictiveAlto
30Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
31Filexxxxxxx_xxxxxx.xxxpredictiveAlto
32Filexxxx/xxx/xxxxx/xxxxx_xx.xpredictiveAlto
33Filexxxx-xxxx.xpredictiveMedia
34Filexxxxx-xxx.xpredictiveMedia
35Filexxxxxx.xxxxpredictiveMedia
36Filexxxx.xpredictiveBasso
37Filexxxxxxx.xxxpredictiveMedia
38Filexxxxxxxxx.xxxpredictiveAlto
39Filexxxxx.xxxpredictiveMedia
40Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
41Filexx.xpredictiveBasso
42Filexxx_xxxxx.xxxpredictiveAlto
43Filexxxxxxx/xxx/xxx/xxx/xxx_xx.xpredictiveAlto
44Filexxxxxxx/xxx/xxx/xxxx_xxxxxx.xpredictiveAlto
45Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveAlto
46Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxx-xxxx.xpredictiveAlto
47Filexxxxxxx/xxx/xxxx/xxxx_xxxx.xpredictiveAlto
48Filexxxxxxx/xxx/xx/xx.xpredictiveAlto
49Filexxxxxxx/xxx/xxxx/xxxxx.xpredictiveAlto
50Filexxxxx.xxxpredictiveMedia
51Filexxxxxxxxxxxxxxxx.xxxpredictiveAlto
52Filexxxxx.xpredictiveBasso
53Filexxx/xxxx/xxxx_xxxxxxx.xpredictiveAlto
54Filexxxxxxxxxxxxxxx.xxxpredictiveAlto
55Filexx/xxxxx.xpredictiveMedia
56Filexx/xxxxx/xxxxxxx/xxxxxxxxxxx.xpredictiveAlto
57Filexxxx.xxxpredictiveMedia
58Filexxxxxxxxxx.xxxpredictiveAlto
59Filexxxx_xxxx.xpredictiveMedia
60Filexxxxxxx-xxxxpredictiveMedia
61Filexxx/xxxxxx.xxxpredictiveAlto
62Filexxxxxxx/xxxxxxxxxx.xxxpredictiveAlto
63Filexxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxxpredictiveAlto
64Filexxxxx.xxxpredictiveMedia
65Filexxxx.xxxpredictiveMedia
66Filexxxxx.xpredictiveBasso
67Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
68Filexxxxxxx_xxxx.xpredictiveAlto
69Filexxxxxx/xxxxxx/xxxx.xpredictiveAlto
70Filexxxxx.xxxpredictiveMedia
71Filexxxxxx.xxxpredictiveMedia
72Filexxxx.xxxpredictiveMedia
73Filexxxxxxxx/xxxx?xxxxxx=xxpredictiveAlto
74Filexxx/xxxxx.xxxxpredictiveAlto
75Filexxxxx/xxxx_xxxxxx/x_xxxx/xxx_xxxxxxx.xxxpredictiveAlto
76Filexxxxxx/xxxxxxxx/xxxxpredictiveAlto
77Filexx_xxxxxxxxxxpredictiveAlto
78Filexxxxxxx.xxxpredictiveMedia
79Filexxxxx_xxxxxxx.xxxpredictiveAlto
80Filexxxxxxxx.xxpredictiveMedia
81Filexxxxxxxxxxxxx.xxxpredictiveAlto
82Filexxxx.xxxpredictiveMedia
83Filexxxxxx.xxpredictiveMedia
84Filexxxxxx.xpredictiveMedia
85Filexxxxx/xxxxx-xxxxxxxxxx-xxxxxxxx.xxxpredictiveAlto
86Filexxxx_xxxxxxx.xxxpredictiveAlto
87Filexxxx.xxxpredictiveMedia
88Filexxxx_xxxxx.xxxxpredictiveAlto
89Filexxxxx_xxxx_xxx.xxxpredictiveAlto
90Filexxx/xxxx.xxxpredictiveMedia
91Filexxxxxx.xpredictiveMedia
92Filexxxxx-xxxx.xxxpredictiveAlto
93Filexxxx-xxxxxxxx.xxxpredictiveAlto
94Filexx/xxxxxxxx/xxxxxxpredictiveAlto
95Filexxxx.xxxpredictiveMedia
96Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveAlto
97Filexxxxxxxxx.xpredictiveMedia
98Filexxxxxxx.xxxpredictiveMedia
99Filexxxxxxx.xxxpredictiveMedia
100Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxx_xxxxxxxxpredictiveAlto
101FilexxxxpredictiveBasso
102File~/.xxxxxxxpredictiveMedia
103Libraryxxxxxxxx.xxxpredictiveMedia
104Libraryxxx/xxx.xxpredictiveMedia
105Libraryxxx/xxxxxxxxxx.xxxpredictiveAlto
106Libraryxxxxxxx.xpredictiveMedia
107Libraryxxxxxxxx.xxxpredictiveMedia
108Libraryxxxxxxxx.xxxpredictiveMedia
109Libraryxxxxxx.xxxxx.xxxxxxxxpredictiveAlto
110Argument/xpredictiveBasso
111ArgumentxxxxpredictiveBasso
112ArgumentxxxpredictiveBasso
113Argumentxxxxx_xxxxxxxxxpredictiveAlto
114ArgumentxxxxxxxxpredictiveMedia
115ArgumentxxxxpredictiveBasso
116ArgumentxxxxxxxxpredictiveMedia
117ArgumentxxxpredictiveBasso
118ArgumentxxxxxxxpredictiveBasso
119Argumentxxxxxxx-xxxxxxxxxxxpredictiveAlto
120Argumentxxxxxx_xxxx_xxxxxxxxpredictiveAlto
121Argumentxxxx_xxxpredictiveMedia
122Argumentxxxxxx/xxxxxxpredictiveAlto
123Argumentxxxxxx xxpredictiveMedia
124Argumentxxx_xxxx/xxx_xxxxxxxpredictiveAlto
125Argumentxxx_xxxxx_xxxxpredictiveAlto
126Argumentxxxxx xxpredictiveMedia
127ArgumentxxxxxxxxxxxpredictiveMedia
128Argumentxx_xxxxxpredictiveMedia
129ArgumentxxxxpredictiveBasso
130ArgumentxxxxxxxxpredictiveMedia
131Argumentxxxx_xxpredictiveBasso
132Argumentxxxx/xxxxxx/xxxpredictiveAlto
133ArgumentxxpredictiveBasso
134ArgumentxxpredictiveBasso
135ArgumentxxxxxxxxxxpredictiveMedia
136Argumentxxxxxxxx_xxxxxxxx_xpredictiveAlto
137ArgumentxxxpredictiveBasso
138Argumentxxxxxxx_xxxpredictiveMedia
139Argumentxxx_xxpredictiveBasso
140Argumentxx_xxxx_xxxxpredictiveMedia
141Argumentxxxxxxx[xxxxxx_xxxxx]predictiveAlto
142ArgumentxxxxpredictiveBasso
143ArgumentxxxxxxxxpredictiveMedia
144ArgumentxxxxpredictiveBasso
145ArgumentxxxpredictiveBasso
146Argumentxxxx-xxxxxxxpredictiveMedia
147ArgumentxxxxxpredictiveBasso
148ArgumentxxxxxxxxpredictiveMedia
149ArgumentxxxxxxxpredictiveBasso
150Argumentxxxxxx_xxxxpredictiveMedia
151ArgumentxxxxxxpredictiveBasso
152ArgumentxxxxxxpredictiveBasso
153ArgumentxxxpredictiveBasso
154ArgumentxxxxpredictiveBasso
155ArgumentxxxxxxxxxxxxxxxxpredictiveAlto
156ArgumentxxxxpredictiveBasso
157Argumentxxxxxxxxx_xxxxxpredictiveAlto
158ArgumentxxxpredictiveBasso
159ArgumentxxxpredictiveBasso
160ArgumentxxxxxxxxpredictiveMedia
161ArgumentxxxxxpredictiveBasso
162ArgumentxxxxxxxpredictiveBasso
163Argumentxxxxx/xxxxxpredictiveMedia
164Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxxxxpredictiveAlto
165Argument__xxxxxxpredictiveMedia
166Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveAlto
167Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveAlto
168Input Value./../../xxx/xxpredictiveAlto
169Input Value/%xxpredictiveBasso
170Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictiveAlto
171Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictiveAlto
172Input ValuexxxxxxpredictiveBasso
173Pattern() {predictiveBasso
174Network Portxxx/xxxxpredictiveMedia
175Network Portxxx/x (xxxxxxx)predictiveAlto

Referenze (7)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!