Russian Nexus 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (80)

タイムライン

言語

en58
de12
es8
it2

国・地域

us56
ir6
es6
gb6
it2

アクター

Grizzly Steppe4
Russian Nexus3
Cerber1
OceanLotus1
BumbleBee1

アクティビティ

関心

タイムライン

タイプ

Not Defined22
Operating System8
Programming Language Software6
Content Management System6
Web Server4

ベンダー

Not Defined32
Microsoft10
Apache2
Google2
Nuked-Klan2

製品

Microsoft Windows6
PHP6
OX App Suite4
Moodle2
Apache HTTP Server2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.11CVE-2017-0055
2vu Mass Mailer Login Page redir.asp SQLインジェクション7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001810.07CVE-2007-6138
3DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.53CVE-2010-0966
4Apple macOS Sudo メモリ破損6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.970510.00CVE-2021-3156
5Web2py 情報の漏洩6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.006260.01CVE-2016-4806
6Microsoft IIS FastCGI メモリ破損7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.282640.09CVE-2010-2730
7Microsoft Windows Kernel 特権昇格6.46.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000880.03CVE-2018-8347
8SourceCodester Kortex Lite Advocate Office Management System register_case.php SQLインジェクション4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.11CVE-2024-3621
9Nuked-Klan Partenaires module clic.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.001340.06CVE-2010-4925
10LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.05
11Joomla CMS Custom Field 特権昇格7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005970.04CVE-2019-14654
12Dnsmasq EDNS.0 UDP Packet Size Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002400.03CVE-2023-28450
13Node.js IsAllowedHost 特権昇格6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003780.04CVE-2022-43548
14TP-LINK TL-WR841N Firmware ディレクトリトラバーサル7.57.5$0-$5k$0-$5kHighNot Defined0.029520.04CVE-2012-5687
15Mustache Pix Helper exploitable 特権昇格7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.002770.04CVE-2023-28333
16Moodle Enrolled Course SQLインジェクション8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.04CVE-2021-36392
17TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010091.16CVE-2006-6168
18Starface 弱い認証5.04.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.016280.03CVE-2023-33243
19PHPMailer Phar Deserialization addAttachment 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
20Medix orgot Password Appstore Module 特権昇格7.16.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-25672

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
180.255.12.237Russian Nexus2022年08月04日verified
2XX.XX.XX.XXXxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxxx Xxxxx2022年08月04日verified
3XX.XX.XXX.XXXXxxxxxx Xxxxx2022年08月04日verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/control/register_case.phppredictive
2File/forum/away.phppredictive
3File/uncpath/predictive
4File5.2.9\syscrb.exepredictive
5Filexxxxx/xxxxxxxxx.xxxpredictive
6Filexxxx.xxxpredictive
7Filexxxxxxx.xxxpredictive
8Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictive
9Filexxx/xxxx/xxxx.xpredictive
10Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictive
11Filexxxxxxxxxxxxxx.xxxpredictive
12Filexxxxxxxxxxx/xxxxxxxxxxxpredictive
13Filexxx/xxxxxx.xxxpredictive
14Filexxxxx.xxxpredictive
15Filexxxxxxx.xxxpredictive
16Filexxxxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxx.xxxpredictive
19Filexxxxxxxxxxx.xpredictive
20Filexxxx-xxxxxxxx.xxxpredictive
21Filexxx.xxxpredictive
22Filexx-xxxxxxxx-xxxx.xxxpredictive
23Libraryxxxxxxxxx/xxxxxxxxx/xxxxx/xxx.xxxpredictive
24Argumentxxxxxxxxpredictive
25Argumentxxpredictive
26Argumentxxxxxxxxpredictive
27Argumentxxxxxxxxxx[xxxxx_xxxx]predictive
28Argumentxxxxxxxxpredictive
29Argumentxxxpredictive
30Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictive
31Argumentx-xxxxxxxxx-xxxpredictive
32Input Value'/x'predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!