Nobelium 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (461)

タイムライン

言語

en400
de30
zh10
ja6
es6

国・地域

us124
ch44
cn32
at28
gb10

アクター

Nobelium17
Cobalt Strike6
Mirai4
IcedID2
Jupyter2

アクティビティ

関心

タイムライン

タイプ

Not Defined160
Operating System32
Content Management System22
Smartphone Operating System18
WordPress Plugin16

ベンダー

Not Defined124
Microsoft28
Google22
Apple12
Linux10

製品

Google Chrome14
Linux Kernel10
Microsoft Windows10
Google Android8
WordPress6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Backdoor.Win32.Tiny.c Service Port 7778 特権昇格7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
3School Management Software notice-edit.php SQLインジェクション6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4CA Internet Security Suite 特権昇格4.03.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.04CVE-2009-0682
5WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.006830.03CVE-2021-44223
6Joomla SQLインジェクション6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.02CVE-2022-23797
7Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.001330.10CVE-2023-36434
8Synacor Zimbra Collaboration sfdc_preauth.jsp Privilege Escalation7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001340.03CVE-2023-29382
9RARLabs WinRAR ZIP Archive Remote Code Execution6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.443730.00CVE-2023-38831
10nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.53CVE-2020-12440
11Linux Kernel NILFS File System inode.c security_inode_alloc メモリ破損8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-2978
12Crow HTTP Pipelining メモリ破損8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007770.04CVE-2022-38667
13mySCADA myPRO 特権昇格9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.03CVE-2022-2234
14GNU Bash Environment Variable variables.c Shellshock 特権昇格9.89.3$100k 以上$0-$5kHighOfficial Fix0.975640.00CVE-2014-6271
15Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.00CVE-2020-1927
16Asus AsusWRT start_apply.htm 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.013500.02CVE-2018-20334
17Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.07CVE-2017-0055
18PRTG Network Monitor login.htm 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002880.04CVE-2018-19410
19Apple iOS Telephony メモリ破損8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.009760.00CVE-2017-8248
20Zeus Zeus Web Server メモリ破損10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.158870.02CVE-2010-0359

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Tomiris

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
113.67.239.91Nobelium2022年07月31日verified
231.42.177.78contact8.mxweb4.websiteNobelium2022年11月28日verified
337.120.247.135Nobelium2022年07月13日verified
445.14.70.186Nobelium2022年11月28日verified
545.32.59.3145.32.59.31.vultrusercontent.comNobelium2022年07月31日verified
645.135.167.2727.167.135.45.vikhost.comNobelium2022年07月13日verified
7XX.XXX.XX.XXxxxx-xx-xxx-xx-xx.xx-xxxxx.xxxxxxxx.xxxXxxxxxxx2022年07月31日verified
8XX.XXX.XXX.XXXXxxxxxxx2022年11月28日verified
9XX.XX.XX.XXXxxxxx.xx-xx-xx-xx.xxXxxxxxxx2022年07月13日verified
10XX.XXX.XX.XXXxxxxx.xxxxxx.xxxXxxxxxxxXxxxxxx2022年03月22日verified
11XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxxxxx2022年07月13日verified
12XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx2021年05月30日verified
13XX.XXX.XX.XXXxxxxxx-xx.xxxxxxxx.xxXxxxxxxx2022年11月28日verified
14XXX.XXX.XX.XXXXxxxxxxx2022年07月31日verified
15XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx2022年07月31日verified
16XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx2022年07月31日verified
17XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxx2022年11月28日verified
18XXX.XX.XXX.XXXxxxxxxx2022年07月31日verified
19XXX.XXX.XXX.XXXXxxxxxxx2022年07月13日verified
20XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx2022年03月22日verified
21XXX.XXX.XXX.XXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx2022年03月22日verified
22XXX.XXX.XX.XXxxxx-xx-xx-xx.xxxxxxx.xxxXxxxxxxx2022年08月10日verified
23XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx2021年05月30日verified
24XXX.XX.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx2022年11月28日verified
25XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx2022年11月28日verified
26XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx2022年07月13日verified

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
13TXXXXCWE-XXXxx Xxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXX, CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxpredictive
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
20TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
21TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
22TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
23TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (175)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/edit.phppredictive
2File/admin/functions.phppredictive
3File/admin/user/manage_user.phppredictive
4File/cgi-bin/webadminget.cgipredictive
5File/dashboard/updatelogo.phppredictive
6File/etc/networkd-dispatcherpredictive
7File/etc/openshift/server_priv.pempredictive
8File/etc/shadow.samplepredictive
9File/guest_auth/cfg/upLoadCfg.phppredictive
10File/index.phppredictive
11File/Interface/DevManage/EC.php?cmd=uploadpredictive
12File/MicroStrategyWS/happyaxis.jsppredictive
13File/mkshop/Men/profile.phppredictive
14File/notice-edit.phppredictive
15File/Noxen-master/users.phppredictive
16File/opt/teradata/gsctools/bin/t2a.plpredictive
17File/public/login.htmpredictive
18File/start_apply.htmpredictive
19File/uncpath/predictive
20File/uploadpredictive
21File/xxxxxx/xxxx.xxxpredictive
22File/xx-xxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx.xxxpredictive
23Filexxxxxxx.xxxpredictive
24Filexxxxxxx.xxxpredictive
25Filexxx_xxxxxxx.xxxpredictive
26Filexxxxx.xxxpredictive
27Filexxxxx.xxx?xxxx=xxxx-xxxxxpredictive
28Filexxxxx/xxxxx_xxxxx.xxxpredictive
29Filexxxxx/xxxxx.xxxpredictive
30Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
31Filexxxxxxx_xxxxxx.xxxpredictive
32Filexxxx/xxx/xxxxx/xxxxx_xx.xpredictive
33Filexxxx-xxxx.xpredictive
34Filexxxxx-xxx.xpredictive
35Filexxxxxx.xxxxpredictive
36Filexxxx.xpredictive
37Filexxxxxxx.xxxpredictive
38Filexxxxxxxxx.xxxpredictive
39Filexxxxx.xxxpredictive
40Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
41Filexx.xpredictive
42Filexxx_xxxxx.xxxpredictive
43Filexxxxxxx/xxx/xxx/xxx/xxx_xx.xpredictive
44Filexxxxxxx/xxx/xxx/xxxx_xxxxxx.xpredictive
45Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictive
46Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxx-xxxx.xpredictive
47Filexxxxxxx/xxx/xxxx/xxxx_xxxx.xpredictive
48Filexxxxxxx/xxx/xx/xx.xpredictive
49Filexxxxxxx/xxx/xxxx/xxxxx.xpredictive
50Filexxxxx.xxxpredictive
51Filexxxxxxxxxxxxxxxx.xxxpredictive
52Filexxxxx.xpredictive
53Filexxx/xxxx/xxxx_xxxxxxx.xpredictive
54Filexxxxxxxxxxxxxxx.xxxpredictive
55Filexx/xxxxx.xpredictive
56Filexx/xxxxx/xxxxxxx/xxxxxxxxxxx.xpredictive
57Filexxxx.xxxpredictive
58Filexxxxxxxxxx.xxxpredictive
59Filexxxx_xxxx.xpredictive
60Filexxxxxxx-xxxxpredictive
61Filexxx/xxxxxx.xxxpredictive
62Filexxxxxxx/xxxxxxxxxx.xxxpredictive
63Filexxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxxpredictive
64Filexxxxx.xxxpredictive
65Filexxxx.xxxpredictive
66Filexxxxx.xpredictive
67Filexxxxxxxxxxxxxxxxxxxx.xxxpredictive
68Filexxxxxxx_xxxx.xpredictive
69Filexxxxxx/xxxxxx/xxxx.xpredictive
70Filexxxxx.xxxpredictive
71Filexxxxxx.xxxpredictive
72Filexxxx.xxxpredictive
73Filexxxxxxxx/xxxx?xxxxxx=xxpredictive
74Filexxx/xxxxx.xxxxpredictive
75Filexxxxx/xxxx_xxxxxx/x_xxxx/xxx_xxxxxxx.xxxpredictive
76Filexxxxxx/xxxxxxxx/xxxxpredictive
77Filexx_xxxxxxxxxxpredictive
78Filexxxxxxx.xxxpredictive
79Filexxxxx_xxxxxxx.xxxpredictive
80Filexxxxxxxx.xxpredictive
81Filexxxxxxxxxxxxx.xxxpredictive
82Filexxxx.xxxpredictive
83Filexxxxxx.xxpredictive
84Filexxxxxx.xpredictive
85Filexxxxx/xxxxx-xxxxxxxxxx-xxxxxxxx.xxxpredictive
86Filexxxx_xxxxxxx.xxxpredictive
87Filexxxx.xxxpredictive
88Filexxxx_xxxxx.xxxxpredictive
89Filexxxxx_xxxx_xxx.xxxpredictive
90Filexxx/xxxx.xxxpredictive
91Filexxxxxx.xpredictive
92Filexxxxx-xxxx.xxxpredictive
93Filexxxx-xxxxxxxx.xxxpredictive
94Filexx/xxxxxxxx/xxxxxxpredictive
95Filexxxx.xxxpredictive
96Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
97Filexxxxxxxxx.xpredictive
98Filexxxxxxx.xxxpredictive
99Filexxxxxxx.xxxpredictive
100Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxx_xxxxxxxxpredictive
101Filexxxxpredictive
102File~/.xxxxxxxpredictive
103Libraryxxxxxxxx.xxxpredictive
104Libraryxxx/xxx.xxpredictive
105Libraryxxx/xxxxxxxxxx.xxxpredictive
106Libraryxxxxxxx.xpredictive
107Libraryxxxxxxxx.xxxpredictive
108Libraryxxxxxxxx.xxxpredictive
109Libraryxxxxxx.xxxxx.xxxxxxxxpredictive
110Argument/xpredictive
111Argumentxxxxpredictive
112Argumentxxxpredictive
113Argumentxxxxx_xxxxxxxxxpredictive
114Argumentxxxxxxxxpredictive
115Argumentxxxxpredictive
116Argumentxxxxxxxxpredictive
117Argumentxxxpredictive
118Argumentxxxxxxxpredictive
119Argumentxxxxxxx-xxxxxxxxxxxpredictive
120Argumentxxxxxx_xxxx_xxxxxxxxpredictive
121Argumentxxxx_xxxpredictive
122Argumentxxxxxx/xxxxxxpredictive
123Argumentxxxxxx xxpredictive
124Argumentxxx_xxxx/xxx_xxxxxxxpredictive
125Argumentxxx_xxxxx_xxxxpredictive
126Argumentxxxxx xxpredictive
127Argumentxxxxxxxxxxxpredictive
128Argumentxx_xxxxxpredictive
129Argumentxxxxpredictive
130Argumentxxxxxxxxpredictive
131Argumentxxxx_xxpredictive
132Argumentxxxx/xxxxxx/xxxpredictive
133Argumentxxpredictive
134Argumentxxpredictive
135Argumentxxxxxxxxxxpredictive
136Argumentxxxxxxxx_xxxxxxxx_xpredictive
137Argumentxxxpredictive
138Argumentxxxxxxx_xxxpredictive
139Argumentxxx_xxpredictive
140Argumentxx_xxxx_xxxxpredictive
141Argumentxxxxxxx[xxxxxx_xxxxx]predictive
142Argumentxxxxpredictive
143Argumentxxxxxxxxpredictive
144Argumentxxxxpredictive
145Argumentxxxpredictive
146Argumentxxxx-xxxxxxxpredictive
147Argumentxxxxxpredictive
148Argumentxxxxxxxxpredictive
149Argumentxxxxxxxpredictive
150Argumentxxxxxx_xxxxpredictive
151Argumentxxxxxxpredictive
152Argumentxxxxxxpredictive
153Argumentxxxpredictive
154Argumentxxxxpredictive
155Argumentxxxxxxxxxxxxxxxxpredictive
156Argumentxxxxpredictive
157Argumentxxxxxxxxx_xxxxxpredictive
158Argumentxxxpredictive
159Argumentxxxpredictive
160Argumentxxxxxxxxpredictive
161Argumentxxxxxpredictive
162Argumentxxxxxxxpredictive
163Argumentxxxxx/xxxxxpredictive
164Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxxxxpredictive
165Argument__xxxxxxpredictive
166Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictive
167Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive
168Input Value./../../xxx/xxpredictive
169Input Value/%xxpredictive
170Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictive
171Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictive
172Input Valuexxxxxxpredictive
173Pattern() {predictive
174Network Portxxx/xxxxpredictive
175Network Portxxx/x (xxxxxxx)predictive

参考 (7)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!