Nexus Zeta Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

Lang

en	32

Land

cn	2

Skådespelare

Nexus Zeta	1

Intressera

Typ

Not Defined	8
Operating System	4
Programming Language Software	4
Content Management System	4
Automation Software	2

Säljare

Not Defined	10
IBM	2
Metasonic	2
Delta Industrial Automation	2
JetBrains	2

Produkt

IBM AIX	2
Metasonic Doc WebClient	2
Delta Industrial Automation DOPSoft	2
Virus.Win32.Renamer.a	2
JetBrains TeamCity	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Community plugin Album privilegier eskalering	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00054	0.00	CVE-2020-9468
2	Mozilla Firefox/Firefox ESR informationsgivning	5.8	5.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00790	0.00	CVE-2019-17021
3	Adobe Shockwave Player privilegier eskalering	10.0	9.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.35702	0.00	CVE-2010-2876
4	Joomla CMS privilegier eskalering	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00370	0.00	CVE-2007-6644
5	Photopost PhotoPost PHP Pro member.php sql injektion	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00300	0.00	CVE-2005-0774
6	Francisco Burzi PHP-Nuke Statistics Module index.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01051	0.00	CVE-2004-2020
7	Icecast Web Server list.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00207	0.00	CVE-2004-0781
8	Clearswift MAILsweeper MIME privilegier eskalering	7.3	6.4	$0-$5k	$0-$5k	Unproven	Official Fix	0.00797	0.00	CVE-2003-1016
9	Oracle Java SE/JRockit/Java SE Embedded AWT förnekande av tjänsten	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.13292	0.00	CVE-2013-6954
10	Microsoft Windows RDP Restricted Admin Mode svag autentisering	9.8	8.1	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.00
11	Linux Kernel file_ns_capable privilegier eskalering	4.9	4.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00061	0.00	CVE-2013-1959
12	Apple Mac OS X GPU Driver förnekande av tjänsten	4.8	4.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00867	0.00	CVE-2012-5131
13	Apple Mac OS X cross site scripting	4.3	4.1	$25k-$100k	$0-$5k	High	Official Fix	0.00477	0.03	CVE-2009-1578
14	IBM AIX rpc minneskorruption	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.02	CVE-2003-0954
15	IBM Security Guardium Insights informationsgivning	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00103	0.00	CVE-2020-4599
16	Delta Industrial Automation DOPSoft Project File förnekande av tjänsten	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00105	0.00	CVE-2020-27277
17	GitLab cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00067	0.00	CVE-2020-13345
18	EdgeMAX EdgeSwitch HTTP Interface privilegier eskalering	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00402	0.03	CVE-2020-8233
19	Apple macOS AppleUSBNetworking förnekande av tjänsten	4.6	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00056	0.00	CVE-2020-9804
20	IBM Spectrum Protect Plus kataloggenomgång	6.9	6.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00613	0.04	CVE-2020-4240

Kampanjer (1)

These are the campaigns that can be associated with the actor:

CVE-2017-17215

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	7.59.177.0		Nexus Zeta	CVE-2017-17215	12/02/2022	verified	Hög
2	XX.XX.XXX.X	xx-xx-xxx-x.xxxxx.xxxxxxx.xx.xx	Xxxxx Xxxx	Xxx-xxxx-xxxxx	12/02/2022	verified	Hög
3	XXX.XXX.XX.X		Xxxxx Xxxx	Xxx-xxxx-xxxxx	12/02/2022	verified	Hög
4	XXX.XXX.XX.X		Xxxxx Xxxx	Xxx-xxxx-xxxxx	12/02/2022	verified	Hög

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-119, CWE-120, CWE-287, CWE-400, CWE-401, CWE-404, CWE-476	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	admin/index.php	predictive	Hög
2	File	fs/ext4/xattr.c	predictive	Hög
3	File	xxxxx.xxx	predictive	Medium
4	File	xx/xxxxxxx.x	predictive	Medium
5	File	xxxx.xxx	predictive	Medium
6	File	xxxxxx.xxx	predictive	Medium
7	Argument	xxxxxx/xxxxx	predictive	Medium
8	Argument	xxxx	predictive	Låg
9	Argument	xxxxx_xx	predictive	Medium
10	Argument	xxx	predictive	Låg
11	Argument	xxxxxxxxx	predictive	Medium
12	Argument	xxxxxxxx	predictive	Medium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Interested in the pricing of exploits?

See the underground prices here!