Nexus Zeta 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (31)

时间轴

语言

en32

国家/地区

cn2

演员

Nexus Zeta1

活动

利益

时间轴

类型

Operating System12
Content Management System6
Programming Language Software2
Anti-Malware Software2
Multimedia Player Software2

供应商

Apple6
Not Defined4
Linux4
Oracle2
Joomla2

产品

Apple Mac OS X4
Linux Kernel4
Oracle Java SE2
Oracle JRockit2
Oracle Java SE Embedded2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Community plugin Album 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2020-9468
2Mozilla Firefox/Firefox ESR 信息公开5.85.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.007900.00CVE-2019-17021
3Adobe Shockwave Player 权限升级10.09.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.357020.00CVE-2010-2876
4Joomla CMS 权限升级6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003700.00CVE-2007-6644
5Photopost PhotoPost PHP Pro member.php SQL注入7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003000.00CVE-2005-0774
6Francisco Burzi PHP-Nuke Statistics Module index.php 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.010510.00CVE-2004-2020
7Icecast Web Server list.cgi 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002070.00CVE-2004-0781
8Clearswift MAILsweeper MIME 权限升级7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.007970.00CVE-2003-1016
9Oracle Java SE/JRockit/Java SE Embedded AWT 拒绝服务5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.132920.00CVE-2013-6954
10Microsoft Windows RDP Restricted Admin Mode 弱身份验证9.88.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
11Linux Kernel file_ns_capable 权限升级4.94.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000610.00CVE-2013-1959
12Apple Mac OS X GPU Driver 拒绝服务4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.008670.00CVE-2012-5131
13Apple Mac OS X 跨网站脚本4.34.1$25k-$100k$0-$5kHighOfficial Fix0.004770.03CVE-2009-1578
14IBM AIX rpc 内存损坏6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2003-0954
15IBM Security Guardium Insights 信息公开5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001030.00CVE-2020-4599
16Delta Industrial Automation DOPSoft Project File 拒绝服务7.07.0$0-$5k$0-$5kNot DefinedNot Defined0.001050.00CVE-2020-27277
17GitLab 跨网站脚本4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000670.00CVE-2020-13345
18EdgeMAX EdgeSwitch HTTP Interface 权限升级7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004020.03CVE-2020-8233
19Apple macOS AppleUSBNetworking 拒绝服务4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2020-9804
20IBM Spectrum Protect Plus 目录遍历6.96.9$5k-$25k$5k-$25kNot DefinedNot Defined0.006130.04CVE-2020-4240

活动 (1)

These are the campaigns that can be associated with the actor:

  • CVE-2017-17215

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
17.59.177.0Nexus ZetaCVE-2017-172152022-02-12verified
2XX.XX.XXX.Xxx-xx-xxx-x.xxxxx.xxxxxxx.xx.xxXxxxx XxxxXxx-xxxx-xxxxx2022-02-12verified
3XXX.XXX.XX.XXxxxx XxxxXxx-xxxx-xxxxx2022-02-12verified
4XXX.XXX.XX.XXxxxx XxxxXxx-xxxx-xxxxx2022-02-12verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22Path Traversalpredictive
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
6TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictive
7TXXXXCWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (12)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1Fileadmin/index.phppredictive
2Filefs/ext4/xattr.cpredictive
3Filexxxxx.xxxpredictive
4Filexx/xxxxxxx.xpredictive
5Filexxxx.xxxpredictive
6Filexxxxxx.xxxpredictive
7Argumentxxxxxx/xxxxxpredictive
8Argumentxxxxpredictive
9Argumentxxxxx_xxpredictive
10Argumentxxxpredictive
11Argumentxxxxxxxxxpredictive
12Argumentxxxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Interested in the pricing of exploits?

See the underground prices here!