Nobelium 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (461)

时间轴

语言

en392
de34
zh10
fr6
sv4

国家/地区

us134
ch50
at28
cn20
gb16

演员

Nobelium17
Cobalt Strike6
Mirai4
Grizzly Steppe2
IcedID2

活动

利益

时间轴

类型

Not Defined184
Operating System42
Content Management System24
WordPress Plugin14
Smartphone Operating System12

供应商

Not Defined138
Microsoft26
Linux26
IBM18
Google12

产品

Linux Kernel26
Microsoft Windows10
SQLite6
Google Chrome6
Google Android6

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2Backdoor.Win32.Tiny.c Service Port 7778 权限升级7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000000.04
3School Management Software notice-edit.php SQL注入6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
4CA Internet Security Suite 权限升级4.03.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.04CVE-2009-0682
5WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.006830.04CVE-2021-44223
6Joomla SQL注入6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.02CVE-2022-23797
7Microsoft Windows IIS Server Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.001330.04CVE-2023-36434
8Synacor Zimbra Collaboration sfdc_preauth.jsp Privilege Escalation7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001340.03CVE-2023-29382
9RARLabs WinRAR ZIP Archive Remote Code Execution6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.443730.09CVE-2023-38831
10nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.96CVE-2020-12440
11Linux Kernel NILFS File System inode.c security_inode_alloc 内存损坏8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2022-2978
12Crow HTTP Pipelining 内存损坏8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.007770.04CVE-2022-38667
13mySCADA myPRO 权限升级9.29.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.03CVE-2022-2234
14GNU Bash Environment Variable variables.c Shellshock 权限升级9.89.3$100k 以及更多$0-$5kHighOfficial Fix0.975640.04CVE-2014-6271
15Apache HTTP Server mod_rewrite Redirect6.76.7$25k-$100k$5k-$25kNot DefinedNot Defined0.002580.04CVE-2020-1927
16Asus AsusWRT start_apply.htm 权限升级8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.013500.04CVE-2018-20334
17Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.09CVE-2017-0055
18PRTG Network Monitor login.htm 权限升级8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002880.04CVE-2018-19410
19Apple iOS Telephony 内存损坏8.07.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.009760.00CVE-2017-8248
20Zeus Zeus Web Server 内存损坏10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.158870.02CVE-2010-0359

活动 (1)

These are the campaigns that can be associated with the actor:

  • Tomiris

IOC - Indicator of Compromise (26)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
113.67.239.91Nobelium2022-07-31verified
231.42.177.78contact8.mxweb4.websiteNobelium2022-11-28verified
337.120.247.135Nobelium2022-07-13verified
445.14.70.186Nobelium2022-11-28verified
545.32.59.3145.32.59.31.vultrusercontent.comNobelium2022-07-31verified
645.135.167.2727.167.135.45.vikhost.comNobelium2022-07-13verified
7XX.XXX.XX.XXxxxx-xx-xxx-xx-xx.xx-xxxxx.xxxxxxxx.xxxXxxxxxxx2022-07-31verified
8XX.XXX.XXX.XXXXxxxxxxx2022-11-28verified
9XX.XX.XX.XXXxxxxx.xx-xx-xx-xx.xxXxxxxxxx2022-07-13verified
10XX.XXX.XX.XXXxxxxx.xxxxxx.xxxXxxxxxxxXxxxxxx2022-03-22verified
11XX.XXX.XXX.XXXxxxxx.xx-xx-xxx-xxx.xxXxxxxxxx2022-07-13verified
12XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx2021-05-30verified
13XX.XXX.XX.XXXxxxxxx-xx.xxxxxxxx.xxXxxxxxxx2022-11-28verified
14XXX.XXX.XX.XXXXxxxxxxx2022-07-31verified
15XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx2022-07-31verified
16XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx2022-07-31verified
17XXX.XXX.XXX.XXxx.xxx.xxx.xxx.xx-xxxx.xxxxXxxxxxxx2022-11-28verified
18XXX.XX.XXX.XXXxxxxxxx2022-07-31verified
19XXX.XXX.XXX.XXXXxxxxxxx2022-07-13verified
20XXX.XXX.XXX.XXXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx2022-03-22verified
21XXX.XXX.XXX.XXxxxxxxxx.xxxx.xxxxxx.xxxXxxxxxxxXxxxxxx2022-03-22verified
22XXX.XXX.XX.XXxxxx-xx-xx-xx.xxxxxxx.xxxXxxxxxxx2022-08-10verified
23XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxx2021-05-30verified
24XXX.XX.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxx2022-11-28verified
25XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxxxxxxx2022-11-28verified
26XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx2022-07-13verified

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
13TXXXXCWE-XXXxx Xxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCWE-XXX, CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxpredictive
19TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
20TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive
21TXXXX.XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
22TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
23TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (175)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/edit.phppredictive
2File/admin/functions.phppredictive
3File/admin/user/manage_user.phppredictive
4File/cgi-bin/webadminget.cgipredictive
5File/dashboard/updatelogo.phppredictive
6File/etc/networkd-dispatcherpredictive
7File/etc/openshift/server_priv.pempredictive
8File/etc/shadow.samplepredictive
9File/guest_auth/cfg/upLoadCfg.phppredictive
10File/index.phppredictive
11File/Interface/DevManage/EC.php?cmd=uploadpredictive
12File/MicroStrategyWS/happyaxis.jsppredictive
13File/mkshop/Men/profile.phppredictive
14File/notice-edit.phppredictive
15File/Noxen-master/users.phppredictive
16File/opt/teradata/gsctools/bin/t2a.plpredictive
17File/public/login.htmpredictive
18File/start_apply.htmpredictive
19File/uncpath/predictive
20File/uploadpredictive
21File/xxxxxx/xxxx.xxxpredictive
22File/xx-xxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxx.xxxpredictive
23Filexxxxxxx.xxxpredictive
24Filexxxxxxx.xxxpredictive
25Filexxx_xxxxxxx.xxxpredictive
26Filexxxxx.xxxpredictive
27Filexxxxx.xxx?xxxx=xxxx-xxxxxpredictive
28Filexxxxx/xxxxx_xxxxx.xxxpredictive
29Filexxxxx/xxxxx.xxxpredictive
30Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
31Filexxxxxxx_xxxxxx.xxxpredictive
32Filexxxx/xxx/xxxxx/xxxxx_xx.xpredictive
33Filexxxx-xxxx.xpredictive
34Filexxxxx-xxx.xpredictive
35Filexxxxxx.xxxxpredictive
36Filexxxx.xpredictive
37Filexxxxxxx.xxxpredictive
38Filexxxxxxxxx.xxxpredictive
39Filexxxxx.xxxpredictive
40Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
41Filexx.xpredictive
42Filexxx_xxxxx.xxxpredictive
43Filexxxxxxx/xxx/xxx/xxx/xxx_xx.xpredictive
44Filexxxxxxx/xxx/xxx/xxxx_xxxxxx.xpredictive
45Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictive
46Filexxxxxxx/xxxxx/xxx/xxxxx/xxxxx-xxxx.xpredictive
47Filexxxxxxx/xxx/xxxx/xxxx_xxxx.xpredictive
48Filexxxxxxx/xxx/xx/xx.xpredictive
49Filexxxxxxx/xxx/xxxx/xxxxx.xpredictive
50Filexxxxx.xxxpredictive
51Filexxxxxxxxxxxxxxxx.xxxpredictive
52Filexxxxx.xpredictive
53Filexxx/xxxx/xxxx_xxxxxxx.xpredictive
54Filexxxxxxxxxxxxxxx.xxxpredictive
55Filexx/xxxxx.xpredictive
56Filexx/xxxxx/xxxxxxx/xxxxxxxxxxx.xpredictive
57Filexxxx.xxxpredictive
58Filexxxxxxxxxx.xxxpredictive
59Filexxxx_xxxx.xpredictive
60Filexxxxxxx-xxxxpredictive
61Filexxx/xxxxxx.xxxpredictive
62Filexxxxxxx/xxxxxxxxxx.xxxpredictive
63Filexxxxxxxx/xxxxx/xxxxx/xxxx-xxxxxxx-xxxxxxxxx-xxxxxxx-xxxxx.xxxpredictive
64Filexxxxx.xxxpredictive
65Filexxxx.xxxpredictive
66Filexxxxx.xpredictive
67Filexxxxxxxxxxxxxxxxxxxx.xxxpredictive
68Filexxxxxxx_xxxx.xpredictive
69Filexxxxxx/xxxxxx/xxxx.xpredictive
70Filexxxxx.xxxpredictive
71Filexxxxxx.xxxpredictive
72Filexxxx.xxxpredictive
73Filexxxxxxxx/xxxx?xxxxxx=xxpredictive
74Filexxx/xxxxx.xxxxpredictive
75Filexxxxx/xxxx_xxxxxx/x_xxxx/xxx_xxxxxxx.xxxpredictive
76Filexxxxxx/xxxxxxxx/xxxxpredictive
77Filexx_xxxxxxxxxxpredictive
78Filexxxxxxx.xxxpredictive
79Filexxxxx_xxxxxxx.xxxpredictive
80Filexxxxxxxx.xxpredictive
81Filexxxxxxxxxxxxx.xxxpredictive
82Filexxxx.xxxpredictive
83Filexxxxxx.xxpredictive
84Filexxxxxx.xpredictive
85Filexxxxx/xxxxx-xxxxxxxxxx-xxxxxxxx.xxxpredictive
86Filexxxx_xxxxxxx.xxxpredictive
87Filexxxx.xxxpredictive
88Filexxxx_xxxxx.xxxxpredictive
89Filexxxxx_xxxx_xxx.xxxpredictive
90Filexxx/xxxx.xxxpredictive
91Filexxxxxx.xpredictive
92Filexxxxx-xxxx.xxxpredictive
93Filexxxx-xxxxxxxx.xxxpredictive
94Filexx/xxxxxxxx/xxxxxxpredictive
95Filexxxx.xxxpredictive
96Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
97Filexxxxxxxxx.xpredictive
98Filexxxxxxx.xxxpredictive
99Filexxxxxxx.xxxpredictive
100Filexx-xxxxx/xxxxx-xxxx.xxx?xxxxxx=xxxx_xxxxxx_xxxxxxxxpredictive
101Filexxxxpredictive
102File~/.xxxxxxxpredictive
103Libraryxxxxxxxx.xxxpredictive
104Libraryxxx/xxx.xxpredictive
105Libraryxxx/xxxxxxxxxx.xxxpredictive
106Libraryxxxxxxx.xpredictive
107Libraryxxxxxxxx.xxxpredictive
108Libraryxxxxxxxx.xxxpredictive
109Libraryxxxxxx.xxxxx.xxxxxxxxpredictive
110Argument/xpredictive
111Argumentxxxxpredictive
112Argumentxxxpredictive
113Argumentxxxxx_xxxxxxxxxpredictive
114Argumentxxxxxxxxpredictive
115Argumentxxxxpredictive
116Argumentxxxxxxxxpredictive
117Argumentxxxpredictive
118Argumentxxxxxxxpredictive
119Argumentxxxxxxx-xxxxxxxxxxxpredictive
120Argumentxxxxxx_xxxx_xxxxxxxxpredictive
121Argumentxxxx_xxxpredictive
122Argumentxxxxxx/xxxxxxpredictive
123Argumentxxxxxx xxpredictive
124Argumentxxx_xxxx/xxx_xxxxxxxpredictive
125Argumentxxx_xxxxx_xxxxpredictive
126Argumentxxxxx xxpredictive
127Argumentxxxxxxxxxxxpredictive
128Argumentxx_xxxxxpredictive
129Argumentxxxxpredictive
130Argumentxxxxxxxxpredictive
131Argumentxxxx_xxpredictive
132Argumentxxxx/xxxxxx/xxxpredictive
133Argumentxxpredictive
134Argumentxxpredictive
135Argumentxxxxxxxxxxpredictive
136Argumentxxxxxxxx_xxxxxxxx_xpredictive
137Argumentxxxpredictive
138Argumentxxxxxxx_xxxpredictive
139Argumentxxx_xxpredictive
140Argumentxx_xxxx_xxxxpredictive
141Argumentxxxxxxx[xxxxxx_xxxxx]predictive
142Argumentxxxxpredictive
143Argumentxxxxxxxxpredictive
144Argumentxxxxpredictive
145Argumentxxxpredictive
146Argumentxxxx-xxxxxxxpredictive
147Argumentxxxxxpredictive
148Argumentxxxxxxxxpredictive
149Argumentxxxxxxxpredictive
150Argumentxxxxxx_xxxxpredictive
151Argumentxxxxxxpredictive
152Argumentxxxxxxpredictive
153Argumentxxxpredictive
154Argumentxxxxpredictive
155Argumentxxxxxxxxxxxxxxxxpredictive
156Argumentxxxxpredictive
157Argumentxxxxxxxxx_xxxxxpredictive
158Argumentxxxpredictive
159Argumentxxxpredictive
160Argumentxxxxxxxxpredictive
161Argumentxxxxxpredictive
162Argumentxxxxxxxpredictive
163Argumentxxxxx/xxxxxpredictive
164Argumentxxxxxxxx/xxxxxxxx/xxxxxxxxxxxpredictive
165Argument__xxxxxxpredictive
166Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictive
167Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive
168Input Value./../../xxx/xxpredictive
169Input Value/%xxpredictive
170Input Value<xxxxxx>xxxxx(x)</xxxxxx>predictive
171Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxxpredictive
172Input Valuexxxxxxpredictive
173Pattern() {predictive
174Network Portxxx/xxxxpredictive
175Network Portxxx/x (xxxxxxx)predictive

参考 (7)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!