Nukesped 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

时间轴

语言

en650
zh332
ja6
pl4
de2

国家/地区

hk964
us12
gb10
cn6
ua2

演员

Andariel2
Indexsinas1
Meterpreter1
Kimsuky1
GhostEmperor1

活动

利益

时间轴

类型

Not Defined318
Web Browser66
Operating System54
Content Management System30
Smartphone Operating System30

供应商

Not Defined216
Microsoft72
Google68
Apache62
Oracle30

产品

Google Chrome54
Microsoft Windows32
Tuxera ntfs-3g20
Apache HTTP Server16
Apple iOS16

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1nginx 权限升级6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.96CVE-2020-12440
2Apple iOS/iPadOS IOSurfaceAccelerator 内存损坏8.28.0$25k-$100k$5k-$25kHighOfficial Fix0.003230.04CVE-2023-28206
3D-Link DIR-645 Interface Wireless 权限升级9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.971380.00CVE-2015-2051
4Symantec Gateway ipchange.php exec 权限升级8.88.4$5k-$25k$0-$5kHighOfficial Fix0.973480.02CVE-2012-0297
5Fortinet FortiOS/FortiProxy Administrative Interface 弱身份验证9.89.7$25k-$100k$5k-$25kNot DefinedOfficial Fix0.971690.00CVE-2022-40684
6Palo Alto PAN-OS GlobalProtect Portal 内存损坏9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002340.03CVE-2021-3064
7NVIDIA Omniverse Kit Create/Audio2Face/Isaac Sim/View/Code/Machinima 权限升级8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.04CVE-2022-42268
8Oracle Banking Digital Experience Framework Remote Code Execution8.38.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.013160.00CVE-2021-2351
9Apache HTTP Server mod_proxy 权限升级7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.964970.03CVE-2014-0117
10Fortinet FortiOS sslvpnd 内存损坏9.89.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.418830.00CVE-2022-42475
11Apache Ambari 目录遍历6.56.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001410.04CVE-2020-13924
12OpenSSL AES OCB Mode 弱加密5.65.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003630.00CVE-2022-2097
13Cisco ASA/Firepower Threat Defense DNS Inspection 拒绝服务8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001370.00CVE-2022-20760
14Apple iOS/iPadOS Kernel 内存损坏7.87.5$25k-$100k$5k-$25kHighOfficial Fix0.000620.02CVE-2022-32917
15Microsoft Windows Support Diagnostic Tool Follina Remote Code Execution7.37.1$25k-$100k$0-$5kHighWorkaround0.971410.00CVE-2022-30190
16Apache Log4j Incomplete Fix CVE-2021-44228 权限升级4.54.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.973630.02CVE-2021-45046
17Google Chrome Profiles 内存损坏7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.002360.04CVE-2023-5472
18IEEE 802.11 Packet Routing 弱身份验证5.04.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000520.04CVE-2022-47522
19PHP IMAP mb_send_mail 未知漏洞5.45.1$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000860.00CVE-2006-1014
20Oracle Banking Digital Experience UI General 权限升级9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.028500.00CVE-2022-46364

活动 (1)

These are the campaigns that can be associated with the actor:

  • NukeSped

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
16.43.51.17Nukesped2019-10-25verified
227.102.114.215AndarielNukeSped2023-11-27verified
3XX.XX.XXX.XXXxxxxxxXxxxxxxx2022-05-24verified
4XX.XX.XXX.XXXXxxxxxxXxxxxxxx2022-05-24verified
5XXX.XX.XXX.XXXXxxxxxxx2019-10-25verified
6XXX.XX.X.XXxx-x-xx.xxxxxxxx.xxxxXxxxxxxXxxxxxxx2022-05-24verified
7XXX.XXX.XX.XXXxxxxxx.xxxxxxx.xxx.xxx.xxXxxxxxxx2019-10-25verified

TTP - Tactics, Techniques, Procedures (27)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22, CWE-23, CWE-24, CWE-425Path Traversalpredictive
2T1040CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-88, CWE-94, CWE-1321Argument Injectionpredictive
5T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
6T1068CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
8TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx Xxxxxpredictive
14TXXXXCWE-XXXxx Xxxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
16TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXXCWE-XXX, CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
19TXXXX.XXXCWE-XXXXxxxxxxxx Xxxxxxxxxpredictive
20TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
21TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxx Xxxxpredictive
22TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
23TXXXX.XXXCWE-XXXXxxxxxxxpredictive
24TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
25TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
26TXXXX.XXXCWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
27TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (218)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin-panel1.phppredictive
2File/admin/academic/studenview_left.phppredictive
3File/admin/ajax.phppredictive
4File/admin/ajax.php?action=confirm_orderpredictive
5File/admin/controller/JobLogController.javapredictive
6File/admin/login.phppredictive
7File/ad_js.phppredictive
8File/alerts/alertConfigField.phppredictive
9File/api/blade-log/api/listpredictive
10File/api/v1/terminal/sessions/?limit=1predictive
11File/blogpredictive
12File/config/myfield/test.phppredictive
13File/context/%2e/WEB-INF/web.xmlpredictive
14File/core/conditions/AbstractWrapper.javapredictive
15File/data/removepredictive
16File/debug/pprofpredictive
17File/etc/passwdpredictive
18File/face-recognition-php/facepay-master/camera.phppredictive
19File/forms/doLoginpredictive
20File/fuel/index.php/fuel/logs/itemspredictive
21File/fuel/index.php/fuel/pages/itemspredictive
22File/goform/aspFormpredictive
23File/image_zoom.phppredictive
24File/include/config.cache.phppredictive
25File/index.phppredictive
26File/lists/index.phppredictive
27File/mkshop/Men/profile.phppredictive
28File/xxxxx.xxxx.xxxpredictive
29File/xxx/xxxxxxxxxxxx.xxxpredictive
30File/xxxxx/predictive
31File/xxxxxx/xxxxxxx/predictive
32File/xxxx/xxx/x/xxxxxxpredictive
33File/xxxx/xxx/xxxxxx/xxxxxxxxxxxxxxx/xxxpredictive
34File/xxxxxxx/xxxxxxxx.xxxpredictive
35File/xxxpredictive
36File/xxxxxxx/predictive
37File/xxxxxxpredictive
38File/xxxxx/xxxxxxxxxxxxxxpredictive
39File/xx-xxxxx/xxxxx-xxxx.xxxpredictive
40File/xxx-xxx-xxxxx/xxxxxxxpredictive
41Filexxxxxxxxxxxxxxxxxxx.xxxxpredictive
42Filexxxxxx/xxxx/xxxxxx.xxxxpredictive
43Filexxxxx.xxxpredictive
44Filexxxxx/xxxxxx/xxx/xxxxxxxx.xxpredictive
45Filexxx_xxxxxx_xxxxxx.xxxpredictive
46Filexxxx/xxxxxxxxx.xxxpredictive
47Filexxx_xxxxxxx.xxxpredictive
48Filexxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxx.xxxxpredictive
49Filexxxxxx.xxxpredictive
50Filexxxxxxxxxxxxxx.xxxpredictive
51Filexxxxxxxx.xxxpredictive
52Filexxxxxx.xpredictive
53Filexxxx_xxxx_xx.xxpredictive
54Filexxxxxxxxxxxxxxxxxxx.xxxxpredictive
55Filexxx_xxxx_xxxx.xpredictive
56Filexxx_xxxxxxxxxxx_xxx.xxxpredictive
57Filexxx.xxxpredictive
58Filexxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
59Filexxxxxxx.xxxpredictive
60Filexxxxxxx_xxxx.xxxpredictive
61Filexxxxxx.xxxpredictive
62Filexxxxxxxxx.xxxxxxx.xxxpredictive
63Filexxxxxxxxxx/xxxx.xxxpredictive
64Filexxxxxx-xxxxxxx.xxxpredictive
65Filexxxxxx/xx/xx_xxxxx.xpredictive
66Filexxxxxx/xxxx/xxxxxxxx.xpredictive
67Filexxxxxx/xxxxxxx/xxx_xxx.xpredictive
68Filexxxxxxxxxx.xpredictive
69Filexxxxxxx.xxxxx.xxxpredictive
70Filexxxxxxx/xxxx/xxxxx/xxxxx_xxxx.xpredictive
71Filexxxxxxx/xxx/xxx/xxx/xxxx_xxx.xpredictive
72Filexxxxxxx/xxxxx/xxxxx/xxxxxxx.xpredictive
73Filexxxxxxx_xxxx.xxxx.xxx/xxxxxxx_xxxx.xxxpredictive
74Filexx/xxxxx/xxxxxxx.xpredictive
75Filexxxx/xxxxxxx/xxxx/xxxxxxxxxxx/xxxxx.xxxpredictive
76Filexxxxx/xxxxx.xxpredictive
77Filexxxx.xpredictive
78Filexxxxx.xxxpredictive
79Filexxxxx.xxx/xxxxxxx/xxxxx/xxxxxpredictive
80Filexxxxx.xxx/xxxxxxx/xxxxx/xxxxxxxxxpredictive
81Filexxxxx.xxx/xxxxxxx/xxxx/xxxxxxxxxxxpredictive
82Filexxxxx.xxx/xxxxxxx/xxxx/xxxxxpredictive
83Filexxxxx.xxx?x=xxxx&x=xxxxxxx&x=xxxpredictive
84Filexxxxx.xxx?x=/xxxx/xxxxxxxxxxxx/xxxxxxxpredictive
85Filexxxxx.xxx?x=/xxxx/xxxxxxxxxxxx/xxxxxxxxpredictive
86Filexxxxxxx.xpredictive
87Filexxxxxx.xpredictive
88Filexxxxxxxxxxxxxx.xxxpredictive
89Filexxxxxxx/xxx_xxx.xpredictive
90Filexxxxx.xxxpredictive
91Filexxx-xxxxxxxx/xxxx.xxxpredictive
92Filexxxxxxxxxxx.xxxpredictive
93Filexxxxxxxx_xxxx.xxxpredictive
94Filexxxxxxx/xxxxx/xx_xxxxxx.xpredictive
95Filexxx_xxxxx.xpredictive
96Filexxx/xxxx/xxxxxx.xpredictive
97Filexxx_xxxxxxxx.xpredictive
98Filexxx_xxxx.xpredictive
99Filexxx.xpredictive
100Filexx/xxxxpredictive
101Filexx_xxx.xpredictive
102Filexxxxxxxx/xxxxxx-xxxxx/xxxxxxxxxxx/xxxx.xxpredictive
103Filexxxxxxxxxx.xxpredictive
104Filexxxxxxx.xxxpredictive
105Filexxxxxxxxx/xxxxxxxxxxxxpredictive
106Filexxxxx/xxxxxxx.xpredictive
107Filexxxxxxxxxx.xxxpredictive
108Filexxxx\xxxxxxx\xxxxxxx\xxxxxxxx_xxxxxx.xxxpredictive
109Filexxxxxxxxxx.xxpredictive
110Filexxxxxxxx-xxx-xxxxxx.xpredictive
111Filexxxx_xxx_xx.xpredictive
112Filexxxx-xxx/xxxxxxxx.xxxpredictive
113Filexxxxxxxxxx_xxxxpredictive
114Filexxxxxx.xxpredictive
115Filexxxxx.xxxpredictive
116Filexxxx/xxxxxx.xxxpredictive
117Filexxx_xxxx.xpredictive
118Filexx/xxx.xpredictive
119Filexxxxxx.xxxpredictive
120Filexxxxxx-xxxx.xxxpredictive
121Filexxxxxxxx/xxxxxxxxpredictive
122Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
123Filexxxxxxxx/predictive
124Filexxxxxx-xxxxx.xxxpredictive
125Filexxx.xxxxpredictive
126Filexxxxxxx/xxxx/xxx/xxxx.xxxpredictive
127Filexxxxxx.xxxpredictive
128Filexxxxx/xxxxxxxxpredictive
129Filexxxxxxxx.xpredictive
130File~/xxxxx-xxxxx.xxxpredictive
131File~/xxxxxx-xxxx.xxxpredictive
132File~/xxxxx-xxxxxxxx.xxxpredictive
133File~/xxxxxx-xxxxx.xxxpredictive
134File~/xxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxxpredictive
135File~/xxx/xxxxxxxxx/xxxxxxxxxxxx.xxxpredictive
136File~/xxxxxxx-xxxxxxx-xxxxxx.xxxpredictive
137File~/xxxx-xxxxxxxxxx-xxxxx.xxxpredictive
138File~/xxxx/xxxxxxxxxx.xxxpredictive
139File~/xxxxx/xxxxxxxxxxxxx.xxxx.xxxpredictive
140Libraryxxxxx.xxxpredictive
141Libraryxxxxxx.xxxpredictive
142Libraryxxx/xxxxxxx/xxxxxxxxx.xxxpredictive
143Libraryxxx/xxxx/xxxxxxxxxx.xxpredictive
144Libraryxxxxxxxxxxx.xpredictive
145Libraryxxxxxx.xxxpredictive
146Libraryxxxxxxxx.xxxpredictive
147Argument$_xxxxxx["xxx_xxxx"]predictive
148Argument$_xxxxxx['xxxx_xxxx_xxxxx']predictive
149Argumentxxxxxxpredictive
150Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictive
151Argumentxxx/xxxxpredictive
152Argumentxxx_xxxxx_xxxxpredictive
153Argumentxxxxxxpredictive
154Argumentxxxxxxxxxxxxxpredictive
155Argumentxxxx_xxxxxpredictive
156Argumentxxx_xxx[]predictive
157Argumentxxxxxxxx_xxxxpredictive
158Argumentxxxpredictive
159Argumentxxxxxxpredictive
160Argumentxxxxxxxxx xxxxpredictive
161Argumentxxxxxxx_xxxx/xxxxxxxx/xxxx/xxxxx_xxxxxxpredictive
162Argumentxxxxxxx-xxxxxxpredictive
163Argumentxxxxxxxxxxpredictive
164Argumentxxxpredictive
165Argumentxxxxxpredictive
166Argumentxxxxxxxxpredictive
167Argumentxxxxxxxxxpredictive
168Argumentxx_xxxxx_xxpredictive
169Argumentxxxxxxxx/xxxxxxx/xxxxxpredictive
170Argumentxxxxxxxxxxxxpredictive
171Argumentxxxxxxxxxxxxxxxxxxxpredictive
172Argumentxxxxx xxxxxpredictive
173Argumentxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxxxxxxx/xxxxxxxxxxxpredictive
174Argumentxxpredictive
175Argumentxx_xxxxxxxxpredictive
176Argumentxxxpredictive
177Argumentxxxx_xxxxxxpredictive
178Argumentxx_xxxxxxpredictive
179Argumentxxxxxxx/xxxxxxxxpredictive
180Argumentxxxxpredictive
181Argumentxxxxxxxxpredictive
182Argumentxxxxxxxpredictive
183Argumentxxxxxxxpredictive
184Argumentxxxxx_xxxxpredictive
185Argumentxxxx_xxpredictive
186Argumentxxx_xx_xxxx/xxx_xx_xxxxxxxxpredictive
187Argumentxxxxxxx_xx/xxxx_xxpredictive
188Argumentxxxpredictive
189Argumentxxxxxpredictive
190Argumentxxxxxxxx_xxxxpredictive
191Argumentxxxxxxxxxxpredictive
192Argumentxxxxxxxxxxxxpredictive
193Argumentxxxxxxxxxpredictive
194Argumentxxxxxxxxxpredictive
195Argumentxxxxxx_xxxx_xxxpredictive
196Argumentxxxpredictive
197Argumentxxxpredictive
198Argumentxxxxxxxxpredictive
199Argumentxxxxxxxx-xxxxxxxxpredictive
200Argumentxxx-xxxpredictive
201Argumentxxxpredictive
202Argumentxxxxxxpredictive
203Argumentxxxx_xxxxxxxxxpredictive
204Argumentxxxxx_xxxxxxxxxx_xxxxxpredictive
205Argument_xxxxxxxxpredictive
206Input Value%xx%xxpredictive
207Input Value..predictive
208Input Value../predictive
209Input Valuex:\xxxxx\xxxx\xxx\xxx\xxxxxxxxxx.xxxpredictive
210Input Value[]xxxxxx{}/x["xxx"]predictive
211Input Value\xxxxxpredictive
212Input Value\xxx\xxx\xxx\xxxpredictive
213Patternxxxxpredictive
214Network Portxxxx/xxxxxpredictive
215Network Portxxx/xx (xxxxxx)predictive
216Network Portxxx/xxxxpredictive
217Network Portxxx/xxx (xxxx)predictive
218Network Portxxx/xxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!