Nokoyawa Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (100)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en88
zh6
ru4
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us84
ru6
tr4
gb2
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

IcedID4
Cobalt Strike4
PhotoLoader3
BazarBackdoor2
BumbleBee2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined34
Content Management System12
WordPress Plugin8
Web Server6
Connectivity Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined28
Microsoft6
Joomla4
Almondsoft2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
Joomla CMS4
Microsoft Windows4
Almondsoft Com Aclassf2
PHPUnit2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.05CVE-2010-0966
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.89CVE-2007-0354
3Microsoft Windows TCP/IP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.239930.00CVE-2022-34718
4Microsoft Windows Kernel Cryptography Driver cng.sys CfgAdtpFormatPropertyBlock buffer overflow7.97.9$25k-$100k$25k-$100kHighOfficial Fix0.143040.00CVE-2020-17087
5Microsoft Windows Netlogon Zerologon privileges management8.48.3$25k-$100k$0-$5kHighOfficial Fix0.450820.09CVE-2020-1472
6Microsoft Windows Event Logging Service denial of service4.34.0$5k-$25k$5k-$25kUnprovenOfficial Fix0.002030.00CVE-2022-37981
7FLDS redir.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.002030.05CVE-2008-5928
8Microsoft Exchange Server Privilege Escalation9.08.7$25k-$100k$5k-$25kHighOfficial Fix0.018490.00CVE-2022-41080
9PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.21CVE-2007-0529
10Nystudio107 SEOmatic Plugin Template injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.513050.03CVE-2021-41749
11Adobe Premiere Pro MP4 File Parser heap-based overflow7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004130.04CVE-2023-47056
12WordPress wpdb->prepare sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.003890.03CVE-2017-16510
13Microsoft IIS Frontpage Server Extensions shtml.dll Username information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.159580.10CVE-2000-0114
14Caucho Resin HTTP Request pathname traversal6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.012580.02CVE-2021-44138
15Adiscon LogAnalyzer sql injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000760.03CVE-2023-34600
16Microsoft Windows Win32k Privilege Escalation7.26.8$25k-$100k$0-$5kHighOfficial Fix0.001130.04CVE-2022-21882
17Oracle ZFS Storage Appliance Kit Operating System Image privileges management10.09.7$25k-$100k$5k-$25kHighOfficial Fix0.450820.00CVE-2020-1472
18Microsoft Windows Print Spooler Privilege Escalation8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.000510.05CVE-2022-38028
19Microsoft Office information disclosure3.83.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000430.00CVE-2022-41043
20Microsoft Windows IIS Remote Code Execution7.67.0$25k-$100k$5k-$25kUnprovenOfficial Fix0.001180.00CVE-2022-30209

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Nokoyawa

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.8.18.242Cobalt StrikeNokoyawa05/22/2023verifiedHigh
223.29.115.15223-29-115-152.static.hvvc.usCobalt StrikeNokoyawa05/22/2023verifiedHigh
3XX.XX.XXX.XXXxxxxxxxxx.xxxXxxxxxXxxxxxxx05/22/2023verifiedHigh
4XX.X.XXX.XXXxxxxx-x.xxxxxxxxxx.xxxXxxxxx XxxxxxXxxxxxxx05/22/2023verifiedHigh
5XXX.XX.XXX.XXXXxxxxxXxxxxxxx05/22/2023verifiedHigh
6XXX.XX.XXX.XXXXxxxxxXxxxxxxx05/22/2023verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxxx07/29/2022verifiedHigh
8XXX.XXX.XXX.XXXxxxxxXxxxxxxx05/22/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (52)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/homeaction.phppredictiveHigh
3File/librarian/bookdetails.phppredictiveHigh
4File/modules/projects/vw_files.phppredictiveHigh
5File/out.phppredictiveMedium
6Fileadclick.phppredictiveMedium
7Fileadmin.phppredictiveMedium
8Filexxxxx.xxxxxxx.xxxx.xxxpredictiveHigh
9Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
10Filexx_xxxxx_xxxxx.xxxpredictiveHigh
11Filexxx-xxx/xxxxxxx.xxpredictiveHigh
12Filexxxxx-xx-xxxx-xxxxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxx.xxxpredictiveLow
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxx.xxxpredictiveMedium
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxxxx.xxxxpredictiveMedium
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxx.xxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxx.xxxpredictiveMedium
27Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
28Filexx-xxxxx/xxxx.xxx?xxxx_xxxx=xxxxxpredictiveHigh
29File~/xxxxx.xxxpredictiveMedium
30Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
31ArgumentxxxxpredictiveLow
32ArgumentxxxpredictiveLow
33ArgumentxxxxxxpredictiveLow
34ArgumentxxxxxxxxpredictiveMedium
35Argumentxxx_xxxpredictiveLow
36ArgumentxxxxxxxxxxpredictiveMedium
37Argumentxxx_xxpredictiveLow
38Argumentxxxxxxxxx_xxxpredictiveHigh
39ArgumentxxxxxxpredictiveLow
40Argumentxxxx_xxxxxpredictiveMedium
41Argumentxxxxxxxx[xxxx_xxx]predictiveHigh
42ArgumentxxxxxpredictiveLow
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxxxpredictiveLow
45ArgumentxxpredictiveLow
46ArgumentxxpredictiveLow
47ArgumentxxxxxxxpredictiveLow
48ArgumentxxxxpredictiveLow
49ArgumentxxxxxxxxxpredictiveMedium
50Argumentxxxxx_xxxx_xxxxpredictiveHigh
51ArgumentxxxxxxxxpredictiveMedium
52Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!