NSAMsdMiner Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en24
pl2
sv2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike1
RedLine Stealer1
NSAMsdMiner1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Thomas R. Pasawicz2
Responsive2
DZCP2
AlstraSoft2
WoltLab2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Thomas R. Pasawicz HyperBook Guestbook2
Responsive Filemanager2
DZCP deV!L`z Clanportal2
AlstraSoft AskMe Pro2
WoltLab Burning Book2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
3Easy-scripts Answer/Question Script File Upload myaccount.php memory corruption7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001900.00CVE-2009-1663
4Responsive Filemanager upload.php server-side request forgery8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.963690.03CVE-2018-14728
5Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
6AlstraSoft AskMe Pro forum_answer.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
7DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.48CVE-2010-0966
8MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.60CVE-2007-0354
9DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.42CVE-2007-1167
10SAP BusinessObjects Business Intelligence Platform Web Services server-side request forgery6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.005680.04CVE-2020-6308
11Apple Mac OS X Server User Authentication stack-based overflow7.37.1$25k-$100k$0-$5kHighWorkaround0.105660.00CVE-2004-0430
12Rubetek RV-3406/RV-3409/RV-3411 Telnet Service hard-coded password9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.008610.00CVE-2020-25749

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.0.144.122ec2-3-0-144-122.ap-southeast-1.compute.amazonaws.comNSAMsdMiner10/23/2023verifiedMedium
2XX.XX.X.XXXXxxxxxxxxxx10/23/2023verifiedHigh
3XX.XXX.XX.XXXXxxxxxxxxxx10/23/2023verifiedHigh
4XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxx10/23/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileaddentry.phppredictiveMedium
2Filedata/gbconfiguration.datpredictiveHigh
3Filexxxxx.xxxpredictiveMedium
4Filexxxxx_xxxxxx.xxxpredictiveHigh
5Filexxx/xxxxxx.xxxpredictiveHigh
6Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxx.xxxpredictiveHigh
8Filexxxxxx.xxxpredictiveMedium
9ArgumentxxxxxxxxpredictiveMedium
10ArgumentxxxxpredictiveLow
11ArgumentxxpredictiveLow
12ArgumentxxxxxxxxpredictiveMedium
13Argumentxxx_xxpredictiveLow
14ArgumentxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!