Russian Nexus Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (80)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en62
de8
es6
pl2
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us52
gb8
es4
pl4
tr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Grizzly Steppe4
Russian Nexus3
Cerber1
Wizard Spider1
NjRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Operating System8
Content Management System6
Programming Language Software6
Photo Gallery Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Apple6
Microsoft6
Foxit2
Nuked-Klan2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP6
OX App Suite6
Web2py4
Microsoft Windows4
Piwigo4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.12CVE-2017-0055
2vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.04CVE-2007-6138
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.80CVE-2010-0966
4Apple macOS Sudo out-of-bounds write6.56.4$0-$5k$0-$5kHighOfficial Fix0.970510.00CVE-2021-3156
5Web2py information disclosure6.46.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.006260.01CVE-2016-4806
6Microsoft IIS FastCGI memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.282640.06CVE-2010-2730
7Microsoft Windows Kernel access control6.46.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000880.03CVE-2018-8347
8SourceCodester Kortex Lite Advocate Office Management System register_case.php sql injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.08CVE-2024-3621
9Nuked-Klan Partenaires module clic.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001340.06CVE-2010-4925
10LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.49
11Joomla CMS Custom Field input validation7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.005970.04CVE-2019-14654
12Dnsmasq EDNS.0 UDP Packet Size Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002400.03CVE-2023-28450
13Node.js IsAllowedHost os command injection6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003780.04CVE-2022-43548
14TP-LINK TL-WR841N Firmware path traversal7.57.5$0-$5k$0-$5kHighNot Defined0.029520.04CVE-2012-5687
15Mustache Pix Helper exploitable injection7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.003120.04CVE-2023-28333
16Moodle Enrolled Course sql injection8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.001200.04CVE-2021-36392
17TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010759.35CVE-2006-6168
18Starface improper authentication5.04.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.016280.04CVE-2023-33243
19PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
20Medix orgot Password Appstore Module access control7.16.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001040.00CVE-2021-25672

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
180.255.12.237Russian Nexus08/04/2022verifiedHigh
2XX.XX.XX.XXXxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxxx Xxxxx08/04/2022verifiedHigh
3XX.XX.XXX.XXXXxxxxxx Xxxxx08/04/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/control/register_case.phppredictiveHigh
2File/forum/away.phppredictiveHigh
3File/uncpath/predictiveMedium
4File5.2.9\syscrb.exepredictiveHigh
5Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
6Filexxxx.xxxpredictiveMedium
7Filexxxxxxx.xxxpredictiveMedium
8Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
9Filexxx/xxxx/xxxx.xpredictiveHigh
10Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
11Filexxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
13Filexxx/xxxxxx.xxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxxpredictiveMedium
18Filexxx.xxxpredictiveLow
19Filexxxxxxxxxxx.xpredictiveHigh
20Filexxxx-xxxxxxxx.xxxpredictiveHigh
21Filexxx.xxxpredictiveLow
22Filexx-xxxxxxxx-xxxx.xxxpredictiveHigh
23Libraryxxxxxxxxx/xxxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
24ArgumentxxxxxxxxpredictiveMedium
25ArgumentxxpredictiveLow
26ArgumentxxxxxxxxpredictiveMedium
27Argumentxxxxxxxxxx[xxxxx_xxxx]predictiveHigh
28ArgumentxxxxxxxxpredictiveMedium
29ArgumentxxxpredictiveLow
30Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictiveHigh
31Argumentx-xxxxxxxxx-xxxpredictiveHigh
32Input Value'/x'predictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!