Nemucod Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh104
ru100
es98
ja96
sv96

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru100
es98
sv96
pt86
de82

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Unknown1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined58
WordPress Plugin24
Operating System4
Appointment Software4
Router Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Tenda46
Not Defined16
Linux4
PHPGurukul4
Contemporary Controls2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda W15E16
Tenda i216
Linux Kernel4
Tenda TX94
Tenda W94

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Tenda W9 formQosManageDouble_auto stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.75CVE-2024-4241
2Kashipara Online Furniture Shopping Ecommerce Website prodInfo.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000870.59CVE-2024-4071
3Tenda W9 wifiSSIDget formwrlSSIDget stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.21CVE-2024-4242
4Contemporary Controls BASrouter BACnet BASRT-B Device-Communication-Control Service denial of service6.55.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.48CVE-2024-4292
5Kashipara Online Furniture Shopping Ecommerce Website search.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000700.75CVE-2024-4072
6Tenda W15E modifyIpMacBind formIPMacBindModify stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.37CVE-2024-4120
7Tenda TX9 SetLEDCfg sub_42BD7C stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.37CVE-2024-4111
8Tenda W15E setStaticRoute formSetStaticRoute stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.21CVE-2024-4125
9Tenda TX9 SetSysTimeCfg sub_42D4DC stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.43CVE-2024-4113
10Tenda AX1803 SetDDNSCfg formSetSysToolDDNS stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.54CVE-2024-4236
11Tenda G3 modifyDhcpRule stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.79CVE-2024-4165
12Tenda W30E WizardHandle fromWizardHandle stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.91CVE-2024-4171
13Tenda TX9 PowerSaveSet sub_42C014 stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.54CVE-2024-4114
14Tenda TX9 SetVirtualServerCfg sub_42CB94 stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.81CVE-2024-4112
15Tenda W15E guestWifiRuleRefresh stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.74CVE-2024-4127
16Kashipara Online Furniture Shopping Ecommerce Website prodList.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.16CVE-2024-4070
17Tenda G3 ModifyPppAuthWhiteMac formModifyPppAuthWhiteMac stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.54CVE-2024-4164
18Tenda W15E addIpMacBind formIPMacBindAdd stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.81CVE-2024-4118
19Tenda i21 formQosManage_auto stack-based overflow8.88.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.38CVE-2024-4247
20Tenda W15E delIpMacBind formIPMacBindDel stack-based overflow8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.49CVE-2024-4119

IOC - Indicator of Compromise (37)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
124.96.108.157static-24-96-108-157.knology.netNemucod04/01/2022verifiedHigh
261.134.39.188Nemucod04/01/2022verifiedHigh
362.173.145.104sadovaya-mebel.comNemucod04/13/2022verifiedHigh
476.73.17.194Nemucod04/13/2022verifiedHigh
578.129.150.54Nemucod04/13/2022verifiedHigh
682.192.94.125Nemucod04/13/2022verifiedHigh
785.93.145.251mail.boanywhere.comNemucod04/13/2022verifiedHigh
886.59.21.38tor.noreply.orgNemucod04/13/2022verifiedHigh
9XX.XX.XXX.XXXxxxxxx.xxxxxxxx.xxxXxxxxxx04/13/2022verifiedHigh
10XX.XXX.XX.XXXxxxxxx.xxx.xx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxx04/13/2022verifiedHigh
11XXX.XX.XXX.XXXxxxxxx04/13/2022verifiedHigh
12XXX.XX.XXX.XXXxxxxxx04/13/2022verifiedHigh
13XXX.XX.XX.XXXXxxxxxx04/13/2022verifiedHigh
14XXX.XX.XX.XXXXxxxxxx04/13/2022verifiedHigh
15XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxx.xxxx.xxXxxxxxx04/13/2022verifiedHigh
16XXX.XX.X.XXxxxxxxxx.xxxxx.xxx.xxxXxxxxxx04/13/2022verifiedHigh
17XXX.XXX.XX.XXXxxxxxxx.xxxxxxxxxx.xxx-xxxxxxxx.xxXxxxxxx04/13/2022verifiedHigh
18XXX.XX.XXX.XXXxxxxxx04/01/2022verifiedHigh
19XXX.XX.XXX.XXXxxxxxx.xxxxxxxxxx.xxxXxxxxxx04/13/2022verifiedHigh
20XXX.XXX.XX.XXXxxxxxxx.xxxxxx.xxxXxxxxxx04/01/2022verifiedHigh
21XXX.XXX.XXX.XXxxxxx.xxxxxxxxx.xxxXxxxxxx04/13/2022verifiedHigh
22XXX.XXX.XXX.XXXxxxxx.xx-xxx-xxx-xxx.xxxXxxxxxx04/12/2022verifiedHigh
23XXX.XXX.XXX.XXXxxxx.xxx.xx.xxXxxxxxx04/13/2022verifiedHigh
24XXX.XX.XX.Xxxxxxxxxx.xxxxxxx.xxXxxxxxx04/13/2022verifiedHigh
25XXX.XX.XXX.Xxxxxxxxx.xxxx.xxXxxxxxx04/13/2022verifiedHigh
26XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxx.xxxxxxxxx.xxxXxxxxxx04/13/2022verifiedHigh
27XXX.XXX.XX.XXXxxxxxxxx.xxxx.xxXxxxxxx04/12/2022verifiedHigh
28XXX.XXX.XXX.XXX.Xxxxxxx08/29/2021verifiedHigh
29XXX.XXX.XXX.XXXxxxx.xxxxxxxxxxxx.xxxXxxxxxx08/29/2021verifiedHigh
30XXX.XXX.XX.XXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxxxx08/29/2021verifiedHigh
31XXX.XX.XXX.XXXxxxxxxxxxx.xxxxxxx.xxXxxxxxx04/13/2022verifiedHigh
32XXX.XXX.XXX.XXXxxxxxx.xxxxx.xxxXxxxxxx04/13/2022verifiedHigh
33XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxxxxxxx.xxXxxxxxx04/12/2022verifiedHigh
34XXX.XX.XXX.XXxxxx.xxxXxxxxxx04/13/2022verifiedHigh
35XXX.XXX.XXX.Xxxxx-xxxxxxx.xxXxxxxxx04/13/2022verifiedHigh
36XXX.XX.XXX.XXXXxxxxxx08/29/2021verifiedHigh
37XXX.XX.XXX.XXXXxxxxxx08/29/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2T1068CAPEC-19CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (94)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/admin_cl.php?mudi=revPwdpredictiveHigh
2File/cgi-bin/nas_sharing.cgipredictiveHigh
3File/doctor/view-appointment-detail.phppredictiveHigh
4File/goform/AddDnsForwardpredictiveHigh
5File/goform/addIpMacBindpredictiveHigh
6File/goform/AdvSetMacMtuWanpredictiveHigh
7File/goform/DelDhcpRulepredictiveHigh
8File/goform/delIpMacBindpredictiveHigh
9File/goform/DelPortMappingpredictiveHigh
10File/goform/DhcpSetSepredictiveHigh
11File/goform/DhcpSetSerpredictiveHigh
12File/goform/execCommandpredictiveHigh
13File/goform/modifyDhcpRulepredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxpredictiveHigh
21File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
22File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
23File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
24File/xxxxxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
25File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
26File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
27File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
28File/xxxxxx/xxxxxxxxxxxpredictiveHigh
29File/xxxxxx/xxxxxxxxxxxpredictiveHigh
30File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
31File/xxxxxx/xxxxx.xxx/xxxxx/xxxxxxxxxxxxpredictiveHigh
32File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
33File/xxx/xxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxxxx-xxxxxxx-xxxxxxx-xxxxxxx.xxxpredictiveHigh
35Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
36Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
37Filexxxxxx/xxxxxx/xxx/xxxxxxxxxxx/xx.xxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxxxx.xxxpredictiveMedium
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxx.xxxpredictiveMedium
42Filexxxx_xxxxxxxxxxx.xxxpredictiveHigh
43Argumentxxxxx_xxxxxpredictiveMedium
44ArgumentxxxxxxxxxxxxxpredictiveHigh
45Argumentxxxxxxxx_xxxxpredictiveHigh
46ArgumentxxxxxxxxxpredictiveMedium
47ArgumentxxxxxxxxxxxxpredictiveMedium
48ArgumentxxxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxpredictiveLow
50Argumentxxxxxxxxxxx/xxxxxxxxx/xxxxxx/xxxxxxxx/xxxxxxxxxxxxx/xxxxxxxx/xxxxxxxxpredictiveHigh
51ArgumentxxxxxxxxxxxxxxpredictiveHigh
52ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
53ArgumentxxxxxxpredictiveLow
54Argumentxxxxxx/xxxxx/xxxxxxpredictiveHigh
55ArgumentxxxxxxxxpredictiveMedium
56Argumentxxxxxxxx/xxxxxxpredictiveHigh
57Argumentxx/xxxxpredictiveLow
58ArgumentxxxxxxxxxxpredictiveMedium
59ArgumentxxpredictiveLow
60ArgumentxxpredictiveLow
61ArgumentxxxxxpredictiveLow
62ArgumentxxxxxxxxxxxxxxpredictiveHigh
63ArgumentxxxxxxxxxxxxxpredictiveHigh
64Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
65Argumentxxxx xxxxxxpredictiveMedium
66ArgumentxxxxpredictiveLow
67ArgumentxxxxxpredictiveLow
68ArgumentxxxxxxxxxxxxpredictiveMedium
69ArgumentxxxxpredictiveLow
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
73Argumentxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
74ArgumentxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
75ArgumentxxxpredictiveLow
76ArgumentxxxxxxpredictiveLow
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxxxxxxxpredictiveMedium
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
83ArgumentxxxxxxxxxpredictiveMedium
84ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
85ArgumentxxxxpredictiveLow
86ArgumentxxxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxxxpredictiveMedium
88ArgumentxxxxxxxpredictiveLow
89ArgumentxxxxpredictiveLow
90Argumentxxxxxx/xxxxxxxx/xxxxxxxxx/xxx/xxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
91Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh
92Input ValuexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
93Input Value><xxxxxx>xxxxx('xxx')</xxxxxx>predictiveHigh
94Input ValuexxxxxxxxxxpredictiveMedium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!