N-W0rm Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en156
zh92
pl84
es84
ja82

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

pl84
es84
it80
ru78
ar78

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Mirai4
Sandworm1
Cobalt Strike1
Viper RAT1
Royal1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined110
WordPress Plugin22
Operating System12
E-Commerce Management Software8
Log Management Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined46
Tenda22
Campcodes12
Linux8
IBM6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda W15E10
MailCleaner8
Linux Kernel8
Campcodes Complete Web-Based School Management Sys ...8
IBM Emptoris Services Procurement6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.10CVE-2024-4327
2MailCleaner Email os command injection9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.83CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.13CVE-2024-4348
4MailCleaner Admin Interface cross site scripting5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.66CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.20CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.36CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.13CVE-2024-33688
9Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-3074
10Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.088080.03CVE-2021-44790
11Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
12Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-41561
13Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-32955
14Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-28976
15Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-33690
16ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
17AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
18Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948
19Dell Repository Manager Logger Module improper authorization3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28977
20Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32775

IOC - Indicator of Compromise (70)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.56.254.54N-W0rm08/14/2023verifiedHigh
25.188.159.44N-W0rm12/01/2023verifiedHigh
320.48.21.149N-W0rm07/29/2022verifiedHigh
423.7.53.229a23-7-53-229.deploy.static.akamaitechnologies.comN-W0rm08/23/2022verifiedHigh
523.8.82.173a23-8-82-173.deploy.static.akamaitechnologies.comN-W0rm07/23/2022verifiedHigh
623.9.169.37a23-9-169-37.deploy.static.akamaitechnologies.comN-W0rm10/07/2022verifiedHigh
723.204.189.35a23-204-189-35.deploy.static.akamaitechnologies.comN-W0rm07/18/2022verifiedHigh
835.83.156.201ec2-35-83-156-201.us-west-2.compute.amazonaws.comN-W0rm07/22/2022verifiedMedium
935.168.183.178ec2-35-168-183-178.compute-1.amazonaws.comN-W0rm10/04/2022verifiedMedium
1037.113.171.12dynamicip-37-113-171-12.pppoe.chel.ertelecom.ruN-W0rm09/25/2023verifiedHigh
1137.120.141.147N-W0rm02/01/2022verifiedHigh
1237.120.141.190N-W0rm02/08/2022verifiedHigh
1337.139.129.243N-W0rm08/14/2023verifiedHigh
1442.157.128.69N-W0rm10/14/2022verifiedHigh
15XX.XXX.XX.XXXX-xxxx01/25/2023verifiedHigh
16XX.XXX.XXX.XXX-xxxx10/27/2022verifiedHigh
17XX.XXX.XXX.XXX-xxxx12/31/2022verifiedHigh
18XX.XXX.XXX.XXXX-xxxx04/01/2022verifiedHigh
19XX.XXX.XXX.XXXX-xxxx03/01/2024verifiedHigh
20XX.XX.XXX.XXX-xxxx01/11/2023verifiedHigh
21XX.XX.XX.XXX-xxxx04/23/2023verifiedHigh
22XX.XXX.XX.XXXX-xxxx11/18/2023verifiedHigh
23XX.XXX.XXX.XXxxxxxxxxx.xxxX-xxxx12/19/2023verifiedHigh
24XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxx.xxx.xxx.xxX-xxxx08/01/2022verifiedHigh
25XX.XXX.XX.XXX.X-xxxx08/06/2022verifiedHigh
26XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx.xx.xxxxx.xxx.xxX-xxxx05/08/2022verifiedHigh
27XX.XX.XXX.XXXxxx.xxxxxx-xx-xxx.xxxxxxx.xxxxxx.xxX-xxxx09/25/2023verifiedHigh
28XX.XX.XXX.XXX-xxxx12/21/2023verifiedHigh
29XX.XX.XXX.XXX-xxxx11/30/2023verifiedHigh
30XXX.XX.XXX.XXXX-xxxx03/29/2023verifiedHigh
31XXX.XXX.XXX.XXX-xxxx04/02/2022verifiedHigh
32XXX.XX.XX.XXXxxxx-xx-xx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxX-xxxx10/04/2022verifiedHigh
33XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxx.xxxxxx.xxxxxxxxxxxxxxxxxx.xxxX-xxxx07/31/2022verifiedHigh
34XXX.XXX.XXX.XXXX-xxxx10/18/2022verifiedHigh
35XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxx-xx.xxxxx.xxxX-xxxx01/22/2023verifiedHigh
36XXX.XXX.XX.XXXxxxx-xxxxx-xxxxxx-xxx.xx.xxx.xxx.xxxxxxxxxxxxxxx.xxX-xxxx09/19/2022verifiedHigh
37XXX.XX.XXX.XXXX-xxxx12/31/2022verifiedHigh
38XXX.XXX.XXX.XXXX-xxxx07/05/2022verifiedHigh
39XXX.XXX.XX.XX-xxxx07/10/2022verifiedHigh
40XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxX-xxxx06/19/2022verifiedHigh
41XXX.XXX.XXX.XXXX-xxxx08/27/2022verifiedHigh
42XXX.XXX.XXX.XXX-xxxx03/10/2022verifiedHigh
43XXX.XXX.XXX.XXX-xxxx05/03/2024verifiedHigh
44XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxX-xxxx06/19/2023verifiedHigh
45XXX.XXX.XXX.XXX-xxxx11/04/2022verifiedHigh
46XXX.XX.XXX.XXX-xxxx08/09/2023verifiedHigh
47XXX.XX.XXX.XXxxxxxxxx.xxxxxxxxxxxx.xxxX-xxxx06/25/2023verifiedHigh
48XXX.XXX.XX.XXXX-xxxx10/12/2023verifiedHigh
49XXX.XXX.XX.XXX-xxxx06/19/2022verifiedHigh
50XXX.XXX.XX.XXxxxxxx-xxxxx.xxxxxxxxxx.xxxX-xxxx10/10/2022verifiedHigh
51XXX.XX.XXX.XXXX-xxxx09/04/2023verifiedHigh
52XXX.XXX.XX.XXXxxxxxxxx.xxxxxx.xxx.xxX-xxxx07/30/2022verifiedHigh
53XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxx.xxxx.xxx.xxx.xxX-xxxx02/14/2024verifiedHigh
54XXX.XX.XX.XXXX-xxxx07/18/2022verifiedHigh
55XXX.XX.XXX.XXX-xxxx01/27/2024verifiedHigh
56XXX.XX.XX.XXXX-xxxx11/09/2023verifiedHigh
57XXX.XX.XXX.XXXX-xxxx06/26/2023verifiedHigh
58XXX.XXX.XXX.XXxxxxxxxxx.xxxxxxxx.xxxxxxxxxX-xxxx08/13/2023verifiedHigh
59XXX.XX.XX.XXXX-xxxx12/16/2023verifiedHigh
60XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxX-xxxx12/05/2023verifiedHigh
61XXX.XXX.X.XXX-xxxx07/15/2023verifiedHigh
62XXX.XXX.XXX.XXX-xxxx05/29/2023verifiedHigh
63XXX.XXX.XX.XXXxxxx.xxx.xxX-xxxx03/27/2023verifiedHigh
64XXX.XXX.XXX.XXXX-xxxx07/17/2022verifiedHigh
65XXX.XXX.XX.XXXX-xxxx02/12/2023verifiedHigh
66XXX.XX.XXX.XXXX-xxxx11/04/2022verifiedHigh
67XXX.XXX.XX.XXXxxxx-xxx-xxx-xx-xxx.xxxxxx-xx-xxxxxx.xxX-xxxx03/18/2023verifiedHigh
68XXX.XXX.XX.XXX-xxxx02/03/2024verifiedHigh
69XXX.X.XX.XXxxxx.xxxxxxxx.xxX-xxxx08/01/2023verifiedHigh
70XXX.XXX.XXX.XXXX-xxxx10/04/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (107)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Admin/changepassword.phppredictiveHigh
2File/admin/general-settingpredictiveHigh
3File/admin/servicepredictiveHigh
4File/applications/core/modules/admin/editor/toolbar.phppredictiveHigh
5File/applications/nexus/modules/front/store/store.phppredictiveHigh
6File/catalog/all-productspredictiveHigh
7File/changePasswordpredictiveHigh
8File/forum/away.phppredictiveHigh
9File/goform/addIpMacBindpredictiveHigh
10File/goform/DelDhcpRulepredictiveHigh
11File/goform/delIpMacBindpredictiveHigh
12File/goform/DelPortMappingpredictiveHigh
13File/goform/modifyDhcpRulepredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
21File/xxxxxx/xxxxxxxxxxxpredictiveHigh
22File/xxxxx.xxxpredictiveMedium
23File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
24File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
25File/xxxxxx_xx.xxxpredictiveHigh
26File/xxxxxxxx.xxxpredictiveHigh
27File/xxx/xxxxxxx/xxxpredictiveHigh
28File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
29File/xxxx/xxxxxxx_xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
30File/xxxx/xxxxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
31File/xxxx/xxxxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
32File/xxxx/xxxxxx_xxx.xxxpredictiveHigh
33File/xxxxx/xxxxxxx.xxxpredictiveHigh
34Filexxx/xxx-xx.xpredictiveMedium
35Filexxxxxxx.xxpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexxxxx.xxxpredictiveMedium
40Filexxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
43Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
44Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
45Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
46Filexxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxx-xxxxxx-xxxxxx.xxxxpredictiveHigh
48Filexxxxx.xxxpredictiveMedium
49Filexxx/xxx/xx_xxx.xpredictiveHigh
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxx.xxpredictiveLow
52Filexxxxxxx/xxxxxxxxx/xxx.xxxpredictiveHigh
53Filexxxxxxxx.xxxpredictiveMedium
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxx-xxxxxx.xxxpredictiveHigh
57Filexxxx-xxxxx.xxxpredictiveHigh
58Filexxxx-xxxxxxxx.xxxpredictiveHigh
59Libraryxxxxxxx/xxxxx/xxxxxxxxxxxx.xpredictiveHigh
60Argumentxxxxx_xxxxxpredictiveMedium
61ArgumentxxxxxxxxxxxxxpredictiveHigh
62ArgumentxxxpredictiveLow
63ArgumentxxxxxxxxxxpredictiveMedium
64ArgumentxxxxxxpredictiveLow
65ArgumentxxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxxxxxxpredictiveMedium
67ArgumentxxxxxxxxxxpredictiveMedium
68ArgumentxxxxxxxpredictiveLow
69Argumentxxxxxxx/xxxxpredictiveMedium
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxpredictiveLow
72ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
73Argumentxxxxxxxxx/xxxxxxpredictiveHigh
74Argumentxx/xxxxpredictiveLow
75ArgumentxxxxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxpredictiveLow
79ArgumentxxpredictiveLow
80Argumentxx_xxxxxpredictiveMedium
81ArgumentxxxxxpredictiveLow
82ArgumentxxxxxxxxxxxxxxpredictiveHigh
83ArgumentxxxxxxxxxxxxxpredictiveHigh
84Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
85ArgumentxxxxxpredictiveLow
86ArgumentxxxxxxxxxxpredictiveMedium
87ArgumentxxxpredictiveLow
88ArgumentxxxxxxxxxxxxpredictiveMedium
89Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
90Argumentxx_xxxxxpredictiveMedium
91ArgumentxxxxpredictiveLow
92Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
93ArgumentxxxxpredictiveLow
94ArgumentxxxxpredictiveLow
95ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
96Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
97ArgumentxxxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
100Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
101ArgumentxxxxxxxxxpredictiveMedium
102ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
103ArgumentxxxxpredictiveLow
104ArgumentxxxxxxxxxxpredictiveMedium
105Argumentxxxxxx_xxxxxxxx/xxxxxx_xxxxxxxx/xxxxxxxxxx_xxxxxxxxpredictiveHigh
106Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh
107Input Valuexxx.xxxxxxx.xxx?predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!