Nymaim Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en120
ru98
zh96
pl90
es84

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru102
pl90
es84
it80
de78

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Glupteba1
Nymaim1
QakBot1
Mirai1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined74
WordPress Plugin32
Operating System6
E-Commerce Management Software6
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined44
Tenda24
Microsoft4
Kashipara4
Dahua4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Tenda W15E14
MailCleaner8
Tenda i218
OpenSSH4
Kashipara Online Furniture Shopping Ecommerce Webs ...4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.28CVE-2024-4327
2MailCleaner Email os command injection9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.00CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.11CVE-2024-4348
4MailCleaner Admin Interface cross site scripting5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.00CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.11CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.06CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.08CVE-2024-32951
8Extend Themes Teluro Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33688
9Apache HTTP Server mod_lua Multipart Parser r:parsebody out-of-bounds write8.58.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.088080.07CVE-2021-44790
10Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.08CVE-2024-3074
11Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-28963
12Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.00CVE-2021-41561
13Foliovision FV Flowplayer Video Player Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-32955
14Dell Repository Manager API Module improper authorization8.38.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-28976
15Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-33690
16Pavex Embed Google Photos Album Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32775
17ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
18AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2024-3023
19Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-32948
20Dell Repository Manager Logger Module improper authorization3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-28977

IOC - Indicator of Compromise (65)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
18.253.131.120Nymaim05/11/2022verifiedHigh
28.253.132.120Nymaim05/11/2022verifiedHigh
334.227.185.153ec2-34-227-185-153.compute-1.amazonaws.comNymaim04/14/2022verifiedMedium
437.152.176.90Nymaim07/17/2021verifiedHigh
545.139.105.171Nymaim11/14/2022verifiedHigh
646.4.52.109witntech.devNymaim05/04/2022verifiedHigh
746.47.98.12846-47-98-128.stz.ddns.bulsat.comNymaim07/17/2021verifiedHigh
846.238.18.157ip-46-238-18-157.home.megalan.bgNymaim07/17/2021verifiedHigh
947.91.242.212Nymaim07/17/2021verifiedHigh
1050.22.169.261a.a9.1632.ip4.static.sl-reverse.comNymaim05/04/2022verifiedHigh
1151.218.181.145Nymaim07/17/2021verifiedHigh
1252.85.144.32server-52-85-144-32.iad89.r.cloudfront.netNymaim08/07/2021verifiedHigh
1352.114.128.43Nymaim07/18/2021verifiedHigh
14XX.XXX.XXX.XXxxx-xx.xxxxxxxx.xxXxxxxx10/20/2018verifiedHigh
15XX.XX.XXX.XXXxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxx04/14/2022verifiedHigh
16XX.XXX.XXX.XXXXxxxxx10/20/2018verifiedHigh
17XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxx04/14/2022verifiedHigh
18XX.XX.XX.XXxxxxx07/17/2021verifiedHigh
19XX.XX.XXX.XXXxxxxx07/17/2021verifiedHigh
20XX.XX.XX.XXxxxxxx.xxxxx.xxxxxxxxxxxxx.xxXxxxxx05/04/2022verifiedHigh
21XX.XX.XX.XXXXxxxxx10/20/2018verifiedHigh
22XX.XX.XXX.XXXXxxxxx07/17/2021verifiedHigh
23XX.XX.XXX.XXXXxxxxx10/20/2018verifiedHigh
24XX.XXX.XXX.XXxxxxxxxxx.xxxx.x-xxxxxxxxx.xxXxxxxx05/04/2022verifiedHigh
25XX.XXX.XX.XXxxxxx10/20/2018verifiedHigh
26XX.X.XX.XXXxxxxxxxxxxx.xxxxx.x-xxxxxx.xxXxxxxx07/17/2021verifiedHigh
27XX.XXX.XXX.XXXxxxxx10/20/2018verifiedHigh
28XX.XX.XX.XXXXxxxxx11/14/2022verifiedHigh
29XX.XX.XX.XXxxx-xx-xx-xx.xxxxxx.xxxx.xxxXxxxxx07/17/2021verifiedHigh
30XX.XXX.XXX.XXXXxxxxx07/17/2021verifiedHigh
31XX.XXX.XX.XXXxxxxx07/17/2021verifiedHigh
32XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxx.xxXxxxxx07/17/2021verifiedHigh
33XX.XXX.X.XXxx-xxx-x-xx.xxx.xx.xxXxxxxx10/20/2018verifiedHigh
34XX.XXX.XXX.XXXXxxxxx07/17/2021verifiedHigh
35XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxxx.xxXxxxxx07/17/2021verifiedHigh
36XX.XXX.XX.XXXXxxxxx05/04/2022verifiedHigh
37XX.XX.XXX.XXXXxxxxx07/17/2021verifiedHigh
38XXX.XXX.XXX.XXXXxxxxx11/14/2022verifiedHigh
39XXX.XX.XXX.XXXxxxxx07/17/2021verifiedHigh
40XXX.XX.XX.XXXXxxxxx07/17/2021verifiedHigh
41XXX.XXX.XXX.XXXxxxxx10/20/2018verifiedHigh
42XXX.XXX.XX.XXXxxxxx10/20/2018verifiedHigh
43XXX.XXX.XX.XXXXxxxxx07/17/2021verifiedHigh
44XXX.XX.XX.XXXXxxxxx11/14/2022verifiedHigh
45XXX.XXX.XXX.XXxx-xx-xxx.xxxxx.xxxXxxxxx07/18/2021verifiedHigh
46XXX.X.XXX.XXXxxxx.xxxxxxxxx.xxxXxxxxx05/04/2022verifiedHigh
47XXX.XX.XXX.XXXx-xxx-xx-xxx-xxx.xxxx.xxxx.xxxxxxx.xxXxxxxx10/20/2018verifiedHigh
48XXX.XXX.X.XXXxxxxx10/20/2018verifiedHigh
49XXX.XXX.XXX.XXXXxxxxx10/20/2018verifiedHigh
50XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxxXxxxxx04/14/2022verifiedHigh
51XXX.XXX.XXX.XXX.Xxxxxx10/20/2018verifiedHigh
52XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxXxxxxx10/20/2018verifiedHigh
53XXX.XXX.XX.XXXXxxxxx07/17/2021verifiedHigh
54XXX.XXX.XXX.XXxxxx-xxxxxx-xxx-xxx-xxx-xx.xxxxxxxxxxx.xxXxxxxx10/20/2018verifiedHigh
55XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xx.xxxx.xxxxxx.xxxXxxxxx10/20/2018verifiedHigh
56XXX.XX.XXX.XXXXxxxxx07/17/2021verifiedHigh
57XXX.XXX.XX.Xxxxxxxxxxxxx.xxxxx.x-xxxxxx.xxXxxxxx07/17/2021verifiedHigh
58XXX.XX.XXX.XXXxxxxx07/17/2021verifiedHigh
59XXX.XX.XXX.XXXXxxxxx10/20/2018verifiedHigh
60XXX.XXX.XXX.XXXXxxxxx07/17/2021verifiedHigh
61XXX.XXX.XXX.XXXXxxxxx10/20/2018verifiedHigh
62XXX.XXX.XX.XXxxx.xxxx.xxxxx.xxxXxxxxx10/20/2018verifiedHigh
63XXX.XX.XXX.XXXxxx-xxx-xx-xxx-xxx.xxxxx.xxx.xxXxxxxx07/17/2021verifiedHigh
64XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxx.xxxXxxxxx10/20/2018verifiedHigh
65XXX.XXX.XXX.XXxxxx-xx.xxxxxxxxxxxx.xxxXxxxxx04/14/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (77)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catalog/all-productspredictiveHigh
2File/changePasswordpredictiveHigh
3File/emap/devicePoint_addImgIco?hasSubsystem=truepredictiveHigh
4File/forum/away.phppredictiveHigh
5File/goform/addIpMacBindpredictiveHigh
6File/goform/DelDhcpRulepredictiveHigh
7File/goform/delIpMacBindpredictiveHigh
8File/goform/DelPortMappingpredictiveHigh
9File/goform/modifyDhcpRulepredictiveHigh
10File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
11File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
12File/xxxxxx/xxxxxxxxxxpredictiveHigh
13File/xxxxxx/xxxxxxxxxpredictiveHigh
14File/xxxxxx/xxxxxxxxxxxxxxxxpredictiveHigh
15File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
16File/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
17File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
18File/xxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
19File/xxxxxx/xxxxxxxxxxxpredictiveHigh
20File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
21File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
22File/xxxxxx_xx.xxxpredictiveHigh
23File/xxxxxxxx.xxxpredictiveHigh
24File/xxx/xxxxxxx/xxxpredictiveHigh
25File/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26File/xxxx/xxxxxxx xxxxxx/xxx/xxx_xxxx_xxxxxx.xxxpredictiveHigh
27File/xxxx/xxxxxx_xxx.xxxpredictiveHigh
28Filexxxxx/xxxxxxx/xxxxxxxxxxxxx.xxpredictiveHigh
29Filexxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
32Filexx/xxxxxx/xxxxxxxxxxpredictiveHigh
33Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxx.xxpredictiveLow
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxxxxxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
40Argumentxxxxx_xxxxxpredictiveMedium
41ArgumentxxxxxxxxxxxxxpredictiveHigh
42ArgumentxxxpredictiveLow
43ArgumentxxxxxxxxxpredictiveMedium
44ArgumentxxxxxxxxxxxxpredictiveMedium
45ArgumentxxxxxxxxxxpredictiveMedium
46ArgumentxxxxxxxpredictiveLow
47ArgumentxxxxpredictiveLow
48ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
49Argumentxx/xxxxpredictiveLow
50ArgumentxxxxxxxpredictiveLow
51ArgumentxxpredictiveLow
52ArgumentxxpredictiveLow
53ArgumentxxxxxxxxxxxxxxpredictiveHigh
54ArgumentxxxxxxxxxxxxxpredictiveHigh
55Argumentxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxxxxxpredictiveMedium
59Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
60Argumentxx_xxxxxpredictiveMedium
61ArgumentxxxxpredictiveLow
62Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
63ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
64Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
65ArgumentxxxxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
68ArgumentxxxxxxxxxxpredictiveMedium
69Argumentxxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxpredictiveHigh
70ArgumentxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
72Argumentxxxx_xxxxxx_xxx/xxxxx_xxxpredictiveHigh
73ArgumentxxxxpredictiveLow
74ArgumentxxxxxxxxxxpredictiveMedium
75ArgumentxxxxxxpredictiveLow
76Argumentxxx_xxxpredictiveLow
77Argumentxxxx/xxxxx/xxx/xxxx/xxxxxx/xxxxxxpredictiveHigh

References (12)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!