Lilith 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (338)

タイムライン

言語

en266
ru22
ja12
de10
ar6

国・地域

ru94
us28
cn22
es4
nl2

アクター

Lilith4
RedLine Stealer3
Sliver2
RecordBreaker2
Cobalt Strike2

アクティビティ

関心

タイムライン

タイプ

Not Defined152
WordPress Plugin20
Operating System20
Content Management System18
Web Browser14

ベンダー

Not Defined106
Google10
Apple10
Cisco8
Apache6

製品

Google Chrome8
Linux Kernel6
Dahua DHI-HCVR7216A-S34
Grafana4
FreeRDP4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.63CVE-2010-0966
2MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013021.10CVE-2007-0354
3Atlassian Bitbucket Server and Data Center Environment Variable 特権昇格7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.521360.00CVE-2022-43781
4Atlassian Bitbucket Data Center/Bitbucket Server Privilege Escalation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.05CVE-2023-22513
5Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash 特権昇格6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.05CVE-2017-6342
6Cyr to Lat Plugin SQLインジェクション6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2022-4290
7nophp index.php 特権昇格7.47.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.03CVE-2023-28854
8SourceCodester Simple Task Allocation System manage_user.php SQLインジェクション7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.04CVE-2023-1791
9SourceCodester Young Entrepreneur E-Negosyo System login.php SQLインジェクション7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.00CVE-2023-1737
10Lighthouse Development Squirrelcart cart_content.php 特権昇格6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.027310.04CVE-2006-2483
11Jelsoft impex ImpExData.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.043170.04CVE-2006-1382
12phpBG forum.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.222280.04CVE-2007-4636
13Linux Foundation Xen EFLAGS Register SYSENTER 特権昇格6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
14PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.30CVE-2015-4134
15HPE Onboard Administrator Reflected クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.04CVE-2020-7132
16xwikisas macro-pdfviewer PDF Viewer Macro 情報の漏洩6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
17Moises Heberle WooCommerce Bookings Calendar Plugin クロスサイトスクリプティング5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
18Foxit PDF Reader AcroForm メモリ破損7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2024-30354
19Tenda AC10 SetStaticRouteCfg fromSetRouteStatic メモリ破損8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-2581
20MediaTek MT8798 Lk メモリ破損6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
131.13.195.81Lilith2022年12月27日verified
2XX.X.XXX.XXXXxxxxx2023年06月28日verified
3XX.XX.XXX.XXXxxxxx2023年06月28日verified
4XX.XXX.XX.XXXXxxxxx2023年06月28日verified
5XXX.X.XX.XXXxxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxx2023年06月28日verified

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-24, CWE-425Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
17TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
18TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
19TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
20TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
21TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (179)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin.php/admin/art/data.htmlpredictive
2File/admin.php/pic/admin/pic/delpredictive
3File/ajax.php?action=read_msgpredictive
4File/debug/pprofpredictive
5File/desktop_app/file.ajax.php?action=uploadfilepredictive
6File/envpredictive
7File/forum/away.phppredictive
8File/goform/SetNetControlListpredictive
9File/goform/SetStaticRouteCfgpredictive
10File/librarian/bookdetails.phppredictive
11File/ptipupgrade.cgipredictive
12File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictive
13File/src/chatbotapp/chatWindow.javapredictive
14File/staff/bookdetails.phppredictive
15Fileabout.phppredictive
16Fileadmin.color.phppredictive
17Fileadmin/addons/archive/archive.phppredictive
18Fileadmin/categories_industry.phppredictive
19Fileadmin/class-woo-popup-admin.phppredictive
20Fileadmin/content/postcategorypredictive
21Fileadmincp/auth/secure.phppredictive
22Filexxxxxxxxxxxx/xxxxx/xxxx/predictive
23Filexxxxxxxxx.xxxpredictive
24Filexxxxx.xxxpredictive
25Filexxx_xx_xxx_xxx.xxxpredictive
26Filexxxxxxx/xxxx.xxxpredictive
27Filexxxxxxxx.xxxpredictive
28Filexxxxxxxx.xxxxxxx.xxxpredictive
29Filexxxx_xxxxxxxx.xxxpredictive
30Filexxx.xpredictive
31Filexxxxx.xxxpredictive
32Filexxxx_xxxxxxx.xxxpredictive
33Filexxxxxxxx.xxxpredictive
34Filexxxxxxxx/xxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxx.xxxpredictive
35Filexxxpredictive
36Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictive
37Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictive
38Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictive
39Filexxxxxx.xxxpredictive
40Filexxxxxxx/xxx/xxx-xx.xpredictive
41Filexxx_xxxx.xpredictive
42Filexxxxx.xxxpredictive
43Filexxx/xxxxx.xxxxxpredictive
44Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictive
45Filexxxxxxxxxxxx_xxxx.xxxpredictive
46Filexxxx.xxxpredictive
47Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
48Filexxxxxx.xxxpredictive
49Filexxxxxxxxx.xxxpredictive
50Filexxx/xxxxxx.xxxpredictive
51Filexxxxxxx/xxxxx.xxx.xxxpredictive
52Filexxxxxxx/xxxxxx.xxxpredictive
53Filexxxxxxxx/xxxx.xxxpredictive
54Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictive
55Filexxxxx.xxxxpredictive
56Filexxxxx.xxxpredictive
57Filexxxxxx/xxxxxx/xxxxx.xxxpredictive
58Filexx_xxxxx.xpredictive
59Filexxxxx_xxxxx.xpredictive
60Filexxxxxx/xxx/xxxxxxxx.xpredictive
61Filexxxxxxxx.xxx.xxxpredictive
62Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictive
63Filexxxx.xxxpredictive
64Filexxxxx.xxxpredictive
65Filexxxxx.xxxpredictive
66Filexxxxxx_xxxx.xxxpredictive
67Filexxxxxx.xxxpredictive
68Filexxxxxxxx.xxxpredictive
69Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictive
70Filexxx/xxxxxxxxx/xx_xxx_xxxxxx.xpredictive
71Filexxxx_xxxxxx.xxxpredictive
72Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
73Filexxxxxxxxxxx-xxxx.xxpredictive
74Filexxxxxxxxx.xxx.xxxpredictive
75Filexxxxxxx/xxx/predictive
76Filexxxxxxxxx/xxxxx.xxxxxpredictive
77Filexxxxxxxxxxxxxx.xxxpredictive
78Filexxxxx/xxxxx.xxxxxpredictive
79Filexxxxxxx.xpredictive
80Filexxxxxxxx.xxxpredictive
81Filexxxxxxxxxxxxx.xxxpredictive
82Filexx_xxxx.xxpredictive
83Filexxxxxx-xxxxxx.xxxpredictive
84Filexxxxxx_xxx_xxxxxx.xxxpredictive
85Filexxxx_xxxxxxxxx.xxxpredictive
86Filexxxxxxxxxxxx.xxxpredictive
87Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
88Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictive
89Filexxxxxxxxx/xxxxxxxx.xxxpredictive
90Filexxx.xpredictive
91Filexxxxxxxxxxxxxxxxpredictive
92Filexxxxxxx_xxxxxxx.xxxpredictive
93Filexxxxxxxxx-xx-xxxxxxxx.xxxpredictive
94Filexxxxxxxxxx.xxxpredictive
95Filexxx-xxxxxxx-xxx.xxpredictive
96Filexxxx-xxxxx.xxxpredictive
97Filexxxxxxxxxxxxxxx.xxxpredictive
98Filexxxxxxxxxxxxxx.xxxxpredictive
99Filexxxxxxx.xpredictive
100Filexxxxxxxxx.xxxpredictive
101Filexxx.xxxpredictive
102Filexx-xxxxx-xxxxxx.xxxpredictive
103Filexx-xxxxxxxxx.xxxpredictive
104File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictive
105Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictive
106Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictive
107Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictive
108Libraryxxxxxxx.xxxpredictive
109Libraryxxxxx.xxxpredictive
110Libraryxxxxxxxxxxxxx.xxx)predictive
111Argumentxxxxxxpredictive
112Argumentxxxxxxxxxxxpredictive
113Argumentxxxpredictive
114Argumentxxxxxxx_xxxxpredictive
115Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
116Argumentxxxxxxpredictive
117Argumentxxxxxxxxpredictive
118Argumentxxxxxxpredictive
119Argumentx:\xxxxxxx\xpredictive
120Argumentxxxxx_xxxxpredictive
121Argumentxxxx_xxx_xxxxpredictive
122Argumentxxx_xxpredictive
123Argumentxxxxxxxxxxpredictive
124Argumentxxxpredictive
125Argumentxxxxx_xxpredictive
126Argumentxxxxxxxxpredictive
127Argumentxxxxxxxxxxxxxxxxxpredictive
128Argumentxxx_xxxpredictive
129Argumentxxxxx_xxxx_xxxxpredictive
130Argumentxxxpredictive
131Argumentxxxxpredictive
132Argumentxxxxpredictive
133Argumentxxxx_xxxxxpredictive
134Argumentxxxxxxxxpredictive
135Argumentxxxxxx_xxxpredictive
136Argumentxxxxpredictive
137Argumentxxpredictive
138Argumentxxxxxxxxxpredictive
139Argumentxxx_xxxpredictive
140Argumentxxxxxxxpredictive
141Argumentxxxxxxpredictive
142Argumentxxxxx_xxxpredictive
143Argumentxxxxxxxxpredictive
144Argumentxxxxpredictive
145Argumentxxxxpredictive
146Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
147Argumentxxxxxxxxx_xxxx_xxxxpredictive
148Argumentxxxxxpredictive
149Argumentxxpredictive
150Argumentxxxxxx xxxxxxpredictive
151Argumentxxxx_xxpredictive
152Argumentxxxxpredictive
153Argumentxxxxxxxxxpredictive
154Argumentxxxxx_xxxx_xxxxpredictive
155Argumentxxxxx_xxxxxxx_xxxxpredictive
156Argumentxxxpredictive
157Argumentxxxxxxxxxpredictive
158Argumentxxxxxxxpredictive
159Argumentxxx_xxxxpredictive
160Argumentx_xxxxpredictive
161Argumentxxxxxxxpredictive
162Argumentxxxxxx/xxxxxx_xxxxxxpredictive
163Argumentxxxxxx/xxxxxpredictive
164Argumentxxxpredictive
165Argumentxxxxxpredictive
166Argumentxxx_xxxxxxxxxxxxpredictive
167Argumentxxxxxxxxxxpredictive
168Argumentxx_xxpredictive
169Argumentxxxxxxxxxxxpredictive
170Argumentxxpredictive
171Argumentxxxpredictive
172Argumentxxxxxxpredictive
173Argumentxxxxxxxxpredictive
174Argumentx_xxxxxxxxpredictive
175Argumentx-xxxxxxxxx-xxxxpredictive
176Argument\xxx\predictive
177Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
178Input Value../../../xxx/xxxxxxpredictive
179Input Value//xxx//xxxxxxx.xxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!