Lorenz 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (82)

タイムライン

言語

en66
es10
ar2
de2
zh2

国・地域

us30
cn10
ir6
ar2
ru2

アクター

Lorenz5
Cobalt Strike3
Raccoon2
BumbleBee2
YoroTrooper1

アクティビティ

関心

タイムライン

タイプ

Not Defined30
Bug Tracking Software28
Anti-Malware Software2
Forum Software2
Virtualization Software2

ベンダー

Not Defined24
GitLab18
Oracle6
SonicWALL2
Google2

製品

GitLab Enterprise Edition16
GitLab Community Edition10
Oracle REST Data Services6
SonicWALL AntiSpam 2
SonicWALL EMail Security Appliance2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k計算中HighWorkaround0.020160.00CVE-2007-1192
2Oracle REST Data Services サービス拒否7.06.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.033590.04CVE-2023-24998
3Extreme EXOS メモリ破損7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.002090.00CVE-2017-14328
4SentryHD 特権昇格5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.07
5GitLab Community Edition/Enterprise Edition Bowser Cache 情報の漏洩5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000790.00CVE-2018-18640
6Oracle REST Data Services General 情報の漏洩4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2020-14745
7Oracle REST Data Services 情報の漏洩5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.475550.00CVE-2021-34429
8HP System Management Homepage Access Restriction メモリ破損10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.210360.00CVE-2011-1541
9nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.69CVE-2020-12440
10Teltonika Remote Management System/RUT 特権昇格8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.02CVE-2023-32350
11python-jwt 弱い認証8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.32CVE-2022-39227
12OpenSSH Forward Option roaming_common.c roaming_write メモリ破損8.17.6$25k-$100k$0-$5kUnprovenOfficial Fix0.002660.00CVE-2016-0778
13Technicolor TC7337NET Password 弱い暗号化7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.012180.04CVE-2020-10376
14Nextcloud Password Policy 情報の漏洩2.72.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.00CVE-2022-35931
15Citrix XenServer ディレクトリトラバーサル8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.023400.06CVE-2018-14007
16polkit polkitd 情報の漏洩5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.00CVE-2018-1116
17Apache HTTP Server mod_proxy 特権昇格7.37.3$5k-$25k$5k-$25kHighNot Defined0.974460.05CVE-2021-40438
18mod_ssl SSLVerifyClient Remote Code Execution9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002140.02CVE-2005-2700
19Huawei ACXXXX/SXXXX SSH Packet 特権昇格7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
20Vim メモリ破損7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2021-3984

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CVE-2022-29499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
164.190.113.100LorenzCVE-2022-294992022年09月20日verified
2137.184.181.252LorenzCVE-2022-294992022年09月20日verified
3XXX.XX.XX.XXxxxx.xxxxxxxxxxxxxx.xxxXxxxxxXxx-xxxx-xxxxx2022年09月20日verified
4XXX.XX.XX.XXXxxxxxXxx-xxxx-xxxxx2022年09月20日verified
5XXX.XXX.XXX.XXXxxxxxXxx-xxxx-xxxxx2022年09月20日verified
6XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx.xxxxXxxxxxXxx-xxxx-xxxxx2022年09月20日verified
7XXX.XXX.XXX.XXXXxxxxxXxx-xxxx-xxxxx2022年09月20日verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCAPEC-55CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1Fileconfig.xmlpredictive
2Filecontact.phppredictive
3Filecontact_support.phppredictive
4Filedata/gbconfiguration.datpredictive
5Filexxxx.xxxpredictive
6Filexxx/xxxxxx.xxxpredictive
7Filexxxxx.xxxpredictive
8Filexxxxxxxxxxxxxxx.xxxxpredictive
9Filexxxxxx_xxxx_xxx_xxx.xxxpredictive
10Filexxx_xxxxx.xpredictive
11Filexxxxxxxx.xxxpredictive
12Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictive
13Filexxxxxxx_xxxxxx.xpredictive
14Filexxxx-xxxxxxxx.xxxpredictive
15Filexxx.xpredictive
16Filexx-xxxxxxx/xxxxxxx/xxxx/xxpredictive
17Argumentxxxxxxxxpredictive
18Argumentxxxxxxxxxxxxxxpredictive
19Argumentxxxxxxx_xxpredictive
20Argumentxxxxxxxpredictive
21Argumentxxxxpredictive
22Argumentxxxxxxxxpredictive
23Argumentxxxxxxxxpredictive
24Argumentxxxxpredictive
25Argumentxxxpredictive
26Network Portxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!