LazyScripter Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (214)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en178
fr20
de6
zh4
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA182
CH: Switzerland4
CN: China4
FR: France4
PL: Poland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NjRAT2
AsyncRAT2
LazyScripter2
RATLoader1
Purple Fox1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined60
Content Management System16
Operating System6
Web Browser4
Firewall Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
Microsoft8
Google4
baigo4
Apple4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Ilohamail4
Microsoft Windows4
Google Chrome4
baigo CMS4
WebsiteBaker2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.44CVE-2010-0966
3Gempar Script Toko Online shop_display_products.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003730.07CVE-2009-0296
4Ecommerce Online Store Kit shop.php sql injection9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.028070.00CVE-2004-0300
5WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable 0.009570.02CVE-2006-5509
6FiberHome HG2201T telnet.cgi input validation8.08.0$0-$5k$0-$5kNot definedNot defined 0.004090.07CVE-2019-17186
7Google Chrome Utility Process race condition9.89.4$25k-$100k$0-$5kNot definedOfficial fix 0.039490.00CVE-2011-3961
8DataLynx suGuard privileges management5.95.4$0-$5k$0-$5kProof-of-ConceptNot defined 0.001280.00CVE-1999-0388
9Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround 0.041940.00CVE-2001-0821
10MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.05
11Linksys WVC11B main.cgi cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.005300.00CVE-2004-2508
12Asternic Flash Operator Panel User Control Panel command injection7.57.5$0-$5k$0-$5kNot definedNot defined 0.013960.00CVE-2018-5694
13Contenido Contendio allow_url_fopen file inclusion7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.005660.09CVE-2005-4132
14Microsoft Windows Remote Desktop/Terminal Services Web Connection improper authentication6.36.2$25k-$100k$0-$5kNot definedWorkaround 0.000000.05
15Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot definedOfficial fix 0.000000.00
16Microsoft IIS Error Message cross site scripting6.36.0$5k-$25k$0-$5kNot definedOfficial fix 0.128300.04CVE-2000-1104
17Microsoft IIS Error Message cross site scripting4.24.0$25k-$100k$0-$5kNot definedOfficial fix 0.083420.00CVE-2003-0223
18Adobe ColdFusion cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.064470.03CVE-2007-0817
19D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$0-$5kProof-of-ConceptNot defined 0.003540.05CVE-2013-3096
20SourceCodester Garage Management System createUser.php access control6.35.7$0-$5k$0-$5kProof-of-ConceptNot defined 0.000560.04CVE-2022-2578

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.91.92.112LazyScripter03/11/2022verifiedLow
266.29.130.204server1.gowaymevps.xyzLazyScripter03/11/2022verifiedVery Low
3103.73.64.115LazyScripter03/11/2022verifiedLow
4XXX.XXX.X.XXXxxxxxxxxxxx03/23/2022verifiedLow
5XXX.XXX.XXX.XXXXxxxxxxxxxxx03/11/2022verifiedLow
6XXX.XXX.XXX.XXXxxxxxxxxxxx05/31/2021verifiedLow
7XXX.XXX.XXX.XXXxxxxxxxxxxx03/11/2022verifiedLow
8XXX.XX.XXX.XXXXxxxxxxxxxxx03/11/2022verifiedLow
9XXX.XXX.XXX.XXXxxxx.xxxxxxx.xxxXxxxxxxxxxxx05/31/2021verifiedLow
10XXX.XX.XXX.XXXXxxxxxxxxxxx03/11/2022verifiedLow
11XXX.XXX.XXX.XXXxxxxxxxxxxx05/31/2021verifiedLow

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (98)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/catalog/admin/categories.php?cPath=&action=new_productpredictiveHigh
2File/etc/passwdpredictiveMedium
3File/inc/HTTPClient.phppredictiveHigh
4File/php_action/createUser.phppredictiveHigh
5File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveHigh
6Fileaddentry.phppredictiveMedium
7Fileadmin.phppredictiveMedium
8Fileadmin/admin.shtmlpredictiveHigh
9FileAdmin/ADM_Pagina.phppredictiveHigh
10Fileadmin/editcatalogue.phppredictiveHigh
11Fileadmin/menus/edit.phppredictiveHigh
12Fileapage.cgipredictiveMedium
13Filexx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxxpredictiveHigh
14Filexxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx_xxxx.xxxpredictiveHigh
17Filexxx_xxxx.xpredictiveMedium
18Filexxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx-xxxxxpredictiveMedium
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxxx_xxx_xxxxx.xxxpredictiveHigh
24Filexxxxxxxxxx-xx-xxxxxx/xxxx/xxxx.xxxpredictiveHigh
25Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
26Filexxx/xxxxxx.xxxpredictiveHigh
27Filexxxxxxx/xxxx_xxxxxxxx.xxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxxxxxxx.xxxpredictiveHigh
31Filexxxx_xxxx.xxxpredictiveHigh
32Filexxxxx_xx.xxxxpredictiveHigh
33Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxx_xxxx.xxxpredictiveMedium
38Filexxx_xxxx.xxx.xxxpredictiveHigh
39Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHigh
40Filexxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx-x.xxpredictiveHigh
42Filexxxxxxxx_xxxx.xxxpredictiveHigh
43Filexxxx/xxxxxxx/xxxxxxxxxxxxx_xxx.xxxpredictiveHigh
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxx.xxxpredictiveMedium
46Filexxxxxxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
50Filexxxxx_xxxxx.xxxpredictiveHigh
51Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxxx_xxxxxxx.xxxpredictiveHigh
53Filexxxxxx.xxxpredictiveMedium
54Filexxxx_xxxxx.xxxpredictiveHigh
55Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
56Filexxxx.xxxpredictiveMedium
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxxxxxx.xxxpredictiveMedium
59Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
60Libraryxxxxxx.xxxpredictiveMedium
61Libraryxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
62Libraryxxx/xx_xxx.xpredictiveMedium
63Argument(xxxxxx)predictiveMedium
64Argumentxxx_xxpredictiveLow
65ArgumentxxxxxxxxpredictiveMedium
66Argumentxx_xxxx_xxxxpredictiveMedium
67ArgumentxxxpredictiveLow
68ArgumentxxxxxpredictiveLow
69Argumentxxx_xxpredictiveLow
70ArgumentxxxpredictiveLow
71Argumentxxxx_xxpredictiveLow
72ArgumentxxxxxxxpredictiveLow
73Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
74Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
75Argumentxxxxxx_xxxxpredictiveMedium
76ArgumentxxxxxxxpredictiveLow
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxxxpredictiveLow
79ArgumentxxpredictiveLow
80ArgumentxxpredictiveLow
81Argumentxxxx_xxpredictiveLow
82Argumentxxxxx_xxxxpredictiveMedium
83ArgumentxxxxxxpredictiveLow
84Argumentxxxx_xxxxpredictiveMedium
85Argumentxxx[xxxx][xx_xxxx_xxxx]predictiveHigh
86Argumentxxxx_xxpredictiveLow
87ArgumentxxxxpredictiveLow
88Argumentxxxxxx_xxxxpredictiveMedium
89ArgumentxxxxxxxxpredictiveMedium
90Argumentxxxxxx_xxxx[]predictiveHigh
91ArgumentxxxxxxpredictiveLow
92ArgumentxxxxxpredictiveLow
93ArgumentxxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95Argumentx-xxxx-xxxxxpredictiveMedium
96Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
97Input Value//xxx.xxxxxxx.xxxpredictiveHigh
98Pattern|xx xx xx|predictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!