LoJax Analysisinfo

IOB - Indicator of Behavior (156)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en144
ru4
de4
es2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
MikroTik RouterOS4
Yahoo! Messenger4
Apache HTTP Server4
Microsoft Exchange Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.04CVE-2016-6195
2IPS IP.Board ipsconnect.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003070.03CVE-2014-9239
3WordPress Editor information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006560.03CVE-2021-29450
4Microsoft .NET Framework Code Access Security cryptographic issues9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.001630.05CVE-2008-5100
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.021951.20CVE-2010-0966
6Arthur Konze Webdesign akocomment akocomments.php file inclusion7.36.4$0-$5k$0-$5kUnprovenUnavailable0.009540.03CVE-2006-4281
7Apache HTTP Server mod_cgid resource management5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.247150.00CVE-2014-0231
8SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.05CVE-2024-3353
9Wpmet Wp Ultimate Review Plugin cross-site request forgery5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000620.00CVE-2023-28987
10MariaDB init_expr_cache_tracker memory corruption5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001140.05CVE-2022-32083
11Campcodes Online Matrimonial Website System Script SVG Document upload cross site scripting6.66.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.016290.04CVE-2023-39115
12Triangle MicroWorks SCADA Data Gateway Event Log neutralization2.22.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2023-39461
13IceWarp cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.003580.00CVE-2023-37728
14tagDiv Composer Plugin Facebook Login improper authentication7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003270.00CVE-2022-3477
15jeecg-boot upload unrestricted upload6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000670.04CVE-2023-34660
16Tenda AC10 SetNetControlList stack-based overflow6.16.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2023-34569
17LavaLite CMS Header injection4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.001630.00CVE-2023-27237
18KMPlayer SHFOLDER.dll uncontrolled search path6.16.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.001490.18CVE-2023-1745
19Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.37
20Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001470.08CVE-2008-2052

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • LoJax

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.23.82.72LoJax10/13/2018verifiedLow
22.2.82.64LoJax10/13/2018verifiedLow
32.12.51.56arennes-655-1-148-56.w2-12.abo.wanadoo.frLoJax10/13/2018verifiedLow
43.95.29.25ec2-3-95-29-25.compute-1.amazonaws.comLoJax10/13/2018verifiedVery Low
5XX.X.XX.XXxxxx10/13/2018verifiedLow
6XX.XX.XX.XXXxxxx10/13/2018verifiedLow
7XX.XX.XX.XXxxxx10/13/2018verifiedLow
8XX.XXX.XXX.XXXxxxxXxxxx12/15/2020verifiedLow
9XX.XXX.XXX.XXXx.xxxxx.xx.xxxXxxxxXxxxx12/15/2020verifiedLow
10XXX.XX.XXX.XXXxxxxXxxxx12/15/2020verifiedLow
11XXX.XX.XXX.XXXxxx.xxxxxxxxxx.xxxXxxxxXxxxx12/15/2020verifiedVery Low
12XXX.XX.XXX.XXXXxxxxXxxxx12/15/2020verifiedLow
13XXX.XX.XXX.XXxxxx.xxxxxxx.xxXxxxxXxxxx12/15/2020verifiedLow
14XXX.XX.XXX.XXXXxxxxXxxxx12/15/2020verifiedLow
15XXX.XX.XXX.XXXxxxxXxxxx12/15/2020verifiedLow
16XXX.XXX.XX.XXXXxxxxXxxxx12/15/2020verifiedLow

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (82)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/api/plugin/uninstallpredictiveHigh
3File/bin/boapredictiveMedium
4File/etc/puppetlabs/puppetserver/conf.d/ca.confpredictiveHigh
5File/goform/SetNetControlListpredictiveHigh
6File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
7File/hrm/employeeadd.phppredictiveHigh
8File/jeecg-boot/jmreport/uploadpredictiveHigh
9File/modules/tasks/summary.inc.phppredictiveHigh
10File/xxxx/xxx/x/xxxx/xxxxxxpredictiveHigh
11File/xxxxxxx/predictiveMedium
12File/xxx/xxx-xxx/xxx-xxx/xxxxxx.xxxpredictiveHigh
13File/_xxxxpredictiveLow
14Filexxxxxxxx/xxxxxx/xxxx_xxxxxx.xpredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx/xxxxxxxx.xxxpredictiveHigh
17Filexxxxx/xxxxx.xxx?xx=xxxxxpredictiveHigh
18Filexxxxx/xxx_xxxxxxx/xxxxx.xxxpredictiveHigh
19Filexxx.xxxpredictiveLow
20Filexxxxxxxxxxx.xxxpredictiveHigh
21Filexx/xxxxxx_xxx.xxxpredictiveHigh
22Filexxxx/xxx.xxxxxxxxxx/xxxxxxxxxpredictiveHigh
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexxxxx_xxxxxx.xpredictiveHigh
26Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
27Filexxxx.xxxpredictiveMedium
28Filexxxxxxxx/xxxx_xxxxpredictiveHigh
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
32Filexxxxxxx/xxx-xxxxxxxx/xxxxxxpredictiveHigh
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxx_xxxx.xxxpredictiveHigh
35Filexxxxxx.xpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx/xxxxxxx-xxxxxx.xpredictiveHigh
38Filexxx_xxxxx_xxxx.xpredictiveHigh
39Filexxx/xxxx/xxxx.xpredictiveHigh
40Filexxx/xxxxxxxx-xxxxx.xpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexxxxxxx.xpredictiveMedium
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
46Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
47Filexxxxxx/xxxx.xxxpredictiveHigh
48Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
50Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
51Filexx-xxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxx.xxxpredictiveMedium
53Libraryxxxxxxx.xxxpredictiveMedium
54Libraryxxxxxxxx.xxxpredictiveMedium
55Argument-xpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57Argumentxxxxx/xxxpredictiveMedium
58Argumentxxxx_xxpredictiveLow
59Argumentxxxx_xxxxxx=xxxxpredictiveHigh
60ArgumentxxxxxpredictiveLow
61ArgumentxxxxpredictiveLow
62ArgumentxxxxpredictiveLow
63ArgumentxxxxpredictiveLow
64ArgumentxxpredictiveLow
65ArgumentxxxxpredictiveLow
66Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
67Argumentx_xxxxpredictiveLow
68Argumentxxxx_xxxxpredictiveMedium
69ArgumentxxxxxxxpredictiveLow
70Argumentxxxxxxxx_xxxpredictiveMedium
71Argumentxxxxxx/xxxxxpredictiveMedium
72Argumentxxxxxxxxx_xxxxxx_xxxpredictiveHigh
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxpredictiveLow
75ArgumentxxxxxpredictiveLow
76ArgumentxxxpredictiveLow
77ArgumentxxxxpredictiveLow
78Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
79ArgumentxxxxxxxxxpredictiveMedium
80Argument_xxxxxpredictiveLow
81Input Valuexxx=/&xxxpredictiveMedium
82Input Value…/.predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!