Lorec53 Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en52
fr2
it1
es1

Country

Actors

Activities

Interest

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1phpLinkat showcat.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.04CVE-2008-3406
2PHP URL Validation filter_var input validation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-7071
3Spidersales viewCart.asp sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2004-0348
4PHP Scripts Mall PHP Multivendor Ecommerce sellerupd.php cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.00CVE-2017-17956
5Cartweaver ColdFusion Details.cfm sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.00CVE-2006-2046
6rakibtg Docker Dashboard API terminal.js os command injection7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-27886
7Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2014-2120
8Pulse Secure Pulse Connect Secure Meeting Room buffer overflow8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2021-22894
9Fortinet FortiOS Two Factor Authentication improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2020-12812
10Microsoft Windows Event Tracing Privilege Escalation8.37.3$100k and more$25k-$100kUnprovenOfficial Fix0.00CVE-2021-38630
11SteelSeries Device Driver Installer access control7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.06
12Microsoft Windows Kernel Privilege Escalation8.37.7$100k and more$25k-$100kFunctionalOfficial Fix0.03CVE-2021-31979
13PHP EXIF exif_process_IFD_in_MAKERNOTE memory corruption7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-9639
14Unitrends Enterprise Backup Web Server access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-7279
15FanUpdate show-cat.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.08CVE-2009-3308
16Easysitenetwork Recipe Website Script list.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.09CVE-2008-0453
17Gallarific PHP Photo Gallery script gallery.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2011-0519
18Chadha PHPKB Standard Multi-Language manage-departments.php cross-site request forgery5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-10501
19zOOm Media Gallery index.php sql injection7.37.3$5k-$25k$0-$5kNot DefinedNot Defined0.03CVE-2005-1079
20Joomplace Com Joomportfolio index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.03CVE-2009-4428

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Phishing Georgian Government

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
145.12.5.62sarimp.websiteLorec53verifiedHigh
2XX.XXX.XXX.XXXxxxxxxXxxxxxxx Xxxxxxxx XxxxxxxxxxverifiedHigh
3XXX.XXX.XX.XXXXxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (59)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2Fileadmin/gallery.phppredictiveHigh
3Fileadmin/manage-departments.phppredictiveHigh
4Fileadmin/sellerupd.phppredictiveHigh
5Filebackend/utilities/terminal.jspredictiveHigh
6Filecat.phppredictiveLow
7Filecategory.phppredictiveMedium
8Fileconfig.inc.phppredictiveHigh
9FileDetails.cfmpredictiveMedium
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxx.xxxpredictiveMedium
17Filexxxxxxxxxx.xxxpredictiveHigh
18Filexxxx.xxxpredictiveMedium
19Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxx/xxxxx.xxxpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxx.xxxpredictiveMedium
25Filexxxx-xxx.xxxpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxxxx.xxxpredictiveHigh
32Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
33Argument$_xxxxxx['xxxxxx_xxxx']predictiveHigh
34Argumentxxxx_xxxpredictiveMedium
35ArgumentxxxpredictiveLow
36ArgumentxxxxxxxxxxpredictiveMedium
37ArgumentxxxxxpredictiveLow
38ArgumentxxxxxpredictiveLow
39Argumentxxx_xxpredictiveLow
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxxxxxxxxxxpredictiveMedium
42Argumentxxxx_xxxpredictiveMedium
43ArgumentxxpredictiveLow
44Argumentxx_xxxxpredictiveLow
45ArgumentxxxxxxpredictiveLow
46ArgumentxxxxxxpredictiveLow
47ArgumentxxxxxxxxxpredictiveMedium
48ArgumentxxxxxxpredictiveLow
49Argumentxxx_xxxxxxx_xxxpredictiveHigh
50ArgumentxxxxxxxxpredictiveMedium
51Argumentxxxx_xxpredictiveLow
52ArgumentxxxxxxpredictiveLow
53ArgumentxxxxxxpredictiveLow
54ArgumentxxxxxpredictiveLow
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxpredictiveLow
57ArgumentxxxxxxxxxxpredictiveMedium
58ArgumentxxxxxpredictiveLow
59ArgumentxxxxxxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!