Lorenz Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (80)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en70
es6
ru2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us26
cn10
ir4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lorenz5
Cobalt Strike3
Raccoon2
BumbleBee2
Fodcha1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined32
Bug Tracking Software28
Web Server2
Virtualization Software2
Anti-Malware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
GitLab22
Geoff Davies4
Oracle4
Google2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

GitLab Community Edition18
GitLab Enterprise Edition16
TensorFlow4
GitLab4
Geoff Davies Contact Forms4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.01847CVE-2007-1192
2Oracle REST Data Services denial of service7.06.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.00408CVE-2023-24998
3SentryHD privileges management5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.130.00000
4GitLab Community Edition/Enterprise Edition Bowser Cache information disclosure5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.300.00079CVE-2018-18640
5Oracle REST Data Services General information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00054CVE-2020-14745
6Oracle REST Data Services information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.81274CVE-2021-34429
7HP System Management Homepage Access Restriction memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.22515CVE-2011-1541
8nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined4.550.00000CVE-2020-12440
9Teltonika Remote Management System/RUT os command injection8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00050CVE-2023-32350
10python-jwt authentication spoofing8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00092CVE-2022-39227
11OpenSSH Forward Option roaming_common.c roaming_write memory corruption8.17.6$25k-$100k$0-$5kUnprovenOfficial Fix0.180.00332CVE-2016-0778
12Technicolor TC7337NET Password cleartext transmission7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.070.01430CVE-2020-10376
13Nextcloud Password Policy weak encoding for password2.72.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00048CVE-2022-35931
14Citrix XenServer path traversal8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.34957CVE-2018-14007
15polkit polkitd information disclosure5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00066CVE-2018-1116
16Apache HTTP Server mod_proxy server-side request forgery7.37.3$25k-$100k$25k-$100kNot DefinedNot Defined0.100.97515CVE-2021-40438
17mod_ssl SSLVerifyClient Remote Code Execution9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.070.00214CVE-2005-2700
18Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00218CVE-2014-8572
19Vim heap-based overflow7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00102CVE-2021-3984
20Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.470.00151CVE-2008-2052

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2022-29499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.190.113.100LorenzCVE-2022-2949909/20/2022verifiedHigh
2137.184.181.252LorenzCVE-2022-2949909/20/2022verifiedHigh
3XXX.XX.XX.XXxxxx.xxxxxxxxxxxxxx.xxxXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh
4XXX.XX.XX.XXXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh
5XXX.XXX.XXX.XXXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh
6XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx.xxxxXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileconfig.xmlpredictiveMedium
2Filecontact.phppredictiveMedium
3Filecontact_support.phppredictiveHigh
4Filedata/gbconfiguration.datpredictiveHigh
5Filexxxx.xxxpredictiveMedium
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
9Filexxxxxx_xxxx_xxx_xxx.xxxpredictiveHigh
10Filexxx_xxxxx.xpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
13Filexxxxxxx_xxxxxx.xpredictiveHigh
14Filexxxx-xxxxxxxx.xxxpredictiveHigh
15Filexxx.xpredictiveLow
16Filexx-xxxxxxx/xxxxxxx/xxxx/xxpredictiveHigh
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxxxxxxxxxxxxpredictiveHigh
19Argumentxxxxxxx_xxpredictiveMedium
20ArgumentxxxxxxxpredictiveLow
21ArgumentxxxxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxpredictiveLow
25ArgumentxxxpredictiveLow
26Network PortxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!