Lucifer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en46
zh4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China22
US: USA16
IR: Iran4
PL: Poland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lucifer6
Cobalt Strike1
DCRat1
ValleyRAT1
AsyncRAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Smartphone Operating System4
Application Server Software4
Programming Language Software4
Enterprise Resource Planning Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Apache8
Oracle4
Google4
ZyXEL2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android4
Apache Tomcat4
Oracle PeopleSoft Enterprise PeopleTools2
gnuboard52
OpenJPEG2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Microsoft Windows NetBIOS WinNuke denial of service7.57.2$5k-$25k$0-$5kHighOfficial fixpossible0.243600.00CVE-1999-0153
2WIKINDX PAGING.php getPagingStart cross site scripting5.75.7$0-$5k$0-$5kNot definedNot defined 0.002800.04CVE-2019-13588
3QontentOne QontentOne CMS search.php cross site scripting6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.016310.00CVE-2006-2774
4gnuboard5 FAQ Key ID faq.php cross site scripting4.14.1$0-$5k$0-$5kNot definedOfficial fix 0.000630.02CVE-2022-3963
5PHP var_export information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.086830.00CVE-2010-2531
6mlflow os command injection9.09.0$0-$5k$0-$5kNot definedNot definedexpected0.883860.00CVE-2023-6018
7Wing FTP Server Admin Web Client default permission6.46.4$0-$5k$0-$5kNot definedNot defined 0.001030.00CVE-2023-37878
8Oracle PeopleSoft Enterprise PeopleTools Integration Broker access control6.56.3$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.072940.00CVE-2017-3548
9SharpZipLib path traversal6.86.6$0-$5k$0-$5kNot definedOfficial fix 0.007010.02CVE-2021-32840
10Apache HTTP Server mod_proxy_ajp request smuggling7.47.2$25k-$100k$5k-$25kNot definedOfficial fix 0.239160.06CVE-2022-26377
11Vinchin Backup and Recovery hard-coded credentials9.09.0$0-$5k$0-$5kNot definedNot defined 0.003300.00CVE-2022-35866
12Microsoft Exchange Server privilege escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial fix 0.013750.00CVE-2023-35388
13Microsoft Windows Common Log File System Driver out-of-bounds write7.87.5$25k-$100k$5k-$25kAttackedOfficial fixverified0.529560.08CVE-2023-28252
14Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial fixexpected0.891520.02CVE-2023-21716
15ZyXEL NAS326/NAS540/NAS542 UDP Packet format string9.89.6$5k-$25k$0-$5kNot definedOfficial fix 0.021420.00CVE-2022-34747
16MediaWiki cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002250.00CVE-2007-4883
17OpenSSH input validation7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial fix 0.023690.00CVE-2007-4752
18Dian Gemilang DGNews news.php sql injection7.37.3$0-$5k$0-$5kNot definedNot defined 0.004030.00CVE-2007-2994

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2021-25646

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
120.205.116.139LuciferCVE-2021-2564602/27/2024verifiedHigh
245.141.68.25LuciferCVE-2021-2564602/27/2024verifiedHigh
347.88.49.239LuciferCVE-2021-2564602/27/2024verifiedHigh
481.68.197.3LuciferCVE-2021-2564602/27/2024verifiedHigh
5XX.XX.XXX.XXXXxxxxxxXxx-xxxx-xxxxx02/27/2024verifiedHigh
6XX.XXX.XXX.XXXxxxxxxXxx-xxxx-xxxxx02/27/2024verifiedHigh
7XXX.XXX.XXX.XXXxxxxxxXxx-xxxx-xxxxx02/27/2024verifiedHigh
8XXX.XX.XXX.XXXxxxxxxXxx-xxxx-xxxxx02/27/2024verifiedHigh
9XXX.XX.X.XXXxxxxxxXxx-xxxx-xxxxx02/27/2024verifiedHigh
10XXX.XX.XXX.XXXxxxxxxXxx-xxxx-xxxxx02/27/2024verifiedHigh
11XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxx08/29/2021verifiedVery Low
12XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxxx08/29/2021verifiedVery Low
13XXX.XXX.XXX.XXXxxxxxx08/29/2021verifiedLow
14XXX.XXX.XXX.XXXxxxxxx04/20/2025verifiedVery High
15XXX.XXX.XXX.XXXxxxxxx04/20/2025verifiedVery High
16XXX.XXX.XX.XXXxxxxxx12/13/2024verifiedVery High
17XXX.XXX.XX.XXXxxxxxx08/29/2021verifiedLow

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filebbs/faq.phppredictiveMedium
2Filecategory.cfmpredictiveMedium
3Filecore/lists/PAGING.phppredictiveHigh
4Filexxxxxx_xxx.xxpredictiveHigh
5Filexxx/xxxxxx.xxxpredictiveHigh
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxxxxx/xxxx.xxxpredictiveHigh
8Filexxxx.xxxpredictiveMedium
9Filexxxxxxx/xx.xpredictiveMedium
10Filexxxxxx.xxxpredictiveMedium
11Filexxxx.xxxxpredictiveMedium
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxxpredictiveLow
14Argumentxxxx/xxxxpredictiveMedium
15ArgumentxxxxxxxxxxpredictiveMedium
16Argumentxx_xxpredictiveLow
17ArgumentxxxxxxpredictiveLow
18ArgumentxxxxxxxxxxxpredictiveMedium
19Argumentxxxxxx_xxxxxxpredictiveHigh
20ArgumentxxxxpredictiveLow
21Argumentx-xxxxxxxxx-xxxpredictiveHigh
22Argument_xxx_xxxxxxxx_xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!