Lucifer Analysisinfo

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en46
zh4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android4
Apache Tomcat4
Oracle PeopleSoft Enterprise PeopleTools2
gnuboard52
OpenJPEG2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Microsoft Windows NetBIOS WinNuke denial of service7.57.2$5k-$25k$0-$5kHighOfficial fixpossible0.243600.00CVE-1999-0153
2WIKINDX PAGING.php getPagingStart cross site scripting5.75.7$0-$5k$0-$5kNot definedNot defined 0.002800.04CVE-2019-13588
3QontentOne QontentOne CMS search.php cross site scripting6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.016310.00CVE-2006-2774
4gnuboard5 FAQ Key ID faq.php cross site scripting4.14.1$0-$5k$0-$5kNot definedOfficial fix 0.000630.02CVE-2022-3963
5PHP var_export information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.086830.00CVE-2010-2531
6mlflow os command injection9.09.0$0-$5k$0-$5kNot definedNot definedexpected0.883860.00CVE-2023-6018
7Wing FTP Server Admin Web Client default permission6.46.4$0-$5k$0-$5kNot definedNot defined 0.001030.00CVE-2023-37878
8Oracle PeopleSoft Enterprise PeopleTools Integration Broker access control6.56.3$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.072940.00CVE-2017-3548
9SharpZipLib path traversal6.86.6$0-$5k$0-$5kNot definedOfficial fix 0.007010.02CVE-2021-32840
10Apache HTTP Server mod_proxy_ajp request smuggling7.47.2$25k-$100k$5k-$25kNot definedOfficial fix 0.239160.06CVE-2022-26377
11Vinchin Backup and Recovery hard-coded credentials9.09.0$0-$5k$0-$5kNot definedNot defined 0.003300.00CVE-2022-35866
12Microsoft Exchange Server privilege escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial fix 0.013750.00CVE-2023-35388
13Microsoft Windows Common Log File System Driver out-of-bounds write7.87.5$25k-$100k$5k-$25kAttackedOfficial fixverified0.529560.08CVE-2023-28252
14Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial fixexpected0.891520.02CVE-2023-21716
15ZyXEL NAS326/NAS540/NAS542 UDP Packet format string9.89.6$5k-$25k$0-$5kNot definedOfficial fix 0.021420.00CVE-2022-34747
16MediaWiki cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002250.00CVE-2007-4883
17OpenSSH input validation7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial fix 0.023690.00CVE-2007-4752
18Dian Gemilang DGNews news.php sql injection7.37.3$0-$5k$0-$5kNot definedNot defined 0.004030.00CVE-2007-2994

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2021-25646

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filebbs/faq.phppredictiveMedium
2Filecategory.cfmpredictiveMedium
3Filecore/lists/PAGING.phppredictiveHigh
4Filexxxxxx_xxx.xxpredictiveHigh
5Filexxx/xxxxxx.xxxpredictiveHigh
6Filexxxxxxx.xxxpredictiveMedium
7Filexxxxxxx/xxxx.xxxpredictiveHigh
8Filexxxx.xxxpredictiveMedium
9Filexxxxxxx/xx.xpredictiveMedium
10Filexxxxxx.xxxpredictiveMedium
11Filexxxx.xxxxpredictiveMedium
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxxpredictiveLow
14Argumentxxxx/xxxxpredictiveMedium
15ArgumentxxxxxxxxxxpredictiveMedium
16Argumentxx_xxpredictiveLow
17ArgumentxxxxxxpredictiveLow
18ArgumentxxxxxxxxxxxpredictiveMedium
19Argumentxxxxxx_xxxxxxpredictiveHigh
20ArgumentxxxxpredictiveLow
21Argumentx-xxxxxxxxx-xxxpredictiveHigh
22Argument_xxx_xxxxxxxx_xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!