LULU Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (291)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en292

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

IT: Italy12
GB: Great Britain2
US: USA2
ES: Spain2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

LULU4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
Document Reader Software68
Database Software10
Smartphone Operating System10
Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined60
Adobe58
Oracle42
Apple34
Foxit18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Acrobat Reader52
Foxit Reader16
Apple iOS10
Oracle MySQL Server8
ISC BIND8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.87CVE-2010-0966
3xui-xray hard-coded password5.55.5$0-$5k$0-$5kNot definedNot defined 0.002500.02CVE-2023-41595
4PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.140281.57CVE-2007-1287
5cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar path traversal6.36.2$0-$5k$0-$5kNot definedOfficial fix 0.001230.00CVE-2022-4065
6OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot definedOfficial fixpossible0.763220.00CVE-2022-1292
7Asus Aura Sync Asusgio Low-Level Driver access control6.56.5$0-$5k$0-$5kNot definedNot defined 0.001320.00CVE-2018-18535
8GNU elfutils eblobjnote.c ebl_object_note memory corruption6.46.4$0-$5k$0-$5kNot definedNot defined 0.001560.00CVE-2019-7146
9ZoneMinder controlcaps.php Stored cross site scripting5.25.2$0-$5k$0-$5kNot definedOfficial fix 0.001040.00CVE-2019-6992
10ZoneMinder zm_user.cpp zmLoadUser memory corruption8.58.5$0-$5k$0-$5kNot definedOfficial fix 0.032370.00CVE-2019-6991
11ZoneMinder Zone Name zones.php Stored cross site scripting4.44.4$0-$5k$0-$5kNot definedOfficial fix 0.000920.00CVE-2019-6990
12OpenJPEG opj_malloc.c opj_calloc resource consumption5.95.9$0-$5k$0-$5kNot definedNot defined 0.003590.02CVE-2019-6988
13Vivo Vitro SPARQL individual input validation6.46.4$0-$5k$0-$5kNot definedOfficial fix 0.011430.00CVE-2019-6986
14Red Hat Enterprise Linux systemd-journald journald-server.c dispatch_message_real resource management3.33.3$0-$5k$0-$5kNot definedOfficial fix 0.001430.00CVE-2019-3815
15Debian apt 302 Redirect injection8.17.9$5k-$25k$0-$5kNot definedOfficial fix 0.100650.00CVE-2019-3462
16Adobe Experience Manager Reflected cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.013610.00CVE-2018-19727
17Adobe Experience Manager Stored cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.013610.00CVE-2018-19726
18Adobe Experience Manager Forms Stored cross site scripting5.25.2$0-$5k$0-$5kNot definedNot defined 0.013610.00CVE-2018-19724
19Ceph Debug Logging Password information disclosure6.86.8$0-$5k$0-$5kNot definedNot defined 0.000710.00CVE-2018-16889
20BlueZ access control4.04.0$0-$5k$0-$5kNot definedOfficial fix 0.000450.00CVE-2018-10910

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Pegasus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.227.121.213LULUPegasus08/24/2021verifiedLow
2XX.XXX.XXX.Xxxxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxxx.xxXxxxXxxxxxx08/24/2021verifiedLow
3XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxXxxxxxx08/24/2021verifiedLow
4XXX.XXX.XXX.XXXxxx.xxx.xxxxxx.xxxXxxxXxxxxxx08/24/2021verifiedLow
5XXX.XXX.XX.XXXXxxxXxxxxxx08/24/2021verifiedLow

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/user_list_backend.phppredictiveHigh
2File/individualpredictiveMedium
3Fileadmin.php?m=backup&c=backup&a=dobackpredictiveHigh
4Fileadmin.php?mod=product&act=statepredictiveHigh
5Fileadmin/cp-functions/event-add.phppredictiveHigh
6Fileadmin/modules/tools/ip_history_logs.phppredictiveHigh
7Fileassets/javascripts/workflowStepEditorKO.jspredictiveHigh
8Filebadcache.cpredictiveMedium
9Filexxxxx-xxx.xpredictiveMedium
10Filexxxx/xxxxxxxx.xxxpredictiveHigh
11Filexxx.xpredictiveLow
12Filex_xxxxxxpredictiveMedium
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxx.xpredictiveHigh
15Filexxxxxxx/xxx/xxx-xxxxx.xpredictiveHigh
16Filexxxxxxxxxx.xpredictiveMedium
17Filexx_xxxxx_xxxxx.xpredictiveHigh
18Filexx_xxx_xxx.x/xx_xxxx.x/xx_xxxx.xpredictiveHigh
19Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxx/xxxxxx.xxxpredictiveHigh
22Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx/xxxxxx.xpredictiveHigh
24Filexxxxxxxx-xxxxxx.xpredictiveHigh
25Filexxxx.xpredictiveLow
26Filexxxxxxx/xx_xxx.xpredictiveHigh
27Filexxxxx_xxxx_xxxxxxxxx.xxxpredictiveHigh
28Filexxx_xxxxxxx.xpredictiveHigh
29Filexxxxxxx/xxx_xxxxxx.xpredictiveHigh
30Filexxxxxxxx-xxxxx-xxxxxxxxxx/xxx/xxxx/xxxxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxxxxpredictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxx-xxx.xpredictiveMedium
33Filexxx-xxxx.xpredictiveMedium
34Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxx.xxxxpredictiveMedium
36Filexxxxxxxxxxx_xxxxx.xxxpredictiveHigh
37Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
39Filexxxxx/xxx/xxxxx/xxxxx.xxpredictiveHigh
40Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
42Filexxxx-xxxx_xxxxx.xxxpredictiveHigh
43Filexxxxxxxx.xpredictiveMedium
44Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveHigh
45Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
46Filexxxxxxxxxxx.xxxpredictiveHigh
47Filexx_xxxx.xxxpredictiveMedium
48Libraryxxxxxxx_xxxxxxxpredictiveHigh
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxxxxxpredictiveLow
51Argumentxxxxxxx_xx[]predictiveMedium
52Argumentxxxxxxxxxxx[xxxx]predictiveHigh
53Argumentxxxx_xxxxxxxpredictiveMedium
54ArgumentxxxxpredictiveLow
55Argumentxxxxxxxx_xpredictiveMedium
56ArgumentxxxxxxxxxpredictiveMedium
57Argumentxxxxxxx[]predictiveMedium
58ArgumentxxxpredictiveLow
59ArgumentxxxxxxxxxpredictiveMedium
60Argument_xxxxxxx=predictiveMedium
61Input Value%xxpredictiveLow
62Input Value/../predictiveLow
63Input ValuexxxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!