LULU Analysis

IOB - Indicator of Behavior (288)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en288

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

it10
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Acrobat Reader50
Oracle VM VirtualBox18
Apple iOS14
Foxit Reader10
Apple Safari10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.370.04187CVE-2010-0966
3OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.36880CVE-2022-1292
4Asus Aura Sync Asusgio Low-Level Driver access control6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00950CVE-2018-18535
5GNU elfutils eblobjnote.c ebl_object_note memory corruption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.01136CVE-2019-7146
6ZoneMinder controlcaps.php Stored cross site scripting5.25.2$0-$5kCalculatingNot DefinedNot Defined0.050.00885CVE-2019-6992
7ZoneMinder zm_user.cpp zmLoadUser memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.01440CVE-2019-6991
8ZoneMinder Zone Name zones.php Stored cross site scripting4.44.4$0-$5kCalculatingNot DefinedNot Defined0.060.00885CVE-2019-6990
9OpenJPEG opj_malloc.c opj_calloc resource consumption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2019-6988
10Vivo Vitro SPARQL individual input validation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2019-6986
11Red Hat Enterprise Linux systemd-journald journald-server.c dispatch_message_real resource management3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00950CVE-2019-3815
12Debian apt 302 Redirect injection8.17.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.07154CVE-2019-3462
13Adobe Experience Manager Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.040.01046CVE-2018-19727
14Adobe Experience Manager Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.010.01046CVE-2018-19726
15Adobe Experience Manager Forms Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.040.01046CVE-2018-19724
16Ceph Debug Logging Password information disclosure7.47.4$0-$5kCalculatingNot DefinedNot Defined0.030.01018CVE-2018-16889
17BlueZ access control3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2018-10910
18Yii CORS Policy Converter origin validation5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2018-20745
19User IP History Logs ip_history_logs.php cross site scripting5.24.9$0-$5kCalculatingProof-of-ConceptNot Defined0.070.02173CVE-2019-6979
20GD Graphics Library gd_wbmp.c gdImage*Ptr double free8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.02686CVE-2019-6978

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Pegasus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (62)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/user_list_backend.phppredictiveHigh
2File/individualpredictiveMedium
3Fileadmin.php?m=backup&c=backup&a=dobackpredictiveHigh
4Fileadmin.php?mod=product&act=statepredictiveHigh
5Fileadmin/cp-functions/event-add.phppredictiveHigh
6Fileadmin/modules/tools/ip_history_logs.phppredictiveHigh
7Fileassets/javascripts/workflowStepEditorKO.jspredictiveHigh
8Filebadcache.cpredictiveMedium
9Filexxxxx-xxx.xpredictiveMedium
10Filexxxx/xxxxxxxx.xxxpredictiveHigh
11Filexxx.xpredictiveLow
12Filex_xxxxxxpredictiveMedium
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxx.xpredictiveHigh
15Filexxxxxxx/xxx/xxx-xxxxx.xpredictiveHigh
16Filexxxxxxxxxx.xpredictiveMedium
17Filexx_xxxxx_xxxxx.xpredictiveHigh
18Filexx_xxx_xxx.x/xx_xxxx.x/xx_xxxx.xpredictiveHigh
19Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxx/xxxxxx.xxxpredictiveHigh
22Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx/xxxxxx.xpredictiveHigh
24Filexxxxxxxx-xxxxxx.xpredictiveHigh
25Filexxxx.xpredictiveLow
26Filexxxxxxx/xx_xxx.xpredictiveHigh
27Filexxxxx_xxxx_xxxxxxxxx.xxxpredictiveHigh
28Filexxx_xxxxxxx.xpredictiveHigh
29Filexxxxxxx/xxx_xxxxxx.xpredictiveHigh
30Filexxxxxxxx-xxxxx-xxxxxxxxxx/xxx/xxxx/xxxxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxxxxpredictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxx-xxx.xpredictiveMedium
33Filexxx-xxxx.xpredictiveMedium
34Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxx.xxxxpredictiveMedium
36Filexxxxxxxxxxx_xxxxx.xxxpredictiveHigh
37Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
39Filexxxxx/xxx/xxxxx/xxxxx.xxpredictiveHigh
40Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxx-xxxx_xxxxx.xxxpredictiveHigh
42Filexxxxxxxx.xpredictiveMedium
43Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveHigh
44Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxx.xxxpredictiveHigh
46Filexx_xxxx.xxxpredictiveMedium
47Libraryxxxxxxx_xxxxxxxpredictiveHigh
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxpredictiveLow
50Argumentxxxxxxx_xx[]predictiveMedium
51Argumentxxxxxxxxxxx[xxxx]predictiveHigh
52Argumentxxxx_xxxxxxxpredictiveMedium
53ArgumentxxxxpredictiveLow
54Argumentxxxxxxxx_xpredictiveMedium
55ArgumentxxxxxxxxxpredictiveMedium
56Argumentxxxxxxx[]predictiveMedium
57ArgumentxxxpredictiveLow
58ArgumentxxxxxxxxxpredictiveMedium
59Argument_xxxxxxx=predictiveMedium
60Input Value%xxpredictiveLow
61Input Value/../predictiveLow
62Input ValuexxxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!