LuminousMoth Analysis

IOB - Indicator of Behavior (24)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en18
zh6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn16
us6
kr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Office4
FortiLogger2
DeDeCMS2
PHP2
GitLab Community Edition2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.25CVE-2020-12440
2Adobe Acrobat Reader Font File out-of-bounds write7.06.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.001660.04CVE-2022-24092
3PHP SOAP Extension unserialize type confusion8.17.7$5k-$25k$0-$5kUnprovenOfficial Fix0.048580.03CVE-2015-4599
4Microsoft Office Word Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.008370.00CVE-2021-42296
5Microsoft Windows Active Directory Domain Services Privilege Escalation7.56.9$25k-$100k$0-$5kHighOfficial Fix0.585000.05CVE-2021-42278
6GitLab Community Edition/Enterprise Edition Image File Privilege Escalation6.36.3$0-$5k$0-$5kHighNot Defined0.974630.05CVE-2021-22205
7Microsoft Exchange Server Privilege Escalation6.55.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000860.00CVE-2021-24085
8FortiLogger SaveUploadedHotspotLogoFile unrestricted upload7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.685530.00CVE-2021-3378
9Opengear Console Server Serial Port Logging Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.02CVE-2019-14456
10WordPress Thumbnail input validation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.009900.03CVE-2018-1000773
11Fortinet FortiGate Log privileges management4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.04CVE-2020-12818
12Progress MOVEit Transfer REST API MOVEit.DMZ.WebApi.dll sql injection8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004360.02CVE-2019-16383
13IBM WebSphere Application Server Stack Trace information exposure5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001030.00CVE-2019-4441
14Django sql injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.010360.00CVE-2020-7471
15Django cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.022730.00CVE-2020-13596
16Django CMS cross-site request forgery6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002310.00CVE-2015-5081
17Microsoft Windows Netlogon Zerologon privileges management8.48.3$25k-$100k$0-$5kHighOfficial Fix0.510950.05CVE-2020-1472
18Famatech Remote Administrator improper authentication7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000000.04
19DeDeCMS co_do.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001890.00CVE-2018-19061
20php-fpm link following5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2015-3211

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2T1068CAPEC-122CWE-269Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
5TXXXXCAPEC-215CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1FileConfig/SaveUploadedHotspotLogoFilepredictiveHigh
2Filexxxx\xx_xx.xxxpredictiveHigh
3Libraryxxxxxx.xxx.xxxxxx.xxxpredictiveHigh
4ArgumentxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!