Lumma Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (279)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en212
ru40
pt10
zh8
es6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA66
RU: Russia42
DE: Germany22
PT: Portugal6
CN: China6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lumma9
RedLine Stealer6
Cobalt Strike6
Stealc5
Mirai3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined126
Operating System22
Groupware Software16
Content Management System14
Programming Language Software10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined70
Microsoft40
IBM10
SourceCodester6
Cisco4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
Microsoft Exchange Server6
Pepelink Balance4
IBM AIX4
mailcow4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1mailcow Sync Job os command injection7.37.1$0-$5k$0-$5kNot definedOfficial fix 0.147060.00CVE-2023-26490
2Papoo kontakt.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.00
3Bitcoin wallet.dat AES Encryption Padding missing encryption7.16.3$0-$5k$0-$5kNot definedOfficial fix 0.000000.28
4PHP password_verify poison null byte5.14.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.003130.00CVE-2024-3096
5PHP proc_open command injection8.38.2$5k-$25k$0-$5kNot definedOfficial fixpossible0.537450.04CVE-2024-1874
6Microsoft Exchange Server privilege escalation8.07.3$5k-$25k$0-$5kUnprovenOfficial fix 0.114120.08CVE-2023-36439
7Microsoft Exchange Server privilege escalation8.07.3$5k-$25k$0-$5kUnprovenOfficial fix 0.126630.03CVE-2023-36050
8Microsoft Exchange Server privilege escalation8.07.3$5k-$25k$0-$5kUnprovenOfficial fix 0.126630.00CVE-2023-36035
9Microsoft Exchange Server privilege escalation8.07.3$5k-$25k$0-$5kUnprovenOfficial fix 0.126630.00CVE-2023-36039
10iGamingModules flashgames game.php sql injection7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.000450.04CVE-2008-10003
11Netgate pfSense Plus/pfSense CE SSHGuard protection mechanism6.76.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.036440.04CVE-2023-27100
12Open Networking Foundation ONOS API Documentation Dashboard cross site scripting4.84.8$0-$5k$0-$5kNot definedNot defined 0.002630.02CVE-2023-24279
13mailcow Sync Job os command injection6.36.0$0-$5k$0-$5kNot definedOfficial fixpossible0.553240.02CVE-2022-31245
14nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000001.04CVE-2020-12440
15nginx ngx_http_parse.c ngx_http_parse_chunked numeric error10.09.5$0-$5k$0-$5kHighOfficial fixexpected0.923440.00CVE-2013-2028
16Yoast SEO Plugin cross site scripting4.94.9$0-$5k$0-$5kNot definedOfficial fix 0.002750.08CVE-2024-4984
17Adobe Acrobat Reader use after free7.06.9$25k-$100k$0-$5kHighOfficial fixverified0.894140.04CVE-2023-21608
18Bitrix24 tools.php initialization7.57.5$0-$5k$0-$5kNot definedNot definedexpected0.903530.00CVE-2023-1719
19Zabbix Configuration setup.php access control5.45.4$0-$5k$0-$5kHighNot definedverified0.924490.00CVE-2022-23134
20Zabbix Graph Page input validation5.55.4$0-$5k$0-$5kNot definedOfficial fix 0.004590.00CVE-2024-22119

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.74.78Lumma12/27/2023verifiedHigh
277.73.134.68Lumma12/27/2023verifiedHigh
382.117.255.80vds1223468.hosted-by-itldc.comLumma12/27/2023verifiedMedium
4XX.XXX.XXX.XXXxxxxxxxxxx.xxxxxx-xx-xxxxx.xxxXxxxx12/27/2023verifiedMedium
5XX.XXX.XX.XXxxx.xxxxxxxx.xxxXxxxx12/27/2023verifiedHigh
6XX.XXX.XX.XXxxxxxxxx.xx-xxx.xxxxXxxxx10/29/2023verifiedHigh
7XX.XX.XXX.XXXXxxxx09/22/2024verifiedVery High
8XXX.XX.XX.XXXxxxx12/05/2023verifiedHigh
9XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx01/16/2023verifiedMedium
10XXX.XX.XXX.XXXxxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxx10/29/2023verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxxx.xxxXxxxx10/29/2023verifiedHigh
12XXX.XXX.XXX.XXXxxxxxx.xxxXxxxx10/29/2023verifiedHigh
13XXX.XXX.XXX.XXxxxxxxxxxx.xxxxxx-xx-xxxxx.xxxXxxxx01/16/2023verifiedLow
14XXX.XXX.XXX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxx10/29/2023verifiedMedium
15XXX.X.X.XXXXxxxx12/05/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (150)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/admin.phppredictiveHigh
2File/admin/comn/service/update.jsonpredictiveHigh
3File/admin/index.php?id=themes&action=edit_template&filename=blogpredictiveHigh
4File/api/0/api-tokens/predictiveHigh
5File/api/profilepredictiveMedium
6File/filemanager/php/connector.phppredictiveHigh
7File/forum/PostPrivateMessagepredictiveHigh
8File/pages.phppredictiveMedium
9File/pages/processlogin.phppredictiveHigh
10File/tmppredictiveLow
11Fileadmin.cgipredictiveMedium
12Fileadmin/?page=system_infopredictiveHigh
13Fileadmin/adminlogin.phppredictiveHigh
14Fileadmin/gallery.phppredictiveHigh
15Fileadmin\posts\view_post.phppredictiveHigh
16Filearticle.phppredictiveMedium
17Filearticles.phppredictiveMedium
18Filebb-hist.sh/bb-histlog.sh/bb-hostsvc.sh/bb-rep.sh/bb-replog.sh/bb-ack.shpredictiveHigh
19Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxx_xxxxxx.xxxpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxx.xxxpredictiveHigh
25Filexxx-xxx/xxxxxx/xxxxxx.xxxpredictiveHigh
26Filexxx-xxx/xxxxxx/xxxxxx.xxx?xxxxx=xpredictiveHigh
27Filexxxxxxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxx\xxxxx\xxxxx.xxxx.xxxpredictiveHigh
30Filexxxxxxx.xxxpredictiveMedium
31FilexxxxxxpredictiveLow
32Filexxxxxxx.xxxpredictiveMedium
33Filexxxxxxxx.xxxpredictiveMedium
34Filexx/xxxxx/xxxxxxx.xpredictiveHigh
35Filexxxx.xxxpredictiveMedium
36Filexxxxxxx.xxpredictiveMedium
37Filexxxxxxxx.xxpredictiveMedium
38Filexxxx/xxx_xxxx_xxxxx.xpredictiveHigh
39Filexxxxxxxx_xxxx.xxxpredictiveHigh
40Filexxx/xxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx/xxxxxxxxxxxx.xxx.xxxpredictiveHigh
42Filexxx_xxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxx.xxxxpredictiveMedium
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxx.xxxpredictiveMedium
46Filexxxxxxx/xxx_xxxxxxxx.xpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxxxx.xxxpredictiveMedium
49Filexxxx.xxxpredictiveMedium
50Filexxx.xxxpredictiveLow
51Filexxxxxx.xxxpredictiveMedium
52Filexxxxxxx/xxx/xxxxx.xxxpredictiveHigh
53Filexx_xxxxxxxxxx.xxxpredictiveHigh
54Filexxxx.xxx/xxxxxxxx.xxxpredictiveHigh
55Filexxxx.xxxpredictiveMedium
56Filexxxxxxxx.xxxpredictiveMedium
57Filexxxxx.xxxpredictiveMedium
58Filexxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxx-xxxx.xxxpredictiveHigh
60FilexxxxxxxxxpredictiveMedium
61Filexxxxxxx.xxxpredictiveMedium
62Filexxxxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxxxxxx.xxxpredictiveMedium
64Filexxxxxxxxxxx.xxxpredictiveHigh
65Filexxx.xxxxxx.xxxxxpredictiveHigh
66Filexxxxxxxx.xxpredictiveMedium
67Filexxxxx.xxxpredictiveMedium
68Filexxxx.xxxpredictiveMedium
69FilexxxxpredictiveLow
70Filexxxxxxxxx.xxx.xxxpredictiveHigh
71Filexxxxxxx.xxxpredictiveMedium
72Filexxxxxx.xxxxpredictiveMedium
73Filexxxxx-xxxx]_xxxxxx.xxxpredictiveHigh
74Filexxxx-xxxxxxxx.xxxpredictiveHigh
75FilexxxxxxpredictiveLow
76Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxx.xxxpredictiveHigh
77Filexxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxxxxx.xxxpredictiveHigh
79Filexxxxxxxxxxx.xxxpredictiveHigh
80Filexxxxxx.xxxpredictiveMedium
81Filexxx-xxxxx.xxxpredictiveHigh
82Filexxxxxxx/xxxxxx/xxxx.xxxpredictiveHigh
83Filexxx-xxx-xxxxx/xxxx/xxxpredictiveHigh
84Libraryxxx.xxxpredictiveLow
85Libraryxxx/xxxxxxxx.xxpredictiveHigh
86Libraryxxxxxxxx.xxxpredictiveMedium
87Argument-xpredictiveLow
88ArgumentxxxpredictiveLow
89ArgumentxxpredictiveLow
90ArgumentxxpredictiveLow
91ArgumentxxxxxxpredictiveLow
92Argumentx/xpredictiveLow
93ArgumentxxxpredictiveLow
94ArgumentxxxxxxxxxxpredictiveMedium
95Argumentxx/xxxpredictiveLow
96ArgumentxxxxxxxxxxpredictiveMedium
97ArgumentxxxxxpredictiveLow
98ArgumentxxxpredictiveLow
99ArgumentxxxxxxxpredictiveLow
100ArgumentxxpredictiveLow
101ArgumentxxxxxpredictiveLow
102ArgumentxxxxxxxxxxxxpredictiveMedium
103Argumentxxxxxxx_xxxxpredictiveMedium
104ArgumentxxxxxxxxpredictiveMedium
105ArgumentxxxxxxxxxxxpredictiveMedium
106ArgumentxxxxpredictiveLow
107ArgumentxxxxxxxxpredictiveMedium
108Argumentxxxx[xxxxxxx]predictiveHigh
109Argumentxxxx_xxxxpredictiveMedium
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxpredictiveLow
112ArgumentxxxpredictiveLow
113Argumentxxxx[*][xxxx]predictiveHigh
114ArgumentxxxpredictiveLow
115Argumentxxxxxx_xxpredictiveMedium
116ArgumentxxxxxxxxpredictiveMedium
117ArgumentxxxxxxxpredictiveLow
118ArgumentxxxxpredictiveLow
119ArgumentxxxpredictiveLow
120ArgumentxxxxxpredictiveLow
121Argumentxxxxx xxxxxxpredictiveMedium
122ArgumentxxxxxpredictiveLow
123Argumentxxxxx_xxpredictiveMedium
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxpredictiveLow
126ArgumentxxxxxxxxxpredictiveMedium
127Argumentxxx_xxpredictiveLow
128Argumentxx_xxpredictiveLow
129ArgumentxxxxxxxxxxpredictiveMedium
130Argumentxxxx xxpredictiveLow
131Argumentxxxx_xxx_xxxx_xxxxpredictiveHigh
132ArgumentxxxpredictiveLow
133Argumentxxxxxxx/xxxxxxxpredictiveHigh
134Argumentxxxx_xxxxxx_xxxxpredictiveHigh
135ArgumentxxxxpredictiveLow
136Argumentxxxxx/xxxxpredictiveMedium
137ArgumentxxxpredictiveLow
138ArgumentxxxxpredictiveLow
139Argumentxxxxxxxx/xxxxpredictiveHigh
140Argumentxxxx_xxxxpredictiveMedium
141ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
142Input Value..predictiveLow
143Input Value...predictiveLow
144Input Value<xxxxxxxx>\xpredictiveMedium
145Input Value<xxx>%xx+.xxxpredictiveHigh
146Input Value<xxx>%xxpredictiveMedium
147Input ValuexxxxxxxxxpredictiveMedium
148Input Value~#xx/~#xx/~#xxpredictiveHigh
149Network PortxxxxpredictiveLow
150Network Portxxx/xxx (xxxx)predictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!