Luoxk Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (85)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en58
zh28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn70
us16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Luoxk3
PlugX1
PingPull1
BlackTech1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined32
Web Server10
Database Software4
Firewall Software4
Router Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
Oracle8
Microsoft4
OpenVPN2
HPE2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

lighttpd4
Microsoft IIS4
OpenVPN Private Tunnel Installer2
Oracle Database server2
RemiCoin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.97147CVE-2022-1040
2XoruX LPAR2RRD/STOR2RRD hard-coded credentials6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00262CVE-2021-42371
3OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.10475CVE-2022-1292
4Next.js path traversal5.04.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00152CVE-2020-5284
5Python E-mail Module unknown vulnerability6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00051CVE-2023-27043
6Oracle Database server Encryption cryptographic issues9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00773CVE-2006-0270
7Filebrowser cross-site request forgery6.96.4$0-$5k$0-$5kFunctionalOfficial Fix0.030.00762CVE-2021-46398
8lighttpd http_auth.c base64_decode numeric error5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.02569CVE-2011-4362
9Labelgate mora Downloader untrusted search path9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00718CVE-2012-5188
10Oracle Email Center Message Display unknown vulnerability8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00192CVE-2021-2090
11Oracle MySQL Cluster Node.js dns rebinding8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.00545CVE-2021-22884
12RemiCoin transferFrom integer underflow7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00896CVE-2018-12230
13ZyXEL USG FLEX 50 CGI Program os command injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.97447CVE-2022-30525
14Ivanti EPM Cloud Services Appliance code injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.95739CVE-2021-44529
15Linux Kernel ptrace race condition4.43.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.00042CVE-2014-4699
16lighttpd Log File http_auth.c injection7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.080.00794CVE-2015-3200
17Mail2000 Login portal cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.050.00334CVE-2019-15072
18Backdoor.Win32.Controlit.10 Service Port 3347 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.000.00000
19Juniper Junos Veriexec privileges management6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.060.00044CVE-2019-0071
20Synacor Zimbra Webmail Subsystem upload unrestricted upload6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00466CVE-2020-12846

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2018-2893

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.148.157.89LuoxkCVE-2018-289302/11/2022verifiedHigh
243.226.16.26LuoxkCVE-2018-289302/11/2022verifiedHigh
3XXX.XX.XX.XXXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh
4XXX.XX.XXX.XXXXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh
5XXX.XX.XXX.XXxxxxx.xx.xxx.xx-xxxx.xxxxXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh
6XXX.XXX.XX.XXXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh
7XXX.XXX.XXX.XXXXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (32)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/portalpredictiveHigh
2File/forum/away.phppredictiveHigh
3File/service/uploadpredictiveHigh
4File/tmppredictiveLow
5Filexxxxxxx.xxxpredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
8Filexxx\xxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxx\xxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
11Filex_xxxxxxpredictiveMedium
12Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
13Filexx/xx-xx.xpredictiveMedium
14Filexxxx_xxxx.xpredictiveMedium
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxxxx.xxpredictiveMedium
20Filexxxxxxxxx.xxxpredictiveHigh
21ArgumentxxxxxxxpredictiveLow
22ArgumentxxxxxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxxxxxpredictiveMedium
25ArgumentxxpredictiveLow
26ArgumentxxxxxxpredictiveLow
27ArgumentxxxxxxxpredictiveLow
28ArgumentxxxxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30Argumentxxxxxx[]predictiveMedium
31Input Value..\predictiveLow
32Pattern|xx|xx|xx|predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!