Luoxk Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (87)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en52
zh36

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn72
us16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Luoxk4
PlugX1
PingPull1
BlackTech1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined42
Database Software6
Operating System4
Application Server Software4
Cloud Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Oracle10
Huawei6
Apache4
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
Phome EmpireCMS2
Claymore Dual GPU Miner2
Apache Flink2
DZCP deV!L`z Clanportal2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.97434CVE-2022-1040
2XoruX LPAR2RRD/STOR2RRD hard-coded credentials6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00262CVE-2021-42371
3OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.09738CVE-2022-1292
4Oracle Database Server Core RDBMS Privilege Escalation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00113CVE-2011-2253
5Apache ActiveMQ PortfolioPublishServlet.java cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00425CVE-2012-6092
6Next.js path traversal5.04.4$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00213CVE-2020-5284
7Python E-mail Module unknown vulnerability6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00095CVE-2023-27043
8Oracle Database server Encryption cryptographic issues9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.00773CVE-2006-0270
9Filebrowser cross-site request forgery6.96.4$0-$5k$0-$5kFunctionalOfficial Fix0.030.00762CVE-2021-46398
10lighttpd http_auth.c base64_decode numeric error5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.02569CVE-2011-4362
11Labelgate mora Downloader untrusted search path9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00306CVE-2012-5188
12Oracle Email Center Message Display unknown vulnerability8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00192CVE-2021-2090
13Oracle MySQL Cluster Node.js dns rebinding8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00545CVE-2021-22884
14RemiCoin transferFrom integer underflow7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00896CVE-2018-12230
15ZyXEL USG FLEX 50 CGI Program os command injection8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.97482CVE-2022-30525
16Ivanti EPM Cloud Services Appliance code injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.030.96887CVE-2021-44529
17Linux Kernel ptrace race condition4.43.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00042CVE-2014-4699
18lighttpd Log File http_auth.c injection7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.01123CVE-2015-3200
19Mail2000 Login portal cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00334CVE-2019-15072
20Backdoor.Win32.Controlit.10 Service Port 3347 backdoor7.36.4$0-$5k$0-$5kProof-of-ConceptWorkaround0.020.00000

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2018-2893

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
127.148.157.89LuoxkCVE-2018-289302/11/2022verifiedHigh
243.226.16.26LuoxkCVE-2018-289302/11/2022verifiedHigh
3XXX.XX.XX.XXXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh
4XXX.XX.XXX.XXXXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh
5XXX.XX.XXX.XXxxxxx.xx.xxx.xx-xxxx.xxxxXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh
6XXX.XXX.XX.XXXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh
7XXX.XXX.XXX.XXXXxxxxXxx-xxxx-xxxx02/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/portalpredictiveHigh
2File/forum/away.phppredictiveHigh
3File/service/uploadpredictiveHigh
4File/tmppredictiveLow
5Fileadclick.phppredictiveMedium
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictiveHigh
8Filexxx\xxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxx\xxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
11Filex_xxxxxxpredictiveMedium
12Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictiveHigh
13Filexx/xx-xx.xpredictiveMedium
14Filexxxx_xxxx.xpredictiveMedium
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictiveHigh
18Filexxxxxxx.xxxpredictiveMedium
19Filexxxxxxx.xxpredictiveMedium
20Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
21Filexxxxxxxxx.xxxpredictiveHigh
22ArgumentxxxxxxxpredictiveLow
23ArgumentxxxxxxpredictiveLow
24ArgumentxxxxxxxxpredictiveMedium
25ArgumentxxxxxxxxpredictiveMedium
26ArgumentxxpredictiveLow
27ArgumentxxxxxxpredictiveLow
28ArgumentxxxxxxxpredictiveLow
29ArgumentxxxxxxxpredictiveLow
30ArgumentxxxxpredictiveLow
31ArgumentxxxxxxxxpredictiveMedium
32Argumentxxxxxx[]predictiveMedium
33Input Value..\predictiveLow
34Pattern|xx|xx|xx|predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!