OceanLotus Analysis

IOB - Indicator of Behavior (31)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en26
de2
zh2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Piwigo4
Microsoft Windows2
Apache SkyWalking2
Google Android2
Apple Mac OS X2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Apple macOS Sudo out-of-bounds write6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.58695CVE-2021-3156
2Microsoft IIS FastCGI memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.060.28182CVE-2010-2730
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.25090CVE-2017-0055
4Apple macOS BOM access control6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00954CVE-2022-22616
5Apple Mac OS X IOHIDFamily memory corruption10.09.5$25k-$100k$0-$5kHighOfficial Fix0.040.53878CVE-2014-4404
6Apache SkyWalking H2/MySQL/TiDB sql injection7.46.8$5k-$25k$5k-$25kNot DefinedNot Defined0.020.16531CVE-2020-9483
7Symfony Exception information exposure4.64.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00890CVE-2020-5274
8Google Android PackageItemInfo.java loadLabel denial of service6.05.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01036CVE-2021-0651
9Cisco Firepower Device Manager REST API code injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01156CVE-2021-1518
10Umi UMI.CMS Administrator Account cross-site request forgery6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000.07511CVE-2013-2754
11phpPgAdmin sql.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020.06523CVE-2001-0479
12Allaire Coldfusion Server Login denial of service5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.04482CVE-2000-0538
13OpenResty ngx.req.get_post_args sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2018-9230
14PHP link_win32.c linkinfo information disclosure6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01108CVE-2018-15132
15PHP exif.c exif_read_data use after free8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.050.01018CVE-2018-12882
16PHP Date Extension parse_date.c php_parse_date information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00000CVE-2017-11146
17Rocket.Chat Server NoSQL sql injection8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2017-1000493
18Apache HTTP Server HTTP Strict Parsing ap_find_token input validation8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.07767CVE-2017-7668
19Microsoft Windows TCP/IP Stack access control6.35.7$25k-$100k$0-$5kHighOfficial Fix0.010.04733CVE-2014-4076
20Microsoft Windows rpc access control6.66.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.32973CVE-2017-8461

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (124)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
137.59.198.130OceanLotusverifiedHigh
237.59.198.131OceanLotusverifiedHigh
343.251.100.20OceanLotusverifiedHigh
443.254.217.67OceanLotusverifiedHigh
545.9.239.3445.9.239.34.deltahost-ptrOceanLotusverifiedHigh
645.9.239.4545.9.239.45.deltahost-ptrOceanLotusverifiedHigh
745.9.239.7745.9.239.77.deltahost-ptrOceanLotusverifiedHigh
845.9.239.11045.9.239.110.deltahost-ptrOceanLotusverifiedHigh
945.9.239.13945.9.239.139.deltahost-ptrOceanLotusverifiedHigh
1045.32.100.17945.32.100.179.vultr.comOceanLotusverifiedMedium
1145.32.105.45APT32OceanLotusverifiedHigh
1245.32.114.4945.32.114.49.vultr.comOceanLotusverifiedMedium
1345.76.147.20145.76.147.201.vultr.comAPT32OceanLotusverifiedMedium
1445.76.179.2845.76.179.28.vultr.comOceanLotusverifiedMedium
1545.76.179.15145.76.179.151.vultr.comOceanLotusverifiedMedium
1645.77.39.10145.77.39.101.vultr.comAPT32OceanLotusverifiedMedium
1745.114.117.164folien.reisnart.comOceanLotusverifiedHigh
1846.183.220.81ip-220-81.dataclub.infoOceanLotusverifiedHigh
1946.183.220.82ip-220-82.dataclub.infoOceanLotusverifiedHigh
2046.183.221.188ip-221-188.dataclub.infoOceanLotusverifiedHigh
2146.183.221.189ip-221-189.dataclub.infoOceanLotusverifiedHigh
2246.183.221.190ip-221-190.dataclub.infoOceanLotusverifiedHigh
2346.183.222.82ip-222-82.dataclub.infoOceanLotusverifiedHigh
2446.183.222.83ip-222-83.dataclub.infoOceanLotusverifiedHigh
2546.183.222.84ip-222-84.dataclub.infoOceanLotusverifiedHigh
26XX.XXX.XXX.XXXxx-xxx-xxx.xxxxxxxx.xxxxXxxxxxxxxxverifiedHigh
27XX.XXX.XXX.XXXxx-xxx-xxx.xxxxxxxx.xxxxXxxxxxxxxxverifiedHigh
28XX.XXX.XXX.XXXxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
29XX.XX.XXX.Xxxxxxx.xxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
30XX.XX.XXX.XXxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
31XX.XX.XXX.XXxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
32XX.XX.XXX.XXxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
33XX.XX.XXX.XXxxxx.xxxxx-xxxxx.xxxXxxxxxxxxxverifiedHigh
34XX.XX.XXX.XXxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
35XX.XX.XXX.XXXxxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
36XX.XX.XXX.XXXxxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
37XX.XX.XXX.XXXxxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
38XX.XXX.XXX.XXXxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
39XX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
40XX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
41XX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
42XX.XXX.XX.XXXxxxxxxxxx.xxxxxxx.xxx.xx.xxx.xx.xx-xxxx.xxxxXxxxxxxxxxverifiedHigh
43XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xx.xxx.xxXxxxxxxxxxverifiedHigh
44XX.XX.XXX.XXXxxxxx.xxxxxxxxx.xxXxxxxxxxxxverifiedHigh
45XX.XX.XXX.XXXxxxxx.xxxxxxxxx.xxXxxxxxxxxxverifiedHigh
46XX.XX.XX.XXXXxxxxXxxxxxxxxxverifiedHigh
47XX.XX.XX.XXXxxxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
48XX.XXX.XX.XXXxx.xxx.xx.xxx.xxxxxxxxx-xxxXxxxxxxxxxverifiedHigh
49XXX.XX.XX.XXXxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxxxxxxverifiedHigh
50XXX.XX.XX.XXXxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxxxxxxverifiedHigh
51XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
52XXX.XXX.XXX.XXXxxxxxxxx.xxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
53XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
54XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
55XXX.XXX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
56XXX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
57XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
58XXX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
59XXX.XX.XXX.XXXXxxxxXxxxxxxxxxverifiedHigh
60XXX.XX.XXX.XXXxxxxxxxxxverifiedHigh
61XXX.XX.XXX.XXXxxxxxxxxxverifiedHigh
62XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
63XXX.XX.XX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
64XXX.XX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
65XXX.XX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
66XXX.XX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
67XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
68XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
69XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxverifiedHigh
70XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
71XXX.XX.X.XXXxxxxxxxxxverifiedHigh
72XXX.XX.XXX.XXxxxxxxxxx.xxxxxxx.xxxxxxxxx.xxXxxxxxxxxxverifiedHigh
73XXX.XX.XXX.XXXxxxxxxxxx.xxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
74XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
75XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
76XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxxxxverifiedHigh
77XXX.XXX.XX.XXxx.xx-xxx-xxx-xx.xxXxxxxxxxxxverifiedHigh
78XXX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
79XXX.XX.XX.XXXxxxxxxxxxverifiedHigh
80XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxxxxxxverifiedHigh
81XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
82XXX.XXX.XX.XXXxxxxxxxxxverifiedHigh
83XXX.XXX.XX.XXxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
84XXX.XXX.XX.XXxxxx-xxx-xxxxx-x.xxxxxxxxxxxxx.xxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
85XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
86XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
87XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
88XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
89XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
90XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
91XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
92XXX.XXX.XX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
93XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
94XXX.XXX.XXX.XXXxxxxxxx.xxxx.xxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
95XXX.XXX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
96XXX.XXX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
97XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
98XXX.XXX.XXX.XXXxxxx.xxxx.xxxx.xxxxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
99XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
100XXX.XXX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
101XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
102XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
103XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
104XXX.XX.X.XXxx-x-xx.xxxxxxxx.xxxxXxxxxxxxxxverifiedHigh
105XXX.XX.X.XXxx-x-xx.xxxxxxxx.xxxxXxxxxxxxxxverifiedHigh
106XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
107XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
108XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
109XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
110XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxxxxverifiedHigh
111XXX.XX.XXX.XXXxxxxxx.xxXxxxxxxxxxverifiedHigh
112XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxverifiedHigh
113XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxverifiedHigh
114XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxverifiedHigh
115XXX.XXX.XX.XXXxxxxXxxxxxxxxxverifiedHigh
116XXX.XXX.XX.XXXxxxxXxxxxxxxxxverifiedHigh
117XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
118XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
119XXX.XXX.XX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
120XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
121XXX.XXX.XX.XXXxxx-xxxxxx.xxxxx.xxxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
122XXX.XXX.XXX.XXXxxxx.xxxxxxx.xxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
123XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
124XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileadmin/languages.phppredictiveHigh
3Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
4Filexxx/xxxx/xxxx.xpredictiveHigh
5Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
6Filexxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
8Filexxx.xxxpredictiveLow
9Filexxxxxxxxxxx.xpredictiveHigh
10Filexxx.xxxpredictiveLow
11ArgumentxxxxxxxxpredictiveMedium
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxxpredictiveLow

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!