OceanLotus Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en24
zh3
de2
es2

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Apple macOS Sudo out-of-bounds write6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2021-3156
2Microsoft IIS FastCGI memory corruption7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.00CVE-2010-2730
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.85CVE-2017-0055
4Apple macOS BOM access control6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2022-22616
5Apple Mac OS X IOHIDFamily memory corruption10.09.5$25k-$100k$0-$5kHighOfficial Fix0.04CVE-2014-4404
6Apache SkyWalking H2/MySQL/TiDB sql injection7.46.8$5k-$25k$5k-$25kNot DefinedNot Defined0.04CVE-2020-9483
7Symfony Exception information exposure4.64.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2020-5274
8Google Android PackageItemInfo.java loadLabel denial of service6.05.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2021-0651
9Cisco Firepower Device Manager REST API code injection6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2021-1518
10Umi UMI.CMS Administrator Account cross-site request forgery6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2013-2754
11phpPgAdmin sql.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2001-0479
12Allaire Coldfusion Server Login denial of service5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2000-0538
13OpenResty ngx.req.get_post_args sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-9230
14PHP link_win32.c linkinfo information disclosure6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-15132
15PHP exif.c exif_read_data use after free8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-12882
16PHP Date Extension parse_date.c php_parse_date information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2017-11146
17Rocket.Chat Server NoSQL sql injection8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2017-1000493
18Apache HTTP Server HTTP Strict Parsing ap_find_token input validation8.58.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.08CVE-2017-7668
19Microsoft Windows TCP/IP Stack access control6.35.7$25k-$100k$0-$5kHighOfficial Fix0.04CVE-2014-4076
20Microsoft Windows rpc access control6.66.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2017-8461

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (121)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
137.59.198.130OceanLotusverifiedHigh
237.59.198.131OceanLotusverifiedHigh
345.9.239.3445.9.239.34.deltahost-ptrOceanLotusverifiedHigh
445.9.239.4545.9.239.45.deltahost-ptrOceanLotusverifiedHigh
545.9.239.7745.9.239.77.deltahost-ptrOceanLotusverifiedHigh
645.9.239.11045.9.239.110.deltahost-ptrOceanLotusverifiedHigh
745.9.239.13945.9.239.139.deltahost-ptrOceanLotusverifiedHigh
845.32.100.17945.32.100.179.vultr.comOceanLotusverifiedMedium
945.32.105.45APT32OceanLotusverifiedHigh
1045.32.114.4945.32.114.49.vultr.comOceanLotusverifiedMedium
1145.76.147.20145.76.147.201.vultr.comAPT32OceanLotusverifiedMedium
1245.76.179.2845.76.179.28.vultr.comOceanLotusverifiedMedium
1345.76.179.15145.76.179.151.vultr.comOceanLotusverifiedMedium
1445.77.39.10145.77.39.101.vultr.comAPT32OceanLotusverifiedMedium
1545.114.117.164folien.reisnart.comOceanLotusverifiedHigh
1646.183.220.81ip-220-81.dataclub.infoOceanLotusverifiedHigh
1746.183.220.82ip-220-82.dataclub.infoOceanLotusverifiedHigh
1846.183.221.188ip-221-188.dataclub.infoOceanLotusverifiedHigh
1946.183.221.189ip-221-189.dataclub.infoOceanLotusverifiedHigh
2046.183.221.190ip-221-190.dataclub.infoOceanLotusverifiedHigh
2146.183.222.82ip-222-82.dataclub.infoOceanLotusverifiedHigh
2246.183.222.83ip-222-83.dataclub.infoOceanLotusverifiedHigh
2346.183.222.84ip-222-84.dataclub.infoOceanLotusverifiedHigh
2446.183.223.106ip-223-106.dataclub.infoOceanLotusverifiedHigh
2546.183.223.107ip-223-107.dataclub.infoOceanLotusverifiedHigh
26XX.XXX.XXX.XXXxxxxxx-xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
27XX.XX.XXX.Xxxxxxx.xxxxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
28XX.XX.XXX.XXxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
29XX.XX.XXX.XXxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
30XX.XX.XXX.XXxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
31XX.XX.XXX.XXxxxx.xxxxx-xxxxx.xxxXxxxxxxxxxverifiedHigh
32XX.XX.XXX.XXxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
33XX.XX.XXX.XXXxxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
34XX.XX.XXX.XXXxxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
35XX.XX.XXX.XXXxxxxxxxxxxxxx.xxxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
36XX.XXX.XXX.XXXxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
37XX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
38XX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
39XX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
40XX.XXX.XX.XXXxxxxxxxxx.xxxxxxx.xxx.xx.xxx.xx.xx-xxxx.xxxxXxxxxxxxxxverifiedHigh
41XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xx.xxx.xxXxxxxxxxxxverifiedHigh
42XX.XX.XXX.XXXxxxxx.xxxxxxxxx.xxXxxxxxxxxxverifiedHigh
43XX.XX.XXX.XXXxxxxx.xxxxxxxxx.xxXxxxxxxxxxverifiedHigh
44XX.XX.XX.XXXXxxxxXxxxxxxxxxverifiedHigh
45XX.XX.XX.XXXxxxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
46XX.XXX.XX.XXXxx.xxx.xx.xxx.xxxxxxxxx-xxxXxxxxxxxxxverifiedHigh
47XXX.XX.XX.XXXxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxxxxxxverifiedHigh
48XXX.XX.XX.XXXxxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxXxxxxxxxxxverifiedHigh
49XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
50XXX.XXX.XXX.XXXxxxxxxxx.xxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
51XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
52XXX.XXX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
53XXX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
54XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
55XXX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
56XXX.XX.XXX.XXXXxxxxXxxxxxxxxxverifiedHigh
57XXX.XX.XXX.XXXxxxxxxxxxverifiedHigh
58XXX.XX.XXX.XXXxxxxxxxxxverifiedHigh
59XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
60XXX.XX.XX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
61XXX.XX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
62XXX.XX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
63XXX.XX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
64XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
65XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
66XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxverifiedHigh
67XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
68XXX.XX.X.XXXxxxxxxxxxverifiedHigh
69XXX.XX.XXX.XXxxxxxxxxx.xxxxxxx.xxxxxxxxx.xxXxxxxxxxxxverifiedHigh
70XXX.XX.XXX.XXXxxxxxxxxx.xxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
71XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
72XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
73XXX.XX.XXX.XXXxxxxxxx.xxxXxxxxxxxxxverifiedHigh
74XXX.XXX.XX.XXxx.xx-xxx-xxx-xx.xxXxxxxxxxxxverifiedHigh
75XXX.XXX.XXX.XXXXxxxxxxxxxverifiedHigh
76XXX.XX.XX.XXXxxxxxxxxxverifiedHigh
77XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxxxxxxverifiedHigh
78XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
79XXX.XXX.XX.XXXxxxxxxxxxverifiedHigh
80XXX.XXX.XX.XXxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
81XXX.XXX.XX.XXxxxx-xxx-xxxxx-x.xxxxxxxxxxxxx.xxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
82XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
83XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
84XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
85XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
86XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
87XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
88XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
89XXX.XXX.XX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
90XXX.XXX.XX.XXXXxxxxxxxxxverifiedHigh
91XXX.XXX.XXX.XXXxxxxxxx.xxxx.xxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
92XXX.XXX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
93XXX.XXX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
94XXX.XXX.XXX.XXxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
95XXX.XXX.XXX.XXXxxxx.xxxx.xxxx.xxxxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
96XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
97XXX.XXX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
98XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
99XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
100XXX.XXX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
101XXX.XX.X.XXxx-x-xx.xxxxxxxx.xxxxXxxxxxxxxxverifiedHigh
102XXX.XX.X.XXxx-x-xx.xxxxxxxx.xxxxXxxxxxxxxxverifiedHigh
103XXX.XXX.XXX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
104XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
105XXX.XX.XXX.XXXXxxxxxxxxxverifiedHigh
106XXX.XXX.XXX.XXxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxxxverifiedHigh
107XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxxxxxxverifiedHigh
108XXX.XX.XXX.XXXxxxxxx.xxXxxxxxxxxxverifiedHigh
109XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxverifiedHigh
110XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxverifiedHigh
111XXX.XX.XXX.XXXxxxxx.xx-xxx-xx-xxx.xxxXxxxxxxxxxverifiedHigh
112XXX.XXX.XX.XXXxxxxXxxxxxxxxxverifiedHigh
113XXX.XXX.XX.XXXxxxxXxxxxxxxxxverifiedHigh
114XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
115XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
116XXX.XXX.XX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
117XXX.XXX.XX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
118XXX.XXX.XX.XXXxxx-xxxxxx.xxxxx.xxxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
119XXX.XXX.XXX.XXXxxxx.xxxxxxx.xxxXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
120XXX.XX.XXX.XXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh
121XXX.XX.XXX.XXXXxxxxxxxxxXxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (2)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileadmin/languages.phppredictiveHigh
3Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
4Filexxx/xxxx/xxxx.xpredictiveHigh
5Filexxx/xxxxxxxx/xxxx_xxxxx.xpredictiveHigh
6Filexxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
8Filexxx.xxxpredictiveLow
9Filexxxxxxxxxxx.xpredictiveHigh
10Filexxx.xxxpredictiveLow
11ArgumentxxxxxxxxpredictiveMedium
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxxpredictiveLow

References (8)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!