LuminousMoth تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (24)

التسلسل الزمني

اللغة

en20
de2
zh2

البلد

us12
cn10
ru2

الفاعلين

LuminousMoth1
Mustang Panda1
Lazarus1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined6
Content Management System4
Operating System4
Groupware Software2
Programming Language Software2

المجهز

Not Defined8
Microsoft6
Progress2
Fortinet2
Bomgar2

منتج

Microsoft Windows4
Microsoft Exchange Server2
php-fpm2
WordPress2
Progress MOVEit Transfer2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.070.00241CVE-2020-12440
2Adobe Acrobat Reader Font File تلف الذاكرة7.06.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.00177CVE-2022-24092
3PHP SOAP Extension unserialize تجاوز الصلاحيات8.17.7$5k-$25k$0-$5kUnprovenOfficial Fix0.050.04858CVE-2015-4599
4Microsoft Office Word Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.000.03190CVE-2021-42296
5Microsoft Windows Active Directory Domain Services Privilege Escalation7.56.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.080.59906CVE-2021-42278
6GitLab Community Edition/Enterprise Edition Image File Privilege Escalation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.010.97463CVE-2021-22205
7Microsoft Exchange Server Privilege Escalation6.55.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.00086CVE-2021-24085
8FortiLogger SaveUploadedHotspotLogoFile تجاوز الصلاحيات7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000.46039CVE-2021-3378
9Opengear Console Server Serial Port Logging Stored سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00058CVE-2019-14456
10WordPress Thumbnail تجاوز الصلاحيات7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00990CVE-2018-1000773
11Fortinet FortiGate Log تجاوز الصلاحيات4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00089CVE-2020-12818
12Progress MOVEit Transfer REST API MOVEit.DMZ.WebApi.dll حقن إس كيو إل8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00357CVE-2019-16383
13IBM WebSphere Application Server Stack Trace الكشف عن المعلومات5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00103CVE-2019-4441
14Django حقن إس كيو إل8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00742CVE-2020-7471
15Django سكربتات مشتركة5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.02341CVE-2020-13596
16Django CMS طلب تزوير مشترك6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00231CVE-2015-5081
17Microsoft Windows Netlogon Zerologon تجاوز الصلاحيات8.48.0$25k-$100k$0-$5kHighOfficial Fix0.040.33347CVE-2020-1472
18Famatech Remote Administrator توثيق ضعيف7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000.00000
19DeDeCMS co_do.php حقن إس كيو إل8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00190CVE-2018-19061
20php-fpm تجاوز الصلاحيات5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00042CVE-2015-3211

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.204.9.70LuminousMoth17/07/2021verifiedعالي
2XXX.XX.XX.XXXxxxx.xxxxxxxxxxxxxx.xxxxXxxxxxxxxxxx17/07/2021verifiedعالي
3XXX.XX.XX.XXXxxxxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxxxx17/07/2021verifiedعالي

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059.007CWE-79Cross Site Scriptingpredictiveعالي
2T1068CWE-269Execution with Unnecessary Privilegespredictiveعالي
3TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1FileConfig/SaveUploadedHotspotLogoFilepredictiveعالي
2Filexxxx\xx_xx.xxxpredictiveعالي
3Libraryxxxxxx.xxx.xxxxxx.xxxpredictiveعالي
4Argumentxxxpredictiveواطئ

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!