LazyScripter Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (209)

Idioma

en	166
fr	18
de	16
es	4
it	2

País

us	184
de	6
ch	6
fr	2
in	2

Actores

NjRAT	2
AsyncRAT	2
LazyScripter	1
IcedID	1
RATLoader	1

Interesar

Escribe

Not Defined	54
Content Management System	18
Operating System	8
Firewall Software	4
Programming Language Software	4

Proveedor

Not Defined	30
Microsoft	6
Itechscripts	4
Apache	4
Apple	4

Producto

Microsoft Windows	6
Itechscripts iTechBids	4
baigo CMS	4
Laravel Framework	2
Joomla CMS	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.59	CVE-2010-0966
3	Gempar Script Toko Online shop_display_products.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
4	Ecommerce Online Store Kit shop.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03763	0.04	CVE-2004-0300
5	WoltLab Burning Book addentry.php sql injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.02	CVE-2006-5509
6	FiberHome HG2201T telnet.cgi escalada de privilegios	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00609	0.00	CVE-2019-17186
7	Google Chrome Utility Process condición de carrera	9.8	9.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00801	0.07	CVE-2011-3961
8	DataLynx suGuard escalada de privilegios	5.9	5.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.02	CVE-1999-0388
9	Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password divulgación de información	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Workaround	0.00755	0.02	CVE-2001-0821
10	MidiCart PHP Shopping Cart item_show.php sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05
11	Linksys WVC11B main.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01569	0.04	CVE-2004-2508
12	Asternic Flash Operator Panel User Control Panel escalada de privilegios	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00214	0.04	CVE-2018-5694
13	Contenido Contendio allow_url_fopen escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00575	0.00	CVE-2005-4132
14	Microsoft Windows Remote Desktop/Terminal Services Web Connection autenticación débil	6.3	6.2	$25k-$100k	$0-$5k	Not Defined	Workaround	0.00000	0.02
15	Ilohamail cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.09
16	Microsoft IIS Error Message cross site scripting	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00169	0.00	CVE-2000-1104
17	Microsoft IIS Error Message cross site scripting	4.2	4.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03911	0.03	CVE-2003-0223
18	Adobe ColdFusion cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01479	0.00	CVE-2007-0817
19	SourceCodester Garage Management System createUser.php escalada de privilegios	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00307	0.03	CVE-2022-2578
20	D-Link IP Cameras rtpd.cgi errores configuratione	9.8	8.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.91559	0.00	CVE-2013-1599

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	45.91.92.112		LazyScripter	2022-03-11	verified	Alto
2	66.29.130.204	server1.gowaymevps.xyz	LazyScripter	2022-03-11	verified	Alto
3	103.73.64.115		LazyScripter	2022-03-11	verified	Alto
4	XXX.XXX.X.XX		Xxxxxxxxxxxx	2022-03-23	verified	Alto
5	XXX.XXX.XXX.XXX		Xxxxxxxxxxxx	2022-03-11	verified	Alto
6	XXX.XXX.XXX.XX		Xxxxxxxxxxxx	2021-05-31	verified	Alto
7	XXX.XXX.XXX.XX		Xxxxxxxxxxxx	2022-03-11	verified	Alto
8	XXX.XX.XXX.XXX		Xxxxxxxxxxxx	2022-03-11	verified	Alto
9	XXX.XXX.XXX.XXX	xxxx.xxxxxxx.xxx	Xxxxxxxxxxxx	2021-05-31	verified	Alto
10	XXX.XX.XXX.XXX		Xxxxxxxxxxxx	2022-03-11	verified	Alto
11	XXX.XXX.XXX.XX		Xxxxxxxxxxxx	2021-05-31	verified	Alto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CWE-22, CWE-23	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
10	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
11	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
12	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto
13	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (96)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/catalog/admin/categories.php?cPath=&action=new_product	predictive	Alto
2	File	/etc/passwd	predictive	Medio
3	File	/inc/HTTPClient.php	predictive	Alto
4	File	/php_action/createUser.php	predictive	Alto
5	File	/var/WEB-GUI/cgi-bin/telnet.cgi	predictive	Alto
6	File	addentry.php	predictive	Medio
7	File	admin.php	predictive	Medio
8	File	admin/admin.shtml	predictive	Alto
9	File	Admin/ADM_Pagina.php	predictive	Alto
10	File	admin/editcatalogue.php	predictive	Alto
11	File	admin/menus/edit.php	predictive	Alto
12	File	xxxxx.xxx	predictive	Medio
13	File	xx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxx	predictive	Alto
14	File	xxxxxxxxxx.xxx	predictive	Alto
15	File	xxxxxxxx.xxx	predictive	Medio
16	File	xxxxxxxx_xxxx.xxx	predictive	Alto
17	File	xxx_xxxx.x	predictive	Medio
18	File	xxxxxxxxx.xxx	predictive	Alto
19	File	xxxxxx-xxxxx	predictive	Medio
20	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
21	File	xxxxxx.xxx	predictive	Medio
22	File	xxxxxx.xxx	predictive	Medio
23	File	xxxxx_xxx_xxxxx.xxx	predictive	Alto
24	File	xxxxxxxxxx-xx-xxxxxx/xxxx/xxxx.xxx	predictive	Alto
25	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	Alto
26	File	xxx/xxxxxx.xxx	predictive	Alto
27	File	xxxxxxx/xxxx_xxxxxxxx.xxxxx.xxx	predictive	Alto
28	File	xxxxx.xxx	predictive	Medio
29	File	xxxxxxx.xxx	predictive	Medio
30	File	xxxxxxxxxx.xxx	predictive	Alto
31	File	xxxx_xxxx.xxx	predictive	Alto
32	File	xxxxx_xx.xxxx	predictive	Alto
33	File	xxxxxxxxxx/xxxxxxx.x	predictive	Alto
34	File	xxxx.xxx	predictive	Medio
35	File	xxxxxxxx.xxx	predictive	Medio
36	File	xxxxxxxx.xxx	predictive	Medio
37	File	xxx_xxxx.xxx	predictive	Medio
38	File	xxx_xxxx.xxx.xxx	predictive	Alto
39	File	xxxxxx.xxx/xxxx_xxxx_xxxx.xxx	predictive	Alto
40	File	xxxxxxxxxx.xxx	predictive	Alto
41	File	xxxxxxxx-x.xx	predictive	Alto
42	File	xxxx/xxxxxxx/xxxxxxxxxxxxx_xxx.xxx	predictive	Alto
43	File	xxxxxxxx.xxx	predictive	Medio
44	File	xxxx.xxx	predictive	Medio
45	File	xxxxxxxxxxxxx.xxx	predictive	Alto
46	File	xxxxxxxxx.xxx	predictive	Alto
47	File	xxxxxxxxxxxxxxxx.xxx	predictive	Alto
48	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Alto
49	File	xxxxx_xxxxx.xxx	predictive	Alto
50	File	xxxxxx/xxxxx/xxxx_xxxxxxx.xxx	predictive	Alto
51	File	xxxxxx.xxx	predictive	Medio
52	File	xxxx_xxxxx.xxx	predictive	Alto
53	File	xxx/xxx/xxx-xxx/xxxx.xxx	predictive	Alto
54	File	xxxx.xxx	predictive	Medio
55	File	xxxxxxxx.xxx	predictive	Medio
56	File	xxxxxxx.xxx	predictive	Medio
57	Library	xxxxxx[xxxxxx_xxxx	predictive	Alto
58	Library	xxxxxx.xxx	predictive	Medio
59	Library	xxxxxxxxxxxxxxxxxxxx.xxx	predictive	Alto
60	Library	xxx/xx_xxx.x	predictive	Medio
61	Argument	(xxxxxx)	predictive	Medio
62	Argument	xxx_xx	predictive	Bajo
63	Argument	xxxxxxxx	predictive	Medio
64	Argument	xx_xxxx_xxxx	predictive	Medio
65	Argument	xxx	predictive	Bajo
66	Argument	xxxxx	predictive	Bajo
67	Argument	xxx_xx	predictive	Bajo
68	Argument	xxx	predictive	Bajo
69	Argument	xxxx_xx	predictive	Bajo
70	Argument	xxxxxxx	predictive	Bajo
71	Argument	xxxxxx[xxxxxx_xxxx]	predictive	Alto
72	Argument	xxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxx	predictive	Alto
73	Argument	xxxxxx_xxxx	predictive	Medio
74	Argument	xxxxxxx	predictive	Bajo
75	Argument	xxxxxxxx	predictive	Medio
76	Argument	xxxxx	predictive	Bajo
77	Argument	xx	predictive	Bajo
78	Argument	xx	predictive	Bajo
79	Argument	xxxx_xx	predictive	Bajo
80	Argument	xxxxx_xxxx	predictive	Medio
81	Argument	xxxxxx	predictive	Bajo
82	Argument	xxxx_xxxx	predictive	Medio
83	Argument	xxx[xxxx][xx_xxxx_xxxx]	predictive	Alto
84	Argument	xxxx_xx	predictive	Bajo
85	Argument	xxxx	predictive	Bajo
86	Argument	xxxxxx_xxxx	predictive	Medio
87	Argument	xxxxxxxx	predictive	Medio
88	Argument	xxxxxx_xxxx[]	predictive	Alto
89	Argument	xxxxxx	predictive	Bajo
90	Argument	xxxxx	predictive	Bajo
91	Argument	xxxx	predictive	Bajo
92	Argument	xxxxxxxx	predictive	Medio
93	Argument	x-xxxx-xxxxx	predictive	Medio
94	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	Alto
95	Input Value	//xxx.xxxxxxx.xxx	predictive	Alto
96	Pattern	\|xx xx xx\|	predictive	Medio

Referencias (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you know our Splunk app?

Download it now for free!