Lorenz Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (82)

Idioma

en	68
es	8
zh	4
ru	2

País

us	26
cn	12
ir	4
ru	2
pt	2

Actores

Lorenz	5
Cobalt Strike	3
Raccoon	2
BumbleBee	2
YoroTrooper	1

Interesar

Escribe

Bug Tracking Software	30
Not Defined	20
Virtualization Software	4
Programming Language Software	4
Firewall Software	2

Proveedor

Not Defined	22
GitLab	22
F5	2
Citrix	2
SolarWinds	2

Producto

GitLab Enterprise Edition	16
GitLab Community Edition	14
Violation Comments to GitLab Plugin	2
F5 BIG-IP Controller for Kubernetes	2
GitLab Community	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	Calculador	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Oracle REST Data Services denegación de servicio	7.0	6.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03359	0.04	CVE-2023-24998
3	Extreme EXOS desbordamiento de búfer	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00209	0.00	CVE-2017-14328
4	SentryHD escalada de privilegios	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.01
5	GitLab Community Edition/Enterprise Edition Bowser Cache divulgación de información	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00079	0.00	CVE-2018-18640
6	Oracle REST Data Services General divulgación de información	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2020-14745
7	Oracle REST Data Services divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.47555	0.00	CVE-2021-34429
8	HP System Management Homepage Access Restriction desbordamiento de búfer	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.21036	0.00	CVE-2011-1541
9	nginx escalada de privilegios	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	4.65	CVE-2020-12440
10	Teltonika Remote Management System/RUT escalada de privilegios	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.02	CVE-2023-32350
11	python-jwt autenticación débil	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.05	CVE-2022-39227
12	OpenSSH Forward Option roaming_common.c roaming_write desbordamiento de búfer	8.1	7.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00266	0.00	CVE-2016-0778
13	Technicolor TC7337NET Password cifrado débil	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01218	0.04	CVE-2020-10376
14	Nextcloud Password Policy divulgación de información	2.7	2.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00050	0.00	CVE-2022-35931
15	Citrix XenServer directory traversal	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02340	0.00	CVE-2018-14007
16	polkit polkitd divulgación de información	5.7	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00066	0.00	CVE-2018-1116
17	Apache HTTP Server mod_proxy escalada de privilegios	7.3	7.3	$5k-$25k	$25k-$100k	High	Not Defined	0.97446	0.00	CVE-2021-40438
18	mod_ssl SSLVerifyClient Remote Code Execution	9.8	8.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00214	0.02	CVE-2005-2700
19	Huawei ACXXXX/SXXXX SSH Packet escalada de privilegios	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00246	0.07	CVE-2014-8572
20	Vim desbordamiento de búfer	7.1	7.0	$0-$5k	Calculador	Not Defined	Official Fix	0.00102	0.00	CVE-2021-3984

Campañas (1)

These are the campaigns that can be associated with the actor:

CVE-2022-29499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	64.190.113.100		Lorenz	CVE-2022-29499	2022-09-20	verified	Alto
2	137.184.181.252		Lorenz	CVE-2022-29499	2022-09-20	verified	Alto
3	XXX.XX.XX.XX	xxxx.xxxxxxxxxxxxxx.xxx	Xxxxxx	Xxx-xxxx-xxxxx	2022-09-20	verified	Alto
4	XXX.XX.XX.XX		Xxxxxx	Xxx-xxxx-xxxxx	2022-09-20	verified	Alto
5	XXX.XXX.XXX.XX		Xxxxxx	Xxx-xxxx-xxxxx	2022-09-20	verified	Alto
6	XXX.XX.XXX.XXX	xxxxxxxxxxx.xxxxxxx.xxxx	Xxxxxx	Xxx-xxxx-xxxxx	2022-09-20	verified	Alto
7	XXX.XXX.XXX.XXX		Xxxxxx	Xxx-xxxx-xxxxx	2022-09-20	verified	Alto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-55	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	config.xml	predictive	Medio
2	File	contact.php	predictive	Medio
3	File	contact_support.php	predictive	Alto
4	File	data/gbconfiguration.dat	predictive	Alto
5	File	xxxx.xxx	predictive	Medio
6	File	xxx/xxxxxx.xxx	predictive	Alto
7	File	xxxxx.xxx	predictive	Medio
8	File	xxxxxxxxxxxxxxx.xxxx	predictive	Alto
9	File	xxxxxx_xxxx_xxx_xxx.xxx	predictive	Alto
10	File	xxx_xxxxx.x	predictive	Medio
11	File	xxxxxxxx.xxx	predictive	Medio
12	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Alto
13	File	xxxxxxx_xxxxxx.x	predictive	Alto
14	File	xxxx-xxxxxxxx.xxx	predictive	Alto
15	File	xxx.x	predictive	Bajo
16	File	xx-xxxxxxx/xxxxxxx/xxxx/xx	predictive	Alto
17	Argument	xxxxxxxx	predictive	Medio
18	Argument	xxxxxxxxxxxxxx	predictive	Alto
19	Argument	xxxxxxx_xx	predictive	Medio
20	Argument	xxxxxxx	predictive	Bajo
21	Argument	xxxx	predictive	Bajo
22	Argument	xxxxxxxx	predictive	Medio
23	Argument	xxxxxxxx	predictive	Medio
24	Argument	xxxx	predictive	Bajo
25	Argument	xxx	predictive	Bajo
26	Network Port	xxx	predictive	Bajo

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you know our Splunk app?

Download it now for free!