Lucifer Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

Idioma

en	26
zh	4

País

cn	24

Actores

Lucifer	4

Interesar

Escribe

File Transfer Software	2
Application Server Software	2
Connectivity Software	2
Not Defined	2
Smartwatch Operating System	2

Proveedor

Not Defined	10
Oracle	4
Apache	2
Apple	2
Microsoft	2

Producto

ProFTPD	2
Apache Tomcat	2
OpenSSH	2
Traefik	2
Apple watchOS	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	Microsoft Windows NetBIOS WinNuke denegación de servicio	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.00304	0.03	CVE-1999-0153
2	Oracle PeopleSoft Enterprise PeopleTools Integration Broker escalada de privilegios	6.5	5.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00799	0.05	CVE-2017-3548
3	ZyXEL NAS326/NAS540/NAS542 UDP Packet Format String	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00435	0.00	CVE-2022-34747
4	MediaWiki cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00136	0.00	CVE-2007-4883
5	OpenSSH escalada de privilegios	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.02103	0.00	CVE-2007-4752
6	Dian Gemilang DGNews news.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00214	0.00	CVE-2007-2994
7	PHP-Generics include.php escalada de privilegios	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.15334	0.00	CVE-2007-2346
8	JumpDEMAND 4ECPS Web Forms Plugin cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00048	0.00	CVE-2022-44628
9	Top Bar Plugin Setting cross site scripting	2.4	2.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00056	0.00	CVE-2022-2629
10	Apple watchOS Audio File divulgación de información	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00109	0.00	CVE-2020-29610
11	Openscad STL File import_stl.cc import_stl desbordamiento de búfer	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00208	0.00	CVE-2020-28599
12	NVIDIA Jetson Linux Driver Package Cboot Module blob_decompress desbordamiento de búfer	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-28196
13	Oracle Communications Pricing Design Center Python desbordamiento de búfer	9.8	9.6	$100k y más	$5k-$25k	Not Defined	Official Fix	0.04038	0.00	CVE-2021-3177
14	SolarWinds SQL Sentry divulgación de información	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.00	CVE-2022-38107
15	Google Android DevicePolicyManager divulgación de información	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-20275
16	Google Android Task.java Local Privilege Escalation	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00048	0.03	CVE-2021-39696
17	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.91	CVE-2010-0966

Campañas (1)

These are the campaigns that can be associated with the actor:

CVE-2021-25646

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	20.205.116.139		Lucifer	CVE-2021-25646	2024-02-27	verified	Alto
2	45.141.68.25		Lucifer	CVE-2021-25646	2024-02-27	verified	Alto
3	47.88.49.239		Lucifer	CVE-2021-25646	2024-02-27	verified	Alto
4	XX.XX.XXX.X		Xxxxxxx	Xxx-xxxx-xxxxx	2024-02-27	verified	Alto
5	XX.XX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	2024-02-27	verified	Alto
6	XX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	2024-02-27	verified	Alto
7	XXX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	2024-02-27	verified	Alto
8	XXX.XX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	2024-02-27	verified	Alto
9	XXX.XX.X.XX		Xxxxxxx	Xxx-xxxx-xxxxx	2024-02-27	verified	Alto
10	XXX.XX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	2024-02-27	verified	Alto
11	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxx		2021-08-29	verified	Alto
12	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxxx		2021-08-29	verified	Alto
13	XXX.XXX.XXX.XX		Xxxxxxx		2021-08-29	verified	Alto
14	XXX.XXX.XX.XX		Xxxxxxx		2021-08-29	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	import_stl.cc	predictive	Alto
2	File	inc/config.php	predictive	Alto
3	File	xxxxxxx.xxx	predictive	Medio
4	File	xxxx.xxx	predictive	Medio
5	File	xxxx.xxxx	predictive	Medio
6	Argument	xxxxxxxx	predictive	Medio
7	Argument	xxxx/xxxx	predictive	Medio
8	Argument	xxxxxx	predictive	Bajo
9	Argument	x-xxxxxxxxx-xxx	predictive	Alto
10	Argument	_xxx_xxxxxxxx_xxxx	predictive	Alto

Referencias (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!