LazyScripter Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (209)

Langue

en	168
fr	24
de	8
zh	4
pl	4

De campagne

us	188
ch	6
de	2
pl	2
fr	2

Acteurs

AsyncRAT	2
LazyScripter	2
NjRAT	1
RATLoader	1
Purple Fox	1

Intérêt

Taper

Not Defined	56
Content Management System	16
Firewall Software	8
E-Commerce Management Software	4
Web Browser	4

Fournisseur

Not Defined	38
Microsoft	6
Itechscripts	6
AXIS	4
Apple	4

Produit

DokuWiki	4
Itechscripts iTechBids	4
Kentico CMS	2
Ilohamail	2
Virtual Programming VP-ASP	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.97	CVE-2010-0966
3	Gempar Script Toko Online shop_display_products.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00100	0.02	CVE-2009-0296
4	Ecommerce Online Store Kit shop.php sql injection	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03763	0.04	CVE-2004-0300
5	WoltLab Burning Book addentry.php sql injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.02	CVE-2006-5509
6	FiberHome HG2201T telnet.cgi elévation de privilèges	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00609	0.00	CVE-2019-17186
7	Google Chrome Utility Process race condition	9.8	9.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00801	0.07	CVE-2011-3961
8	DataLynx suGuard elévation de privilèges	5.9	5.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.02	CVE-1999-0388
9	Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password divulgation de l'information	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Workaround	0.00755	0.02	CVE-2001-0821
10	MidiCart PHP Shopping Cart item_show.php sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05
11	Linksys WVC11B main.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01569	0.04	CVE-2004-2508
12	Asternic Flash Operator Panel User Control Panel elévation de privilèges	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00214	0.04	CVE-2018-5694
13	Contenido Contendio allow_url_fopen elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00575	0.00	CVE-2005-4132
14	Microsoft Windows Remote Desktop/Terminal Services Web Connection authentification faible	6.3	6.2	$25k-$100k	$0-$5k	Not Defined	Workaround	0.00000	0.02
15	Ilohamail cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.05
16	Microsoft IIS Error Message cross site scripting	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00169	0.00	CVE-2000-1104
17	Microsoft IIS Error Message cross site scripting	4.2	4.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03911	0.03	CVE-2003-0223
18	Adobe ColdFusion cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01479	0.00	CVE-2007-0817
19	SourceCodester Garage Management System createUser.php elévation de privilèges	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00307	0.04	CVE-2022-2578
20	D-Link IP Cameras rtpd.cgi mauvaise	9.8	8.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.91559	0.00	CVE-2013-1599

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	45.91.92.112		LazyScripter	11/03/2022	verified	Élevé
2	66.29.130.204	server1.gowaymevps.xyz	LazyScripter	11/03/2022	verified	Élevé
3	103.73.64.115		LazyScripter	11/03/2022	verified	Élevé
4	XXX.XXX.X.XX		Xxxxxxxxxxxx	23/03/2022	verified	Élevé
5	XXX.XXX.XXX.XXX		Xxxxxxxxxxxx	11/03/2022	verified	Élevé
6	XXX.XXX.XXX.XX		Xxxxxxxxxxxx	31/05/2021	verified	Élevé
7	XXX.XXX.XXX.XX		Xxxxxxxxxxxx	11/03/2022	verified	Élevé
8	XXX.XX.XXX.XXX		Xxxxxxxxxxxx	11/03/2022	verified	Élevé
9	XXX.XXX.XXX.XXX	xxxx.xxxxxxx.xxx	Xxxxxxxxxxxx	31/05/2021	verified	Élevé
10	XXX.XX.XXX.XXX		Xxxxxxxxxxxx	11/03/2022	verified	Élevé
11	XXX.XXX.XXX.XX		Xxxxxxxxxxxx	31/05/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22, CWE-23	Path Traversal	predictive	Élevé
2	T1059	CWE-94	Argument Injection	predictive	Élevé
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Élevé
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
10	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé
11	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Élevé
12	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé
13	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	Élevé

IOA - Indicator of Attack (96)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/catalog/admin/categories.php?cPath=&action=new_product	predictive	Élevé
2	File	/etc/passwd	predictive	Moyen
3	File	/inc/HTTPClient.php	predictive	Élevé
4	File	/php_action/createUser.php	predictive	Élevé
5	File	/var/WEB-GUI/cgi-bin/telnet.cgi	predictive	Élevé
6	File	addentry.php	predictive	Moyen
7	File	admin.php	predictive	Moyen
8	File	admin/admin.shtml	predictive	Élevé
9	File	Admin/ADM_Pagina.php	predictive	Élevé
10	File	admin/editcatalogue.php	predictive	Élevé
11	File	admin/menus/edit.php	predictive	Élevé
12	File	xxxxx.xxx	predictive	Moyen
13	File	xx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxx	predictive	Élevé
14	File	xxxxxxxxxx.xxx	predictive	Élevé
15	File	xxxxxxxx.xxx	predictive	Moyen
16	File	xxxxxxxx_xxxx.xxx	predictive	Élevé
17	File	xxx_xxxx.x	predictive	Moyen
18	File	xxxxxxxxx.xxx	predictive	Élevé
19	File	xxxxxx-xxxxx	predictive	Moyen
20	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
21	File	xxxxxx.xxx	predictive	Moyen
22	File	xxxxxx.xxx	predictive	Moyen
23	File	xxxxx_xxx_xxxxx.xxx	predictive	Élevé
24	File	xxxxxxxxxx-xx-xxxxxx/xxxx/xxxx.xxx	predictive	Élevé
25	File	xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxx	predictive	Élevé
26	File	xxx/xxxxxx.xxx	predictive	Élevé
27	File	xxxxxxx/xxxx_xxxxxxxx.xxxxx.xxx	predictive	Élevé
28	File	xxxxx.xxx	predictive	Moyen
29	File	xxxxxxx.xxx	predictive	Moyen
30	File	xxxxxxxxxx.xxx	predictive	Élevé
31	File	xxxx_xxxx.xxx	predictive	Élevé
32	File	xxxxx_xx.xxxx	predictive	Élevé
33	File	xxxxxxxxxx/xxxxxxx.x	predictive	Élevé
34	File	xxxx.xxx	predictive	Moyen
35	File	xxxxxxxx.xxx	predictive	Moyen
36	File	xxxxxxxx.xxx	predictive	Moyen
37	File	xxx_xxxx.xxx	predictive	Moyen
38	File	xxx_xxxx.xxx.xxx	predictive	Élevé
39	File	xxxxxx.xxx/xxxx_xxxx_xxxx.xxx	predictive	Élevé
40	File	xxxxxxxxxx.xxx	predictive	Élevé
41	File	xxxxxxxx-x.xx	predictive	Élevé
42	File	xxxx/xxxxxxx/xxxxxxxxxxxxx_xxx.xxx	predictive	Élevé
43	File	xxxxxxxx.xxx	predictive	Moyen
44	File	xxxx.xxx	predictive	Moyen
45	File	xxxxxxxxxxxxx.xxx	predictive	Élevé
46	File	xxxxxxxxx.xxx	predictive	Élevé
47	File	xxxxxxxxxxxxxxxx.xxx	predictive	Élevé
48	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Élevé
49	File	xxxxx_xxxxx.xxx	predictive	Élevé
50	File	xxxxxx/xxxxx/xxxx_xxxxxxx.xxx	predictive	Élevé
51	File	xxxxxx.xxx	predictive	Moyen
52	File	xxxx_xxxxx.xxx	predictive	Élevé
53	File	xxx/xxx/xxx-xxx/xxxx.xxx	predictive	Élevé
54	File	xxxx.xxx	predictive	Moyen
55	File	xxxxxxxx.xxx	predictive	Moyen
56	File	xxxxxxx.xxx	predictive	Moyen
57	Library	xxxxxx[xxxxxx_xxxx	predictive	Élevé
58	Library	xxxxxx.xxx	predictive	Moyen
59	Library	xxxxxxxxxxxxxxxxxxxx.xxx	predictive	Élevé
60	Library	xxx/xx_xxx.x	predictive	Moyen
61	Argument	(xxxxxx)	predictive	Moyen
62	Argument	xxx_xx	predictive	Faible
63	Argument	xxxxxxxx	predictive	Moyen
64	Argument	xx_xxxx_xxxx	predictive	Moyen
65	Argument	xxx	predictive	Faible
66	Argument	xxxxx	predictive	Faible
67	Argument	xxx_xx	predictive	Faible
68	Argument	xxx	predictive	Faible
69	Argument	xxxx_xx	predictive	Faible
70	Argument	xxxxxxx	predictive	Faible
71	Argument	xxxxxx[xxxxxx_xxxx]	predictive	Élevé
72	Argument	xxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxx	predictive	Élevé
73	Argument	xxxxxx_xxxx	predictive	Moyen
74	Argument	xxxxxxx	predictive	Faible
75	Argument	xxxxxxxx	predictive	Moyen
76	Argument	xxxxx	predictive	Faible
77	Argument	xx	predictive	Faible
78	Argument	xx	predictive	Faible
79	Argument	xxxx_xx	predictive	Faible
80	Argument	xxxxx_xxxx	predictive	Moyen
81	Argument	xxxxxx	predictive	Faible
82	Argument	xxxx_xxxx	predictive	Moyen
83	Argument	xxx[xxxx][xx_xxxx_xxxx]	predictive	Élevé
84	Argument	xxxx_xx	predictive	Faible
85	Argument	xxxx	predictive	Faible
86	Argument	xxxxxx_xxxx	predictive	Moyen
87	Argument	xxxxxxxx	predictive	Moyen
88	Argument	xxxxxx_xxxx[]	predictive	Élevé
89	Argument	xxxxxx	predictive	Faible
90	Argument	xxxxx	predictive	Faible
91	Argument	xxxx	predictive	Faible
92	Argument	xxxxxxxx	predictive	Moyen
93	Argument	x-xxxx-xxxxx	predictive	Moyen
94	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	Élevé
95	Input Value	//xxx.xxxxxxx.xxx	predictive	Élevé
96	Pattern	\|xx xx xx\|	predictive	Moyen

Références (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!