Lorenz Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (82)

Langue

en	64
es	10
zh	2
ar	2
ru	2

De campagne

us	26
cn	12
ir	6
ar	2

Acteurs

Lorenz	5
Cobalt Strike	3
BumbleBee	2
Raccoon	2
YoroTrooper	1

Intérêt

Taper

Bug Tracking Software	30
Not Defined	22
Web Server	6
Programming Language Software	4
Remote Access Software	2

Fournisseur

GitLab	20
Not Defined	20
Geoff Davies	4
Oracle	4
SolarWinds	2

Produit

GitLab Community Edition	16
GitLab Enterprise Edition	16
Violation Comments to GitLab Plugin	4
Geoff Davies Contact Forms	4
nginx	4

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	Oracle REST Data Services dénie de service	7.0	6.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03359	0.04	CVE-2023-24998
3	Extreme EXOS buffer overflow	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00209	0.00	CVE-2017-14328
4	SentryHD elévation de privilèges	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.01
5	GitLab Community Edition/Enterprise Edition Bowser Cache divulgation de l'information	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00079	0.00	CVE-2018-18640
6	Oracle REST Data Services General divulgation de l'information	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2020-14745
7	Oracle REST Data Services divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.47555	0.00	CVE-2021-34429
8	HP System Management Homepage Access Restriction buffer overflow	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.21036	0.00	CVE-2011-1541
9	nginx elévation de privilèges	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.77	CVE-2020-12440
10	Teltonika Remote Management System/RUT elévation de privilèges	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.02	CVE-2023-32350
11	python-jwt authentification faible	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.00	CVE-2022-39227
12	OpenSSH Forward Option roaming_common.c roaming_write buffer overflow	8.1	7.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00266	0.00	CVE-2016-0778
13	Technicolor TC7337NET Password chiffrement faible	7.5	7.5	$0-$5k	Calculateur	Not Defined	Not Defined	0.01218	0.04	CVE-2020-10376
14	Nextcloud Password Policy divulgation de l'information	2.7	2.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00050	0.00	CVE-2022-35931
15	Citrix XenServer directory traversal	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02340	0.04	CVE-2018-14007
16	polkit polkitd divulgation de l'information	5.7	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00066	0.00	CVE-2018-1116
17	Apache HTTP Server mod_proxy elévation de privilèges	7.3	7.3	$5k-$25k	$25k-$100k	High	Not Defined	0.97446	0.00	CVE-2021-40438
18	mod_ssl SSLVerifyClient Remote Code Execution	9.8	8.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00214	0.02	CVE-2005-2700
19	Huawei ACXXXX/SXXXX SSH Packet elévation de privilèges	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00246	0.07	CVE-2014-8572
20	Vim buffer overflow	7.1	7.0	$0-$5k	Calculateur	Not Defined	Official Fix	0.00102	0.00	CVE-2021-3984

Campagnes (1)

These are the campaigns that can be associated with the actor:

CVE-2022-29499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	64.190.113.100		Lorenz	CVE-2022-29499	20/09/2022	verified	Élevé
2	137.184.181.252		Lorenz	CVE-2022-29499	20/09/2022	verified	Élevé
3	XXX.XX.XX.XX	xxxx.xxxxxxxxxxxxxx.xxx	Xxxxxx	Xxx-xxxx-xxxxx	20/09/2022	verified	Élevé
4	XXX.XX.XX.XX		Xxxxxx	Xxx-xxxx-xxxxx	20/09/2022	verified	Élevé
5	XXX.XXX.XXX.XX		Xxxxxx	Xxx-xxxx-xxxxx	20/09/2022	verified	Élevé
6	XXX.XX.XXX.XXX	xxxxxxxxxxx.xxxxxxx.xxxx	Xxxxxx	Xxx-xxxx-xxxxx	20/09/2022	verified	Élevé
7	XXX.XXX.XXX.XXX		Xxxxxx	Xxx-xxxx-xxxxx	20/09/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Élevé
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	Élevé
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Élevé
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Élevé
8	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Élevé
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
10	TXXXX	CAPEC-55	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
11	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
12	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	config.xml	predictive	Moyen
2	File	contact.php	predictive	Moyen
3	File	contact_support.php	predictive	Élevé
4	File	data/gbconfiguration.dat	predictive	Élevé
5	File	xxxx.xxx	predictive	Moyen
6	File	xxx/xxxxxx.xxx	predictive	Élevé
7	File	xxxxx.xxx	predictive	Moyen
8	File	xxxxxxxxxxxxxxx.xxxx	predictive	Élevé
9	File	xxxxxx_xxxx_xxx_xxx.xxx	predictive	Élevé
10	File	xxx_xxxxx.x	predictive	Moyen
11	File	xxxxxxxx.xxx	predictive	Moyen
12	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Élevé
13	File	xxxxxxx_xxxxxx.x	predictive	Élevé
14	File	xxxx-xxxxxxxx.xxx	predictive	Élevé
15	File	xxx.x	predictive	Faible
16	File	xx-xxxxxxx/xxxxxxx/xxxx/xx	predictive	Élevé
17	Argument	xxxxxxxx	predictive	Moyen
18	Argument	xxxxxxxxxxxxxx	predictive	Élevé
19	Argument	xxxxxxx_xx	predictive	Moyen
20	Argument	xxxxxxx	predictive	Faible
21	Argument	xxxx	predictive	Faible
22	Argument	xxxxxxxx	predictive	Moyen
23	Argument	xxxxxxxx	predictive	Moyen
24	Argument	xxxx	predictive	Faible
25	Argument	xxx	predictive	Faible
26	Network Port	xxx	predictive	Faible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Might our Artificial Intelligence support you?

Check our Alexa App!