Luoxk Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (87)

Langue

en	58
zh	30

De campagne

cn	70
us	18

Acteurs

Luoxk	3
PlugX	1
PingPull	1
BlackTech	1

Intérêt

Taper

Not Defined	36
Web Server	8
Network Encryption Software	4
Network Management Software	4
Cloud Software	4

Fournisseur

Not Defined	28
Microsoft	4
Huawei	4
Oracle	4
OpenVPN	2

Produit

Microsoft IIS	4
OpenVPN Private Tunnel Installer	2
Mail2000	2
Linux Kernel	2
HPE integrated Lights Out	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	CTI	EPSS	CVE
1	Sophos Firewall User Portal/Webadmin authentification faible	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.97434	CVE-2022-1040
2	XoruX LPAR2RRD/STOR2RRD authentification faible	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00262	CVE-2021-42371
3	OpenSSL c_rehash elévation de privilèges	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.09738	CVE-2022-1292
4	Oracle Database Server Core RDBMS Privilege Escalation	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.04	0.00113	CVE-2011-2253
5	Apache ActiveMQ PortfolioPublishServlet.java cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00425	CVE-2012-6092
6	Next.js directory traversal	5.0	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09	0.00213	CVE-2020-5284
7	Python E-mail Module Remote Code Execution	6.3	6.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00095	CVE-2023-27043
8	Oracle Database server Encryption chiffrement faible	9.8	8.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00773	CVE-2006-0270
9	Filebrowser cross site request forgery	6.9	6.4	$0-$5k	$0-$5k	Functional	Official Fix	0.03	0.00762	CVE-2021-46398
10	lighttpd http_auth.c base64_decode dénie de service	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.02569	CVE-2011-4362
11	Labelgate mora Downloader elévation de privilèges	9.8	9.4	$0-$5k	Calculateur	Not Defined	Official Fix	0.00	0.00306	CVE-2012-5188
12	Oracle Email Center Message Display vulnérabilité inconnue	8.2	7.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00192	CVE-2021-2090
13	Oracle MySQL Cluster Node.js elévation de privilèges	8.2	7.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00545	CVE-2021-22884
14	RemiCoin transferFrom buffer overflow	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00896	CVE-2018-12230
15	ZyXEL USG FLEX 50 CGI Program elévation de privilèges	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.97482	CVE-2022-30525
16	Ivanti EPM Cloud Services Appliance elévation de privilèges	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.96887	CVE-2021-44529
17	Linux Kernel ptrace race condition	4.4	3.9	$0-$5k	Calculateur	Proof-of-Concept	Official Fix	0.02	0.00042	CVE-2014-4699
18	lighttpd Log File http_auth.c elévation de privilèges	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.01123	CVE-2015-3200
19	Mail2000 Login portal cross site scripting	5.2	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00334	CVE-2019-15072
20	Backdoor.Win32.Controlit.10 Service Port 3347 elévation de privilèges	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.02	0.00000

Campagnes (1)

These are the campaigns that can be associated with the actor:

CVE-2018-2893

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	27.148.157.89		Luoxk	CVE-2018-2893	11/02/2022	verified	Élevé
2	43.226.16.26		Luoxk	CVE-2018-2893	11/02/2022	verified	Élevé
3	XXX.XX.XX.XX		Xxxxx	Xxx-xxxx-xxxx	11/02/2022	verified	Élevé
4	XXX.XX.XXX.XXX		Xxxxx	Xxx-xxxx-xxxx	11/02/2022	verified	Élevé
5	XXX.XX.XXX.XX	xxxxx.xx.xxx.xx-xxxx.xxxx	Xxxxx	Xxx-xxxx-xxxx	11/02/2022	verified	Élevé
6	XXX.XXX.XX.XX		Xxxxx	Xxx-xxxx-xxxx	11/02/2022	verified	Élevé
7	XXX.XXX.XXX.XXX		Xxxxx	Xxx-xxxx-xxxx	11/02/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	Élevé
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Élevé
3	T1059	CWE-94	Argument Injection	predictive	Élevé
4	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
6	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
8	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Élevé
10	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
11	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Élevé
12	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
13	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Élevé
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx Xxxxxxxx	predictive	Élevé
15	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Élevé
16	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
17	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé
18	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/cgi-bin/portal	predictive	Élevé
2	File	/forum/away.php	predictive	Élevé
3	File	/service/upload	predictive	Élevé
4	File	/tmp	predictive	Faible
5	File	adclick.php	predictive	Moyen
6	File	xxxxx.xxx	predictive	Moyen
7	File	xxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxx	predictive	Élevé
8	File	xxx\xxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxx.xxx	predictive	Élevé
9	File	xxxxxxxx\xxxxx.xxx	predictive	Élevé
10	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Élevé
11	File	x_xxxxxx	predictive	Moyen
12	File	xxxxxxx/xxxxx/xxxxxxxx/xxxxx	predictive	Élevé
13	File	xx/xx-xx.x	predictive	Moyen
14	File	xxxx_xxxx.x	predictive	Moyen
15	File	xxx/xxxxxx.xxx	predictive	Élevé
16	File	xxxxx.xxx	predictive	Moyen
17	File	xxxxx.xxx/xxxxxxxxxxxxx/xxx	predictive	Élevé
18	File	xxxxxxx.xxx	predictive	Moyen
19	File	xxxxxxx.xx	predictive	Moyen
20	File	xxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Élevé
21	File	xxxxxxxxx.xxx	predictive	Élevé
22	Argument	xxxxxxx	predictive	Faible
23	Argument	xxxxxx	predictive	Faible
24	Argument	xxxxxxxx	predictive	Moyen
25	Argument	xxxxxxxx	predictive	Moyen
26	Argument	xx	predictive	Faible
27	Argument	xxxxxx	predictive	Faible
28	Argument	xxxxxxx	predictive	Faible
29	Argument	xxxxxxx	predictive	Faible
30	Argument	xxxx	predictive	Faible
31	Argument	xxxxxxxx	predictive	Moyen
32	Argument	xxxxxx[]	predictive	Moyen
33	Input Value	..\	predictive	Faible
34	Pattern	\|xx\|xx\|xx\|	predictive	Moyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!