LULU Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (290)

Sequenza temporale

Linguaggio

en290

Nazione

it4
gb2
es2

Attori

LULU4

Attività

Interesse

Sequenza temporale

Genere

Not Defined68
Document Reader Software58
Smartwatch Operating System14
Digital Media Player14
Database Software12

Fornitore

Not Defined56
Oracle52
Adobe50
Apple48
Foxit16

Prodotto

Adobe Acrobat Reader44
Apple watchOS14
Foxit Reader14
Apple tvOS14
Apple iOS12

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash rivelazione di un 'informazione5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalazione di privilegi7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.99CVE-2010-0966
3PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
4cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar directory traversal6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.00CVE-2022-4065
5OpenSSL c_rehash escalazione di privilegi5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.04CVE-2022-1292
6Asus Aura Sync Asusgio Low-Level Driver escalazione di privilegi6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000770.02CVE-2018-18535
7GNU elfutils eblobjnote.c ebl_object_note buffer overflow6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.003600.02CVE-2019-7146
8ZoneMinder controlcaps.php Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.00CVE-2019-6992
9ZoneMinder zm_user.cpp zmLoadUser buffer overflow8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002070.00CVE-2019-6991
10ZoneMinder Zone Name zones.php Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.00CVE-2019-6990
11OpenJPEG opj_malloc.c opj_calloc denial of service5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001320.00CVE-2019-6988
12Vivo Vitro SPARQL individual escalazione di privilegi6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.009020.00CVE-2019-6986
13Red Hat Enterprise Linux systemd-journald journald-server.c dispatch_message_real denial of service3.33.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2019-3815
14Debian apt 302 Redirect escalazione di privilegi8.17.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.025750.03CVE-2019-3462
15Adobe Experience Manager Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2018-19727
16Adobe Experience Manager Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2018-19726
17Adobe Experience Manager Forms Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2018-19724
18Ceph Debug Logging Password rivelazione di un 'informazione6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001580.00CVE-2018-16889
19BlueZ escalazione di privilegi4.04.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2018-10910
20Yii CORS Policy Converter escalazione di privilegi5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000600.03CVE-2018-20745

Campagne (1)

These are the campaigns that can be associated with the actor:

  • Pegasus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
164.227.121.213LULUPegasus24/08/2021verifiedAlto
2XX.XXX.XXX.Xxxxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxxx.xxXxxxXxxxxxx24/08/2021verifiedAlto
3XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxXxxxxxx24/08/2021verifiedAlto
4XXX.XXX.XXX.XXXxxx.xxx.xxxxxx.xxxXxxxXxxxxxx24/08/2021verifiedAlto
5XXX.XXX.XX.XXXXxxxXxxxxxx24/08/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveAlto
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
11TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/admin/user_list_backend.phppredictiveAlto
2File/individualpredictiveMedia
3Fileadmin.php?m=backup&c=backup&a=dobackpredictiveAlto
4Fileadmin.php?mod=product&act=statepredictiveAlto
5Fileadmin/cp-functions/event-add.phppredictiveAlto
6Fileadmin/modules/tools/ip_history_logs.phppredictiveAlto
7Fileassets/javascripts/workflowStepEditorKO.jspredictiveAlto
8Filebadcache.cpredictiveMedia
9Filexxxxx-xxx.xpredictiveMedia
10Filexxxx/xxxxxxxx.xxxpredictiveAlto
11Filexxx.xpredictiveBasso
12Filex_xxxxxxpredictiveMedia
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
14Filexxxx/xxxxxxx.xpredictiveAlto
15Filexxxxxxx/xxx/xxx-xxxxx.xpredictiveAlto
16Filexxxxxxxxxx.xpredictiveMedia
17Filexx_xxxxx_xxxxx.xpredictiveAlto
18Filexx_xxx_xxx.x/xx_xxxx.x/xx_xxxx.xpredictiveAlto
19Filexxxxx_xxxxxxxxx.xxxpredictiveAlto
20Filexxxx.xxxpredictiveMedia
21Filexxx/xxxxxx.xxxpredictiveAlto
22Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveAlto
23Filexxxxxxx/xxxxxx.xpredictiveAlto
24Filexxxxxxxx-xxxxxx.xpredictiveAlto
25Filexxxx.xpredictiveBasso
26Filexxxxxxx/xx_xxx.xpredictiveAlto
27Filexxxxx_xxxx_xxxxxxxxx.xxxpredictiveAlto
28Filexxx_xxxxxxx.xpredictiveAlto
29Filexxxxxxx/xxx_xxxxxx.xpredictiveAlto
30Filexxxxxxxx-xxxxx-xxxxxxxxxx/xxx/xxxx/xxxxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxxxxpredictiveAlto
31Filexxxxxxx.xxxpredictiveMedia
32Filexxx-xxx.xpredictiveMedia
33Filexxx-xxxx.xpredictiveMedia
34Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
35Filexxxxxxx.xxxxpredictiveMedia
36Filexxxxxxxxxxx_xxxxx.xxxpredictiveAlto
37Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveAlto
38Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
39Filexxxxx/xxx/xxxxx/xxxxx.xxpredictiveAlto
40Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
41Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveAlto
42Filexxxx-xxxx_xxxxx.xxxpredictiveAlto
43Filexxxxxxxx.xpredictiveMedia
44Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveAlto
45Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxx.xxxpredictiveAlto
46Filexxxxxxxxxxx.xxxpredictiveAlto
47Filexx_xxxx.xxxpredictiveMedia
48Libraryxxxxxxx_xxxxxxxpredictiveAlto
49ArgumentxxxxxxxxpredictiveMedia
50ArgumentxxxxxxxpredictiveBasso
51Argumentxxxxxxx_xx[]predictiveMedia
52Argumentxxxxxxxxxxx[xxxx]predictiveAlto
53Argumentxxxx_xxxxxxxpredictiveMedia
54ArgumentxxxxpredictiveBasso
55Argumentxxxxxxxx_xpredictiveMedia
56ArgumentxxxxxxxxxpredictiveMedia
57Argumentxxxxxxx[]predictiveMedia
58ArgumentxxxpredictiveBasso
59ArgumentxxxxxxxxxpredictiveMedia
60Argument_xxxxxxx=predictiveMedia
61Input Value%xxpredictiveBasso
62Input Value/../predictiveBasso
63Input ValuexxxxxxxxxxpredictiveMedia

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!