LULU 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (290)

タイムライン

言語

en290

国・地域

it10

アクター

LULU2

アクティビティ

関心

タイムライン

タイプ

Not Defined80
Document Reader Software70
Database Software16
Smartphone Operating System14
Virtualization Software12

ベンダー

Adobe64
Oracle50
Apple50
Not Defined48
Foxit10

製品

Adobe Acrobat Reader62
Apple iOS14
Oracle MySQL Server12
Oracle VM VirtualBox12
Apple watchOS12

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.04CVE-2010-0966
3PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.021010.04CVE-2007-1287
4cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar ディレクトリトラバーサル6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.04CVE-2022-4065
5OpenSSL c_rehash 特権昇格5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.04CVE-2022-1292
6Asus Aura Sync Asusgio Low-Level Driver 特権昇格6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000770.02CVE-2018-18535
7GNU elfutils eblobjnote.c ebl_object_note メモリ破損6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.003600.02CVE-2019-7146
8ZoneMinder controlcaps.php Stored クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.00CVE-2019-6992
9ZoneMinder zm_user.cpp zmLoadUser メモリ破損8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002070.00CVE-2019-6991
10ZoneMinder Zone Name zones.php Stored クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.00CVE-2019-6990
11OpenJPEG opj_malloc.c opj_calloc サービス拒否5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001320.00CVE-2019-6988
12Vivo Vitro SPARQL individual 特権昇格6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.009020.00CVE-2019-6986
13Red Hat Enterprise Linux systemd-journald journald-server.c dispatch_message_real サービス拒否3.33.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2019-3815
14Debian apt 302 Redirect 特権昇格8.17.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.025750.03CVE-2019-3462
15Adobe Experience Manager Reflected クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2018-19727
16Adobe Experience Manager Stored クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2018-19726
17Adobe Experience Manager Forms Stored クロスサイトスクリプティング5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2018-19724
18Ceph Debug Logging Password 情報の漏洩6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001580.00CVE-2018-16889
19BlueZ 特権昇格4.04.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2018-10910
20Yii CORS Policy Converter 特権昇格5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000600.03CVE-2018-20745

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Pegasus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
164.227.121.213LULUPegasus2021年08月24日verified
2XX.XXX.XXX.Xxxxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxxx.xxXxxxXxxxxxx2021年08月24日verified
3XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxXxxxxxx2021年08月24日verified
4XXX.XXX.XXX.XXXxxx.xxx.xxxxxx.xxxXxxxXxxxxxx2021年08月24日verified
5XXX.XXX.XX.XXXXxxxXxxxxxx2021年08月24日verified

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
15TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
16TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/user_list_backend.phppredictive
2File/individualpredictive
3Fileadmin.php?m=backup&c=backup&a=dobackpredictive
4Fileadmin.php?mod=product&act=statepredictive
5Fileadmin/cp-functions/event-add.phppredictive
6Fileadmin/modules/tools/ip_history_logs.phppredictive
7Fileassets/javascripts/workflowStepEditorKO.jspredictive
8Filebadcache.cpredictive
9Filexxxxx-xxx.xpredictive
10Filexxxx/xxxxxxxx.xxxpredictive
11Filexxx.xpredictive
12Filex_xxxxxxpredictive
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
14Filexxxx/xxxxxxx.xpredictive
15Filexxxxxxx/xxx/xxx-xxxxx.xpredictive
16Filexxxxxxxxxx.xpredictive
17Filexx_xxxxx_xxxxx.xpredictive
18Filexx_xxx_xxx.x/xx_xxxx.x/xx_xxxx.xpredictive
19Filexxxxx_xxxxxxxxx.xxxpredictive
20Filexxxx.xxxpredictive
21Filexxx/xxxxxx.xxxpredictive
22Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictive
23Filexxxxxxx/xxxxxx.xpredictive
24Filexxxxxxxx-xxxxxx.xpredictive
25Filexxxx.xpredictive
26Filexxxxxxx/xx_xxx.xpredictive
27Filexxxxx_xxxx_xxxxxxxxx.xxxpredictive
28Filexxx_xxxxxxx.xpredictive
29Filexxxxxxx/xxx_xxxxxx.xpredictive
30Filexxxxxxxx-xxxxx-xxxxxxxxxx/xxx/xxxx/xxxxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxxxxpredictive
31Filexxxxxxx.xxxpredictive
32Filexxx-xxx.xpredictive
33Filexxx-xxxx.xpredictive
34Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
35Filexxxxxxx.xxxxpredictive
36Filexxxxxxxxxxx_xxxxx.xxxpredictive
37Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictive
38Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxxpredictive
39Filexxxxx/xxx/xxxxx/xxxxx.xxpredictive
40Filexxxxxxxxxxxxxxxxxx.xxxxpredictive
41Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictive
42Filexxxx-xxxx_xxxxx.xxxpredictive
43Filexxxxxxxx.xpredictive
44Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxxxxxxxx.xxxpredictive
45Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxx.xxxpredictive
46Filexxxxxxxxxxx.xxxpredictive
47Filexx_xxxx.xxxpredictive
48Libraryxxxxxxx_xxxxxxxpredictive
49Argumentxxxxxxxxpredictive
50Argumentxxxxxxxpredictive
51Argumentxxxxxxx_xx[]predictive
52Argumentxxxxxxxxxxx[xxxx]predictive
53Argumentxxxx_xxxxxxxpredictive
54Argumentxxxxpredictive
55Argumentxxxxxxxx_xpredictive
56Argumentxxxxxxxxxpredictive
57Argumentxxxxxxx[]predictive
58Argumentxxxpredictive
59Argumentxxxxxxxxxpredictive
60Argument_xxxxxxx=predictive
61Input Value%xxpredictive
62Input Value/../predictive
63Input Valuexxxxxxxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!