LuminousMoth 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (24)

タイムライン

言語

en18
zh4
de2

国・地域

cn12
us10
ru2

アクター

LuminousMoth2
Mustang Panda1
Lazarus1

アクティビティ

関心

タイムライン

タイプ

Content Management System8
Programming Language Software4
Not Defined4
Bug Tracking Software2
Groupware Software2

ベンダー

Not Defined10
Microsoft4
GitLab2
Opengear2
Django2

製品

PHP2
GitLab Community Edition2
GitLab Enterprise Edition2
Microsoft Exchange Server2
WordPress2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.73CVE-2020-12440
2Adobe Acrobat Reader Font File メモリ破損7.06.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001770.00CVE-2022-24092
3PHP SOAP Extension unserialize 特権昇格8.17.7$5k-$25k$0-$5kUnprovenOfficial Fix0.048580.04CVE-2015-4599
4Microsoft Office Word Remote Code Execution7.06.1$5k-$25k$0-$5kUnprovenOfficial Fix0.006820.00CVE-2021-42296
5Microsoft Windows Active Directory Domain Services Privilege Escalation7.56.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.599060.04CVE-2021-42278
6GitLab Community Edition/Enterprise Edition Image File Privilege Escalation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.974630.01CVE-2021-22205
7Microsoft Exchange Server Privilege Escalation6.55.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000860.00CVE-2021-24085
8FortiLogger SaveUploadedHotspotLogoFile 特権昇格7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.482960.00CVE-2021-3378
9Opengear Console Server Serial Port Logging Stored クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000580.02CVE-2019-14456
10WordPress Thumbnail 特権昇格7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.009900.03CVE-2018-1000773
11Fortinet FortiGate Log 特権昇格4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.04CVE-2020-12818
12Progress MOVEit Transfer REST API MOVEit.DMZ.WebApi.dll SQLインジェクション8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003570.02CVE-2019-16383
13IBM WebSphere Application Server Stack Trace 情報の漏洩5.35.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001030.03CVE-2019-4441
14Django SQLインジェクション8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.007420.00CVE-2020-7471
15Django クロスサイトスクリプティング5.24.9$5k-$25k計算中Not DefinedOfficial Fix0.022730.00CVE-2020-13596
16Django CMS 未知の脆弱性6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002310.02CVE-2015-5081
17Microsoft Windows Netlogon Zerologon 特権昇格8.48.0$25k-$100k$0-$5kHighOfficial Fix0.450820.04CVE-2020-1472
18Famatech Remote Administrator 弱い認証7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000000.00
19DeDeCMS co_do.php SQLインジェクション8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001900.02CVE-2018-19061
20php-fpm 特権昇格5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000420.02CVE-2015-3211

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.204.9.70LuminousMoth2021年07月17日verified
2XXX.XX.XX.XXXxxxx.xxxxxxxxxxxxxx.xxxxXxxxxxxxxxxx2021年07月17日verified
3XXX.XX.XX.XXXxxxxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxxxx2021年07月17日verified

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1059.007CWE-79Cross Site Scriptingpredictive
2T1068CWE-269Execution with Unnecessary Privilegespredictive
3TXXXXCWE-XXXxx Xxxxxxxxxpredictive
4TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1FileConfig/SaveUploadedHotspotLogoFilepredictive
2Filexxxx\xx_xx.xxxpredictive
3Libraryxxxxxx.xxx.xxxxxx.xxxpredictive
4Argumentxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!