LuminousMoth Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (24)

Język

en	20
zh	4

Kraj

us	12
cn	8
ru	2
kr	2

Aktorzy

LuminousMoth	1
Mustang Panda	1
Lazarus	1

Wysiłek

Rodzaj

Content Management System	4
Operating System	4
Firewall Software	2
Office Suite Software	2
Programming Language Software	2

Sprzedawca

Microsoft	10
Not Defined	6
Fortinet	2
GitLab	2
Opengear	2

Produkt

Microsoft Windows	4
Fortinet FortiGate	2
Microsoft Office	2
Microsoft .NET Framework	2
FortiLogger	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	nginx privilege escalation	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.23	CVE-2020-12440
2	Adobe Acrobat Reader Font File memory corruption	7.0	6.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00177	0.04	CVE-2022-24092
3	PHP SOAP Extension unserialize privilege escalation	8.1	7.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.04858	0.04	CVE-2015-4599
4	Microsoft Office Word Remote Code Execution	7.0	6.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00682	0.00	CVE-2021-42296
5	Microsoft Windows Active Directory Domain Services Privilege Escalation	7.5	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.59906	0.04	CVE-2021-42278
6	GitLab Community Edition/Enterprise Edition Image File Privilege Escalation	6.3	6.3	$0-$5k	$0-$5k	High	Not Defined	0.97463	0.00	CVE-2021-22205
7	Microsoft Exchange Server Privilege Escalation	6.5	5.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00086	0.00	CVE-2021-24085
8	FortiLogger SaveUploadedHotspotLogoFile privilege escalation	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.48296	0.00	CVE-2021-3378
9	Opengear Console Server Serial Port Logging Stored cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00058	0.02	CVE-2019-14456
10	WordPress Thumbnail privilege escalation	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00990	0.03	CVE-2018-1000773
11	Fortinet FortiGate Log privilege escalation	4.0	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00089	0.04	CVE-2020-12818
12	Progress MOVEit Transfer REST API MOVEit.DMZ.WebApi.dll sql injection	8.3	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00357	0.02	CVE-2019-16383
13	IBM WebSphere Application Server Stack Trace information disclosure	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00103	0.03	CVE-2019-4441
14	Django sql injection	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00742	0.00	CVE-2020-7471
15	Django cross site scripting	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02273	0.00	CVE-2020-13596
16	Django CMS cross site request forgery	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00231	0.02	CVE-2015-5081
17	Microsoft Windows Netlogon Zerologon privilege escalation	8.4	8.3	$25k-$100k	$0-$5k	High	Official Fix	0.45082	0.04	CVE-2020-1472
18	Famatech Remote Administrator weak authentication	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Workaround	0.00000	0.00
19	DeDeCMS co_do.php sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00190	0.02	CVE-2018-19061
20	php-fpm privilege escalation	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.02	CVE-2015-3211

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	45.204.9.70		LuminousMoth	2021-07-17	verified	Wysoki
2	XXX.XX.XX.XXX	xxxx.xxxxxxxxxxxxxx.xxxx	Xxxxxxxxxxxx	2021-07-17	verified	Wysoki
3	XXX.XX.XX.XXX	xxxxx-xxxx.xxxxxxxxx.xxx	Xxxxxxxxxxxx	2021-07-17	verified	Wysoki

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Wysoki
2	T1068	CAPEC-122	CWE-269	Execution with Unnecessary Privileges	predictive	Wysoki
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Wysoki
5	TXXXX	CAPEC-215	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	Config/SaveUploadedHotspotLogoFile	predictive	Wysoki
2	File	xxxx\xx_xx.xxx	predictive	Wysoki
3	Library	xxxxxx.xxx.xxxxxx.xxx	predictive	Wysoki
4	Argument	xxx	predictive	Niski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you need the next level of professionalism?

Upgrade your account now!