lightSpy Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Curso de tempo

Idioma

en40
zh24

País

cn38
us26

Actores

Cobalt Strike3
PlugX2
APT412
Kuluoz1
FF-Rat1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined26
Programming Language Software4
Firewall Software4
Operating System4
Mail Server Software2

Fabricante

Not Defined26
Microsoft4
Icecast2
Alt-N2
Xiph2

Produto

PHP4
Microsoft Windows4
KeyCloak4
Keycloak2
Icecast ezstream2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1vsftpd deny_file vulnerabilidade desconhecida3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.12CVE-2015-1419
2Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.243800.02CVE-2020-16040
3Synacor Zimbra Collaboration Suite WebEx Zimlet direitos alargados8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.706480.00CVE-2020-7796
4Cisco Unity Connection direitos alargados8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001270.06CVE-2024-20272
5Devilz Clanportal Injecção SQL7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
6Ikuai Router OS webman.lua ActionLogin direitos alargados7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.008030.00CVE-2023-34849
7Keycloak mTLS Authentication Fraca autenticação4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000860.04CVE-2023-2422
8KeyCloak Password Reset direitos alargados6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002930.00CVE-2017-12161
9ONLYOFFICE Document Server FontFileBase.h Excesso de tampão5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002110.00CVE-2022-29777
10ONLYOFFICE Server User Name direitos alargados4.54.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000710.03CVE-2021-43448
11ONLYOFFICE Server Document Editor Service direitos alargados6.86.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.04CVE-2021-43449
12ONLYOFFICE Document Server Example editor Roteiro Cruzado de Sítios3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.03CVE-2022-24229
13ONLYOFFICE Document Server WebSocket API Injecção SQL8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001740.00CVE-2020-11537
14ONLYOFFICE Server Document Editor Fraca autenticação6.96.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000760.04CVE-2021-43447
15ONLYOFFICE Community Server UploadProgress.ashx direitos alargados8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.006330.04CVE-2023-34939
16Microsoft Windows BitLocker Local Privilege Escalation6.15.3$25k-$100k$0-$5kUnprovenOfficial Fix0.000540.00CVE-2021-38632
17MyBatis PageHelper Injecção SQL5.04.8$0-$5k$0-$5kNot DefinedNot Defined0.005990.05CVE-2022-28111
18mingSoft MCMS IContentDao.xml Injecção SQL6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.016100.04CVE-2022-23898
19Git Plugin Build direitos alargados6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.08CVE-2022-36883
20HelpSystems Cobalt Strike Roteiro Cruzado de Sítios4.84.7$0-$5k$0-$5kHighOfficial Fix0.007670.04CVE-2022-39197

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • LightSpy

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
146.17.43.74APT41LightSpy29/10/2023verifiedAlto
2XXX.XX.XXX.XXXXxxxxXxxxxxxx29/10/2023verifiedAlto
3XXX.XX.XXX.XXXXxxxxxxx16/04/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-58CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
10TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/example/editorpredictiveAlto
2Fileadmin/killsourcepredictiveAlto
3Filecgi-bin/webfile_mgr.cgipredictiveAlto
4Filedata/gbconfiguration.datpredictiveAlto
5Filexxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx.xpredictiveAlto
6Filexxxxxxxxxxx.xxxpredictiveAlto
7Filexxx.xxpredictiveBaixo
8Filexxxxx.xxx/xxxx/x/predictiveAlto
9Filexxxxxxx.xpredictiveMédio
10Filexxx/xxxxxxxx.xpredictiveAlto
11Filexxxxxxxxxxxxxx.xxxxpredictiveAlto
12Filexxxxxx.xxxpredictiveMédio
13Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxxx_xxxxxxx&xxx=xxxxxxxx_xxxxxpredictiveAlto
14Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveAlto
15Libraryxxxxxxxxxxx.xxxpredictiveAlto
16ArgumentxxxxxxxxxxpredictiveMédio
17ArgumentxxxxxxxpredictiveBaixo
18ArgumentxxxxxxxpredictiveBaixo
19ArgumentxxxxxpredictiveBaixo
20ArgumentxxxxpredictiveBaixo
21ArgumentxxpredictiveBaixo
22ArgumentxxxxxpredictiveBaixo
23ArgumentxxxxpredictiveBaixo
24ArgumentxxxxxxxpredictiveBaixo
25ArgumentxxxxxxxpredictiveBaixo
26ArgumentxxxxxxxxpredictiveMédio
27Argumentxxxx->xxxxxxxpredictiveAlto
28Argument_xxxxxpredictiveBaixo
29Input Value/xxxx.xxxpredictiveMédio
30Input Value{xxxxx:xx(xxxx($_xxx[x]))}x{/xxxxx:xx}predictiveAlto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!