Lorec53 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (122)

Curso de tempo

Idioma

en110
fr6
ar2
pl2
zh2

País

us60
ru14
fr4

Actores

Saint Bot2
Mirai1
Cobalt Strike1
Bashlite1
RedLine Stealer1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined44
Programming Language Software14
Content Management System14
Operating System8
Forum Software6

Fabricante

Not Defined32
Microsoft8
Observium6
Adobe4
Chadha4

Produto

Microsoft Windows8
Adobe ColdFusion4
Observium Professional4
Observium Enterprise4
Observium Community4

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1phpLinkat showcat.php Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.001020.00CVE-2008-3406
2SourceCodester Customer Relationship Management login.php Injecção SQL6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.006450.00CVE-2021-43130
3moziloCMS download.php Directório Traversal5.34.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.015780.00CVE-2008-3589
4Sam Crew MyBlog games.php direitos alargados7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.006090.00CVE-2007-1990
5spip Login spip_login.php3 direitos alargados7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.050540.04CVE-2006-1702
6Linksys WVC11B main.cgi Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.015690.00CVE-2004-2508
7Jelsoft impex ImpExData.php direitos alargados7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.043170.04CVE-2006-1382
8PHP php URL error_log direitos alargados6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000690.02CVE-2006-3011
9Cisco Linksys EA2700 URL Divulgação de Informação4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.00
10MidiCart PHP Shopping Cart item_show.php Injecção SQL6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
11PHP URL Validation filter_var direitos alargados5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.005600.04CVE-2020-7071
12Spidersales viewCart.asp Injecção SQL9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002190.03CVE-2004-0348
13PHP Scripts Mall PHP Multivendor Ecommerce sellerupd.php Roteiro Cruzado de Sítios5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2017-17956
14Cartweaver ColdFusion Details.cfm Injecção SQL7.37.0$0-$5k$0-$5kHighOfficial Fix0.008820.00CVE-2006-2046
15rakibtg Docker Dashboard API terminal.js direitos alargados7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.862460.00CVE-2021-27886
16Ecommerce Online Store Kit shop.php Injecção SQL9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.08CVE-2004-0300
17D-Link DIR-655 C ping_response.cgi Roteiro Cruzado de Sítios5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000860.02CVE-2019-13562
18Adobe ColdFusion searchlog.cfm Roteiro Cruzado de Sítios4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.327120.00CVE-2009-1872
19Prima Systems FlexAir direitos alargados8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002350.00CVE-2019-7668
20Cisco ASA WebVPN Login Page logon.html Roteiro Cruzado de Sítios4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.08CVE-2014-2120

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • Phishing Georgian Government

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
145.12.5.62sarimp.websiteLorec5320/02/2022verifiedAlto
2XX.XXX.XXX.XXXxxxxxxXxxxxxxx Xxxxxxxx Xxxxxxxxxx20/02/2022verifiedAlto
3XXX.XXX.XX.XXXXxxxxxx20/02/2022verifiedAlto
4XXX.XXX.XXX.XXXXxxxxxx13/04/2023verifiedAlto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
8TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/+CSCOE+/logon.htmlpredictiveAlto
2File/admin/login.phppredictiveAlto
3File/includes/rrdtool.inc.phppredictiveAlto
4File/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.phppredictiveAlto
5File/www/ping_response.cgipredictiveAlto
6Fileadmin.phppredictiveMédio
7Fileadmin/dashboard.phppredictiveAlto
8Fileadmin/gallery.phppredictiveAlto
9Fileadmin/manage-departments.phppredictiveAlto
10Fileadmin/sellerupd.phppredictiveAlto
11Fileadmin/vqmods.app/vqmods.inc.phppredictiveAlto
12Fileadministrator/logviewer/searchlog.cfmpredictiveAlto
13Filebackend/utilities/terminal.jspredictiveAlto
14Filebb_usage_stats.phppredictiveAlto
15Fileboard.phppredictiveMédio
16Filecat.phppredictiveBaixo
17Filecategory.phppredictiveMédio
18Filexxx-xxxx.xxxpredictiveMédio
19Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveAlto
20Filexxxxxx.xxx.xxxpredictiveAlto
21Filexxxxxxxx/xxxxx.xxxpredictiveAlto
22Filexxxxxxxxx.xxx.xxxpredictiveAlto
23Filexxxxxx.xxxpredictiveMédio
24Filexxxxxxx.xxxpredictiveMédio
25Filexxxxxxx.xxxpredictiveMédio
26Filexxxxxxxx.xxxpredictiveMédio
27Filexxxxx.xxxpredictiveMédio
28Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveAlto
29Filexxxxxxx.xxxpredictiveMédio
30Filexxxxx.xxxpredictiveMédio
31Filexxxxxxx.xxxpredictiveMédio
32Filexxxx_xxxxxxx.xxx.xxxpredictiveAlto
33Filexxxx/xxxxx/xxxxxxx.xxx.xxxpredictiveAlto
34Filexxxxxxxxx.xxxpredictiveAlto
35Filexxx.xxxpredictiveBaixo
36Filexxxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveAlto
37Filexxxxxxxx/xxxxxxxx.xxx.xxxpredictiveAlto
38Filexxxxx.xxxpredictiveMédio
39Filexxxxxx.xxxpredictiveMédio
40Filexxxx.xxxxpredictiveMédio
41Filexxxxxxxxxx.xxxpredictiveAlto
42Filexxxx_xxxxxxx.xxxxpredictiveAlto
43Filexxxx_xxxx.xxxpredictiveAlto
44Filexxxx.xxxpredictiveMédio
45Filexxxxx.xxxpredictiveMédio
46Filexxxxx.xxxpredictiveMédio
47Filexxxxx_xx.xxxxpredictiveAlto
48Filexxxx.xxxpredictiveMédio
49Filexxxx.xxxpredictiveMédio
50Filexxxxxx.xxxpredictiveMédio
51Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveAlto
52Filexxx_xxxx.xxx.xxxpredictiveAlto
53Filexxxxx.xxxpredictiveMédio
54Filexxxx/xxxxx.xxxpredictiveAlto
55Filexxxxxxx.xxxpredictiveMédio
56Filexxxxxxxxxx.xxx.xxxpredictiveAlto
57Filexxxx/xxxxxxxxx.xxxpredictiveAlto
58Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveAlto
59Filexxxxxxxx.xxxpredictiveMédio
60Filexxxx.xxxpredictiveMédio
61Filexxxxxxxx.xxxpredictiveMédio
62Filexxxx-xxx.xxxpredictiveMédio
63Filexxxxxxx.xxxpredictiveMédio
64Filexxxxxxxxxxx.xxxpredictiveAlto
65Filexxxxxxxxx/xxxxxxxx.xxxpredictiveAlto
66Filexxxx_xxxxx.xxxxpredictiveAlto
67Filexxxx.xxxpredictiveMédio
68Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
69Filexxxxxxxx.xxxpredictiveMédio
70Filexxxxxxxxx.xxxpredictiveAlto
71Filexxxxxxx.xxxpredictiveMédio
72Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveAlto
73Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveAlto
74Filexx-xxxxx.xxxpredictiveMédio
75Filexxxxxxxxxxxx.xxxpredictiveAlto
76Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveAlto
77Argument$_xxxxxpredictiveBaixo
78Argument$_xxxx['xxxxxxxxx']predictiveAlto
79Argument$_xxxxxx['xxxxxx_xxxx']predictiveAlto
80ArgumentxxxxxxxpredictiveBaixo
81Argumentxxxx_xxxpredictiveMédio
82Argumentxx_xxxx_xxxxpredictiveMédio
83ArgumentxxxpredictiveBaixo
84ArgumentxxxxxxxxxxpredictiveMédio
85ArgumentxxxxxpredictiveBaixo
86ArgumentxxxxxpredictiveBaixo
87Argumentxxx_xxpredictiveBaixo
88Argumentxxx[xxxxxx][xxxxxxxxx]predictiveAlto
89ArgumentxxxpredictiveBaixo
90Argumentxxxx_xxpredictiveBaixo
91ArgumentxxxxxxxpredictiveBaixo
92ArgumentxxxxxxxxxxxpredictiveMédio
93Argumentxxxx_xxxpredictiveMédio
94Argumentxxxxxx_xxpredictiveMédio
95ArgumentxxxxpredictiveBaixo
96ArgumentxxxxxxpredictiveBaixo
97ArgumentxxxxxxpredictiveBaixo
98Argumentxxxxxxx[xx_xxx_xxxx]predictiveAlto
99ArgumentxxxxpredictiveBaixo
100ArgumentxxpredictiveBaixo
101Argumentxx_xxxxpredictiveBaixo
102ArgumentxxxxxxpredictiveBaixo
103ArgumentxxxxxxpredictiveBaixo
104ArgumentxxxxpredictiveBaixo
105ArgumentxxxxxxxxxpredictiveMédio
106ArgumentxxxxxxpredictiveBaixo
107Argumentxxx_xxxxxxx_xxxpredictiveAlto
108Argumentxxxx[xxxxx]predictiveMédio
109Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveAlto
110Argumentxxxx_xxxxpredictiveMédio
111ArgumentxxxxxxxxpredictiveMédio
112Argumentxxxxx_xxxx_xxxxpredictiveAlto
113Argumentxxxx_xxpredictiveBaixo
114Argumentxx_xxxxpredictiveBaixo
115ArgumentxxxxxxpredictiveBaixo
116ArgumentxxxxxxpredictiveBaixo
117ArgumentxxxxxpredictiveBaixo
118ArgumentxxxxpredictiveBaixo
119ArgumentxxxxxxxxpredictiveMédio
120ArgumentxxxxxpredictiveBaixo
121ArgumentxxxxxxxxpredictiveMédio
122ArgumentxxxxxxxxxxpredictiveMédio
123ArgumentxxxxxpredictiveBaixo
124ArgumentxxxxxxpredictiveBaixo
125ArgumentxxxxxxxxpredictiveMédio
126Argument\xxxxxx\predictiveMédio
127Input Value../predictiveBaixo

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!