Lucifer Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (28)

Idioma

en	26
zh	2

País

cn	24

Actores

Lucifer	4

Interesse

Tipo

Not Defined	8
Hardware Driver Software	2
Enterprise Resource Planning Software	2
WordPress Plugin	2
Programming Language Software	2

Fabricante

Not Defined	6
Oracle	4
NVIDIA	2
JumpDEMAND	2
Elastic	2

Produto

NVIDIA Jetson Linux Driver Package	2
Traefik	2
Oracle PeopleSoft Enterprise PeopleTools	2
JumpDEMAND 4ECPS Web Forms Plugin	2
Elastic Enterprise Search App	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	CTI	EPSS	CVE
1	Microsoft Windows NetBIOS WinNuke Negação de Serviço	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.03	0.00304	CVE-1999-0153
2	Oracle PeopleSoft Enterprise PeopleTools Integration Broker direitos alargados	6.5	5.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.05	0.00799	CVE-2017-3548
3	ZyXEL NAS326/NAS540/NAS542 UDP Packet Format String	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00417	CVE-2022-34747
4	MediaWiki Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	Calculado	Not Defined	Not Defined	0.00	0.00136	CVE-2007-4883
5	OpenSSH direitos alargados	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.02103	CVE-2007-4752
6	Dian Gemilang DGNews news.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00188	CVE-2007-2994
7	PHP-Generics include.php direitos alargados	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.15334	CVE-2007-2346
8	JumpDEMAND 4ECPS Web Forms Plugin Roteiro Cruzado de Sítios	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00048	CVE-2022-44628
9	Top Bar Plugin Setting Roteiro Cruzado de Sítios	2.4	2.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00056	CVE-2022-2629
10	Apple watchOS Audio File Divulgação de Informação	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00109	CVE-2020-29610
11	Openscad STL File import_stl.cc import_stl Excesso de tampão	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00208	CVE-2020-28599
12	NVIDIA Jetson Linux Driver Package Cboot Module blob_decompress Excesso de tampão	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2022-28196
13	Oracle Communications Pricing Design Center Python Excesso de tampão	9.8	9.6	$100k e mais	$25k-$100k	Not Defined	Official Fix	0.00	0.04038	CVE-2021-3177
14	SolarWinds SQL Sentry Divulgação de Informação	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00075	CVE-2022-38107
15	Google Android DevicePolicyManager Divulgação de Informação	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2022-20275
16	Google Android Task.java Local Privilege Escalation	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00048	CVE-2021-39696
17	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.61	0.00943	CVE-2010-0966
18	Elastic Enterprise Search App API Key direitos alargados	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00104	CVE-2021-22149

Campanhas (1)

These are the campaigns that can be associated with the actor:

CVE-2021-25646

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	20.205.116.139		Lucifer	CVE-2021-25646	27/02/2024	verified	Alto
2	45.141.68.25		Lucifer	CVE-2021-25646	27/02/2024	verified	Alto
3	47.88.49.239		Lucifer	CVE-2021-25646	27/02/2024	verified	Alto
4	XX.XX.XXX.X		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Alto
5	XX.XX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Alto
6	XX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Alto
7	XXX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Alto
8	XXX.XX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Alto
9	XXX.XX.X.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Alto
10	XXX.XX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Alto
11	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxx		29/08/2021	verified	Alto
12	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxxx		29/08/2021	verified	Alto
13	XXX.XXX.XXX.XX		Xxxxxxx		29/08/2021	verified	Alto
14	XXX.XXX.XX.XX		Xxxxxxx		29/08/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	import_stl.cc	predictive	Alto
2	File	inc/config.php	predictive	Alto
3	File	xxxxxxx.xxx	predictive	Médio
4	File	xxxx.xxx	predictive	Médio
5	File	xxxx.xxxx	predictive	Médio
6	Argument	xxxxxxxx	predictive	Médio
7	Argument	xxxx/xxxx	predictive	Médio
8	Argument	xxxxxx	predictive	Baixo
9	Argument	x-xxxxxxxxx-xxx	predictive	Alto
10	Argument	_xxx_xxxxxxxx_xxxx	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!