Lorec53 Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (122)

Временная шкала

Язык

en116
fr2
sv2
es2

Страна

us56
ru8
fr2
es2

Акторы

Saint Bot2
Mirai1
Cobalt Strike1
Bashlite1
RedLine Stealer1

Деятельность

Интерес

Временная шкала

Тип

Not Defined44
Content Management System20
Programming Language Software18
Operating System6
E-Commerce Management Software4

Поставщик

Not Defined40
Microsoft6
PHPGurukul4
Adobe4
KandNconcepts4

Продукт

Microsoft Windows6
PHP6
Adobe ColdFusion4
WordPress4
KandNconcepts Club CMS4

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1phpLinkat showcat.php sql-инъекция7.37.1$0-$5kРасчетHighUnavailable0.020.00102CVE-2008-3406
2SourceCodester Customer Relationship Management login.php sql-инъекция6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00645CVE-2021-43130
3moziloCMS download.php обход каталога5.34.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.020.01578CVE-2008-3589
4Sam Crew MyBlog games.php эскалация привилегий7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00609CVE-2007-1990
5spip Login spip_login.php3 эскалация привилегий7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.040.05054CVE-2006-1702
6Linksys WVC11B main.cgi межсайтовый скриптинг4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.040.01569CVE-2004-2508
7Jelsoft impex ImpExData.php эскалация привилегий7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.04317CVE-2006-1382
8PHP php URL error_log эскалация привилегий6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.00069CVE-2006-3011
9Cisco Linksys EA2700 URL раскрытие информации4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.080.00000
10MidiCart PHP Shopping Cart item_show.php sql-инъекция6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00000
11PHP URL Validation filter_var эскалация привилегий5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00560CVE-2020-7071
12Spidersales viewCart.asp sql-инъекция9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00219CVE-2004-0348
13PHP Scripts Mall PHP Multivendor Ecommerce sellerupd.php межсайтовый скриптинг5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00075CVE-2017-17956
14Cartweaver ColdFusion Details.cfm sql-инъекция7.37.0$0-$5k$0-$5kHighOfficial Fix0.030.00882CVE-2006-2046
15rakibtg Docker Dashboard API terminal.js эскалация привилегий7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.86246CVE-2021-27886
16Ecommerce Online Store Kit shop.php sql-инъекция9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03763CVE-2004-0300
17D-Link DIR-655 C ping_response.cgi межсайтовый скриптинг5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00086CVE-2019-13562
18Adobe ColdFusion searchlog.cfm межсайтовый скриптинг4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.32712CVE-2009-1872
19Prima Systems FlexAir эскалация привилегий8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00235CVE-2019-7668
20Cisco ASA WebVPN Login Page logon.html межсайтовый скриптинг4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.070.00192CVE-2014-2120

Кампании (1)

These are the campaigns that can be associated with the actor:

  • Phishing Georgian Government

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
145.12.5.62sarimp.websiteLorec5320.02.2022verifiedВысокий
2XX.XXX.XXX.XXXxxxxxxXxxxxxxx Xxxxxxxx Xxxxxxxxxx20.02.2022verifiedВысокий
3XXX.XXX.XX.XXXXxxxxxx20.02.2022verifiedВысокий
4XXX.XXX.XXX.XXXXxxxxxx13.04.2023verifiedВысокий

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-21, CWE-22Path TraversalpredictiveВысокий
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveВысокий
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
10TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/+CSCOE+/logon.htmlpredictiveВысокий
2File/admin/login.phppredictiveВысокий
3File/includes/rrdtool.inc.phppredictiveВысокий
4File/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.phppredictiveВысокий
5File/www/ping_response.cgipredictiveВысокий
6Fileadmin.phppredictiveСредний
7Fileadmin/dashboard.phppredictiveВысокий
8Fileadmin/gallery.phppredictiveВысокий
9Fileadmin/manage-departments.phppredictiveВысокий
10Fileadmin/sellerupd.phppredictiveВысокий
11Fileadmin/vqmods.app/vqmods.inc.phppredictiveВысокий
12Fileadministrator/logviewer/searchlog.cfmpredictiveВысокий
13Filebackend/utilities/terminal.jspredictiveВысокий
14Filebb_usage_stats.phppredictiveВысокий
15Fileboard.phppredictiveСредний
16Filecat.phppredictiveНизкий
17Filecategory.phppredictiveСредний
18Filexxx-xxxx.xxxpredictiveСредний
19Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveВысокий
20Filexxxxxx.xxx.xxxpredictiveВысокий
21Filexxxxxxxx/xxxxx.xxxpredictiveВысокий
22Filexxxxxxxxx.xxx.xxxpredictiveВысокий
23Filexxxxxx.xxxpredictiveСредний
24Filexxxxxxx.xxxpredictiveСредний
25Filexxxxxxx.xxxpredictiveСредний
26Filexxxxxxxx.xxxpredictiveСредний
27Filexxxxx.xxxpredictiveСредний
28Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveВысокий
29Filexxxxxxx.xxxpredictiveСредний
30Filexxxxx.xxxpredictiveСредний
31Filexxxxxxx.xxxpredictiveСредний
32Filexxxx_xxxxxxx.xxx.xxxpredictiveВысокий
33Filexxxx/xxxxx/xxxxxxx.xxx.xxxpredictiveВысокий
34Filexxxxxxxxx.xxxpredictiveВысокий
35Filexxx.xxxpredictiveНизкий
36Filexxxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveВысокий
37Filexxxxxxxx/xxxxxxxx.xxx.xxxpredictiveВысокий
38Filexxxxx.xxxpredictiveСредний
39Filexxxxxx.xxxpredictiveСредний
40Filexxxx.xxxxpredictiveСредний
41Filexxxxxxxxxx.xxxpredictiveВысокий
42Filexxxx_xxxxxxx.xxxxpredictiveВысокий
43Filexxxx_xxxx.xxxpredictiveВысокий
44Filexxxx.xxxpredictiveСредний
45Filexxxxx.xxxpredictiveСредний
46Filexxxxx.xxxpredictiveСредний
47Filexxxxx_xx.xxxxpredictiveВысокий
48Filexxxx.xxxpredictiveСредний
49Filexxxx.xxxpredictiveСредний
50Filexxxxxx.xxxpredictiveСредний
51Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveВысокий
52Filexxx_xxxx.xxx.xxxpredictiveВысокий
53Filexxxxx.xxxpredictiveСредний
54Filexxxx/xxxxx.xxxpredictiveВысокий
55Filexxxxxxx.xxxpredictiveСредний
56Filexxxxxxxxxx.xxx.xxxpredictiveВысокий
57Filexxxx/xxxxxxxxx.xxxpredictiveВысокий
58Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveВысокий
59Filexxxxxxxx.xxxpredictiveСредний
60Filexxxx.xxxpredictiveСредний
61Filexxxxxxxx.xxxpredictiveСредний
62Filexxxx-xxx.xxxpredictiveСредний
63Filexxxxxxx.xxxpredictiveСредний
64Filexxxxxxxxxxx.xxxpredictiveВысокий
65Filexxxxxxxxx/xxxxxxxx.xxxpredictiveВысокий
66Filexxxx_xxxxx.xxxxpredictiveВысокий
67Filexxxx.xxxpredictiveСредний
68Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveВысокий
69Filexxxxxxxx.xxxpredictiveСредний
70Filexxxxxxxxx.xxxpredictiveВысокий
71Filexxxxxxx.xxxpredictiveСредний
72Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveВысокий
73Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveВысокий
74Filexx-xxxxx.xxxpredictiveСредний
75Filexxxxxxxxxxxx.xxxpredictiveВысокий
76Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveВысокий
77Argument$_xxxxxpredictiveНизкий
78Argument$_xxxx['xxxxxxxxx']predictiveВысокий
79Argument$_xxxxxx['xxxxxx_xxxx']predictiveВысокий
80ArgumentxxxxxxxpredictiveНизкий
81Argumentxxxx_xxxpredictiveСредний
82Argumentxx_xxxx_xxxxpredictiveСредний
83ArgumentxxxpredictiveНизкий
84ArgumentxxxxxxxxxxpredictiveСредний
85ArgumentxxxxxpredictiveНизкий
86ArgumentxxxxxpredictiveНизкий
87Argumentxxx_xxpredictiveНизкий
88Argumentxxx[xxxxxx][xxxxxxxxx]predictiveВысокий
89ArgumentxxxpredictiveНизкий
90Argumentxxxx_xxpredictiveНизкий
91ArgumentxxxxxxxpredictiveНизкий
92ArgumentxxxxxxxxxxxpredictiveСредний
93Argumentxxxx_xxxpredictiveСредний
94Argumentxxxxxx_xxpredictiveСредний
95ArgumentxxxxpredictiveНизкий
96ArgumentxxxxxxpredictiveНизкий
97ArgumentxxxxxxpredictiveНизкий
98Argumentxxxxxxx[xx_xxx_xxxx]predictiveВысокий
99ArgumentxxxxpredictiveНизкий
100ArgumentxxpredictiveНизкий
101Argumentxx_xxxxpredictiveНизкий
102ArgumentxxxxxxpredictiveНизкий
103ArgumentxxxxxxpredictiveНизкий
104ArgumentxxxxpredictiveНизкий
105ArgumentxxxxxxxxxpredictiveСредний
106ArgumentxxxxxxpredictiveНизкий
107Argumentxxx_xxxxxxx_xxxpredictiveВысокий
108Argumentxxxx[xxxxx]predictiveСредний
109Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveВысокий
110Argumentxxxx_xxxxpredictiveСредний
111ArgumentxxxxxxxxpredictiveСредний
112Argumentxxxxx_xxxx_xxxxpredictiveВысокий
113Argumentxxxx_xxpredictiveНизкий
114Argumentxx_xxxxpredictiveНизкий
115ArgumentxxxxxxpredictiveНизкий
116ArgumentxxxxxxpredictiveНизкий
117ArgumentxxxxxpredictiveНизкий
118ArgumentxxxxpredictiveНизкий
119ArgumentxxxxxxxxpredictiveСредний
120ArgumentxxxxxpredictiveНизкий
121ArgumentxxxxxxxxpredictiveСредний
122ArgumentxxxxxxxxxxpredictiveСредний
123ArgumentxxxxxpredictiveНизкий
124ArgumentxxxxxxpredictiveНизкий
125ArgumentxxxxxxxxpredictiveСредний
126Argument\xxxxxx\predictiveСредний
127Input Value../predictiveНизкий

Ссылки (3)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!