Lorenz Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (82)

Язык

en	66
es	12
zh	4

Страна

us	30
cn	16

Акторы

Lorenz	5
Cobalt Strike	3
BumbleBee	2
Raccoon	2
Fodcha	1

Интерес

Тип

Bug Tracking Software	32
Not Defined	18
Artificial Intelligence Software	4
Web Server	4
Word Processing Software	2

Поставщик

GitLab	26
Not Defined	24
Cisco	2
Steindom	2
Nextcloud	2

Продукт

GitLab Enterprise Edition	20
GitLab Community Edition	18
TensorFlow	4
nginx	4
Cisco Unified Contact Center Express	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	Oracle REST Data Services отказ в обслуживании	7.0	6.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.03359	CVE-2023-24998
3	Extreme EXOS повреждение памяти	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00209	CVE-2017-14328
4	SentryHD эскалация привилегий	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01	0.00000
5	GitLab Community Edition/Enterprise Edition Bowser Cache раскрытие информации	5.4	5.3	$0-$5k	Расчет	Not Defined	Official Fix	0.00	0.00079	CVE-2018-18640
6	Oracle REST Data Services General раскрытие информации	4.3	4.1	$5k-$25k	Расчет	Not Defined	Official Fix	0.00	0.00054	CVE-2020-14745
7	Oracle REST Data Services раскрытие информации	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.45704	CVE-2021-34429
8	HP System Management Homepage Access Restriction повреждение памяти	10.0	9.5	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.21036	CVE-2011-1541
9	nginx эскалация привилегий	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.29	0.00241	CVE-2020-12440
10	Teltonika Remote Management System/RUT эскалация привилегий	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00054	CVE-2023-32350
11	python-jwt слабая аутентификация	8.2	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00095	CVE-2022-39227
12	OpenSSH Forward Option roaming_common.c roaming_write повреждение памяти	8.1	7.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00	0.00266	CVE-2016-0778
13	Technicolor TC7337NET Password слабое шифрование	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00900	CVE-2020-10376
14	Nextcloud Password Policy раскрытие информации	2.7	2.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00050	CVE-2022-35931
15	Citrix XenServer обход каталога	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.03280	CVE-2018-14007
16	polkit polkitd раскрытие информации	5.7	5.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00066	CVE-2018-1116
17	Apache HTTP Server mod_proxy эскалация привилегий	7.3	7.3	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.04	0.97406	CVE-2021-40438
18	mod_ssl SSLVerifyClient Remote Code Execution	9.8	8.8	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.00214	CVE-2005-2700
19	Huawei ACXXXX/SXXXX SSH Packet эскалация привилегий	7.5	7.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.00246	CVE-2014-8572
20	Vim повреждение памяти	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00102	CVE-2021-3984

Кампании (1)

These are the campaigns that can be associated with the actor:

CVE-2022-29499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	64.190.113.100		Lorenz	CVE-2022-29499	20.09.2022	verified	Высокий
2	137.184.181.252		Lorenz	CVE-2022-29499	20.09.2022	verified	Высокий
3	XXX.XX.XX.XX	xxxx.xxxxxxxxxxxxxx.xxx	Xxxxxx	Xxx-xxxx-xxxxx	20.09.2022	verified	Высокий
4	XXX.XX.XX.XX		Xxxxxx	Xxx-xxxx-xxxxx	20.09.2022	verified	Высокий
5	XXX.XXX.XXX.XX		Xxxxxx	Xxx-xxxx-xxxxx	20.09.2022	verified	Высокий
6	XXX.XX.XXX.XXX	xxxxxxxxxxx.xxxxxxx.xxxx	Xxxxxx	Xxx-xxxx-xxxxx	20.09.2022	verified	Высокий
7	XXX.XXX.XXX.XXX		Xxxxxx	Xxx-xxxx-xxxxx	20.09.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Высокий
3	T1059	CWE-94	Argument Injection	predictive	Высокий
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
6	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
9	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
11	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
12	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	config.xml	predictive	Средний
2	File	contact.php	predictive	Средний
3	File	contact_support.php	predictive	Высокий
4	File	data/gbconfiguration.dat	predictive	Высокий
5	File	xxxx.xxx	predictive	Средний
6	File	xxx/xxxxxx.xxx	predictive	Высокий
7	File	xxxxx.xxx	predictive	Средний
8	File	xxxxxxxxxxxxxxx.xxxx	predictive	Высокий
9	File	xxxxxx_xxxx_xxx_xxx.xxx	predictive	Высокий
10	File	xxx_xxxxx.x	predictive	Средний
11	File	xxxxxxxx.xxx	predictive	Средний
12	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Высокий
13	File	xxxxxxx_xxxxxx.x	predictive	Высокий
14	File	xxxx-xxxxxxxx.xxx	predictive	Высокий
15	File	xxx.x	predictive	Низкий
16	File	xx-xxxxxxx/xxxxxxx/xxxx/xx	predictive	Высокий
17	Argument	xxxxxxxx	predictive	Средний
18	Argument	xxxxxxxxxxxxxx	predictive	Высокий
19	Argument	xxxxxxx_xx	predictive	Средний
20	Argument	xxxxxxx	predictive	Низкий
21	Argument	xxxx	predictive	Низкий
22	Argument	xxxxxxxx	predictive	Средний
23	Argument	xxxxxxxx	predictive	Средний
24	Argument	xxxx	predictive	Низкий
25	Argument	xxx	predictive	Низкий
26	Network Port	xxx	predictive	Низкий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Do you need the next level of professionalism?

Upgrade your account now!