LazyScripter Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (209)

Tidslinje

Lang

en164
fr24
de10
zh6
es4

Land

us180
ch8
cn4
in2
de2

Skådespelare

LazyScripter3
NjRAT2
AsyncRAT2
RATLoader1
Purple Fox1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined56
Content Management System10
Operating System6
Mail Server Software4
Smartphone Operating System4

Säljare

Not Defined30
Microsoft10
Apple6
Itechscripts4
AXIS4

Produkt

Microsoft Windows4
Microsoft IIS4
Ilohamail4
baigo CMS4
Tamlyncreative Com Bfsurvey Profree2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.37CVE-2010-0966
3Gempar Script Toko Online shop_display_products.php sql injektion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.02CVE-2009-0296
4Ecommerce Online Store Kit shop.php sql injektion9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
5WoltLab Burning Book addentry.php sql injektion7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.02CVE-2006-5509
6FiberHome HG2201T telnet.cgi privilegier eskalering8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006090.00CVE-2019-17186
7Google Chrome Utility Process tävlingsvillkor9.89.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.008010.07CVE-2011-3961
8DataLynx suGuard privilegier eskalering5.95.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.02CVE-1999-0388
9Dcscripts Dcshop HTTP GET Request auth_user_file.txt Password informationsgivning5.35.2$0-$5k$0-$5kNot DefinedWorkaround0.007550.02CVE-2001-0821
10MidiCart PHP Shopping Cart item_show.php sql injektion6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
11Linksys WVC11B main.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.015690.04CVE-2004-2508
12Asternic Flash Operator Panel User Control Panel privilegier eskalering7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.002140.04CVE-2018-5694
13Contenido Contendio allow_url_fopen privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.005750.00CVE-2005-4132
14Microsoft Windows Remote Desktop/Terminal Services Web Connection svag autentisering6.36.2$25k-$100k$0-$5kNot DefinedWorkaround0.000000.02
15Ilohamail cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.04
16Microsoft IIS Error Message cross site scripting6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001690.00CVE-2000-1104
17Microsoft IIS Error Message cross site scripting4.24.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.039110.03CVE-2003-0223
18Adobe ColdFusion cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014790.00CVE-2007-0817
19SourceCodester Garage Management System createUser.php privilegier eskalering6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.003070.05CVE-2022-2578
20D-Link IP Cameras rtpd.cgi felkonfiguration9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.915590.00CVE-2013-1599

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.91.92.112LazyScripter11/03/2022verifiedHög
266.29.130.204server1.gowaymevps.xyzLazyScripter11/03/2022verifiedHög
3103.73.64.115LazyScripter11/03/2022verifiedHög
4XXX.XXX.X.XXXxxxxxxxxxxx23/03/2022verifiedHög
5XXX.XXX.XXX.XXXXxxxxxxxxxxx11/03/2022verifiedHög
6XXX.XXX.XXX.XXXxxxxxxxxxxx31/05/2021verifiedHög
7XXX.XXX.XXX.XXXxxxxxxxxxxx11/03/2022verifiedHög
8XXX.XX.XXX.XXXXxxxxxxxxxxx11/03/2022verifiedHög
9XXX.XXX.XXX.XXXxxxx.xxxxxxx.xxxXxxxxxxxxxxx31/05/2021verifiedHög
10XXX.XX.XXX.XXXXxxxxxxxxxxx11/03/2022verifiedHög
11XXX.XXX.XXX.XXXxxxxxxxxxxx31/05/2021verifiedHög

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1CAPEC-10CWE-20, CWE-59, CWE-61, CWE-73, CWE-74, CWE-93, CWE-119, CWE-125, CWE-134, CWE-189, CWE-287, CWE-345, CWE-352, CWE-362, CWE-399, CWE-404, CWE-502, CWE-613, CWE-707, CWE-787, CWE-862, CWE-863, CWE-918Unknown VulnerabilitypredictiveHög
2T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHög
3T1059CAPEC-10CWE-74, CWE-94, CWE-707Argument InjectionpredictiveHög
4TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx XxxxxxxxxpredictiveHög
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
7TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
10TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
11TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHög
12TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
13TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög
14TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHög

IOA - Indicator of Attack (96)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/catalog/admin/categories.php?cPath=&action=new_productpredictiveHög
2File/etc/passwdpredictiveMedium
3File/inc/HTTPClient.phppredictiveHög
4File/php_action/createUser.phppredictiveHög
5File/var/WEB-GUI/cgi-bin/telnet.cgipredictiveHög
6Fileaddentry.phppredictiveMedium
7Fileadmin.phppredictiveMedium
8Fileadmin/admin.shtmlpredictiveHög
9FileAdmin/ADM_Pagina.phppredictiveHög
10Fileadmin/editcatalogue.phppredictiveHög
11Fileadmin/menus/edit.phppredictiveHög
12Filexxxxx.xxxpredictiveMedium
13Filexx_xxxxxxx/xxxxx.xxx?x=xxx&x=xxxxxxxpredictiveHög
14Filexxxxxxxxxx.xxxpredictiveHög
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx_xxxx.xxxpredictiveHög
17Filexxx_xxxx.xpredictiveMedium
18Filexxxxxxxxx.xxxpredictiveHög
19Filexxxxxx-xxxxxpredictiveMedium
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxxx_xxx_xxxxx.xxxpredictiveHög
24Filexxxxxxxxxx-xx-xxxxxx/xxxx/xxxx.xxxpredictiveHög
25Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHög
26Filexxx/xxxxxx.xxxpredictiveHög
27Filexxxxxxx/xxxx_xxxxxxxx.xxxxx.xxxpredictiveHög
28Filexxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxxxxxxx.xxxpredictiveHög
31Filexxxx_xxxx.xxxpredictiveHög
32Filexxxxx_xx.xxxxpredictiveHög
33Filexxxxxxxxxx/xxxxxxx.xpredictiveHög
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxx_xxxx.xxxpredictiveMedium
38Filexxx_xxxx.xxx.xxxpredictiveHög
39Filexxxxxx.xxx/xxxx_xxxx_xxxx.xxxpredictiveHög
40Filexxxxxxxxxx.xxxpredictiveHög
41Filexxxxxxxx-x.xxpredictiveHög
42Filexxxx/xxxxxxx/xxxxxxxxxxxxx_xxx.xxxpredictiveHög
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxx.xxxpredictiveMedium
45Filexxxxxxxxxxxxx.xxxpredictiveHög
46Filexxxxxxxxx.xxxpredictiveHög
47Filexxxxxxxxxxxxxxxx.xxxpredictiveHög
48Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHög
49Filexxxxx_xxxxx.xxxpredictiveHög
50Filexxxxxx/xxxxx/xxxx_xxxxxxx.xxxpredictiveHög
51Filexxxxxx.xxxpredictiveMedium
52Filexxxx_xxxxx.xxxpredictiveHög
53Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHög
54Filexxxx.xxxpredictiveMedium
55Filexxxxxxxx.xxxpredictiveMedium
56Filexxxxxxx.xxxpredictiveMedium
57Libraryxxxxxx[xxxxxx_xxxxpredictiveHög
58Libraryxxxxxx.xxxpredictiveMedium
59Libraryxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
60Libraryxxx/xx_xxx.xpredictiveMedium
61Argument(xxxxxx)predictiveMedium
62Argumentxxx_xxpredictiveLåg
63ArgumentxxxxxxxxpredictiveMedium
64Argumentxx_xxxx_xxxxpredictiveMedium
65ArgumentxxxpredictiveLåg
66ArgumentxxxxxpredictiveLåg
67Argumentxxx_xxpredictiveLåg
68ArgumentxxxpredictiveLåg
69Argumentxxxx_xxpredictiveLåg
70ArgumentxxxxxxxpredictiveLåg
71Argumentxxxxxx[xxxxxx_xxxx]predictiveHög
72Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHög
73Argumentxxxxxx_xxxxpredictiveMedium
74ArgumentxxxxxxxpredictiveLåg
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxpredictiveLåg
77ArgumentxxpredictiveLåg
78ArgumentxxpredictiveLåg
79Argumentxxxx_xxpredictiveLåg
80Argumentxxxxx_xxxxpredictiveMedium
81ArgumentxxxxxxpredictiveLåg
82Argumentxxxx_xxxxpredictiveMedium
83Argumentxxx[xxxx][xx_xxxx_xxxx]predictiveHög
84Argumentxxxx_xxpredictiveLåg
85ArgumentxxxxpredictiveLåg
86Argumentxxxxxx_xxxxpredictiveMedium
87ArgumentxxxxxxxxpredictiveMedium
88Argumentxxxxxx_xxxx[]predictiveHög
89ArgumentxxxxxxpredictiveLåg
90ArgumentxxxxxpredictiveLåg
91ArgumentxxxxpredictiveLåg
92ArgumentxxxxxxxxpredictiveMedium
93Argumentx-xxxx-xxxxxpredictiveMedium
94Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHög
95Input Value//xxx.xxxxxxx.xxxpredictiveHög
96Pattern|xx xx xx|predictiveMedium

Referenser (4)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you know our Splunk app?

Download it now for free!