Lucifer Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (28)

Lang

en	26
zh	2

Land

cn	20
us	2

Skådespelare

Lucifer	5
NightScout	1
Mirai	1

Intressera

Typ

Not Defined	10
WordPress Plugin	4
Smartphone Operating System	2
Smartwatch Operating System	2
Application Server Software	2

Säljare

Not Defined	6
SolarWinds	2
DZCP	2
Google	2
JumpDEMAND	2

Produkt

SolarWinds SQL Sentry	2
DZCP deV!L`z Clanportal	2
Google Android	2
JumpDEMAND 4ECPS Web Forms Plugin	2
Apple watchOS	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	CTI	EPSS	CVE
1	Microsoft Windows NetBIOS WinNuke förnekande av tjänsten	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.03	0.00304	CVE-1999-0153
2	Oracle PeopleSoft Enterprise PeopleTools Integration Broker privilegier eskalering	6.5	5.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.05	0.00799	CVE-2017-3548
3	ZyXEL NAS326/NAS540/NAS542 UDP Packet Format String	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00417	CVE-2022-34747
4	MediaWiki cross site scripting	4.3	4.3	$0-$5k	Beräknande	Not Defined	Not Defined	0.00	0.00136	CVE-2007-4883
5	OpenSSH privilegier eskalering	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.02103	CVE-2007-4752
6	Dian Gemilang DGNews news.php sql injektion	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00188	CVE-2007-2994
7	PHP-Generics include.php privilegier eskalering	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.15334	CVE-2007-2346
8	JumpDEMAND 4ECPS Web Forms Plugin cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00048	CVE-2022-44628
9	Top Bar Plugin Setting cross site scripting	2.4	2.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00056	CVE-2022-2629
10	Apple watchOS Audio File informationsgivning	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00109	CVE-2020-29610
11	Openscad STL File import_stl.cc import_stl minneskorruption	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00208	CVE-2020-28599
12	NVIDIA Jetson Linux Driver Package Cboot Module blob_decompress minneskorruption	5.5	5.4	$0-$5k	Beräknande	Not Defined	Official Fix	0.00	0.00042	CVE-2022-28196
13	Oracle Communications Pricing Design Center Python minneskorruption	9.8	9.6	$100k och mer	$25k-$100k	Not Defined	Official Fix	0.00	0.04038	CVE-2021-3177
14	SolarWinds SQL Sentry informationsgivning	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00075	CVE-2022-38107
15	Google Android DevicePolicyManager informationsgivning	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2022-20275
16	Google Android Task.java Local Privilege Escalation	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00048	CVE-2021-39696
17	DZCP deV!L`z Clanportal config.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.38	0.00943	CVE-2010-0966
18	Elastic Enterprise Search App API Key privilegier eskalering	5.5	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00104	CVE-2021-22149

Kampanjer (1)

These are the campaigns that can be associated with the actor:

CVE-2021-25646

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	20.205.116.139		Lucifer	CVE-2021-25646	27/02/2024	verified	Hög
2	45.141.68.25		Lucifer	CVE-2021-25646	27/02/2024	verified	Hög
3	47.88.49.239		Lucifer	CVE-2021-25646	27/02/2024	verified	Hög
4	XX.XX.XXX.X		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Hög
5	XX.XX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Hög
6	XX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Hög
7	XXX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Hög
8	XXX.XX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Hög
9	XXX.XX.X.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Hög
10	XXX.XX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	27/02/2024	verified	Hög
11	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxx		29/08/2021	verified	Hög
12	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxxx		29/08/2021	verified	Hög
13	XXX.XXX.XXX.XX		Xxxxxxx		29/08/2021	verified	Hög
14	XXX.XXX.XX.XX		Xxxxxxx		29/08/2021	verified	Hög

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1059	CWE-94	Argument Injection	predictive	Hög
2	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	import_stl.cc	predictive	Hög
2	File	inc/config.php	predictive	Hög
3	File	xxxxxxx.xxx	predictive	Medium
4	File	xxxx.xxx	predictive	Medium
5	File	xxxx.xxxx	predictive	Medium
6	Argument	xxxxxxxx	predictive	Medium
7	Argument	xxxx/xxxx	predictive	Medium
8	Argument	xxxxxx	predictive	Låg
9	Argument	x-xxxxxxxxx-xxx	predictive	Hög
10	Argument	_xxx_xxxxxxxx_xxxx	predictive	Hög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you know our Splunk app?

Download it now for free!