lightSpy 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

时间轴

语言

en38
zh24
ru2

国家/地区

cn38
us26

演员

Cobalt Strike3
PlugX2
APT412
Kuluoz1
FF-Rat1

活动

利益

时间轴

类型

Not Defined26
Firewall Software8
Mail Server Software4
Programming Language Software4
WordPress Plugin2

供应商

Not Defined24
Alt-N4
ONLYOFFICE4
Icecast2
MyBatis2

产品

Alt-N MDaemon4
PHP4
Icecast ezstream2
MyBatis PageHelper2
Plainview Activity Monitor Plugin2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1vsftpd deny_file 未知漏洞3.73.6$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.33CVE-2015-1419
2Google Chrome V8 Remote Code Execution6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.243800.02CVE-2020-16040
3Synacor Zimbra Collaboration Suite WebEx Zimlet 权限升级8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.706480.00CVE-2020-7796
4Cisco Unity Connection 权限升级8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001270.06CVE-2024-20272
5Devilz Clanportal SQL注入7.37.0$0-$5k$0-$5kHighOfficial Fix0.006840.03CVE-2006-6339
6Ikuai Router OS webman.lua ActionLogin 权限升级7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.008030.04CVE-2023-34849
7Keycloak mTLS Authentication 弱身份验证4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000860.04CVE-2023-2422
8KeyCloak Password Reset 权限升级6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002930.00CVE-2017-12161
9ONLYOFFICE Document Server FontFileBase.h 内存损坏5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002110.00CVE-2022-29777
10ONLYOFFICE Server User Name 权限升级4.54.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000710.03CVE-2021-43448
11ONLYOFFICE Server Document Editor Service 权限升级6.86.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.001000.04CVE-2021-43449
12ONLYOFFICE Document Server Example editor 跨网站脚本3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.03CVE-2022-24229
13ONLYOFFICE Document Server WebSocket API SQL注入8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001740.00CVE-2020-11537
14ONLYOFFICE Server Document Editor 弱身份验证6.96.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000760.04CVE-2021-43447
15ONLYOFFICE Community Server UploadProgress.ashx 权限升级8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.006330.04CVE-2023-34939
16Microsoft Windows BitLocker Local Privilege Escalation6.15.3$25k-$100k$0-$5kUnprovenOfficial Fix0.000540.00CVE-2021-38632
17MyBatis PageHelper SQL注入5.04.8$0-$5k$0-$5kNot DefinedNot Defined0.005990.05CVE-2022-28111
18mingSoft MCMS IContentDao.xml SQL注入6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.016100.04CVE-2022-23898
19Git Plugin Build 权限升级6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.011560.03CVE-2022-36883
20HelpSystems Cobalt Strike 跨网站脚本4.84.7$0-$5k$0-$5kHighOfficial Fix0.007670.04CVE-2022-39197

活动 (1)

These are the campaigns that can be associated with the actor:

  • LightSpy

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
146.17.43.74APT41LightSpy2023-10-29verified
2XXX.XX.XXX.XXXXxxxxXxxxxxxx2023-10-29verified
3XXX.XX.XXX.XXXXxxxxxxx2024-04-16verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-137CWE-88, CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-58CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
9TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/example/editorpredictive
2Fileadmin/killsourcepredictive
3Filecgi-bin/webfile_mgr.cgipredictive
4Filedata/gbconfiguration.datpredictive
5Filexxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx.xpredictive
6Filexxxxxxxxxxx.xxxpredictive
7Filexxx.xxpredictive
8Filexxxxx.xxx/xxxx/x/predictive
9Filexxxxxxx.xpredictive
10Filexxx/xxxxxxxx.xpredictive
11Filexxxxxxxxxxxxxx.xxxxpredictive
12Filexxxxxx.xxxpredictive
13Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxx_xxxxxxxx_xxxxxxx&xxx=xxxxxxxx_xxxxxpredictive
14Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
15Libraryxxxxxxxxxxx.xxxpredictive
16Argumentxxxxxxxxxxpredictive
17Argumentxxxxxxxpredictive
18Argumentxxxxxxxpredictive
19Argumentxxxxxpredictive
20Argumentxxxxpredictive
21Argumentxxpredictive
22Argumentxxxxxpredictive
23Argumentxxxxpredictive
24Argumentxxxxxxxpredictive
25Argumentxxxxxxxpredictive
26Argumentxxxxxxxxpredictive
27Argumentxxxx->xxxxxxxpredictive
28Argument_xxxxxpredictive
29Input Value/xxxx.xxxpredictive
30Input Value{xxxxx:xx(xxxx($_xxx[x]))}x{/xxxxx:xx}predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!