Lorec53 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (122)

语言

en	110
fr	4
it	2
sv	2
es	2

国家/地区

us	68
ru	10
it	2
fr	2
es	2

演员

Saint Bot	2
Mirai	1
Cobalt Strike	1
Bashlite	1
RedLine Stealer	1

利益

类型

Not Defined	46
Content Management System	18
Programming Language Software	8
Operating System	6
WordPress Plugin	4

供应商

Not Defined	48
Microsoft	6
Cisco	4
Chadha	4
Epic Games	2

产品

Microsoft Windows	6
phpMyAdmin	4
Chadha PHPKB Standard Multi-Language	4
Epic Games Launcher	2
Lightbox Plus Colorbox Plugin	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	phpLinkat showcat.php SQL注入	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00102	0.02	CVE-2008-3406
2	SourceCodester Customer Relationship Management login.php SQL注入	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00645	0.00	CVE-2021-43130
3	moziloCMS download.php 目录遍历	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.01578	0.02	CVE-2008-3589
4	Sam Crew MyBlog games.php 权限升级	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00609	0.00	CVE-2007-1990
5	spip Login spip_login.php3 权限升级	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.05054	0.04	CVE-2006-1702
6	Linksys WVC11B main.cgi 跨网站脚本	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01569	0.04	CVE-2004-2508
7	Jelsoft impex ImpExData.php 权限升级	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04317	0.04	CVE-2006-1382
8	PHP php URL error_log 权限升级	6.5	5.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00069	0.02	CVE-2006-3011
9	Cisco Linksys EA2700 URL 信息公开	4.3	4.1	$5k-$25k	$0-$5k	Proof-of-Concept	Unavailable	0.00000	0.08
10	MidiCart PHP Shopping Cart item_show.php SQL注入	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05
11	PHP URL Validation filter_var 权限升级	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00560	0.03	CVE-2020-7071
12	Spidersales viewCart.asp SQL注入	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00219	0.04	CVE-2004-0348
13	PHP Scripts Mall PHP Multivendor Ecommerce sellerupd.php 跨网站脚本	5.2	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00075	0.00	CVE-2017-17956
14	Cartweaver ColdFusion Details.cfm SQL注入	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00882	0.03	CVE-2006-2046
15	rakibtg Docker Dashboard API terminal.js 权限升级	7.6	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.86246	0.00	CVE-2021-27886
16	Ecommerce Online Store Kit shop.php SQL注入	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03763	0.04	CVE-2004-0300
17	D-Link DIR-655 C ping_response.cgi 跨网站脚本	5.2	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00086	0.02	CVE-2019-13562
18	Adobe ColdFusion searchlog.cfm 跨网站脚本	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.32712	0.03	CVE-2009-1872
19	Prima Systems FlexAir 权限升级	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00235	0.00	CVE-2019-7668
20	Cisco ASA WebVPN Login Page logon.html 跨网站脚本	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00192	0.04	CVE-2014-2120

活动 (1)

These are the campaigns that can be associated with the actor:

Phishing Georgian Government

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	45.12.5.62	sarimp.website	Lorec53		2022-02-20	verified	高
2	XX.XXX.XXX.XX		Xxxxxxx	Xxxxxxxx Xxxxxxxx Xxxxxxxxxx	2022-02-20	verified	高
3	XXX.XXX.XX.XXX		Xxxxxxx		2022-02-20	verified	高
4	XXX.XXX.XXX.XXX		Xxxxxxx		2023-04-13	verified	高

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-21, CWE-22	Path Traversal	predictive	高
2	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
3	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
4	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
5	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
6	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
8	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
10	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	/+CSCOE+/logon.html	predictive	高
2	File	/admin/login.php	predictive	高
3	File	/includes/rrdtool.inc.php	predictive	高
4	File	/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php	predictive	高
5	File	/www/ping_response.cgi	predictive	高
6	File	admin.php	predictive	中
7	File	admin/dashboard.php	predictive	高
8	File	admin/gallery.php	predictive	高
9	File	admin/manage-departments.php	predictive	高
10	File	admin/sellerupd.php	predictive	高
11	File	admin/vqmods.app/vqmods.inc.php	predictive	高
12	File	administrator/logviewer/searchlog.cfm	predictive	高
13	File	backend/utilities/terminal.js	predictive	高
14	File	bb_usage_stats.php	predictive	高
15	File	board.php	predictive	中
16	File	cat.php	predictive	低
17	File	category.php	predictive	中
18	File	xxx-xxxx.xxx	predictive	中
19	File	xxx-xxx/xxxxxxxxxxxx.xxx	predictive	高
20	File	xxxxxx.xxx.xxx	predictive	高
21	File	xxxxxxxx/xxxxx.xxx	predictive	高
22	File	xxxxxxxxx.xxx.xxx	predictive	高
23	File	xxxxxx.xxx	predictive	中
24	File	xxxxxxx.xxx	predictive	中
25	File	xxxxxxx.xxx	predictive	中
26	File	xxxxxxxx.xxx	predictive	中
27	File	xxxxx.xxx	predictive	中
28	File	xxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.x	predictive	高
29	File	xxxxxxx.xxx	predictive	中
30	File	xxxxx.xxx	predictive	中
31	File	xxxxxxx.xxx	predictive	中
32	File	xxxx_xxxxxxx.xxx.xxx	predictive	高
33	File	xxxx/xxxxx/xxxxxxx.xxx.xxx	predictive	高
34	File	xxxxxxxxx.xxx	predictive	高
35	File	xxx.xxx	predictive	低
36	File	xxxxxxxx/xxxxx-xxxx-xxxxxxx.xxx	predictive	高
37	File	xxxxxxxx/xxxxxxxx.xxx.xxx	predictive	高
38	File	xxxxx.xxx	predictive	中
39	File	xxxxxx.xxx	predictive	中
40	File	xxxx.xxxx	predictive	中
41	File	xxxxxxxxxx.xxx	predictive	高
42	File	xxxx_xxxxxxx.xxxx	predictive	高
43	File	xxxx_xxxx.xxx	predictive	高
44	File	xxxx.xxx	predictive	中
45	File	xxxxx.xxx	predictive	中
46	File	xxxxx.xxx	predictive	中
47	File	xxxxx_xx.xxxx	predictive	高
48	File	xxxx.xxx	predictive	中
49	File	xxxx.xxx	predictive	中
50	File	xxxxxx.xxx	predictive	中
51	File	xxxxxxx/xxxxxxxx/xxxxx.xxx	predictive	高
52	File	xxx_xxxx.xxx.xxx	predictive	高
53	File	xxxxx.xxx	predictive	中
54	File	xxxx/xxxxx.xxx	predictive	高
55	File	xxxxxxx.xxx	predictive	中
56	File	xxxxxxxxxx.xxx.xxx	predictive	高
57	File	xxxx/xxxxxxxxx.xxx	predictive	高
58	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	predictive	高
59	File	xxxxxxxx.xxx	predictive	中
60	File	xxxx.xxx	predictive	中
61	File	xxxxxxxx.xxx	predictive	中
62	File	xxxx-xxx.xxx	predictive	中
63	File	xxxxxxx.xxx	predictive	中
64	File	xxxxxxxxxxx.xxx	predictive	高
65	File	xxxxxxxxx/xxxxxxxx.xxx	predictive	高
66	File	xxxx_xxxxx.xxxx	predictive	高
67	File	xxxx.xxx	predictive	中
68	File	xxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxx	predictive	高
69	File	xxxxxxxx.xxx	predictive	中
70	File	xxxxxxxxx.xxx	predictive	高
71	File	xxxxxxx.xxx	predictive	中
72	File	xx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxx	predictive	高
73	File	xx-xxxxx/xxxxx-xxxxxx.xxx	predictive	高
74	File	xx-xxxxx.xxx	predictive	中
75	File	xxxxxxxxxxxx.xxx	predictive	高
76	Library	xxxxxxxx_xxxxxxxxx.xxx.xxx	predictive	高
77	Argument	$_xxxxx	predictive	低
78	Argument	$_xxxx['xxxxxxxxx']	predictive	高
79	Argument	$_xxxxxx['xxxxxx_xxxx']	predictive	高
80	Argument	xxxxxxx	predictive	低
81	Argument	xxxx_xxx	predictive	中
82	Argument	xx_xxxx_xxxx	predictive	中
83	Argument	xxx	predictive	低
84	Argument	xxxxxxxxxx	predictive	中
85	Argument	xxxxx	predictive	低
86	Argument	xxxxx	predictive	低
87	Argument	xxx_xx	predictive	低
88	Argument	xxx[xxxxxx][xxxxxxxxx]	predictive	高
89	Argument	xxx	predictive	低
90	Argument	xxxx_xx	predictive	低
91	Argument	xxxxxxx	predictive	低
92	Argument	xxxxxxxxxxx	predictive	中
93	Argument	xxxx_xxx	predictive	中
94	Argument	xxxxxx_xx	predictive	中
95	Argument	xxxx	predictive	低
96	Argument	xxxxxx	predictive	低
97	Argument	xxxxxx	predictive	低
98	Argument	xxxxxxx[xx_xxx_xxxx]	predictive	高
99	Argument	xxxx	predictive	低
100	Argument	xx	predictive	低
101	Argument	xx_xxxx	predictive	低
102	Argument	xxxxxx	predictive	低
103	Argument	xxxxxx	predictive	低
104	Argument	xxxx	predictive	低
105	Argument	xxxxxxxxx	predictive	中
106	Argument	xxxxxx	predictive	低
107	Argument	xxx_xxxxxxx_xxx	predictive	高
108	Argument	xxxx[xxxxx]	predictive	中
109	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	高
110	Argument	xxxx_xxxx	predictive	中
111	Argument	xxxxxxxx	predictive	中
112	Argument	xxxxx_xxxx_xxxx	predictive	高
113	Argument	xxxx_xx	predictive	低
114	Argument	xx_xxxx	predictive	低
115	Argument	xxxxxx	predictive	低
116	Argument	xxxxxx	predictive	低
117	Argument	xxxxx	predictive	低
118	Argument	xxxx	predictive	低
119	Argument	xxxxxxxx	predictive	中
120	Argument	xxxxx	predictive	低
121	Argument	xxxxxxxx	predictive	中
122	Argument	xxxxxxxxxx	predictive	中
123	Argument	xxxxx	predictive	低
124	Argument	xxxxxx	predictive	低
125	Argument	xxxxxxxx	predictive	中
126	Argument	\xxxxxx\	predictive	中
127	Input Value	../	predictive	低

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!