Lucifer 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

时间轴

语言

en28
zh2

国家/地区

cn22

演员

Lucifer4

活动

利益

时间轴

类型

Not Defined10
Smartphone Operating System2
File Transfer Software2
Connectivity Software2
Smartwatch Operating System2

供应商

Not Defined8
Google2
SolarWinds2
Elastic2
ZyXEL2

产品

Google Android2
SolarWinds SQL Sentry2
ProFTPD2
Openscad2
OpenSSH2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Microsoft Windows NetBIOS WinNuke 拒绝服务7.57.2$25k-$100k$0-$5kHighOfficial Fix0.003040.03CVE-1999-0153
2Oracle PeopleSoft Enterprise PeopleTools Integration Broker 权限升级6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.007990.05CVE-2017-3548
3ZyXEL NAS326/NAS540/NAS542 UDP Packet Format String9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.004350.00CVE-2022-34747
4MediaWiki 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001360.00CVE-2007-4883
5OpenSSH 权限升级7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.021030.00CVE-2007-4752
6Dian Gemilang DGNews news.php SQL注入7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.002140.00CVE-2007-2994
7PHP-Generics include.php 权限升级7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.153340.00CVE-2007-2346
8JumpDEMAND 4ECPS Web Forms Plugin 跨网站脚本3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000480.00CVE-2022-44628
9Top Bar Plugin Setting 跨网站脚本2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2022-2629
10Apple watchOS Audio File 信息公开4.34.1$0-$5k计算Not DefinedOfficial Fix0.001090.00CVE-2020-29610
11Openscad STL File import_stl.cc import_stl 内存损坏6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002080.00CVE-2020-28599
12NVIDIA Jetson Linux Driver Package Cboot Module blob_decompress 内存损坏5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-28196
13Oracle Communications Pricing Design Center Python 内存损坏9.89.6$100k 以及更多$25k-$100kNot DefinedOfficial Fix0.040380.00CVE-2021-3177
14SolarWinds SQL Sentry 信息公开4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2022-38107
15Google Android DevicePolicyManager 信息公开3.33.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-20275
16Google Android Task.java Local Privilege Escalation6.56.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000480.03CVE-2021-39696
17DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.68CVE-2010-0966

活动 (1)

These are the campaigns that can be associated with the actor:

  • CVE-2021-25646

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
120.205.116.139LuciferCVE-2021-256462024-02-27verified
245.141.68.25LuciferCVE-2021-256462024-02-27verified
347.88.49.239LuciferCVE-2021-256462024-02-27verified
4XX.XX.XXX.XXxxxxxxXxx-xxxx-xxxxx2024-02-27verified
5XX.XX.XXX.XXXXxxxxxxXxx-xxxx-xxxxx2024-02-27verified
6XX.XXX.XXX.XXXxxxxxxXxx-xxxx-xxxxx2024-02-27verified
7XXX.XXX.XXX.XXXxxxxxxXxx-xxxx-xxxxx2024-02-27verified
8XXX.XX.XXX.XXXxxxxxxXxx-xxxx-xxxxx2024-02-27verified
9XXX.XX.X.XXXxxxxxxXxx-xxxx-xxxxx2024-02-27verified
10XXX.XX.XXX.XXXxxxxxxXxx-xxxx-xxxxx2024-02-27verified
11XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxxxx2021-08-29verified
12XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxxXxxxxxx2021-08-29verified
13XXX.XXX.XXX.XXXxxxxxx2021-08-29verified
14XXX.XXX.XX.XXXxxxxxx2021-08-29verified

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1059CWE-94Argument Injectionpredictive
2TXXXX.XXXCWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCWE-XXXxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1Fileimport_stl.ccpredictive
2Fileinc/config.phppredictive
3Filexxxxxxx.xxxpredictive
4Filexxxx.xxxpredictive
5Filexxxx.xxxxpredictive
6Argumentxxxxxxxxpredictive
7Argumentxxxx/xxxxpredictive
8Argumentxxxxxxpredictive
9Argumentx-xxxxxxxxx-xxxpredictive
10Argument_xxx_xxxxxxxx_xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!