LuminousMoth 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (24)

语言

en	22
zh	2

国家/地区

cn	12
us	10
kr	2

演员

LuminousMoth	2
Mustang Panda	1
Lazarus	1

利益

类型

Operating System	6
Content Management System	6
Office Suite Software	4
Web Server	2
Application Server Software	2

供应商

Microsoft	10
Not Defined	8
IBM	2
Fortinet	2
Famatech	2

产品

Microsoft Windows	6
Microsoft Office	4
nginx	2
Django	2
DeDeCMS	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	nginx 权限升级	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	5.08	CVE-2020-12440
2	Adobe Acrobat Reader Font File 内存损坏	7.0	6.9	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00177	0.04	CVE-2022-24092
3	PHP SOAP Extension unserialize 权限升级	8.1	7.7	$5k-$25k	$0-$5k	Unproven	Official Fix	0.04858	0.04	CVE-2015-4599
4	Microsoft Office Word Remote Code Execution	7.0	6.1	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00682	0.00	CVE-2021-42296
5	Microsoft Windows Active Directory Domain Services Privilege Escalation	7.5	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.59906	0.04	CVE-2021-42278
6	GitLab Community Edition/Enterprise Edition Image File Privilege Escalation	6.3	6.3	$0-$5k	$0-$5k	High	Not Defined	0.97463	0.40	CVE-2021-22205
7	Microsoft Exchange Server Privilege Escalation	6.5	5.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00086	0.00	CVE-2021-24085
8	FortiLogger SaveUploadedHotspotLogoFile 权限升级	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.48296	0.00	CVE-2021-3378
9	Opengear Console Server Serial Port Logging Stored 跨网站脚本	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00058	0.02	CVE-2019-14456
10	WordPress Thumbnail 权限升级	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00990	0.03	CVE-2018-1000773
11	Fortinet FortiGate Log 权限升级	4.0	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00089	0.04	CVE-2020-12818
12	Progress MOVEit Transfer REST API MOVEit.DMZ.WebApi.dll SQL注入	8.3	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00357	0.02	CVE-2019-16383
13	IBM WebSphere Application Server Stack Trace 信息公开	5.3	5.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00103	0.03	CVE-2019-4441
14	Django SQL注入	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00742	0.00	CVE-2020-7471
15	Django 跨网站脚本	5.2	4.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02273	0.00	CVE-2020-13596
16	Django CMS 跨网站请求伪造	6.5	6.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00231	0.02	CVE-2015-5081
17	Microsoft Windows Netlogon Zerologon 权限升级	8.4	8.3	$25k-$100k	$0-$5k	High	Official Fix	0.45082	0.00	CVE-2020-1472
18	Famatech Remote Administrator 弱身份验证	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Workaround	0.00000	0.00
19	DeDeCMS co_do.php SQL注入	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00190	0.02	CVE-2018-19061
20	php-fpm 权限升级	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00042	0.02	CVE-2015-3211

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	45.204.9.70		LuminousMoth	2021-07-17	verified	高
2	XXX.XX.XX.XXX	xxxx.xxxxxxxxxxxxxx.xxxx	Xxxxxxxxxxxx	2021-07-17	verified	高
3	XXX.XX.XX.XXX	xxxxx-xxxx.xxxxxxxxx.xxx	Xxxxxxxxxxxx	2021-07-17	verified	高

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1059.007	CWE-79	Cross Site Scripting	predictive	高
2	T1068	CWE-269	Execution with Unnecessary Privileges	predictive	高
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	高
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
6	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	高

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	Config/SaveUploadedHotspotLogoFile	predictive	高
2	File	xxxx\xx_xx.xxx	predictive	高
3	Library	xxxxxx.xxx.xxxxxx.xxx	predictive	高
4	Argument	xxx	predictive	低

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!