Luoxk 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (89)

时间轴

语言

en56
zh34

国家/地区

cn74
us16

演员

Luoxk4
PlugX1
PingPull1
BlackTech1

活动

利益

时间轴

类型

Not Defined38
Content Management System4
Digital Media Player4
Operating System4
Network Management Software4

供应商

Not Defined28
Huawei6
Oracle4
Apple4
Linux4

产品

PHP-Nuke4
Apple tvOS4
Linux Kernel4
OpenVPN Private Tunnel Installer2
Fortinet FortiSandbox2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Sophos Firewall User Portal/Webadmin 弱身份验证8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.974340.08CVE-2022-1040
2XoruX LPAR2RRD/STOR2RRD 弱身份验证6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002620.02CVE-2021-42371
3OpenSSL c_rehash 权限升级5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.097380.02CVE-2022-1292
4Apple tvOS WebKit 内存损坏7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.014160.00CVE-2019-8673
5Apple tvOS WebKit 内存损坏7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.960680.02CVE-2019-8672
6Oracle Database Server Core RDBMS Privilege Escalation7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001130.02CVE-2011-2253
7Apache ActiveMQ PortfolioPublishServlet.java 跨网站脚本4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.004250.02CVE-2012-6092
8Next.js 目录遍历5.04.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002130.05CVE-2020-5284
9Python E-mail Module Remote Code Execution6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000950.03CVE-2023-27043
10Oracle Database server Encryption 弱加密9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.007730.00CVE-2006-0270
11Filebrowser 跨网站请求伪造6.96.4$0-$5k$0-$5kFunctionalOfficial Fix0.007010.03CVE-2021-46398
12lighttpd http_auth.c base64_decode 拒绝服务5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.025690.07CVE-2011-4362
13Labelgate mora Downloader 权限升级9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003060.00CVE-2012-5188
14Oracle Email Center Message Display 未知漏洞8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.001920.00CVE-2021-2090
15Oracle MySQL Cluster Node.js 权限升级8.27.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.005450.00CVE-2021-22884
16RemiCoin transferFrom 内存损坏7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.008960.00CVE-2018-12230
17ZyXEL USG FLEX 50 CGI Program 权限升级8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.974720.04CVE-2022-30525
18Ivanti EPM Cloud Services Appliance 权限升级6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.970680.02CVE-2021-44529
19Linux Kernel ptrace 竞争条件4.43.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000420.02CVE-2014-4699
20lighttpd Log File http_auth.c 权限升级7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011230.03CVE-2015-3200

活动 (1)

These are the campaigns that can be associated with the actor:

  • CVE-2018-2893

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
127.148.157.89LuoxkCVE-2018-28932022-02-11verified
243.226.16.26LuoxkCVE-2018-28932022-02-11verified
3XXX.XX.XX.XXXxxxxXxx-xxxx-xxxx2022-02-11verified
4XXX.XX.XXX.XXXXxxxxXxx-xxxx-xxxx2022-02-11verified
5XXX.XX.XXX.XXxxxxx.xx.xxx.xx-xxxx.xxxxXxxxxXxx-xxxx-xxxx2022-02-11verified
6XXX.XXX.XX.XXXxxxxXxx-xxxx-xxxx2022-02-11verified
7XXX.XXX.XXX.XXXXxxxxXxx-xxxx-xxxx2022-02-11verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx Xxxxxxxxpredictive
15TXXXX.XXXCWE-XXXXxxxxxxxpredictive
16TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (34)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/cgi-bin/portalpredictive
2File/forum/away.phppredictive
3File/service/uploadpredictive
4File/tmppredictive
5Fileadclick.phppredictive
6Filexxxxx.xxxpredictive
7Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxxxxxxxxxxx.xxxxx.xxxpredictive
8Filexxx\xxxxx\xxxxxxxxxx\xxxxxxxxxxxxxxx.xxxpredictive
9Filexxxxxxxx\xxxxx.xxxpredictive
10Filexxxx/xxxxxxxxxxxx.xxxpredictive
11Filex_xxxxxxpredictive
12Filexxxxxxx/xxxxx/xxxxxxxx/xxxxxpredictive
13Filexx/xx-xx.xpredictive
14Filexxxx_xxxx.xpredictive
15Filexxx/xxxxxx.xxxpredictive
16Filexxxxx.xxxpredictive
17Filexxxxx.xxx/xxxxxxxxxxxxx/xxxpredictive
18Filexxxxxxx.xxxpredictive
19Filexxxxxxx.xxpredictive
20Filexxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
21Filexxxxxxxxx.xxxpredictive
22Argumentxxxxxxxpredictive
23Argumentxxxxxxpredictive
24Argumentxxxxxxxxpredictive
25Argumentxxxxxxxxpredictive
26Argumentxxpredictive
27Argumentxxxxxxpredictive
28Argumentxxxxxxxpredictive
29Argumentxxxxxxxpredictive
30Argumentxxxxpredictive
31Argumentxxxxxxxxpredictive
32Argumentxxxxxx[]predictive
33Input Value..\predictive
34Pattern|xx|xx|xx|predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!