LoJax Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (156)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en144
de6
ru4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us66
ru14
gb6
br4
re4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APT287
Carbanak2
PsiXBot2
Grizzly Steppe2
LokiBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Operating System12
Content Management System8
Forum Software8
Router Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined62
Microsoft10
Google6
Apache4
Linux4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Linux Kernel4
MikroTik RouterOS4
WordPress2
Backdoor.Win32.RemServ.d2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1vBulletin moderation.php sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.002840.00CVE-2016-6195
2IPS IP.Board ipsconnect.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001490.00CVE-2014-9239
3WordPress Editor information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006560.04CVE-2021-29450
4Microsoft .NET Framework Code Access Security cryptographic issues9.89.8$5k-$25k$0-$5kNot DefinedNot Defined0.001630.04CVE-2008-5100
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.64CVE-2010-0966
6Arthur Konze Webdesign akocomment akocomments.php file inclusion7.36.4$0-$5k$0-$5kUnprovenUnavailable0.009540.00CVE-2006-4281
7Apache HTTP Server mod_cgid resource management5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.247150.04CVE-2014-0231
8SourceCodester Aplaya Beach Resort Online Reservation System index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-3353
9Wpmet Wp Ultimate Review Plugin cross-site request forgery5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000580.00CVE-2023-28987
10MariaDB init_expr_cache_tracker memory corruption5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000950.05CVE-2022-32083
11Campcodes Online Matrimonial Website System Script SVG Document upload cross site scripting6.66.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.007160.07CVE-2023-39115
12Triangle MicroWorks SCADA Data Gateway Event Log neutralization2.22.1$0-$5kCalculatingNot DefinedOfficial Fix0.000460.00CVE-2023-39461
13IceWarp cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.003500.00CVE-2023-37728
14tagDiv Composer Plugin Facebook Login improper authentication7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.004090.04CVE-2022-3477
15jeecg-boot upload unrestricted upload6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-34660
16Tenda AC10 SetNetControlList stack-based overflow6.16.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-34569
17LavaLite CMS Header injection4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000720.00CVE-2023-27237
18KMPlayer SHFOLDER.dll uncontrolled search path6.16.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000600.00CVE-2023-1745
19Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.32
20Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.04CVE-2008-2052

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • LoJax

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.23.82.72LoJax10/13/2018verifiedHigh
22.2.82.64LoJax10/13/2018verifiedHigh
32.12.51.56arennes-655-1-148-56.w2-12.abo.wanadoo.frLoJax10/13/2018verifiedHigh
43.95.29.25ec2-3-95-29-25.compute-1.amazonaws.comLoJax10/13/2018verifiedMedium
5XX.X.XX.XXxxxx10/13/2018verifiedHigh
6XX.XX.XX.XXXxxxx10/13/2018verifiedHigh
7XX.XX.XX.XXxxxx10/13/2018verifiedHigh
8XX.XXX.XXX.XXXxxxxXxxxx12/15/2020verifiedHigh
9XX.XXX.XXX.XXXx.xxxxx.xx.xxxXxxxxXxxxx12/15/2020verifiedHigh
10XXX.XX.XXX.XXXxxxxXxxxx12/15/2020verifiedHigh
11XXX.XX.XXX.XXXxxx.xxxxxxxxxx.xxxXxxxxXxxxx12/15/2020verifiedHigh
12XXX.XX.XXX.XXXXxxxxXxxxx12/15/2020verifiedHigh
13XXX.XX.XXX.XXxxxx.xxxxxxx.xxXxxxxXxxxx12/15/2020verifiedHigh
14XXX.XX.XXX.XXXXxxxxXxxxx12/15/2020verifiedHigh
15XXX.XX.XXX.XXXxxxxXxxxx12/15/2020verifiedHigh
16XXX.XXX.XX.XXXXxxxxXxxxx12/15/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-184CWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (82)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/api/plugin/uninstallpredictiveHigh
3File/bin/boapredictiveMedium
4File/etc/puppetlabs/puppetserver/conf.d/ca.confpredictiveHigh
5File/goform/SetNetControlListpredictiveHigh
6File/home/httpd/cgi-bin/cgi.cgipredictiveHigh
7File/hrm/employeeadd.phppredictiveHigh
8File/jeecg-boot/jmreport/uploadpredictiveHigh
9File/modules/tasks/summary.inc.phppredictiveHigh
10File/xxxx/xxx/x/xxxx/xxxxxxpredictiveHigh
11File/xxxxxxx/predictiveMedium
12File/xxx/xxx-xxx/xxx-xxx/xxxxxx.xxxpredictiveHigh
13File/_xxxxpredictiveLow
14Filexxxxxxxx/xxxxxx/xxxx_xxxxxx.xpredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx/xxxxxxxx.xxxpredictiveHigh
17Filexxxxx/xxxxx.xxx?xx=xxxxxpredictiveHigh
18Filexxxxx/xxx_xxxxxxx/xxxxx.xxxpredictiveHigh
19Filexxx.xxxpredictiveLow
20Filexxxxxxxxxxx.xxxpredictiveHigh
21Filexx/xxxxxx_xxx.xxxpredictiveHigh
22Filexxxx/xxx.xxxxxxxxxx/xxxxxxxxxpredictiveHigh
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexxxxx_xxxxxx.xpredictiveHigh
26Filexxxxxxxxxxx/xxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
27Filexxxx.xxxpredictiveMedium
28Filexxxxxxxx/xxxx_xxxxpredictiveHigh
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxx?x=/xxxx/xxxxxxxxpredictiveHigh
32Filexxxxxxx/xxx-xxxxxxxx/xxxxxxpredictiveHigh
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxx_xxxx.xxxpredictiveHigh
35Filexxxxxx.xpredictiveMedium
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxxxxx/xxxxxxx-xxxxxx.xpredictiveHigh
38Filexxx_xxxxx_xxxx.xpredictiveHigh
39Filexxx/xxxx/xxxx.xpredictiveHigh
40Filexxx/xxxxxxxx-xxxxx.xpredictiveHigh
41Filexxxx.xxxpredictiveMedium
42Filexxxxxxx.xpredictiveMedium
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
46Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
47Filexxxxxx/xxxx.xxxpredictiveHigh
48Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
49Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictiveHigh
50Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
51Filexx-xxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxx.xxxpredictiveMedium
53Libraryxxxxxxx.xxxpredictiveMedium
54Libraryxxxxxxxx.xxxpredictiveMedium
55Argument-xpredictiveLow
56ArgumentxxxxxxxxpredictiveMedium
57Argumentxxxxx/xxxpredictiveMedium
58Argumentxxxx_xxpredictiveLow
59Argumentxxxx_xxxxxx=xxxxpredictiveHigh
60ArgumentxxxxxpredictiveLow
61ArgumentxxxxpredictiveLow
62ArgumentxxxxpredictiveLow
63ArgumentxxxxpredictiveLow
64ArgumentxxpredictiveLow
65ArgumentxxxxpredictiveLow
66Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
67Argumentx_xxxxpredictiveLow
68Argumentxxxx_xxxxpredictiveMedium
69ArgumentxxxxxxxpredictiveLow
70Argumentxxxxxxxx_xxxpredictiveMedium
71Argumentxxxxxx/xxxxxpredictiveMedium
72Argumentxxxxxxxxx_xxxxxx_xxxpredictiveHigh
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxpredictiveLow
75ArgumentxxxxxpredictiveLow
76ArgumentxxxpredictiveLow
77ArgumentxxxxpredictiveLow
78Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
79ArgumentxxxxxxxxxpredictiveMedium
80Argument_xxxxxpredictiveLow
81Input Valuexxx=/&xxxpredictiveMedium
82Input Value…/.predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!