Lorec53 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (122)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en108
de4
it2
es2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us56
ru12
it2
es2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Saint Bot2
Mirai1
Cobalt Strike1
Bashlite1
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined54
Content Management System14
Programming Language Software12
Operating System6
E-Commerce Management Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined36
Microsoft6
PHPGurukul4
Chadha4
PHP Scripts Mall2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
phpLinkat4
PHP4
Chadha PHPKB Standard Multi-Language4
PHP Scripts Mall PHP Multivendor Ecommerce2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1phpLinkat showcat.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001020.02CVE-2008-3406
2SourceCodester Customer Relationship Management login.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.006450.00CVE-2021-43130
3moziloCMS download.php path traversal5.34.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.015780.02CVE-2008-3589
4Sam Crew MyBlog games.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.006090.00CVE-2007-1990
5spip Login spip_login.php3 file inclusion7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.050540.04CVE-2006-1702
6Linksys WVC11B main.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.015690.04CVE-2004-2508
7Jelsoft impex ImpExData.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.043170.04CVE-2006-1382
8PHP php URL error_log access control6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000690.02CVE-2006-3011
9Cisco Linksys EA2700 URL information disclosure4.34.1$5k-$25k$0-$5kProof-of-ConceptUnavailable0.000000.08
10MidiCart PHP Shopping Cart item_show.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
11PHP URL Validation filter_var input validation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.005600.03CVE-2020-7071
12Spidersales viewCart.asp sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002190.04CVE-2004-0348
13PHP Scripts Mall PHP Multivendor Ecommerce sellerupd.php cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2017-17956
14Cartweaver ColdFusion Details.cfm sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.008820.03CVE-2006-2046
15rakibtg Docker Dashboard API terminal.js os command injection7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.862460.00CVE-2021-27886
16Ecommerce Online Store Kit shop.php sql injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.037630.04CVE-2004-0300
17D-Link DIR-655 C ping_response.cgi cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000860.02CVE-2019-13562
18Adobe ColdFusion searchlog.cfm cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.327120.03CVE-2009-1872
19Prima Systems FlexAir credentials management8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002350.00CVE-2019-7668
20Cisco ASA WebVPN Login Page logon.html cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001920.09CVE-2014-2120

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Phishing Georgian Government

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.12.5.62sarimp.websiteLorec5302/20/2022verifiedHigh
2XX.XXX.XXX.XXXxxxxxxXxxxxxxx Xxxxxxxx Xxxxxxxxxx02/20/2022verifiedHigh
3XXX.XXX.XX.XXXXxxxxxx02/20/2022verifiedHigh
4XXX.XXX.XXX.XXXXxxxxxx04/13/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (127)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/login.phppredictiveHigh
3File/includes/rrdtool.inc.phppredictiveHigh
4File/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.phppredictiveHigh
5File/www/ping_response.cgipredictiveHigh
6Fileadmin.phppredictiveMedium
7Fileadmin/dashboard.phppredictiveHigh
8Fileadmin/gallery.phppredictiveHigh
9Fileadmin/manage-departments.phppredictiveHigh
10Fileadmin/sellerupd.phppredictiveHigh
11Fileadmin/vqmods.app/vqmods.inc.phppredictiveHigh
12Fileadministrator/logviewer/searchlog.cfmpredictiveHigh
13Filebackend/utilities/terminal.jspredictiveHigh
14Filebb_usage_stats.phppredictiveHigh
15Fileboard.phppredictiveMedium
16Filecat.phppredictiveLow
17Filecategory.phppredictiveMedium
18Filexxx-xxxx.xxxpredictiveMedium
19Filexxx-xxx/xxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxx.xxx.xxxpredictiveHigh
21Filexxxxxxxx/xxxxx.xxxpredictiveHigh
22Filexxxxxxxxx.xxx.xxxpredictiveHigh
23Filexxxxxx.xxxpredictiveMedium
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxxxx.xxxpredictiveMedium
27Filexxxxx.xxxpredictiveMedium
28Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
33Filexxxx/xxxxx/xxxxxxx.xxx.xxxpredictiveHigh
34Filexxxxxxxxx.xxxpredictiveHigh
35Filexxx.xxxpredictiveLow
36Filexxxxxxxx/xxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
37Filexxxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxx.xxxpredictiveMedium
40Filexxxx.xxxxpredictiveMedium
41Filexxxxxxxxxx.xxxpredictiveHigh
42Filexxxx_xxxxxxx.xxxxpredictiveHigh
43Filexxxx_xxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxxx.xxxpredictiveMedium
46Filexxxxx.xxxpredictiveMedium
47Filexxxxx_xx.xxxxpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49Filexxxx.xxxpredictiveMedium
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
52Filexxx_xxxx.xxx.xxxpredictiveHigh
53Filexxxxx.xxxpredictiveMedium
54Filexxxx/xxxxx.xxxpredictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxxxxxxx.xxx.xxxpredictiveHigh
57Filexxxx/xxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxx.xxxpredictiveMedium
61Filexxxxxxxx.xxxpredictiveMedium
62Filexxxx-xxx.xxxpredictiveMedium
63Filexxxxxxx.xxxpredictiveMedium
64Filexxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
66Filexxxx_xxxxx.xxxxpredictiveHigh
67Filexxxx.xxxpredictiveMedium
68Filexxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxx.xxxpredictiveMedium
70Filexxxxxxxxx.xxxpredictiveHigh
71Filexxxxxxx.xxxpredictiveMedium
72Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveHigh
73Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
74Filexx-xxxxx.xxxpredictiveMedium
75Filexxxxxxxxxxxx.xxxpredictiveHigh
76Libraryxxxxxxxx_xxxxxxxxx.xxx.xxxpredictiveHigh
77Argument$_xxxxxpredictiveLow
78Argument$_xxxx['xxxxxxxxx']predictiveHigh
79Argument$_xxxxxx['xxxxxx_xxxx']predictiveHigh
80ArgumentxxxxxxxpredictiveLow
81Argumentxxxx_xxxpredictiveMedium
82Argumentxx_xxxx_xxxxpredictiveMedium
83ArgumentxxxpredictiveLow
84ArgumentxxxxxxxxxxpredictiveMedium
85ArgumentxxxxxpredictiveLow
86ArgumentxxxxxpredictiveLow
87Argumentxxx_xxpredictiveLow
88Argumentxxx[xxxxxx][xxxxxxxxx]predictiveHigh
89ArgumentxxxpredictiveLow
90Argumentxxxx_xxpredictiveLow
91ArgumentxxxxxxxpredictiveLow
92ArgumentxxxxxxxxxxxpredictiveMedium
93Argumentxxxx_xxxpredictiveMedium
94Argumentxxxxxx_xxpredictiveMedium
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxpredictiveLow
97ArgumentxxxxxxpredictiveLow
98Argumentxxxxxxx[xx_xxx_xxxx]predictiveHigh
99ArgumentxxxxpredictiveLow
100ArgumentxxpredictiveLow
101Argumentxx_xxxxpredictiveLow
102ArgumentxxxxxxpredictiveLow
103ArgumentxxxxxxpredictiveLow
104ArgumentxxxxpredictiveLow
105ArgumentxxxxxxxxxpredictiveMedium
106ArgumentxxxxxxpredictiveLow
107Argumentxxx_xxxxxxx_xxxpredictiveHigh
108Argumentxxxx[xxxxx]predictiveMedium
109Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
110Argumentxxxx_xxxxpredictiveMedium
111ArgumentxxxxxxxxpredictiveMedium
112Argumentxxxxx_xxxx_xxxxpredictiveHigh
113Argumentxxxx_xxpredictiveLow
114Argumentxx_xxxxpredictiveLow
115ArgumentxxxxxxpredictiveLow
116ArgumentxxxxxxpredictiveLow
117ArgumentxxxxxpredictiveLow
118ArgumentxxxxpredictiveLow
119ArgumentxxxxxxxxpredictiveMedium
120ArgumentxxxxxpredictiveLow
121ArgumentxxxxxxxxpredictiveMedium
122ArgumentxxxxxxxxxxpredictiveMedium
123ArgumentxxxxxpredictiveLow
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxxxxxpredictiveMedium
126Argument\xxxxxx\predictiveMedium
127Input Value../predictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!