Lorenz Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (82)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en72
es6
zh2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us20
cn14
ir4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lorenz5
Cobalt Strike3
BumbleBee2
Raccoon2
Fodcha1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Bug Tracking Software36
Not Defined18
Web Server4
Artificial Intelligence Software4
Network Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
GitLab22
HP2
Linux2
RheinMetall2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

GitLab Community Edition18
GitLab Enterprise Edition18
Violation Comments to GitLab Plugin4
TensorFlow4
MantisBT2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2Oracle REST Data Services denial of service7.06.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.033590.04CVE-2023-24998
3Extreme EXOS memory corruption7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.002090.00CVE-2017-14328
4SentryHD privileges management5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.07
5GitLab Community Edition/Enterprise Edition Bowser Cache information disclosure5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000790.00CVE-2018-18640
6Oracle REST Data Services General information disclosure4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2020-14745
7Oracle REST Data Services information disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.475550.00CVE-2021-34429
8HP System Management Homepage Access Restriction memory corruption10.09.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.210360.00CVE-2011-1541
9nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.43CVE-2020-12440
10Teltonika Remote Management System/RUT os command injection8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.02CVE-2023-32350
11python-jwt authentication spoofing8.28.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.30CVE-2022-39227
12OpenSSH Forward Option roaming_common.c roaming_write memory corruption8.17.6$25k-$100k$0-$5kUnprovenOfficial Fix0.002660.00CVE-2016-0778
13Technicolor TC7337NET Password cleartext transmission7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.012180.04CVE-2020-10376
14Nextcloud Password Policy weak encoding for password2.72.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.00CVE-2022-35931
15Citrix XenServer path traversal8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.023400.06CVE-2018-14007
16polkit polkitd information disclosure5.75.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.00CVE-2018-1116
17Apache HTTP Server mod_proxy server-side request forgery7.37.3$5k-$25k$25k-$100kHighNot Defined0.974460.04CVE-2021-40438
18mod_ssl SSLVerifyClient Remote Code Execution9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002140.02CVE-2005-2700
19Huawei ACXXXX/SXXXX SSH Packet input validation7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.002460.07CVE-2014-8572
20Vim heap-based overflow7.17.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001020.00CVE-2021-3984

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2022-29499

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.190.113.100LorenzCVE-2022-2949909/20/2022verifiedHigh
2137.184.181.252LorenzCVE-2022-2949909/20/2022verifiedHigh
3XXX.XX.XX.XXxxxx.xxxxxxxxxxxxxx.xxxXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh
4XXX.XX.XX.XXXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh
5XXX.XXX.XXX.XXXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh
6XXX.XX.XXX.XXXxxxxxxxxxxx.xxxxxxx.xxxxXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxXxx-xxxx-xxxxx09/20/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-55CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (26)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileconfig.xmlpredictiveMedium
2Filecontact.phppredictiveMedium
3Filecontact_support.phppredictiveHigh
4Filedata/gbconfiguration.datpredictiveHigh
5Filexxxx.xxxpredictiveMedium
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxxxxxxxxxxx.xxxxpredictiveHigh
9Filexxxxxx_xxxx_xxx_xxx.xxxpredictiveHigh
10Filexxx_xxxxx.xpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
13Filexxxxxxx_xxxxxx.xpredictiveHigh
14Filexxxx-xxxxxxxx.xxxpredictiveHigh
15Filexxx.xpredictiveLow
16Filexx-xxxxxxx/xxxxxxx/xxxx/xxpredictiveHigh
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxxxxxxxxxxxxpredictiveHigh
19Argumentxxxxxxx_xxpredictiveMedium
20ArgumentxxxxxxxpredictiveLow
21ArgumentxxxxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxpredictiveLow
25ArgumentxxxpredictiveLow
26Network PortxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!