Lucifer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	30

Country

cn	26

Actors

Lucifer	2

Activities

Interest

Timeline

Type

Not Defined	8
File Transfer Software	2
WordPress Plugin	2
Enterprise Resource Planning Software	2
Smartphone Operating System	2

Vendor

Not Defined	10
Oracle	4
Google	2
DZCP	2
Apache	2

Product

ProFTPD	2
Top Bar Plugin	2
Oracle PeopleSoft Enterprise PeopleTools	2
Google Android	2
MediaWiki	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Microsoft Windows NetBIOS WinNuke denial of service	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.00304	0.03	CVE-1999-0153
2	Oracle PeopleSoft Enterprise PeopleTools Integration Broker access control	6.5	5.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00799	0.05	CVE-2017-3548
3	ZyXEL NAS326/NAS540/NAS542 UDP Packet format string	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00435	0.00	CVE-2022-34747
4	MediaWiki cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00138	0.00	CVE-2007-4883
5	OpenSSH input validation	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.02188	0.00	CVE-2007-4752
6	Dian Gemilang DGNews news.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00214	0.00	CVE-2007-2994
7	PHP-Generics include.php file inclusion	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.15334	0.00	CVE-2007-2346
8	JumpDEMAND 4ECPS Web Forms Plugin cross site scripting	3.6	3.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00048	0.00	CVE-2022-44628
9	Top Bar Plugin Setting cross site scripting	2.4	2.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00058	0.00	CVE-2022-2629
10	Apple watchOS Audio File out-of-bounds	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00109	0.00	CVE-2020-29610
11	Openscad STL File import_stl.cc import_stl stack-based overflow	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00208	0.00	CVE-2020-28599
12	NVIDIA Jetson Linux Driver Package Cboot Module blob_decompress buffer overflow	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-28196
13	Oracle Communications Pricing Design Center Python buffer overflow	9.8	9.6	$100k and more	$5k-$25k	Not Defined	Official Fix	0.03119	0.00	CVE-2021-3177
14	SolarWinds SQL Sentry information exposure	4.6	4.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00078	0.05	CVE-2022-38107
15	Google Android DevicePolicyManager information disclosure	3.3	3.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-20275
16	Google Android Task.java Local Privilege Escalation	6.5	6.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00048	0.03	CVE-2021-39696
17	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.80	CVE-2010-0966

Campaigns (1)

These are the campaigns that can be associated with the actor:

CVE-2021-25646

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	20.205.116.139		Lucifer	CVE-2021-25646	02/27/2024	verified	High
2	45.141.68.25		Lucifer	CVE-2021-25646	02/27/2024	verified	High
3	47.88.49.239		Lucifer	CVE-2021-25646	02/27/2024	verified	High
4	XX.XX.XXX.X		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
5	XX.XX.XXX.XXX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
6	XX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
7	XXX.XXX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
8	XXX.XX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
9	XXX.XX.X.XX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
10	XXX.XX.XXX.XX		Xxxxxxx	Xxx-xxxx-xxxxx	02/27/2024	verified	High
11	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xx	Xxxxxxx		08/29/2021	verified	High
12	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxx.xxxxxxx.xxxxxxxx-xxx.xxx	Xxxxxxx		08/29/2021	verified	High
13	XXX.XXX.XXX.XX		Xxxxxxx		08/29/2021	verified	High
14	XXX.XXX.XX.XX		Xxxxxxx		08/29/2021	verified	High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
2	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
3	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (10)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	import_stl.cc	predictive	High
2	File	inc/config.php	predictive	High
3	File	xxxxxxx.xxx	predictive	Medium
4	File	xxxx.xxx	predictive	Medium
5	File	xxxx.xxxx	predictive	Medium
6	Argument	xxxxxxxx	predictive	Medium
7	Argument	xxxx/xxxx	predictive	Medium
8	Argument	xxxxxx	predictive	Low
9	Argument	x-xxxxxxxxx-xxx	predictive	High
10	Argument	_xxx_xxxxxxxx_xxxx	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!