Lilith Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (338)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en264
ru22
ja10
de8
it6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru104
us34
cn18
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Lilith4
RedLine Stealer3
Sliver2
RecordBreaker2
Cobalt Strike2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined158
Operating System26
WordPress Plugin16
Web Browser14
Content Management System12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined102
Google16
Apple14
SourceCodester8
IBM8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome10
Linux Kernel8
Apple macOS6
Atlassian Bitbucket Data Center4
Apple Mac OS X Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.18CVE-2010-0966
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.07CVE-2007-0354
3Atlassian Bitbucket Server and Data Center Environment Variable command injection7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.521360.00CVE-2022-43781
4Atlassian Bitbucket Data Center/Bitbucket Server Privilege Escalation8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.05CVE-2023-22513
5Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash access control6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.05CVE-2017-6342
6Cyr to Lat Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2022-4290
7nophp index.php os command injection7.47.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000990.03CVE-2023-28854
8SourceCodester Simple Task Allocation System manage_user.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.08CVE-2023-1791
9SourceCodester Young Entrepreneur E-Negosyo System login.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.06CVE-2023-1737
10Lighthouse Development Squirrelcart cart_content.php file inclusion6.55.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.027310.00CVE-2006-2483
11Jelsoft impex ImpExData.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.043170.04CVE-2006-1382
12phpBG forum.php input validation7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.222280.04CVE-2007-4636
13Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000620.02CVE-2013-1917
14PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.21CVE-2015-4134
15HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2020-7132
16xwikisas macro-pdfviewer PDF Viewer Macro information disclosure6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
17Moises Heberle WooCommerce Bookings Calendar Plugin cross site scripting5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
18Foxit PDF Reader AcroForm use after free6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
19Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.16CVE-2024-2581
20MediaTek MT8798 Lk memory corruption6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.13.195.81Lilith12/27/2022verifiedHigh
2XX.X.XXX.XXXXxxxxx06/28/2023verifiedHigh
3XX.XX.XXX.XXXxxxxx06/28/2023verifiedHigh
4XX.XXX.XX.XXXXxxxxx06/28/2023verifiedHigh
5XXX.X.XX.XXXxxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxx06/28/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (179)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin.php/admin/art/data.htmlpredictiveHigh
2File/admin.php/pic/admin/pic/delpredictiveHigh
3File/ajax.php?action=read_msgpredictiveHigh
4File/debug/pprofpredictiveMedium
5File/desktop_app/file.ajax.php?action=uploadfilepredictiveHigh
6File/envpredictiveLow
7File/forum/away.phppredictiveHigh
8File/goform/SetNetControlListpredictiveHigh
9File/goform/SetStaticRouteCfgpredictiveHigh
10File/librarian/bookdetails.phppredictiveHigh
11File/ptipupgrade.cgipredictiveHigh
12File/secure/admin/InsightDefaultCustomFieldConfig.jspapredictiveHigh
13File/src/chatbotapp/chatWindow.javapredictiveHigh
14File/staff/bookdetails.phppredictiveHigh
15Fileabout.phppredictiveMedium
16Fileadmin.color.phppredictiveHigh
17Fileadmin/addons/archive/archive.phppredictiveHigh
18Fileadmin/categories_industry.phppredictiveHigh
19Fileadmin/class-woo-popup-admin.phppredictiveHigh
20Fileadmin/content/postcategorypredictiveHigh
21Fileadmincp/auth/secure.phppredictiveHigh
22Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
23Filexxxxxxxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxx_xx_xxx_xxx.xxxpredictiveHigh
26Filexxxxxxx/xxxx.xxxpredictiveHigh
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxxxxxxx.xxxxxxx.xxxpredictiveHigh
29Filexxxx_xxxxxxxx.xxxpredictiveHigh
30Filexxx.xpredictiveLow
31Filexxxxx.xxxpredictiveMedium
32Filexxxx_xxxxxxx.xxxpredictiveHigh
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxxxxxxx/xxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
35FilexxxpredictiveLow
36Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
37Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictiveHigh
39Filexxxxxx.xxxpredictiveMedium
40Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
41Filexxx_xxxx.xpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxx/xxxxx.xxxxxpredictiveHigh
44Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
45Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
48Filexxxxxx.xxxpredictiveMedium
49Filexxxxxxxxx.xxxpredictiveHigh
50Filexxx/xxxxxx.xxxpredictiveHigh
51Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
52Filexxxxxxx/xxxxxx.xxxpredictiveHigh
53Filexxxxxxxx/xxxx.xxxpredictiveHigh
54Filexxxxxxxx/xxx/xxx_xx_xxxxxxx.xxxpredictiveHigh
55Filexxxxx.xxxxpredictiveMedium
56Filexxxxx.xxxpredictiveMedium
57Filexxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
58Filexx_xxxxx.xpredictiveMedium
59Filexxxxx_xxxxx.xpredictiveHigh
60Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
61Filexxxxxxxx.xxx.xxxpredictiveHigh
62Filexxxxxxxx/xxxx_xxxxxxx/xxxx_xxxx_xxxxx.xxxpredictiveHigh
63Filexxxx.xxxpredictiveMedium
64Filexxxxx.xxxpredictiveMedium
65Filexxxxx.xxxpredictiveMedium
66Filexxxxxx_xxxx.xxxpredictiveHigh
67Filexxxxxx.xxxpredictiveMedium
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
70Filexxx/xxxxxxxxx/xx_xxx_xxxxxx.xpredictiveHigh
71Filexxxx_xxxxxx.xxxpredictiveHigh
72Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
73Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
74Filexxxxxxxxx.xxx.xxxpredictiveHigh
75Filexxxxxxx/xxx/predictiveMedium
76Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
77Filexxxxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxxx/xxxxx.xxxxxpredictiveHigh
79Filexxxxxxx.xpredictiveMedium
80Filexxxxxxxx.xxxpredictiveMedium
81Filexxxxxxxxxxxxx.xxxpredictiveHigh
82Filexx_xxxx.xxpredictiveMedium
83Filexxxxxx-xxxxxx.xxxpredictiveHigh
84Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
85Filexxxx_xxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxxxxxxx.xxxpredictiveHigh
87Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
88Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
89Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
90Filexxx.xpredictiveLow
91FilexxxxxxxxxxxxxxxxpredictiveHigh
92Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
93Filexxxxxxxxx-xx-xxxxxxxx.xxxpredictiveHigh
94Filexxxxxxxxxx.xxxpredictiveHigh
95Filexxx-xxxxxxx-xxx.xxpredictiveHigh
96Filexxxx-xxxxx.xxxpredictiveHigh
97Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
98Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
99Filexxxxxxx.xpredictiveMedium
100Filexxxxxxxxx.xxxpredictiveHigh
101Filexxx.xxxpredictiveLow
102Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
103Filexx-xxxxxxxxx.xxxpredictiveHigh
104File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
105Library/xxx/xxx/xxx/x.x/xxxx/xxxxxxxxxx/xxx.xxxpredictiveHigh
106Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
107Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
108Libraryxxxxxxx.xxxpredictiveMedium
109Libraryxxxxx.xxxpredictiveMedium
110Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
111ArgumentxxxxxxpredictiveLow
112ArgumentxxxxxxxxxxxpredictiveMedium
113ArgumentxxxpredictiveLow
114Argumentxxxxxxx_xxxxpredictiveMedium
115Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
116ArgumentxxxxxxpredictiveLow
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxxxxpredictiveLow
119Argumentx:\xxxxxxx\xpredictiveMedium
120Argumentxxxxx_xxxxpredictiveMedium
121Argumentxxxx_xxx_xxxxpredictiveHigh
122Argumentxxx_xxpredictiveLow
123ArgumentxxxxxxxxxxpredictiveMedium
124ArgumentxxxpredictiveLow
125Argumentxxxxx_xxpredictiveMedium
126ArgumentxxxxxxxxpredictiveMedium
127ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
128Argumentxxx_xxxpredictiveLow
129Argumentxxxxx_xxxx_xxxxpredictiveHigh
130ArgumentxxxpredictiveLow
131ArgumentxxxxpredictiveLow
132ArgumentxxxxpredictiveLow
133Argumentxxxx_xxxxxpredictiveMedium
134ArgumentxxxxxxxxpredictiveMedium
135Argumentxxxxxx_xxxpredictiveMedium
136ArgumentxxxxpredictiveLow
137ArgumentxxpredictiveLow
138ArgumentxxxxxxxxxpredictiveMedium
139Argumentxxx_xxxpredictiveLow
140ArgumentxxxxxxxpredictiveLow
141ArgumentxxxxxxpredictiveLow
142Argumentxxxxx_xxxpredictiveMedium
143ArgumentxxxxxxxxpredictiveMedium
144ArgumentxxxxpredictiveLow
145ArgumentxxxxpredictiveLow
146Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
147Argumentxxxxxxxxx_xxxx_xxxxpredictiveHigh
148ArgumentxxxxxpredictiveLow
149ArgumentxxpredictiveLow
150Argumentxxxxxx xxxxxxpredictiveHigh
151Argumentxxxx_xxpredictiveLow
152ArgumentxxxxpredictiveLow
153ArgumentxxxxxxxxxpredictiveMedium
154Argumentxxxxx_xxxx_xxxxpredictiveHigh
155Argumentxxxxx_xxxxxxx_xxxxpredictiveHigh
156ArgumentxxxpredictiveLow
157ArgumentxxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxpredictiveLow
159Argumentxxx_xxxxpredictiveMedium
160Argumentx_xxxxpredictiveLow
161ArgumentxxxxxxxpredictiveLow
162Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
163Argumentxxxxxx/xxxxxpredictiveMedium
164ArgumentxxxpredictiveLow
165ArgumentxxxxxpredictiveLow
166Argumentxxx_xxxxxxxxxxxxpredictiveHigh
167ArgumentxxxxxxxxxxpredictiveMedium
168Argumentxx_xxpredictiveLow
169ArgumentxxxxxxxxxxxpredictiveMedium
170ArgumentxxpredictiveLow
171ArgumentxxxpredictiveLow
172ArgumentxxxxxxpredictiveLow
173ArgumentxxxxxxxxpredictiveMedium
174Argumentx_xxxxxxxxpredictiveMedium
175Argumentx-xxxxxxxxx-xxxxpredictiveHigh
176Argument\xxx\predictiveLow
177Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
178Input Value../../../xxx/xxxxxxpredictiveHigh
179Input Value//xxx//xxxxxxx.xxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!