Lumma Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (265)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	210
ru	32
es	8
zh	6
pt	6

Country

us	60
ru	48
de	18
cn	6
sv	2

Actors

Lumma	7
Cobalt Strike	4
RedLine Stealer	4
LummaC2 Stealer	2
Stealc	2

Activities

Interest

Timeline

Type

Not Defined	116
Operating System	22
Web Server	12
Groupware Software	12
Content Management System	10

Vendor

Not Defined	70
Microsoft	34
Cisco	8
Symantec	6
IBM	6

Product

Microsoft Windows	14
mailcow	4
IBM AIX	4
Microsoft IIS	4
Max Feoktistov Small HTTP Server	4

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	mailcow Sync Job os command injection	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00174	0.03	CVE-2023-26490
2	Papoo kontakt.php sql injection	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.05
3	PHP password_verify poison null byte	3.7	3.4	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00045	0.08	CVE-2024-3096
4	PHP proc_open command injection	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2024-1874
5	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00061	0.00	CVE-2023-36439
6	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00056	0.04	CVE-2023-36050
7	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00056	0.04	CVE-2023-36035
8	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00056	0.00	CVE-2023-36039
9	iGamingModules flashgames game.php sql injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00315	0.00	CVE-2008-10003
10	Netgate pfSense Plus/pfSense CE SSHGuard protection mechanism	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00238	0.04	CVE-2023-27100
11	Open Networking Foundation ONOS API Documentation Dashboard cross site scripting	4.8	4.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00071	0.02	CVE-2023-24279
12	mailcow Sync Job os command injection	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00539	0.04	CVE-2022-31245
13	Netgear DG834Gv5 Web Management Interface cleartext storage	2.7	2.5	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.13	CVE-2024-4235
14	Sentry information disclosure	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00059	0.04	CVE-2023-39349
15	fastify-swagger-ui insecure default initialization of resource	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00052	0.04	CVE-2024-22207
16	Linux Kernel ksmbd smb2pdu.c smb2_tree_disconnect use after free	8.9	8.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00732	0.03	CVE-2022-47939
17	insyde H2OFFT/H2OOAE/H2OUVE/H2OPCM/H2OELV Access Control access control	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.03	CVE-2019-12532
18	Pligg cloud.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.92
19	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	9.40	CVE-2006-6168
20	OFCMS update.json cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00072	0.00	CVE-2022-29653

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	45.9.74.78		Lumma	12/27/2023	verified	High
2	77.73.134.68		Lumma	12/27/2023	verified	High
3	82.117.255.80	vds1223468.hosted-by-itldc.com	Lumma	12/27/2023	verified	High
4	XX.XXX.XXX.XXX	xxxxxxxxxx.xxxxxx-xx-xxxxx.xxx	Xxxxx	12/27/2023	verified	High
5	XX.XXX.XX.XX	xxx.xxxxxxxx.xxx	Xxxxx	12/27/2023	verified	High
6	XX.XXX.XX.XX	xxxxxxxx.xx-xxx.xxxx	Xxxxx	10/29/2023	verified	High
7	XXX.XX.XX.XX		Xxxxx	12/05/2023	verified	High
8	XXX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx	01/16/2023	verified	High
9	XXX.XX.XXX.XXX	xxxxxx.xxx.xxx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx	10/29/2023	verified	High
10	XXX.XXX.XXX.XXX	xxxxxxxx.xxx	Xxxxx	10/29/2023	verified	High
11	XXX.XXX.XXX.XXX	xxxxxx.xxx	Xxxxx	10/29/2023	verified	High
12	XXX.XXX.XXX.XX	xxxxxxxxxx.xxxxxx-xx-xxxxx.xxx	Xxxxx	01/16/2023	verified	High
13	XXX.XXX.XXX.XX	xxxxx-xxxxx.xxxxxxx.xxxx	Xxxxx	10/29/2023	verified	High
14	XXX.X.X.XXX		Xxxxx	12/05/2023	verified	High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	High
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX	CAPEC-37	CWE-XXX	Xxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
10	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	High
11	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
12	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (144)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/admin/admin.php	predictive	High
2	File	/admin/comn/service/update.json	predictive	High
3	File	/admin/index.php?id=themes&action=edit_template&filename=blog	predictive	High
4	File	/api/0/api-tokens/	predictive	High
5	File	/api/profile	predictive	Medium
6	File	/filemanager/php/connector.php	predictive	High
7	File	/forum/PostPrivateMessage	predictive	High
8	File	/pages.php	predictive	Medium
9	File	/pages/processlogin.php	predictive	High
10	File	/tmp	predictive	Low
11	File	admin.cgi	predictive	Medium
12	File	admin/?page=system_info	predictive	High
13	File	admin/adminlogin.php	predictive	High
14	File	admin/gallery.php	predictive	High
15	File	admin\posts\view_post.php	predictive	High
16	File	article.php	predictive	Medium
17	File	articles.php	predictive	Medium
18	File	bb-hist.sh/bb-histlog.sh/bb-hostsvc.sh/bb-rep.sh/bb-replog.sh/bb-ack.sh	predictive	High
19	File	xxxxx.xxx	predictive	Medium
20	File	xxxx_xxxxxx.xxx	predictive	High
21	File	xxxxxxx.xxx	predictive	Medium
22	File	xxxxxxxxxx.xxx	predictive	High
23	File	xxxxxxxxxx.xxx	predictive	High
24	File	xxx-xxx/xxxxxx/xxxxxx.xxx	predictive	High
25	File	xxx-xxx/xxxxxx/xxxxxx.xxx?xxxxx=x	predictive	High
26	File	xxxxxxxxxx.xxx	predictive	High
27	File	xxxxx.xxx	predictive	Medium
28	File	xxxxx\xxxxx\xxxxx.xxxx.xxx	predictive	High
29	File	xxxxxxx.xxx	predictive	Medium
30	File	xxxxxx	predictive	Low
31	File	xxxxxxx.xxx	predictive	Medium
32	File	xxxxxxxx.xxx	predictive	Medium
33	File	xx/xxxxx/xxxxxxx.x	predictive	High
34	File	xxxx.xxx	predictive	Medium
35	File	xxxxxxx.xx	predictive	Medium
36	File	xxxxxxxx.xx	predictive	Medium
37	File	xxxxxxxx_xxxx.xxx	predictive	High
38	File	xxx/xxxxxxx.xxx	predictive	High
39	File	xxxxxxxx/xxxxxxxxxxxx.xxx.xxx	predictive	High
40	File	xxx_xxxxxxxxxxxxxxxxxxx.xxx	predictive	High
41	File	xxxxx.xxxx	predictive	Medium
42	File	xxxx.xxx	predictive	Medium
43	File	xxxxxxx.xxx	predictive	Medium
44	File	xxxxxxx/xxx_xxxxxxxx.x	predictive	High
45	File	xxxx.xxx	predictive	Medium
46	File	xxxxxx.xxx	predictive	Medium
47	File	xxxx.xxx	predictive	Medium
48	File	xxx.xxx	predictive	Low
49	File	xxxxxx.xxx	predictive	Medium
50	File	xxxxxxx/xxx/xxxxx.xxx	predictive	High
51	File	xx_xxxxxxxxxx.xxx	predictive	High
52	File	xxxx.xxx/xxxxxxxx.xxx	predictive	High
53	File	xxxx.xxx	predictive	Medium
54	File	xxxxxxxx.xxx	predictive	Medium
55	File	xxxxx.xxx	predictive	Medium
56	File	xxxxxxxxx.xxx	predictive	High
57	File	xxxxxxx-xxxx.xxx	predictive	High
58	File	xxxxxxxxx	predictive	Medium
59	File	xxxxxxx.xxx	predictive	Medium
60	File	xxxxxxxxxxxxxx.xxx	predictive	High
61	File	xxxxxxxx.xxx	predictive	Medium
62	File	xxxxxxxxxxx.xxx	predictive	High
63	File	xxx.xxxxxx.xxxxx	predictive	High
64	File	xxxxxxxx.xx	predictive	Medium
65	File	xxxx.xxx	predictive	Medium
66	File	xxxx	predictive	Low
67	File	xxxxxxxxx.xxx.xxx	predictive	High
68	File	xxxxxxx.xxx	predictive	Medium
69	File	xxxxxx.xxxx	predictive	Medium
70	File	xxxxx-xxxx]_xxxxxx.xxx	predictive	High
71	File	xxxx-xxxxxxxx.xxx	predictive	High
72	File	xxxxxx	predictive	Low
73	File	xxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxx.xxx	predictive	High
74	File	xxxxxxxxxxxx.xxx	predictive	High
75	File	xxxxxxxxx.xxx	predictive	High
76	File	xxxxxxxxxxx.xxx	predictive	High
77	File	xxx-xxxxx.xxx	predictive	High
78	File	xxxxxxx/xxxxxx/xxxx.xxx	predictive	High
79	File	xxx-xxx-xxxxx/xxxx/xxx	predictive	High
80	Library	xxx.xxx	predictive	Low
81	Library	xxx/xxxxxxxx.xx	predictive	High
82	Library	xxxxxxxx.xxx	predictive	Medium
83	Argument	-x	predictive	Low
84	Argument	xxx	predictive	Low
85	Argument	xx	predictive	Low
86	Argument	xx	predictive	Low
87	Argument	xxxxxx	predictive	Low
88	Argument	x/x	predictive	Low
89	Argument	xxx	predictive	Low
90	Argument	xxxxxxxxxx	predictive	Medium
91	Argument	xx/xxx	predictive	Low
92	Argument	xxxxxxxxxx	predictive	Medium
93	Argument	xxxxx	predictive	Low
94	Argument	xxx	predictive	Low
95	Argument	xxxxxxx	predictive	Low
96	Argument	xx	predictive	Low
97	Argument	xxxxx	predictive	Low
98	Argument	xxxxxxxxxxxx	predictive	Medium
99	Argument	xxxxxxxx	predictive	Medium
100	Argument	xxxxxxxxxxx	predictive	Medium
101	Argument	xxxx	predictive	Low
102	Argument	xxxxxxxx	predictive	Medium
103	Argument	xxxx[xxxxxxx]	predictive	High
104	Argument	xxxx_xxxx	predictive	Medium
105	Argument	xxxxxxxx	predictive	Medium
106	Argument	xx	predictive	Low
107	Argument	xxx	predictive	Low
108	Argument	xxxx[*][xxxx]	predictive	High
109	Argument	xxx	predictive	Low
110	Argument	xxxxxx_xx	predictive	Medium
111	Argument	xxxxxxxx	predictive	Medium
112	Argument	xxxxxxx	predictive	Low
113	Argument	xxx	predictive	Low
114	Argument	xxxxx	predictive	Low
115	Argument	xxxxx xxxxxx	predictive	Medium
116	Argument	xxxxx	predictive	Low
117	Argument	xxxxx_xx	predictive	Medium
118	Argument	xxxxxx	predictive	Low
119	Argument	xxxx	predictive	Low
120	Argument	xxxxxxxxx	predictive	Medium
121	Argument	xxx_xx	predictive	Low
122	Argument	xx_xx	predictive	Low
123	Argument	xxxxxxxxxx	predictive	Medium
124	Argument	xxxx xx	predictive	Low
125	Argument	xxxx_xxx_xxxx_xxxx	predictive	High
126	Argument	xxx	predictive	Low
127	Argument	xxxxxxx/xxxxxxx	predictive	High
128	Argument	xxxx_xxxxxx_xxxx	predictive	High
129	Argument	xxxx	predictive	Low
130	Argument	xxxxx/xxxx	predictive	Medium
131	Argument	xxx	predictive	Low
132	Argument	xxxx	predictive	Low
133	Argument	xxxxxxxx/xxxx	predictive	High
134	Argument	xxxx_xxxx	predictive	Medium
135	Argument	xxxxxxxxxxxxxxxxx	predictive	High
136	Input Value	..	predictive	Low
137	Input Value	...	predictive	Low
138	Input Value	<xxxxxxxx>\x	predictive	Medium
139	Input Value	<xxx>%xx+.xxx	predictive	High
140	Input Value	<xxx>%xx	predictive	Medium
141	Input Value	xxxxxxxxx	predictive	Medium
142	Input Value	~#xx/~#xx/~#xx	predictive	High
143	Network Port	xxxx	predictive	Low
144	Network Port	xxx/xxx (xxxx)	predictive	High

References (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you know our Splunk app?

Download it now for free!