Astro Locker Analysis

IOB - Indicator of Behavior (45)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en34
ru8
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us22
ru16
cn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Linux Kernel4
Apache HTTP Server4
CentOS Web Panel4
Exim2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft Windows Win32k Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00048CVE-2023-36743
2zoujingli ThinkAdmin Update.php deserialization8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.01088CVE-2020-23653
3Apache HTTP Server ETag information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00161CVE-2003-1418
4Huawei Flybox B660 indexdefault.asp improper authentication7.36.7$5k-$25kCalculatingProof-of-ConceptWorkaround0.050.00000
5OpenKM Community Edition XMLReader Parser XMLTextExtractor.java xml external entity reference8.28.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00201CVE-2022-2131
6OpenKM FileUtils.java getFileExtension temp file3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00045CVE-2022-3969
7Linux Kernel smb2ops.c smb2_dump_detail out-of-bounds6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00042CVE-2023-6610
8Microsoft Windows Local Security Authority Subsystem Service information disclosure5.14.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00048CVE-2023-36428
9Linux Kernel io_uring Subsystem toctou7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00042CVE-2023-1295
10Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.00080CVE-2023-36745
11Microsoft Windows TPM Device Driver Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.00409CVE-2023-29360
12Wazuh Dashboard authorization7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00060CVE-2023-42455
13Microsoft Exchange Server ProxyShell unknown vulnerability9.48.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.78222CVE-2021-34523
14Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.97319CVE-2021-34473
15Microsoft Exchange Server Privilege Escalation8.07.3$5k-$25k$5k-$25kUnprovenOfficial Fix0.040.00095CVE-2023-28310
16Linux Kernel use after free7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00042CVE-2023-0461
17Red Hat DataGrid/Infinispan REST Endpoint improper authentication6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00197CVE-2021-31917
18libssh pki_verify_data_signature access control5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00139CVE-2023-2283
19Microsoft Windows HTTP Protocol Stack Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01324CVE-2023-23392
20OpenBSD OpenSSH compat.c double free7.77.6$5k-$25k$5k-$25kNot DefinedOfficial Fix0.040.00958CVE-2023-25136

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1068CWE-284Execution with Unnecessary PrivilegespredictiveHigh
2T1078.001CWE-259Use of Hard-coded PasswordpredictiveHigh
3TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/htmlcode/html/indexdefault.asppredictiveHigh
2Fileajax_admin_apis.phppredictiveHigh
3Fileajax_php_pecl.phppredictiveHigh
4Filexxx/xxxxx/xxxxxxxxxx/xxx/xxxxxx.xxxpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxxx.xpredictiveMedium
8Filexx/xxx/xxxxxx/xxxxxxx.xpredictiveHigh
9Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxx/xxxxxxxxx.xxxxpredictiveHigh
10Filexxxxxxxxxxxxxxxx.xxxxpredictiveHigh
11ArgumentxxxxxxpredictiveLow
12ArgumentxxxpredictiveLow
13Argumentxxxxxxxx_xxpredictiveMedium
14ArgumentxxxxpredictiveLow
15Argumentxxxxxxx.xxx_xxxxxxxxxxpredictiveHigh
16ArgumentxxxxxxxxxxpredictiveMedium
17ArgumentxxpredictiveLow
18Input Valuexxxx:xxxxxxxxpredictiveHigh
19Input ValuexxxxxxxxpredictiveMedium
20Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!