LockBit Analysis

IOB - Indicator of Behavior (278)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en184
ru70
zh10
de8
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru116
us88
cn28
cz8
nl6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
phpMyAdmin6
Microsoft IIS6
Joomla4
Apache HTTP Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1RedKernel Referrer Tracker rkrt_stats.php Stored cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.510.01917CVE-2006-0317
2SPIP spip_login.php3 cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.01319CVE-2005-4494
3MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.420.02800CVE-2007-0354
4OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.180.00986CVE-2005-1612
5SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.180.01018CVE-2022-28959
6WikiNi cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.020.04894CVE-2006-5516
7AjaxPro .NET Class deserialization7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.23850CVE-2021-23758
8Grandstream GXP16xx VoIP SSH Configuration Interface command injection9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2018-17565
9nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined4.670.00000CVE-2020-12440
10E-Blah Platinum Routines.pl cross site scripting4.34.1$0-$5k$0-$5kHighOfficial Fix0.060.01974CVE-2006-0829
11Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined1.220.00000
12DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.630.04187CVE-2010-0966
13DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.06790CVE-2007-1167
14Sitecore deserialization7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.010.95381CVE-2021-42237
15Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
16ServiceNow report_viewer.do code injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.060.01978CVE-2018-7748
17OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.300.49183CVE-2016-6210
18Sierra Wireless ALEOS SSH/Telnet Session information disclosure8.88.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2015-2897
19AVTECH IP Camera/NVR/DVR CloudSetup.cgi command injection9.89.5$0-$5k$0-$5kNot DefinedUnavailable0.000.00000
20Drupal Password Reset access control6.55.7$0-$5k$0-$5kUnprovenOfficial Fix0.030.01061CVE-2015-2559

IOC - Indicator of Compromise (21)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (143)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/config.php?display=disa&view=formpredictiveHigh
2File/cgi-bin/admin/testserver.cgipredictiveHigh
3File/cgi-bin/supervisor/CloudSetup.cgipredictiveHigh
4File/exportpredictiveLow
5File/icingaweb2/navigation/addpredictiveHigh
6File/recordings/index.phppredictiveHigh
7File/secure/QueryComponent!Default.jspapredictiveHigh
8File/spip.phppredictiveMedium
9File/student/bookdetails.phppredictiveHigh
10File/uncpath/predictiveMedium
11File/wp-admin/admin-ajax.phppredictiveHigh
12Fileadclick.phppredictiveMedium
13Fileagent/Core/Controller/SendRequest.cpppredictiveHigh
14Fileapi_poller.phppredictiveHigh
15Filearformcontroller.phppredictiveHigh
16Fileattachmentlibrary.phppredictiveHigh
17Filebackend/Login/load/predictiveHigh
18Filexxxx.xxxpredictiveMedium
19Filexxx_xxxxxxx.xxxpredictiveHigh
20Filexxx-xxx/xxxxxxx.xxpredictiveHigh
21Filexxxx_xxxxxx.xpredictiveHigh
22Filexxx.xxxpredictiveLow
23Filexxxx/xxxxxxxx.xxpredictiveHigh
24Filexxxxxx/xx.xpredictiveMedium
25Filexxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
26Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxx/xxx/xxxxxx/xxxxxx-xxx-xxxx.xpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx-xx-xxxxx.xxxpredictiveHigh
34Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
35Filexxxxx_xxxxxx.xxxpredictiveHigh
36Filexxxxx_xxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxx/xxxxxx_xpredictiveHigh
38Filexx/xxxx/xxxxx.xpredictiveHigh
39Filexxxxxx.xxxpredictiveMedium
40Filexxxxxx/xxxxxxxxxxxxpredictiveHigh
41Filexxxxx_xxxxxxxx.xxxpredictiveHigh
42Filexxxx_xxxx.xpredictiveMedium
43Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
44Filexxx/xxxxxxxxx-xxxxx.xxxpredictiveHigh
45Filexxx/xxxxxx.xxxpredictiveHigh
46Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
47Filexxx/xxxxxxx/xxxxxxxxxxxxx/xxxxx.xxxpredictiveHigh
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
50Filexx/xxx/xxxxxxxx/xxx_xxxxxxxxx/xxx_xxxxxxxx_xxxxx/_/xxxxxxx_xxxpredictiveHigh
51Filexxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxxx.xxxxpredictiveMedium
55Filexxxxxxxx.xxpredictiveMedium
56Filexxx_xxx_xxxxxx.xpredictiveHigh
57Filexxx_xxxxxxx.xpredictiveHigh
58Filexxx_xxxx.xxxpredictiveMedium
59Filexxx_xxxx.xxxpredictiveMedium
60Filexx/xxxxpredictiveLow
61Filexxxxx.xxxpredictiveMedium
62Filexxxxxxxxxxxx.xxxpredictiveHigh
63Filexxxx.xxxpredictiveMedium
64Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
65Filexxxxx-xxxx.xxxpredictiveHigh
66Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
67Filexxxx.xxxpredictiveMedium
68Filexxxxxx.xxxpredictiveMedium
69Filexxxxx.xxxpredictiveMedium
70Filexxxxxx_xxxxxx.xxpredictiveHigh
71Filexxx_xxxx_xxxxxxxxx.xxpredictiveHigh
72Filexxxx_xxxxx.xxxpredictiveHigh
73Filexxxx.xxxpredictiveMedium
74Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
75Filexxxx_xxxxx.xxxxpredictiveHigh
76Filexxxxxxx.xxxpredictiveMedium
77Filexxx/xxxxxxxxxxxx.xxxpredictiveHigh
78Filex/xxxxx.xxxpredictiveMedium
79Filexxxx-xxxxxxxx.xxxpredictiveHigh
80Filexxxxx/xxxxx.xxpredictiveHigh
81Filexxxxxxxxxxxxxx.xxxpredictiveHigh
82Filexxxxxxx/xxxxx/xxxxx.xxxxpredictiveHigh
83Filexx-xxxxx.xxxpredictiveMedium
84Filexxxx/xxxx_xxxxxx.xpredictiveHigh
85File~/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
86File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
87Library/xxxxxxxxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
88Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
89Libraryx_xxx_xxxxxxx_xxxxpredictiveHigh
90Argument${xxx}predictiveLow
91Argumentxxxxxxx xx/xxxxxxx xxxxpredictiveHigh
92ArgumentxxxxxxxxpredictiveMedium
93Argumentxxxxxx/xxxxxpredictiveMedium
94Argumentxxxx_xxxxpredictiveMedium
95ArgumentxxxxxxxxxxpredictiveMedium
96Argumentxxx_xxxxpredictiveMedium
97ArgumentxxxxxxpredictiveLow
98Argumentxxxx/xxxxpredictiveMedium
99ArgumentxxxxpredictiveLow
100ArgumentxxxxxxxxxxpredictiveMedium
101ArgumentxxxxxxxpredictiveLow
102ArgumentxxxxxxxxxxxxxxxpredictiveHigh
103ArgumentxxxxxpredictiveLow
104Argumentxxxxx->xxxxpredictiveMedium
105Argumentxxxxx_xxpredictiveMedium
106Argumentxxxxxxxxx_xxxxxxpredictiveHigh
107ArgumentxxxxxxxpredictiveLow
108ArgumentxxxxpredictiveLow
109ArgumentxxxxxxpredictiveLow
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxxxpredictiveLow
112ArgumentxxpredictiveLow
113ArgumentxxpredictiveLow
114ArgumentxxpredictiveLow
115ArgumentxxxxxxxxxpredictiveMedium
116ArgumentxxxxpredictiveLow
117ArgumentxxxxxpredictiveLow
118Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
119ArgumentxxxxpredictiveLow
120ArgumentxxxxxpredictiveLow
121Argumentxxx_xxxxxxpredictiveMedium
122ArgumentxxxxxxpredictiveLow
123ArgumentxxxxxxxxpredictiveMedium
124ArgumentxxxxxxxxpredictiveMedium
125Argumentxxxxxxx_xx/xxxx_xxpredictiveHigh
126Argumentxxxxx_xxxxxxpredictiveMedium
127ArgumentxxxxxxxpredictiveLow
128Argumentxxxxxxxxxxxx_xxxxxxxxxpredictiveHigh
129ArgumentxxxxxxxxxxpredictiveMedium
130ArgumentxxxxxxxxpredictiveMedium
131ArgumentxxxxxpredictiveLow
132Argumentxxxxxx_xxxxxxxx_xxpredictiveHigh
133ArgumentxxxxxxxxxxxpredictiveMedium
134ArgumentxxxpredictiveLow
135ArgumentxxxxpredictiveLow
136ArgumentxxxxxpredictiveLow
137ArgumentxxxxxxxxpredictiveMedium
138Argumentxxxxxxxx/xxxxpredictiveHigh
139Argument_xpredictiveLow
140Input Value'>[xxx]predictiveLow
141Input ValuexxxxxxxxpredictiveMedium
142Input Valuexxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx>predictiveHigh
143Input ValuexxpredictiveLow

References (8)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!