Locky Analysis

IOB - Indicator of Behavior (257)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en212
it12
sv10
pl10
es8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us232
ru6
ua2
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

IBM Lotus Domino10
Apache HTTP Server4
Linux Kernel4
RIM BlackBerry Enterprise Server4
MGB OpenSource Guestbook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
3jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.04499CVE-2019-7550
4Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.160.00000
5MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.270.02800CVE-2007-0354
6Genetechsolutions Pie-Register wp-login.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.02255CVE-2013-4954
7WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.01319CVE-2006-5509
8Microsoft Windows Uniscribe memory corruption8.07.2$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.31179CVE-2017-0083
9Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.01282CVE-2013-1917
10Apache HTTP Server mod_session heap-based overflow7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020.07767CVE-2021-26691
11PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.03129CVE-2007-1287
12Kaqoo Auction Software register.inc.php code injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.15272CVE-2007-1790
13DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.06790CVE-2007-1167
14Russcom Network Loginphp register.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.020.01213CVE-2006-2160
15D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.020.00954CVE-2013-3096
16CONTROLzx HMS register_domain.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.00000
17LushiWarPlaner register.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.010.01139CVE-2007-0864
18ImageMagick JPEGWarningHandler resource management5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03407CVE-2012-0260
19Google Android memory corruption8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.00885CVE-2016-10486
20OrientDB access control8.58.5$0-$5k$0-$5kHighNot Defined0.000.79620CVE-2017-11467

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (50)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/dev/fdpredictiveLow
2File/inc/HTTPClient.phppredictiveHigh
3File/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=eventspredictiveHigh
4File/ISAPI/Security/users/1predictiveHigh
5Fileaddentry.phppredictiveMedium
6Filedata/gbconfiguration.datpredictiveHigh
7Fileemail.phppredictiveMedium
8Filexxxx.xpredictiveLow
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
11Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxxx.xxxpredictiveMedium
14Filexxxxxxxx.xpredictiveMedium
15Filexx/xxxxxxxxx.xpredictiveHigh
16Filexxx/xxxx/xxx_xxxxxxxx.xpredictiveHigh
17Filexxx_xxxx.xxxpredictiveMedium
18Filexxx_xxxxxx.xxxxpredictiveHigh
19Filexxxxxxxx.xxxxpredictiveHigh
20Filexxxxxxxx.xxxpredictiveMedium
21Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
22Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
23Filexxxxxxxx_xxxx.xxxpredictiveHigh
24Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
25Filexxxxxx_xxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxx.xpredictiveMedium
28Filexxxxxxxxx/xxxxxx_xxxxxxxx_xxxx_xxxxxxx_xxxx.xxx.xxxpredictiveHigh
29Filexxxx-xxxxxxxx.xxxpredictiveHigh
30Filexxxxxx.xxxpredictiveMedium
31Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
32Filexx-xxxxx.xxxpredictiveMedium
33Libraryxxxxxxx.xxxpredictiveMedium
34ArgumentxxxxxxxxpredictiveMedium
35ArgumentxxxxxxpredictiveLow
36ArgumentxxxxpredictiveLow
37ArgumentxxxxxxxxpredictiveMedium
38ArgumentxxpredictiveLow
39Argumentxxxxxxx_xxxxpredictiveMedium
40ArgumentxxxxxxxpredictiveLow
41ArgumentxxpredictiveLow
42ArgumentxxxxpredictiveLow
43ArgumentxxxxxpredictiveLow
44Argumentxxxx_xxxxxxxxpredictiveHigh
45ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
46ArgumentxxxxxxpredictiveLow
47ArgumentxxxxxpredictiveLow
48ArgumentxxxxxxxxpredictiveMedium
49Pattern/_xxx_xxx/.xxx/predictiveHigh
50Patternxxxx/predictiveLow

References (7)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!