Astro Locker تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

اللغة

en	42
ru	4

البلد

us	20
ru	14
ir	4

الفاعلين

IcedID	3
Astro Locker	2
Cobalt Strike	2
Bumblebee	1
PhotoLoader	1

الاهتمام

النوع

Not Defined	16
Operating System	10
Web Server	4
Connectivity Software	2
SCADA Software	2

المجهز

Not Defined	12
Microsoft	8
Apache	4
Linux	4
Omron	2

منتج

Microsoft Windows	6
Apache HTTP Server	4
Linux Kernel	4
OpenKM	2
Omron CX-One CX-Programmer	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	Microsoft Windows Win32k Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.00048	CVE-2023-36743
2	zoujingli ThinkAdmin Update.php تجاوز الصلاحيات	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.01088	CVE-2020-23653
3	Apache HTTP Server ETag الكشف عن المعلومات	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00161	CVE-2003-1418
4	Huawei Flybox B660 indexdefault.asp توثيق ضعيف	7.3	6.7	$5k-$25k	جاري الحساب	Proof-of-Concept	Workaround	0.05	0.00000
5	OpenKM Community Edition XMLReader Parser XMLTextExtractor.java XML External Entity	8.2	8.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00201	CVE-2022-2131
6	OpenKM FileUtils.java getFileExtension تجاوز الصلاحيات	3.6	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2022-3969
7	Linux Kernel smb2ops.c smb2_dump_detail الكشف عن المعلومات	6.2	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00042	CVE-2023-6610
8	Microsoft Windows Local Security Authority Subsystem Service الكشف عن المعلومات	5.1	4.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.03	0.00048	CVE-2023-36428
9	Linux Kernel io_uring Subsystem حالة السباق	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.06	0.00042	CVE-2023-1295
10	Microsoft Exchange Server Privilege Escalation	8.3	7.6	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.06	0.00080	CVE-2023-36745
11	Microsoft Windows TPM Device Driver Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.06	0.00409	CVE-2023-29360
12	Wazuh Dashboard تجاوز الصلاحيات	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00060	CVE-2023-42455
13	Microsoft Exchange Server ProxyShell ثغرات غير معروفة	9.4	8.2	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.02	0.78222	CVE-2021-34523
14	Microsoft Exchange Server ProxyShell Remote Code Execution	9.5	8.2	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.04	0.97319	CVE-2021-34473
15	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.04	0.00095	CVE-2023-28310
16	Linux Kernel تلف الذاكرة	7.4	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00042	CVE-2023-0461
17	Red Hat DataGrid/Infinispan REST Endpoint توثيق ضعيف	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00	0.00197	CVE-2021-31917
18	libssh pki_verify_data_signature تجاوز الصلاحيات	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00139	CVE-2023-2283
19	Microsoft Windows HTTP Protocol Stack Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00	0.01324	CVE-2023-23392
20	OpenBSD OpenSSH compat.c تلف الذاكرة	7.7	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.00958	CVE-2023-25136

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	Identified	النوع	الثقة
1	45.134.21.8		Astro Locker	31/05/2021	verified	عالي
2	XX.XX.XXX.XXX	xxx.xxx.xx.xx.xxxxxx.xxxxxxxx.xxx	Xxxxx Xxxxxx	31/05/2021	verified	عالي
3	XXX.XX.XXX.XX		Xxxxx Xxxxxx	31/05/2021	verified	عالي
4	XXX.XX.XXX.XX		Xxxxx Xxxxxx	31/05/2021	verified	عالي

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1068	CWE-284	Execution with Unnecessary Privileges	predictive	عالي
2	T1078.001	CWE-259	Use of Hard-coded Password	predictive	عالي
3	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	عالي
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	عالي
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
9	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	عالي

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/htmlcode/html/indexdefault.asp	predictive	عالي
2	File	ajax_admin_apis.php	predictive	عالي
3	File	ajax_php_pecl.php	predictive	عالي
4	File	xxx/xxxxx/xxxxxxxxxx/xxx/xxxxxx.xxx	predictive	عالي
5	File	xxxxx.xxx	predictive	متوسط
6	File	xxxxxxxx.xxx	predictive	متوسط
7	File	xxxxxx.x	predictive	متوسط
8	File	xx/xxx/xxxxxx/xxxxxxx.x	predictive	عالي
9	File	xxx/xxxx/xxxx/xxx/xxxxxx/xxxx/xxxxxxxxx.xxxx	predictive	عالي
10	File	xxxxxxxxxxxxxxxx.xxxx	predictive	عالي
11	Argument	xxxxxx	predictive	واطئ
12	Argument	xxx	predictive	واطئ
13	Argument	xxxxxxxx_xx	predictive	متوسط
14	Argument	xxxx	predictive	واطئ
15	Argument	xxxxxxx.xxx_xxxxxxxxxx	predictive	عالي
16	Argument	xxxxxxxxxx	predictive	متوسط
17	Argument	xx	predictive	واطئ
18	Input Value	xxxx:xxxxxxxx	predictive	عالي
19	Input Value	xxxxxxxx	predictive	متوسط
20	Network Port	xxx/xxxx	predictive	متوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!