Astro Locker Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Langue

en	42
ru	2
zh	2

De campagne

us	22
ru	10
ir	4

Acteurs

IcedID	3
Astro Locker	2
Cobalt Strike	2
BazarBackdoor	1
Bumblebee	1

Intérêt

Taper

Not Defined	20
Operating System	6
Router Operating System	4
Firewall Software	4
WordPress Plugin	2

Fournisseur

Not Defined	12
Microsoft	6
Cisco	4
ZyXEL	2
Omron	2

Produit

Microsoft Windows	4
ZyXEL PK5001Z	2
Omron CX-One CX-Programmer	2
ampleShop	2
libssh	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Microsoft Windows Win32k Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00048	0.02	CVE-2023-36743
2	zoujingli ThinkAdmin Update.php elévation de privilèges	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01088	0.02	CVE-2020-23653
3	Apache HTTP Server ETag divulgation de l'information	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00161	0.05	CVE-2003-1418
4	Huawei Flybox B660 indexdefault.asp authentification faible	7.3	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.05
5	OpenKM Community Edition XMLReader Parser XMLTextExtractor.java XML External Entity	8.2	8.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00201	0.00	CVE-2022-2131
6	OpenKM FileUtils.java getFileExtension elévation de privilèges	3.6	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.00	CVE-2022-3969
7	Linux Kernel smb2ops.c smb2_dump_detail divulgation de l'information	6.2	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.00	CVE-2023-6610
8	Microsoft Windows Local Security Authority Subsystem Service divulgation de l'information	5.1	4.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00048	0.02	CVE-2023-36428
9	Linux Kernel io_uring Subsystem race condition	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.06	CVE-2023-1295
10	Microsoft Exchange Server Privilege Escalation	8.3	7.6	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00080	0.06	CVE-2023-36745
11	Microsoft Windows TPM Device Driver Local Privilege Escalation	7.8	7.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00409	0.06	CVE-2023-29360
12	Wazuh Dashboard elévation de privilèges	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.03	CVE-2023-42455
13	Microsoft Exchange Server ProxyShell vulnérabilité inconnue	9.4	8.2	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.78222	0.00	CVE-2021-34523
14	Microsoft Exchange Server ProxyShell Remote Code Execution	9.5	8.2	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.97319	0.02	CVE-2021-34473
15	Microsoft Exchange Server Privilege Escalation	8.0	7.3	$5k-$25k	$5k-$25k	Unproven	Official Fix	0.00095	0.04	CVE-2023-28310
16	Linux Kernel buffer overflow	7.4	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2023-0461
17	Red Hat DataGrid/Infinispan REST Endpoint authentification faible	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00197	0.00	CVE-2021-31917
18	libssh pki_verify_data_signature elévation de privilèges	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00139	0.02	CVE-2023-2283
19	Microsoft Windows HTTP Protocol Stack Remote Code Execution	9.8	8.9	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.01093	0.00	CVE-2023-23392
20	OpenBSD OpenSSH compat.c buffer overflow	7.7	7.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00958	0.04	CVE-2023-25136

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	45.134.21.8		Astro Locker	31/05/2021	verified	Élevé
2	XX.XX.XXX.XXX	xxx.xxx.xx.xx.xxxxxx.xxxxxxxx.xxx	Xxxxx Xxxxxx	31/05/2021	verified	Élevé
3	XXX.XX.XXX.XX		Xxxxx Xxxxxx	31/05/2021	verified	Élevé
4	XXX.XX.XXX.XX		Xxxxx Xxxxxx	31/05/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1068	CWE-284	Execution with Unnecessary Privileges	predictive	Élevé
2	T1078.001	CWE-259	Use of Hard-coded Password	predictive	Élevé
3	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
9	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Élevé

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/htmlcode/html/indexdefault.asp	predictive	Élevé
2	File	ajax_admin_apis.php	predictive	Élevé
3	File	ajax_php_pecl.php	predictive	Élevé
4	File	xxx/xxxxx/xxxxxxxxxx/xxx/xxxxxx.xxx	predictive	Élevé
5	File	xxxxx.xxx	predictive	Moyen
6	File	xxxxxxxx.xxx	predictive	Moyen
7	File	xxxxxx.x	predictive	Moyen
8	File	xx/xxx/xxxxxx/xxxxxxx.x	predictive	Élevé
9	File	xxx/xxxx/xxxx/xxx/xxxxxx/xxxx/xxxxxxxxx.xxxx	predictive	Élevé
10	File	xxxxxxxxxxxxxxxx.xxxx	predictive	Élevé
11	Argument	xxxxxx	predictive	Faible
12	Argument	xxx	predictive	Faible
13	Argument	xxxxxxxx_xx	predictive	Moyen
14	Argument	xxxx	predictive	Faible
15	Argument	xxxxxxx.xxx_xxxxxxxxxx	predictive	Élevé
16	Argument	xxxxxxxxxx	predictive	Moyen
17	Argument	xx	predictive	Faible
18	Input Value	xxxx:xxxxxxxx	predictive	Élevé
19	Input Value	xxxxxxxx	predictive	Moyen
20	Network Port	xxx/xxxx	predictive	Moyen

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!