Astro Locker Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Sequenza temporale

Linguaggio

en40
ru4
zh2

Nazione

us24
ru16

Attori

Astro Locker2
IcedID2
BazarBackdoor1
Bumblebee1
PhotoLoader1

Attività

Interesse

Sequenza temporale

Genere

Not Defined22
Groupware Software6
Operating System4
Router Operating System4
Mail Server Software2

Fornitore

Not Defined8
Microsoft8
TP-LINK4
Basti2web2
Trango2

Prodotto

Microsoft Exchange Server6
CentOS Web Panel4
TP-LINK TDDP4
Basti2web Book Panel2
Trango Altum2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Microsoft Windows Win32k Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.00CVE-2023-36743
2zoujingli ThinkAdmin Update.php escalazione di privilegi8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.010880.02CVE-2020-23653
3Apache HTTP Server ETag rivelazione di un 'informazione5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001610.10CVE-2003-1418
4Huawei Flybox B660 indexdefault.asp autenticazione debole7.36.7$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.05
5OpenKM Community Edition XMLReader Parser XMLTextExtractor.java XML External Entity8.28.1$0-$5k$0-$5kNot DefinedNot Defined0.002010.00CVE-2022-2131
6OpenKM FileUtils.java getFileExtension escalazione di privilegi3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.04CVE-2022-3969
7Linux Kernel smb2ops.c smb2_dump_detail rivelazione di un 'informazione6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.00CVE-2023-6610
8Microsoft Windows Local Security Authority Subsystem Service rivelazione di un 'informazione5.14.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.000480.02CVE-2023-36428
9Linux Kernel io_uring Subsystem race condition7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.06CVE-2023-1295
10Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.000800.04CVE-2023-36745
11Microsoft Windows TPM Device Driver Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.004090.06CVE-2023-29360
12Wazuh Dashboard escalazione di privilegi7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.03CVE-2023-42455
13Microsoft Exchange Server ProxyShell vulnerabilità sconosciuta9.48.6$25k-$100k$5k-$25kHighOfficial Fix0.782220.17CVE-2021-34523
14Microsoft Exchange Server ProxyShell Remote Code Execution9.58.7$25k-$100k$5k-$25kHighOfficial Fix0.973190.13CVE-2021-34473
15Microsoft Exchange Server Privilege Escalation8.07.3$5k-$25k$5k-$25kUnprovenOfficial Fix0.001110.04CVE-2023-28310
16Linux Kernel buffer overflow7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2023-0461
17Red Hat DataGrid/Infinispan REST Endpoint autenticazione debole6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001970.00CVE-2021-31917
18libssh pki_verify_data_signature escalazione di privilegi5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001390.02CVE-2023-2283
19Microsoft Windows HTTP Protocol Stack Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.010930.00CVE-2023-23392
20OpenBSD OpenSSH compat.c buffer overflow7.77.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.009580.04CVE-2023-25136

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
145.134.21.8Astro Locker31/05/2021verifiedAlto
2XX.XX.XXX.XXXxxx.xxx.xx.xx.xxxxxx.xxxxxxxx.xxxXxxxx Xxxxxx31/05/2021verifiedAlto
3XXX.XX.XXX.XXXxxxx Xxxxxx31/05/2021verifiedAlto
4XXX.XX.XXX.XXXxxxx Xxxxxx31/05/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1068CAPEC-19CWE-284Execution with Unnecessary PrivilegespredictiveAlto
2T1078.001CWE-259Use of Hard-coded PasswordpredictiveAlto
3TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/htmlcode/html/indexdefault.asppredictiveAlto
2Fileajax_admin_apis.phppredictiveAlto
3Fileajax_php_pecl.phppredictiveAlto
4Filexxx/xxxxx/xxxxxxxxxx/xxx/xxxxxx.xxxpredictiveAlto
5Filexxxxx.xxxpredictiveMedia
6Filexxxxxxxx.xxxpredictiveMedia
7Filexxxxxx.xpredictiveMedia
8Filexx/xxx/xxxxxx/xxxxxxx.xpredictiveAlto
9Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxx/xxxxxxxxx.xxxxpredictiveAlto
10Filexxxxxxxxxxxxxxxx.xxxxpredictiveAlto
11ArgumentxxxxxxpredictiveBasso
12ArgumentxxxpredictiveBasso
13Argumentxxxxxxxx_xxpredictiveMedia
14ArgumentxxxxpredictiveBasso
15Argumentxxxxxxx.xxx_xxxxxxxxxxpredictiveAlto
16ArgumentxxxxxxxxxxpredictiveMedia
17ArgumentxxpredictiveBasso
18Input Valuexxxx:xxxxxxxxpredictiveAlto
19Input ValuexxxxxxxxpredictiveMedia
20Network Portxxx/xxxxpredictiveMedia

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Interested in the pricing of exploits?

See the underground prices here!