LokiLocker Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (239)

Język

en	240

Kraj

co	238
us	2

Aktorzy

TA544	1
SpyEye	1
LokiBot	1
LokiLocker	1
Meterpreter	1

Wysiłek

Rodzaj

Not Defined	52
Web Browser	42
Operating System	28
Document Reader Software	16
Programming Language Software	16

Sprzedawca

Not Defined	42
Microsoft	22
Mozilla	18
Google	18
Adobe	16

Produkt

Mozilla Firefox	16
Google Chrome	16
Adobe Acrobat Reader	14
Linux Kernel	12
Microsoft Windows	12

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Nginx Open Source/Plus/Ingress Controller Resolver memory corruption	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.58180	0.04	CVE-2021-23017
2	OAID Tengine Serializer Module memory corruption	5.5	5.1	$0-$5k	$0-$5k	Unproven	Not Defined	0.00051	0.00	CVE-2020-28759
3	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.71	CVE-2007-0354
4	Hashtopus admin.php sql injection	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00143	0.00	CVE-2017-11678
5	Goahead Web Server HTTP GET Request system.ini information disclosure	7.5	7.4	$5k-$25k	$0-$5k	Not Defined	Workaround	0.07649	0.04	CVE-2017-5674
6	Adobe Acrobat Reader memory corruption	7.5	7.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02760	0.00	CVE-2016-0938
7	Adobe Acrobat Reader memory corruption	7.5	7.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02760	0.00	CVE-2016-0939
8	Adobe Acrobat Reader memory corruption	7.5	7.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.13228	0.00	CVE-2016-0934
9	Adobe Acrobat Reader memory corruption	7.5	7.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02462	0.03	CVE-2016-0931
10	Adobe Acrobat Reader memory corruption	8.0	7.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04070	0.02	CVE-2016-0942
11	Adobe Acrobat Reader memory corruption	7.5	7.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.04041	0.00	CVE-2016-0936
12	Adobe Acrobat Reader memory corruption	7.5	7.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.13228	0.00	CVE-2016-0941
13	Adobe Acrobat Reader memory corruption	8.0	7.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01715	0.02	CVE-2016-0940
14	ISC DHCPD IPv4 UDP Length privilege escalation	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05106	0.00	CVE-2015-8605
15	Adobe Acrobat Reader memory corruption	7.5	7.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.13228	0.00	CVE-2016-0932
16	Adobe Acrobat Reader memory corruption	7.5	7.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.13228	0.00	CVE-2016-0937
17	Adobe Acrobat Reader privilege escalation	7.5	7.4	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02594	0.00	CVE-2016-0943
18	Microsoft Excel Office Document memory corruption	7.8	7.5	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.57665	0.00	CVE-2016-0035
19	RSA Package for Python Signature verify privilege escalation	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00428	0.00	CVE-2016-1494
20	Firebird Daemon privilege escalation	6.5	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01994	0.02	CVE-2016-1569

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	91.223.82.6	pink.warez-host.com	LokiLocker		2022-07-27	verified	Wysoki
2	XXX.XXX.XXX.X		Xxxxxxxxxx		2022-07-27	verified	Wysoki

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1059	CWE-94	Argument Injection	predictive	Wysoki
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Wysoki
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XXX, CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Wysoki
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
8	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Wysoki
9	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Wysoki
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Wysoki

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/Tools/tools_admin.htm	predictive	Wysoki
2	File	adm/krgourl.php	predictive	Wysoki
3	File	admin.php	predictive	Medium
4	File	administers	predictive	Medium
5	File	catchsegv	predictive	Medium
6	File	classified.php	predictive	Wysoki
7	File	coders/mat.c	predictive	Medium
8	File	default.asp	predictive	Medium
9	File	drivers/char/lp.c	predictive	Wysoki
10	File	xxxxxxx/xxx/xxxxxx.x	predictive	Wysoki
11	File	xxxxx.xxx	predictive	Medium
12	File	xxxxxxxx.x	predictive	Medium
13	File	x_xxxxxxx.x	predictive	Medium
14	File	xxx/xx/xxxxxxxxxxxxxxxxxx.xxx	predictive	Wysoki
15	File	xxxxxx.xxx	predictive	Medium
16	File	xxxxx.xxx	predictive	Medium
17	File	xxxxxxxx/xxxx/xxxx.xxx	predictive	Wysoki
18	File	xx_xxxx_xxxxx_xxxxxxxx_xxxxxxxxxxxxxx.xxx	predictive	Wysoki
19	File	xxxxxxxxxx/xxxxxx.x	predictive	Wysoki
20	File	xxxxxxxxxx/xxx.x	predictive	Wysoki
21	File	xxxxxxxxxx/xxxx.x	predictive	Wysoki
22	File	xxxxxxxxxx/xxxxxxxx.x	predictive	Wysoki
23	File	xxxxxxxxxx/xxxxxxxxxx.x	predictive	Wysoki
24	File	xxxxxxxxxxx/xxx.x	predictive	Wysoki
25	File	xxxxxxxxxxx/xxx.x	predictive	Wysoki
26	File	xxxxxxxxxxx/xxx.x	predictive	Wysoki
27	File	xxxxxxxxxxx/xxxx.x	predictive	Wysoki
28	File	xxxxxxxxxxx/xxxxx.x	predictive	Wysoki
29	File	xxxxxxxxxxx/xxxxxxxx.x	predictive	Wysoki
30	File	xxxxxxx/xxxxxxx.x	predictive	Wysoki
31	File	xxxxx.xxx	predictive	Medium
32	File	xxxx/xxx.x	predictive	Medium
33	File	xxx/xxx/xx_xxx.x	predictive	Wysoki
34	File	xxxxxxxxxxxx.xxx	predictive	Wysoki
35	File	xxx_xxxxxxx.x	predictive	Wysoki
36	File	xxxxxx.xxx.xxx	predictive	Wysoki
37	File	xxxxxxxx/xxxxxxxxxx.xxx	predictive	Wysoki
38	File	xxxxxx/xxxxxxxxxx/xxx/xxxx.xxx	predictive	Wysoki
39	File	xxx/xx_xxxx.x	predictive	Wysoki
40	File	xxxxxx.xxx	predictive	Medium
41	File	x_xxxxx.x	predictive	Medium
42	File	xxxxxxx_xxxxxxx.xxxxxxxx.xxxx_xxxxxxxx	predictive	Wysoki
43	File	xxxxxxx/xxxx/xxxxxxxxxxxxxxxx.xxx	predictive	Wysoki
44	File	xxxxxxx/xxxx/xxxxx.xxx	predictive	Wysoki
45	File	xxxxxxxxx_xx.x	predictive	Wysoki
46	Library	xx/xxx/xxxx_xxxxxx.xxx	predictive	Wysoki
47	Library	xx/xxx/xxxxxxx.xxx	predictive	Wysoki
48	Library	xxxxxx_xxx	predictive	Medium
49	Library	xxxxxxx	predictive	Niski
50	Library	xxx/xxxxxx/xxxxx.xx	predictive	Wysoki
51	Library	xxxxxxxxxx/xxx_xxxxx.x	predictive	Wysoki
52	Library	xxxxx.xxx	predictive	Medium
53	Library	xxxxxxx.xxx	predictive	Medium
54	Library	xxxxxx.xxx	predictive	Medium
55	Argument	xxxxx	predictive	Niski
56	Argument	xxxxxx_xxx	predictive	Medium
57	Argument	xxxxxxxx_xxxx	predictive	Wysoki
58	Argument	xxxxxx	predictive	Niski
59	Argument	xxxxxx	predictive	Niski
60	Argument	xxxxxxxxxxxxxxxxxxxxxx	predictive	Wysoki
61	Argument	xx	predictive	Niski
62	Argument	xxx	predictive	Niski
63	Argument	x_xxxxxxxxxxxxxxxx	predictive	Wysoki
64	Argument	xxxxxxxx	predictive	Medium
65	Argument	xxxxxx	predictive	Niski
66	Argument	xxxxxx	predictive	Niski
67	Argument	xxxxx_xxxxxxx_xxxxx/xxxxx_xxxxxxx_xxxxx_xxx/xxxxx_xxxxxxx_xxxxxxx	predictive	Wysoki
68	Argument	xxxxxx_xx	predictive	Medium
69	Argument	xxxx_xxx	predictive	Medium
70	Argument	xxxxxx-xxxxx	predictive	Medium
71	Input Value	xxxx	predictive	Niski
72	Input Value	xxxxx	predictive	Niski
73	Input Value	xxxxx/xxxxxxxx	predictive	Wysoki
74	Input Value	xxxxx	predictive	Niski
75	Input Value	xxxxx xxxxxxx xxxxxx	predictive	Wysoki
76	Pattern	\|xx\|/[	predictive	Niski
77	Network Port	xxxxxxxxxxxxxx xxxxxx	predictive	Wysoki
78	Network Port	xxx/xx (xxx)	predictive	Medium
79	Network Port	xxx/xxxxx	predictive	Medium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Do you know our Splunk app?

Download it now for free!