Astro Locker Análise

IOB - Indicator of Behavior (45)

Curso de tempo

Idioma

en36
ru6
zh4

País

us20
ru12
ir4

Actores

Actividades

Interesse

Curso de tempo

Tipo

Fabricante

Produto

Microsoft Exchange Server6
Exim4
Microsoft Windows4
Apache HTTP Server2
OpenKM Community Edition2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasCTIEPSSCVE
1Microsoft Windows Win32k Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00048CVE-2023-36743
2zoujingli ThinkAdmin Update.php direitos alargados8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.01088CVE-2020-23653
3Apache HTTP Server ETag Divulgação de Informação5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00161CVE-2003-1418
4Huawei Flybox B660 indexdefault.asp Fraca autenticação7.36.7$5k-$25kCalculadoProof-of-ConceptWorkaround0.050.00000
5OpenKM Community Edition XMLReader Parser XMLTextExtractor.java XML External Entity8.28.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00201CVE-2022-2131
6OpenKM FileUtils.java getFileExtension direitos alargados3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00045CVE-2022-3969
7Linux Kernel smb2ops.c smb2_dump_detail Divulgação de Informação6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00042CVE-2023-6610
8Microsoft Windows Local Security Authority Subsystem Service Divulgação de Informação5.14.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00048CVE-2023-36428
9Linux Kernel io_uring Subsystem Condição de Corrida7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00042CVE-2023-1295
10Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.00080CVE-2023-36745
11Microsoft Windows TPM Device Driver Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.00409CVE-2023-29360
12Wazuh Dashboard direitos alargados7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00060CVE-2023-42455
13Microsoft Exchange Server ProxyShell vulnerabilidade desconhecida9.48.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.72231CVE-2021-34523
14Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.97285CVE-2021-34473
15Microsoft Exchange Server Privilege Escalation8.07.3$5k-$25k$5k-$25kUnprovenOfficial Fix0.040.00095CVE-2023-28310
16Linux Kernel Excesso de tampão7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00042CVE-2023-0461
17Red Hat DataGrid/Infinispan REST Endpoint Fraca autenticação6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00197CVE-2021-31917
18libssh pki_verify_data_signature direitos alargados5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00139CVE-2023-2283
19Microsoft Windows HTTP Protocol Stack Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01324CVE-2023-23392
20OpenBSD OpenSSH compat.c Excesso de tampão7.77.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00958CVE-2023-25136

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadesTipo de acessoTipoAceitação
1T1068CWE-284Execution with Unnecessary PrivilegespredictiveAlto
2T1078.001CWE-259Use of Hard-coded PasswordpredictiveAlto
3TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveAlto
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/htmlcode/html/indexdefault.asppredictiveAlto
2Fileajax_admin_apis.phppredictiveAlto
3Fileajax_php_pecl.phppredictiveAlto
4Filexxx/xxxxx/xxxxxxxxxx/xxx/xxxxxx.xxxpredictiveAlto
5Filexxxxx.xxxpredictiveMédio
6Filexxxxxxxx.xxxpredictiveMédio
7Filexxxxxx.xpredictiveMédio
8Filexx/xxx/xxxxxx/xxxxxxx.xpredictiveAlto
9Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxx/xxxxxxxxx.xxxxpredictiveAlto
10Filexxxxxxxxxxxxxxxx.xxxxpredictiveAlto
11ArgumentxxxxxxpredictiveBaixo
12ArgumentxxxpredictiveBaixo
13Argumentxxxxxxxx_xxpredictiveMédio
14ArgumentxxxxpredictiveBaixo
15Argumentxxxxxxx.xxx_xxxxxxxxxxpredictiveAlto
16ArgumentxxxxxxxxxxpredictiveMédio
17ArgumentxxpredictiveBaixo
18Input Valuexxxx:xxxxxxxxpredictiveAlto
19Input ValuexxxxxxxxpredictiveMédio
20Network Portxxx/xxxxpredictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!