Astro Locker Analys

IOB - Indicator of Behavior (45)

Tidslinje

Lang

en42
zh2
ru2

Land

Skådespelare

Aktiviteter

Intressera

Tidslinje

Typ

Säljare

Produkt

Microsoft Windows4
Linux Kernel4
OpenKM2
Wazuh2
Cisco ASR 50002

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1Microsoft Windows Win32k Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.00048CVE-2023-36743
2zoujingli ThinkAdmin Update.php privilegier eskalering8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.01088CVE-2020-23653
3Apache HTTP Server ETag informationsgivning5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00161CVE-2003-1418
4Huawei Flybox B660 indexdefault.asp svag autentisering7.36.7$5k-$25kBeräknandeProof-of-ConceptWorkaround0.050.00000
5OpenKM Community Edition XMLReader Parser XMLTextExtractor.java XML External Entity8.28.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00201CVE-2022-2131
6OpenKM FileUtils.java getFileExtension privilegier eskalering3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00045CVE-2022-3969
7Linux Kernel smb2ops.c smb2_dump_detail informationsgivning6.26.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00042CVE-2023-6610
8Microsoft Windows Local Security Authority Subsystem Service informationsgivning5.14.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.00048CVE-2023-36428
9Linux Kernel io_uring Subsystem tävlingsvillkor7.57.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00042CVE-2023-1295
10Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.00080CVE-2023-36745
11Microsoft Windows TPM Device Driver Local Privilege Escalation7.87.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.00409CVE-2023-29360
12Wazuh Dashboard privilegier eskalering7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00060CVE-2023-42455
13Microsoft Exchange Server ProxyShell okänd sårbarhet9.48.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.72231CVE-2021-34523
14Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.040.97285CVE-2021-34473
15Microsoft Exchange Server Privilege Escalation8.07.3$5k-$25k$5k-$25kUnprovenOfficial Fix0.040.00095CVE-2023-28310
16Linux Kernel minneskorruption7.47.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00042CVE-2023-0461
17Red Hat DataGrid/Infinispan REST Endpoint svag autentisering6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00197CVE-2021-31917
18libssh pki_verify_data_signature privilegier eskalering5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00139CVE-2023-2283
19Microsoft Windows HTTP Protocol Stack Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.000.01324CVE-2023-23392
20OpenBSD OpenSSH compat.c minneskorruption7.77.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00958CVE-2023-25136

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1068CWE-284Execution with Unnecessary PrivilegespredictiveHög
2T1078.001CWE-259Use of Hard-coded PasswordpredictiveHög
3TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHög
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
7TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
8TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
9TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/htmlcode/html/indexdefault.asppredictiveHög
2Fileajax_admin_apis.phppredictiveHög
3Fileajax_php_pecl.phppredictiveHög
4Filexxx/xxxxx/xxxxxxxxxx/xxx/xxxxxx.xxxpredictiveHög
5Filexxxxx.xxxpredictiveMedium
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxxx.xpredictiveMedium
8Filexx/xxx/xxxxxx/xxxxxxx.xpredictiveHög
9Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxx/xxxxxxxxx.xxxxpredictiveHög
10Filexxxxxxxxxxxxxxxx.xxxxpredictiveHög
11ArgumentxxxxxxpredictiveLåg
12ArgumentxxxpredictiveLåg
13Argumentxxxxxxxx_xxpredictiveMedium
14ArgumentxxxxpredictiveLåg
15Argumentxxxxxxx.xxx_xxxxxxxxxxpredictiveHög
16ArgumentxxxxxxxxxxpredictiveMedium
17ArgumentxxpredictiveLåg
18Input Valuexxxx:xxxxxxxxpredictiveHög
19Input ValuexxxxxxxxpredictiveMedium
20Network Portxxx/xxxxpredictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!