LokiLocker Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (239)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en240

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

co234
us6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TA5441
SpyEye1
LokiBot1
LokiLocker1
Meterpreter1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Web Browser42
Not Defined40
Operating System22
Document Reader Software12
Multimedia Player Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined42
Microsoft30
Mozilla26
Adobe18
Google16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox24
Google Chrome14
Adobe Acrobat Reader10
FFmpeg10
Microsoft Windows10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Nginx Open Source/Plus/Ingress Controller Resolver off-by-one5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.581800.04CVE-2021-23017
2OAID Tengine Serializer Module buffer overflow5.55.1$0-$5k$0-$5kUnprovenNot Defined0.000510.00CVE-2020-28759
3MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.82CVE-2007-0354
4Hashtopus admin.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001430.00CVE-2017-11678
5Goahead Web Server HTTP GET Request system.ini information disclosure7.57.4$5k-$25k$0-$5kNot DefinedWorkaround0.076490.04CVE-2017-5674
6Adobe Acrobat Reader memory corruption7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.027600.00CVE-2016-0938
7Adobe Acrobat Reader memory corruption7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.027600.00CVE-2016-0939
8Adobe Acrobat Reader use after free7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.132280.00CVE-2016-0934
9Adobe Acrobat Reader memory corruption7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.024620.03CVE-2016-0931
10Adobe Acrobat Reader memory corruption8.07.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.040700.02CVE-2016-0942
11Adobe Acrobat Reader memory corruption7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.040410.00CVE-2016-0936
12Adobe Acrobat Reader use after free7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.132280.00CVE-2016-0941
13Adobe Acrobat Reader use after free8.07.9$25k-$100k$0-$5kNot DefinedOfficial Fix0.017150.02CVE-2016-0940
14ISC DHCPD IPv4 UDP Length input validation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.051060.00CVE-2015-8605
15Adobe Acrobat Reader use after free7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.132280.00CVE-2016-0932
16Adobe Acrobat Reader use after free7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.132280.00CVE-2016-0937
17Adobe Acrobat Reader access control7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.025940.00CVE-2016-0943
18Microsoft Excel Office Document memory corruption7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.576650.00CVE-2016-0035
19RSA Package for Python Signature verify input validation5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.004280.00CVE-2016-1494
20Firebird Daemon input validation6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.019940.02CVE-2016-1569

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
191.223.82.6pink.warez-host.comLokiLocker07/27/2022verifiedHigh
2XXX.XXX.XXX.XXxxxxxxxxx07/27/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
9TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Tools/tools_admin.htmpredictiveHigh
2Fileadm/krgourl.phppredictiveHigh
3Fileadmin.phppredictiveMedium
4FileadministerspredictiveMedium
5FilecatchsegvpredictiveMedium
6Fileclassified.phppredictiveHigh
7Filecoders/mat.cpredictiveMedium
8Filedefault.asppredictiveMedium
9Filedrivers/char/lp.cpredictiveHigh
10Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxxxxxx.xpredictiveMedium
13Filex_xxxxxxx.xpredictiveMedium
14Filexxx/xx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxxxx/xxxx/xxxx.xxxpredictiveHigh
18Filexx_xxxx_xxxxx_xxxxxxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
20Filexxxxxxxxxx/xxx.xpredictiveHigh
21Filexxxxxxxxxx/xxxx.xpredictiveHigh
22Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
23Filexxxxxxxxxx/xxxxxxxxxx.xpredictiveHigh
24Filexxxxxxxxxxx/xxx.xpredictiveHigh
25Filexxxxxxxxxxx/xxx.xpredictiveHigh
26Filexxxxxxxxxxx/xxx.xpredictiveHigh
27Filexxxxxxxxxxx/xxxx.xpredictiveHigh
28Filexxxxxxxxxxx/xxxxx.xpredictiveHigh
29Filexxxxxxxxxxx/xxxxxxxx.xpredictiveHigh
30Filexxxxxxx/xxxxxxx.xpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxx/xxx.xpredictiveMedium
33Filexxx/xxx/xx_xxx.xpredictiveHigh
34Filexxxxxxxxxxxx.xxxpredictiveHigh
35Filexxx_xxxxxxx.xpredictiveHigh
36Filexxxxxx.xxx.xxxpredictiveHigh
37Filexxxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
38Filexxxxxx/xxxxxxxxxx/xxx/xxxx.xxxpredictiveHigh
39Filexxx/xx_xxxx.xpredictiveHigh
40Filexxxxxx.xxxpredictiveMedium
41Filex_xxxxx.xpredictiveMedium
42Filexxxxxxx_xxxxxxx.xxxxxxxx.xxxx_xxxxxxxxpredictiveHigh
43Filexxxxxxx/xxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
45Filexxxxxxxxx_xx.xpredictiveHigh
46Libraryxx/xxx/xxxx_xxxxxx.xxxpredictiveHigh
47Libraryxx/xxx/xxxxxxx.xxxpredictiveHigh
48Libraryxxxxxx_xxxpredictiveMedium
49LibraryxxxxxxxpredictiveLow
50Libraryxxx/xxxxxx/xxxxx.xxpredictiveHigh
51Libraryxxxxxxxxxx/xxx_xxxxx.xpredictiveHigh
52Libraryxxxxx.xxxpredictiveMedium
53Libraryxxxxxxx.xxxpredictiveMedium
54Libraryxxxxxx.xxxpredictiveMedium
55ArgumentxxxxxpredictiveLow
56Argumentxxxxxx_xxxpredictiveMedium
57Argumentxxxxxxxx_xxxxpredictiveHigh
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxxxxpredictiveLow
60ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
61ArgumentxxpredictiveLow
62ArgumentxxxpredictiveLow
63Argumentx_xxxxxxxxxxxxxxxxpredictiveHigh
64ArgumentxxxxxxxxpredictiveMedium
65ArgumentxxxxxxpredictiveLow
66ArgumentxxxxxxpredictiveLow
67Argumentxxxxx_xxxxxxx_xxxxx/xxxxx_xxxxxxx_xxxxx_xxx/xxxxx_xxxxxxx_xxxxxxxpredictiveHigh
68Argumentxxxxxx_xxpredictiveMedium
69Argumentxxxx_xxxpredictiveMedium
70Argumentxxxxxx-xxxxxpredictiveMedium
71Input ValuexxxxpredictiveLow
72Input ValuexxxxxpredictiveLow
73Input Valuexxxxx/xxxxxxxxpredictiveHigh
74Input ValuexxxxxpredictiveLow
75Input Valuexxxxx xxxxxxx xxxxxxpredictiveHigh
76Pattern|xx|/[predictiveLow
77Network Portxxxxxxxxxxxxxx xxxxxxpredictiveHigh
78Network Portxxx/xx (xxx)predictiveMedium
79Network Portxxx/xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!