3attributed CVEs
26ATT&CK techniques
12.9IDF score (tooling uniqueness)
3exclusive CVEs
2021years active
About this actor
[C0018](https://attack.mitre.org/campaigns/C0018) was a month-long ransomware intrusion that successfully deployed [AvosLocker](https://attack.mitre.org/software/S1053) onto a compromised network. The unidentified actors gained initial access to the victim network through an exposed server and used a variety of open-source tools prior to executing [AvosLocker](https://attack.mitre.org/software/S1053).(Citation: Costa AvosLocker May 2022)(Citation: Cisco Talos Avos Jun 2022)
Source: MITRE ATT&CK
Activity timeline
- 2021 — 3 CVE published
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
CVE-2021-44832 | 8.0 | 6.6 | 0.9808 | 2021-12-28 | see CVE |
CVE-2021-45105 | 8.0 | 5.9 | 1.0000 | 2021-12-18 | see CVE |
CVE-2021-31206 | 6.0 | 7.6 | 0.1316 | 2021-07-14 | see CVE |
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 21 / 26 | 81% |
CM-6 | 19 / 26 | 73% |
CM-2 | 18 / 26 | 69% |
SI-3 | 18 / 26 | 69% |
CM-7 | 17 / 26 | 65% |
AC-3 | 14 / 26 | 54% |
CA-7 | 14 / 26 | 54% |
SI-7 | 12 / 26 | 46% |
AC-4 | 11 / 26 | 42% |
AC-6 | 11 / 26 | 42% |
SC-7 | 11 / 26 | 42% |
AC-2 | 10 / 26 | 38% |
SI-10 | 10 / 26 | 38% |
AC-5 | 8 / 26 | 31% |
CM-5 | 8 / 26 | 31% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- INC Ransom 0.33
- HomeLand Justice 0.29
- C0015 0.29
- Blue Mockingbird 0.27
- C0021 0.27
Active in same years
- SolarWinds Compromise 1.00
- SharePoint ToolShell Exploitation 1.00
- APT1 1.00
- Deep Panda 1.00
- APT29 1.00