Cyber Resilience

Campaign · all campaigns

C0018C0018 unknown

aka C0018

Last updated: 2026-07-03

3attributed CVEs
26ATT&CK techniques
12.9IDF score (tooling uniqueness)
3exclusive CVEs
2021years active

About this actor

[C0018](https://attack.mitre.org/campaigns/C0018) was a month-long ransomware intrusion that successfully deployed [AvosLocker](https://attack.mitre.org/software/S1053) onto a compromised network. The unidentified actors gained initial access to the victim network through an exposed server and used a variety of open-source tools prior to executing [AvosLocker](https://attack.mitre.org/software/S1053).(Citation: Costa AvosLocker May 2022)(Citation: Cisco Talos Avos Jun 2022)

Source: MITRE ATT&CK

Activity timeline

Profile

CVERiskCVSSEPSSPublishedProducts
CVE-2021-44832 8.06.60.98082021-12-28see CVE
CVE-2021-45105 8.05.91.00002021-12-18see CVE
CVE-2021-31206 6.07.60.13162021-07-14see CVE

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-421 / 2681%
CM-619 / 2673%
CM-218 / 2669%
SI-318 / 2669%
CM-717 / 2665%
AC-314 / 2654%
CA-714 / 2654%
SI-712 / 2646%
AC-411 / 2642%
AC-611 / 2642%
SC-711 / 2642%
AC-210 / 2638%
SI-1010 / 2638%
AC-58 / 2631%
CM-58 / 2631%

Co-occurring actors

None.

Similar actors

Similar TTPs