Makop ransomware: GuLoader and privilege escalation in attacks against Indian businesses
Essential information
- Published
- 09/12/2025 17:09
- Modified
- 21/12/2025 18:52
- Tags
- 2025-12-09 CVE-2016-0099 CVE-2017-0213 CVE-2018-8639 CVE-2019-1388 CVE-2020-0787 CVE-2020-0796 CVE-2020-1066 CVE-2021-41379 CVE-2022-24521 CVE-2025-7771 credential dumping guloader lazagne makop network scanning privilege-escalation ransomware rdp exploitation
- Related entities
- 10 vulnerabilities (cve), 62 observables, 1 intrusion sets (apt), 18 techniques (mitre), 4 malware, 6 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (10)
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 09/03/2016
- Modified
- 22/04/2026
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, …
- Attack vector
- LOCAL
- Published
- 22/05/2020
- Modified
- 21/12/2025
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully …
- Published
- 03/03/2025
- Modified
- 20/12/2025
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this …
- Published
- 28/01/2022
- Modified
- 21/12/2025
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An …
- Published
- 10/02/2022
- Modified
- 20/12/2025
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
- Published
- 07/04/2023
- Modified
- 21/12/2025
ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. …
- Published
- 20/12/2025
- Modified
- 21/12/2025
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 03/03/2022
- Modified
- 21/12/2025
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 13/04/2022
- Modified
- 27/05/2026
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/05/2017
- Modified
- 22/04/2026
Observables (62)
-
37ff328175acd45ef27d3d339c3127a7612ad713fccd9c9aae01656dfbf13056 -
76f88afe7a18e3583bfcc4aed3b3a0ca8a9c18c62ee5f4d746f8da735c47a5e3 -
aac0c5ad612fb9a0ac3b4bbfd71b8931fc762f8e11fdf3ffb33ef22076f9c4bc -
5cdabf41672241798bcca94a7fdb25974ba5ab2289ebadc982149b3014677ae3 -
c8e8cca4ee3c4f4ce4f2076ed93cca058fa1ff88d5ffe49d8d293b27ad25ef68 -
bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4 -
6cf6dd6119abcb2751c2692fb93a623b5b4bd290cb3dc217fa9fe09dd721fcdd -
8ccb30606e3229ff88b3b67a5f4b2b087cab290ce7eedfcb24d1d3954b01d5f9 -
5994db4362ded8bf15f81f134e14b9ed581cd2e073709b5fae6b2363bae455e9 -
3fa65f17518d10af9ed316fbd0395bf39b3b75a63a5374ff071cbba4b642e4a3 -
feb09cc39b1520d228e9e9274500b8c229016d6fc8018a2bf19aa9d3601492c5 -
3902165d0645afdb4b7d95f5cc55d65ecee17d3b77a31d51170e0beae3fd296a
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (18)
-
OS Credential Dumping MITRE
-
Valid Accounts MITRE
-
Brute Force MITRE
-
Lateral Tool Transfer MITRE
-
Disable Windows Event Logging MITRE
-
Credentials from Password Stores MITRE
-
Exploitation of Remote Services MITRE
-
Exploitation for Privilege Escalation MITRE
-
Malicious File MITRE
-
Data Encrypted for Impact MITRE
-
Ingress Tool Transfer MITRE
-
Network Service Discovery MITRE
Malware (4)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (6)
-
Brazil
-
India
-
British Indian Ocean Territory
-
Germany
-
Manufacturing
-
Technologies