Makop

Search IOCs, vulnerabilities, APT…

216.73.217.98

← Back to intrusion sets

· Published 20/12/2025 23:47 · Modified 20/12/2025 23:47 · Source: AlienVault

Essential information

Confidence: 100/100
Published: 20/12/2025 23:47
Modified: 20/12/2025 23:47
Updated at: 20/12/2025 23:47
Revoked: No
Author / Source: AlienVault
Resource level: —
Primary motivation: —
Related entities: 1 reports, 23 attack patterns (mitre), 6 malware, 2 sectors, 5 countries, 69 indicators, 10 vulnerabilities (cve)

Description

No description.

Marking (TLP)

TLP:CLEAR

Related entities

Attack patterns, malware, vulnerabilities, indicators and other entities linked to this intrusion set.

Reports (1)

Makop ransomware: GuLoader and privilege escalation in attacks …

10 CVEs 18 MITREs 4 Malwares 62 Observables 1 APT

Attack patterns (MITRE) (23)

T1210 uses

Exploitation of Remote Services MITRE
T1133 uses

External Remote Services MITRE
T1127 uses

Trusted Developer Utilities Proxy Execution MITRE
T1021.001 uses

Remote Desktop Protocol MITRE
T1570 uses

Lateral Tool Transfer MITRE
T1105 uses

Ingress Tool Transfer MITRE
T1555 uses

Credentials from Password Stores MITRE
T1486 uses

Data Encrypted for Impact MITRE
T1046 uses

Network Service Discovery MITRE
T1087 uses

Account Discovery MITRE
T1078 uses

Valid Accounts MITRE

← Previous

Page / 2

13–23 of 23

Makop uses

Family
Phobos uses

Family
LockBit uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
LaZagne uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
GuLoader - S0561 uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·
Mimikatz uses

AlienVault Confidence 100

First seen 01/01/1970 · Last seen 16/11/5138 ·

Sectors (2)

Technology targets
Manufacturing targets

Countries (5)

British Indian Ocean Territory targets
Germany targets
Brazil targets
India targets
Italy targets

Indicators (69)

8ccb30606e3229ff88b3b67a5f4b2b087cab290ce7eedfcb24d1d3954b01d5f9 indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
ca08299002fa6181d249115907ee29356e698d72ff06afdca05431c1ed38db35 indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
a8bf7da7e2f62296985e1aadbac8373f5ac813ac158047f5b5579a3f900fd85b indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
aac0c5ad612fb9a0ac3b4bbfd71b8931fc762f8e11fdf3ffb33ef22076f9c4bc indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4 indicates

stix 100/100

· Valid until 03/07/2026 · Source: AlienVault
61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1 indicates

stix 100/100 Revoked

· Valid until 29/10/2025 · Source: AlienVault
1845fe8545b6708e64250b8807f26d095f1875cc1f6159b24c2d0589feb74f0c indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
f181b8ae88f6c657c3ec3d1d5e8420fbf340c543b3d9292947ae035e3591b664 indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
92c65b58c4925534c2ce78e54b0e11ecaf45ed8cf0344ebff46cdfc4f2fe0d84 indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
43c3b5dbc18ebbc55c127d197255446d5f3e074fdac37f3e901b718acbe7c833 indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
3cc5ee93a9ba1fc57389705283b760c8bd61f35e9398bbfa3210e2becf6d4b05 indicates

stix 100/100

· Valid until 06/12/2026 · Source: AlienVault
2164c82bd1894f31b366d5c97276c29e1721b5e5 indicates

← Previous

Page / 6

1–12 of 69

Vulnerabilities (CVE) (10)

CVE-2020-0787 KEV targets

Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this …

Published: 28/01/2022
Modified: 21/12/2025

CVE-2021-41379 KEV targets

Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

Published: 03/03/2022
Modified: 21/12/2025

CVE-2025-7771 targets

8.7 High

ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. …

Published: 20/12/2025
Modified: 21/12/2025

Awaiting Analysis

CVE-2020-0796 KEV targets

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An …

Published: 10/02/2022
Modified: 20/12/2025

CVE-2017-0213 KEV targets

7.3 High

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Attack vector: LOCAL
Complexity: LOW
Published: 12/05/2017
Modified: 22/04/2026

CVE-2019-1388 KEV targets

Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.

Published: 07/04/2023
Modified: 21/12/2025

CVE-2018-8639 KEV targets

Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully …

Published: 03/03/2025
Modified: 20/12/2025

CVE-2020-1066 targets

7.8 High

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, …

Attack vector: LOCAL
Published: 22/05/2020
Modified: 21/12/2025

CVE-2016-0099 KEV targets

7.8 High

A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. …

Attack vector: LOCAL
Complexity: LOW
Published: 09/03/2016
Modified: 22/04/2026

CWE-120

CVE-2022-24521 KEV targets

Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

Published: 13/04/2022
Modified: 27/05/2026

Contact About Legal notice Privacy policy Terms of use