Makop ransomware: GuLoader and privilege escalation in attacks against Indian businesses
Essential information
- Published
- 09/12/2025 17:09
- Modified
- 21/12/2025 18:52
- Tags
- 2025-12-09 CVE-2016-0099 CVE-2017-0213 CVE-2018-8639 CVE-2019-1388 CVE-2020-0787 CVE-2020-0796 CVE-2020-1066 CVE-2021-41379 CVE-2022-24521 CVE-2025-7771 credential dumping guloader lazagne makop network scanning privilege-escalation ransomware rdp exploitation
- Related entities
- 10 vulnerabilities (cve), 62 observables, 1 intrusion sets (apt), 18 techniques (mitre), 4 malware, 6 others
Description
Related entities
Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.
Vulnerabilities (CVE) (10)
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 09/03/2016
- Modified
- 22/04/2026
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, …
- Attack vector
- LOCAL
- Published
- 22/05/2020
- Modified
- 21/12/2025
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully …
- Published
- 03/03/2025
- Modified
- 20/12/2025
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this …
- Published
- 28/01/2022
- Modified
- 21/12/2025
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An …
- Published
- 10/02/2022
- Modified
- 20/12/2025
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
- Published
- 07/04/2023
- Modified
- 21/12/2025
ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. …
- Published
- 20/12/2025
- Modified
- 21/12/2025
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 03/03/2022
- Modified
- 21/12/2025
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
- Published
- 13/04/2022
- Modified
- 27/05/2026
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 12/05/2017
- Modified
- 22/04/2026
Observables (62)
-
6e95adda5f24fdf805ad10ae70069484def3d47419db5503f2c44b130eedf591 -
5ff803269d6491dd3f0267f6f07b8869e3f08d62cf2110b552bba2cc3d75d26a -
37d2a1626dc205d60f0bec8746ab256569267e4ef2f8f84dff4d9d792aa3af30 -
92c65b58c4925534c2ce78e54b0e11ecaf45ed8cf0344ebff46cdfc4f2fe0d84 -
61c0810a23580cf492a6ba4f7654566108331e7a4134c968c2d6a05261b2d8a1 -
b5c2474397fb38a4dd9edab78b6e5178832074ba5bab9bac3f0cad7bc0660cf2 -
ffa28db79daca3b93a283ce2a6ff24791956a768cb5fc791c075b638416b51f4 -
3cc5ee93a9ba1fc57389705283b760c8bd61f35e9398bbfa3210e2becf6d4b05 -
5b9407df404506219bd672a33440783c5c214eefa7feb9923c6f9fded8183610 -
01f34180bb635022681723eef73c19adf330d7a32a2e6639c27b1ee5777312be -
0745633619afd654735ea99f32721e3865d8132917f30e292e3f9273977dc021 -
3da3b704547f6f4a1497107e78856d434a408306b92ba7c6e270c7c9790aa576
Intrusion sets (APT) (1)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Techniques (MITRE) (18)
-
OS Credential Dumping MITRE
-
Valid Accounts MITRE
-
Brute Force MITRE
-
Lateral Tool Transfer MITRE
-
Disable Windows Event Logging MITRE
-
Credentials from Password Stores MITRE
-
Exploitation of Remote Services MITRE
-
Exploitation for Privilege Escalation MITRE
-
Malicious File MITRE
-
Data Encrypted for Impact MITRE
-
Ingress Tool Transfer MITRE
-
Network Service Discovery MITRE
Malware (4)
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
AlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Others (6)
-
Brazil
-
India
-
British Indian Ocean Territory
-
Germany
-
Manufacturing
-
Technologies