APT12 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (6)

タイムライン

言語

en4
es2

国・地域

es4
ar2

アクター

APT122
Lazarus1

アクティビティ

関心

タイムライン

タイプ

Firewall Software2
Network Management Software2
Content Management System2

ベンダー

Check Point2
HP2
WordPress2

製品

Check Point Firewall2
Check Point VPN-12
HP System Management Homepage2
WordPress AdServe2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1WordPress AdServe adclick.php SQLインジェクション7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.23CVE-2008-0507
2Dasan GPON Home Router diag_Form 特権昇格8.58.4$0-$5k$0-$5kHighWorkaround0.974230.04CVE-2018-10562
3Ajax Load More Plugin admin-ajax.php SQLインジェクション6.76.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000870.03CVE-2021-24140
4Check Point Firewall/VPN-1 Topology Request 情報の漏洩4.34.2$0-$5k$0-$5kHighOfficial Fix0.000000.02
5HP System Management Homepage サービス拒否6.55.7$0-$5k$0-$5kUnprovenOfficial Fix0.003950.00CVE-2012-0135
6ScrewTurn ScrewTurn Wiki Error Message クロスサイトスクリプティング4.34.2$0-$5k$0-$5kHighUnavailable0.002360.00CVE-2008-3483

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Etumbot

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
132.114.251.129APT12Etumbot2021年01月01日verified
259.0.249.11APT12Etumbot2021年01月01日verified
392.54.232.142APT12Etumbot2021年01月01日verified
498.188.111.244APT12Etumbot2021年01月01日verified
5XXX.XX.XXX.XXxxxxxxxx.xxxx.xxxxxxx.xx.xxXxxxxXxxxxxx2021年01月01日verified
6XXX.XX.XXX.XXXXxxxxXxxxxxx2021年01月01日verified
7XXX.XXX.X.XXXxxxxxxxxx.xxxxx.xxxx.xxXxxxx2020年12月15日verified
8XXX.XX.XX.XXXxxxxxx.xx.xxx.xxXxxxxXxxxxxx2021年01月01日verified
9XXX.XX.XXX.XXXxxxxx-xxx.xxx.xxXxxxxXxxxxxx2021年01月01日verified
10XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxxx.xxx.xxXxxxxXxxxxxx2021年01月01日verified
11XXX.XXX.XX.XXXxxx-xx-xxx-xxx.xxx.xxxxx.xxx.xxXxxxxXxxxxxx2021年01月01日verified
12XXX.X.XX.XXXxxxxXxxxxxx2021年01月01日verified
13XXX.X.XX.XXXXxxxxXxxxxxx2021年01月01日verified
14XXX.XX.XXX.XXXxxxxXxxxxxx2021年01月01日verified
15XXX.XX.XX.XXXxxxxx.xxxxx.xxx.xxXxxxxXxxxxxx2021年01月01日verified
16XXX.XX.XXX.XXXxxxxxxx.xxx.xx.xxXxxxxXxxxxxx2021年01月01日verified
17XXX.XXX.XXX.XXXXxxxxXxxxxxx2021年01月01日verified

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
2TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
3TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
4TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/wp-admin/admin-ajax.phppredictive
2Fileadclick.phppredictive
3Filexxxxxxxx/xxxx_xxxxpredictive
4Argumentxxxx_xxxxxx=xxxxpredictive
5Argumentxxpredictive
6Argumentxxxxxxxxpredictive
7Network Portxxx/xxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!