APT-C-01 Analysis

IOB - Indicator of Behavior (47)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38
de8
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us28
cn10
ru4
kr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
Apache HTTP Server6
Google Android4
Dell SupportAssist Client2
Jenkins2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.120.49183CVE-2016-6210
2PostgreSQL ALTER improper authorization4.13.9$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00890CVE-2020-1720
3PostgreSQL integer overflow5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00950CVE-2021-32027
4Oracle Application Server sql injection9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.010.01537CVE-2006-3710
5RoundCube E-Mail Message cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01108CVE-2021-46144
6Microsoft Windows TCP/IP Remote Code Execution9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.010.22240CVE-2022-34718
7Xampp Installation default permission6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.050.01086CVE-2022-29376
8NoneCms App.php input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.84378CVE-2018-20062
9Google Android Libraries access control7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01624CVE-2017-0671
10Pixelpost cross-site request forgery7.06.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.08382CVE-2010-3305
11OpenSSH Post Authentication sshd process initialize mm_newkeys_from_blob access control5.45.2$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.01232CVE-2013-4548
12PHPWind goto.php redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.01213CVE-2015-4134
13Cisco Enterprise NFV Infrastructure Software NFVIS Filesystem Command input validation6.76.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.01156CVE-2019-1894
14SmartDraw 2020 Installer SDNotify.exe privileges management6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2020-13386
15Tenda AC6/AC9/AC15/AC118 httpd saveParentControlInfo buffer overflow7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.040.01440CVE-2020-13393
16Ovidentia sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00885CVE-2019-13978
17MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.340.02800CVE-2007-0354
18Dell SupportAssist Client input validation7.16.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.02763CVE-2019-3719
19Hikvision IP Camera Web Server memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.090.01086CVE-2018-6414
20Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.25090CVE-2017-0055

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/goform/saveParentControlInfopredictiveHigh
3File/uncpath/predictiveMedium
4File2020\Messages\SDNotify.exepredictiveHigh
5Fileadmin/admin_disallow.phppredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxxxx.xxxpredictiveMedium
8Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
9Filexxxx.xxxpredictiveMedium
10Filexxxxx.xxx?xx=xxxxxxx&xxx=xxxpredictiveHigh
11FilexxxxxxxxxxpredictiveMedium
12Filexxx/xxxxxxx/xxxxxxx/xxxxxxx.xxxxpredictiveHigh
13Filexxxxxx.xxxpredictiveMedium
14Filexx-xxxxxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
15Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
16Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
17Filexx-xxxxxxxx/xxxxxxx-xxxxxxxx.xxxpredictiveHigh
18Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveHigh
19Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictiveHigh
20Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
21ArgumentxxxxxxxxpredictiveMedium
22Argumentxxxxxxxx/xxxxpredictiveHigh
23Argumentxxxxx->xxxxpredictiveMedium
24ArgumentxxxxxxpredictiveLow
25Argumentxxxx_xxxxxxxpredictiveMedium
26ArgumentxxpredictiveLow
27ArgumentxxxxxxxxpredictiveMedium
28ArgumentxxxxpredictiveLow
29ArgumentxxxxxxxxpredictiveMedium
30ArgumentxxxpredictiveLow
31ArgumentxxxxxxxxxxpredictiveMedium
32ArgumentxxxpredictiveLow
33Argumentxxxx->xxxxxxxpredictiveHigh
34Input Valuexxxx://xxxxx@xxxxxx:xxx/xxxx_xx.xxxpredictiveHigh
35Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!