APT-C-60 Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (379)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en300
de72
fr4
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA140

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APT-C-602
Ave Maria1
BumbleBee1
Feodo1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined18
Content Management System4
Forum Software4
Programming Language Software2
Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
WoltLab2
Thomas R. Pasawicz2
Microsoft2
Oracle2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Devilz Clanportal6
WoltLab Burning Book2
Thomas R. Pasawicz HyperBook Guestbook2
PHP2
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.00CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
3jforum username User input validation5.35.3$0-$5k$0-$5kNot definedNot defined 0.004430.02CVE-2019-7550
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.018020.17CVE-2007-0354
5Devilz Clanportal index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable 0.010160.04CVE-2006-3347
6DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.086880.11CVE-2007-1167
7Devilz Clanportal File Upload5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.044800.03CVE-2006-6338
8Lars Ellingsen Guestserver guestserver.cgi privileges management9.89.4$0-$5k$0-$5kNot definedOfficial fix 0.025320.00CVE-2001-0180
9YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.005210.04CVE-2004-2402
10Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.911380.48CVE-2020-15906
11jforum cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003710.02CVE-2012-5337
12Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.002970.09CVE-2005-4222
13WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable 0.009960.09CVE-2006-5509
14PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.140280.14CVE-2007-1287
15Microsoft Windows Runtime uninitialized pointer8.17.7$25k-$100k$5k-$25kAttackedOfficial fixverified0.839390.03CVE-2022-21971
16Jasper imginfo bmp_dec.c bmp_getdata null pointer dereference5.45.2$0-$5k$0-$5kNot definedOfficial fix 0.004030.06CVE-2016-8690
17Devilz Clanportal sql injection7.37.0$0-$5k$0-$5kHighOfficial fix 0.004720.02CVE-2006-6339
18ZyXEL NAS 326 Python Web Server code injection7.57.5$0-$5k$0-$5kNot definedNot defined 0.015480.00CVE-2019-10633
19ZenPhoto access control5.95.9$0-$5k$0-$5kNot definedNot defined 0.018510.00CVE-2018-0610
20Microsoft Windows Kernel-Mode Driver win32k access control7.06.9$25k-$100k$0-$5kAttackedOfficial fixverified0.479980.00CVE-2016-3309

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2024-7262 / CVE-2924-7263

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
182.221.129.104APT-C-6008/29/2024verifiedVery High
282.221.136.60APT-C-6008/29/2024verifiedVery High
3XXX.XXX.XXX.XXXXxx-x-xxXxx-xxxx-xxxx / Xxx-xxxx-xxxx08/29/2024verifiedVery High
4XXX.XXX.X.XXxxxxxxx-xx-x-xx.xxxxxxxxxx.xxxXxx-x-xx08/29/2024verifiedVery High
5XXX.XX.XXX.XXXXxx-x-xx08/29/2024verifiedVery High
6XXX.XXX.XXX.XXXxx-x-xxXxx-xxxx-xxxx / Xxx-xxxx-xxxx08/29/2024verifiedVery High
7XXX.XXX.XXX.XXXxx-x-xx08/29/2024verifiedVery High
8XXX.XXX.XX.XXxxxxxx-xxx-xxx-xx-xx.xxxxxxxxxxxx.xxxXxx-x-xx08/29/2024verifiedHigh
9XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxx.xxxXxx-x-xx08/29/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Fileaddentry.phppredictiveMedium
2Fileadmin_add.phppredictiveHigh
3Fileassets/add/registrar-accounts.phppredictiveHigh
4Filedata/gbconfiguration.datpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxxxx.xxxpredictiveHigh
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxxx/xxx/xxx_xxx.xpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
14Filexxxx-xxxxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxx.xxpredictiveLow
17Libraryxxxxxx.xxxxxxx.xxxxxxxpredictiveHigh
18LibraryxxxxxxpredictiveLow
19Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxxpredictiveLow
22ArgumentxxxxxpredictiveLow
23ArgumentxxxxpredictiveLow
24ArgumentxxpredictiveLow
25ArgumentxxxpredictiveLow
26ArgumentxxxpredictiveLow
27Argumentxxxxxxxx/xxxxxxxx xx/xxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!