APT1 Analysis

IOB - Indicator of Behavior (60)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en44
zh6
ko4
de2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us26
cn24
gb4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Palo Alto PAN-OS4
Juniper IVE OS4
OAID Tengine2
thttpd2
Hikvision iVMS-42002

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Sangfor Sundray WLAN Controller SSH Service hard-coded credentials9.89.6$0-$5k$0-$5kNot DefinedWorkaround0.050.01055CVE-2019-9160
2ZZZCMS zzzphp File Upload unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2019-16720
3Cisco RV340/RV340W/RV345/RV345P SSL VPN input validation8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01156CVE-2020-3357
4Microsoft Internet Explorer Scripting Engine JScript.dll memory corruption7.16.8$25k-$100k$5k-$25kHighOfficial Fix0.020.13370CVE-2018-8653
5thttpd WebService information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00000
6Cisco Identity Services Engine REST API privileges assignment7.87.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01055CVE-2021-1594
7DPTech VPN information disclosure3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-34593
8Linux Kernel API io_uring Privilege Escalation8.88.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00000CVE-2022-2602
9MicroWorld Technologies eScan Agent Application MWAGENT.EXE access control8.58.3$0-$5k$0-$5kNot DefinedWorkaround0.010.00885CVE-2018-18388
10LibVNC out-of-bounds write8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.09801CVE-2018-20019
11Apple Safari WebKit out-of-bounds write7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.040.02806CVE-2022-32893
12Yandex Browser Remote Code Execution6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000.01055CVE-2020-27969
13urllib3 Authority incorrect regex3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01108CVE-2021-33503
14aaugustin Websockets HTTP Basic Authentication timing discrepancy3.13.0$0-$5kCalculatingNot DefinedOfficial Fix0.000.00954CVE-2021-33880
15Oracle Communications Cloud Native Core Policy information disclosure5.95.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2021-33880
16Google Fuchsia Zircon Kernel Address information disclosure4.24.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2022-0882
17PHP pdo_mysql buffer overflow7.57.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.64535CVE-2022-31626
18OAID Tengine Serializer Module buffer overflow5.55.1$0-$5k$0-$5kUnprovenNot Defined0.030.00885CVE-2020-28759
19Apache Tomcat JNDI Realm improper authentication5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.090.03032CVE-2021-30640
20OFCMS uploadFile unrestricted upload7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.050.01156CVE-2019-9617

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (75)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.236.62.147147.62.236.23.bc.googleusercontent.comAPT1verifiedMedium
227.102.112.179APT1OceansaltverifiedHigh
358.246.0.0APT1MandiantverifiedHigh
458.247.0.0APT1MandiantverifiedHigh
567.222.16.131host.dnsweb.orgAPT1verifiedHigh
6100.42.216.230tfs2480.sipnav.inAPT1verifiedHigh
7101.80.0.0APT1MandiantverifiedHigh
8101.81.0.0APT1MandiantverifiedHigh
9101.82.0.0APT1MandiantverifiedHigh
10101.83.0.0APT1MandiantverifiedHigh
11101.84.0.0APT1MandiantverifiedHigh
12101.85.0.0APT1MandiantverifiedHigh
13101.86.0.0APT1MandiantverifiedHigh
14101.87.0.0APT1MandiantverifiedHigh
15101.88.0.0APT1MandiantverifiedHigh
16XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
17XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
18XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
19XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
20XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
21XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
22XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
23XXX.XX.XXX.XXXXxxxverifiedHigh
24XXX.XX.XX.XXXxxxverifiedHigh
25XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
26XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
27XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
28XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
29XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
30XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
31XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
32XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
33XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
34XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
35XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
36XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
37XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
38XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
39XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
40XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
41XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
42XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
43XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
44XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
45XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
46XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
47XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
48XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
49XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
50XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
51XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
52XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
53XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
54XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
55XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
56XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
57XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
58XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
59XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
60XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
61XXX.XX.XXX.XXxxxx.xx-xxx-xx-xxx.xxxXxxxXxxxxxxxxverifiedHigh
62XXX.XX.XXX.XXxx-xxx-xx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxxXxxxxxxxxverifiedHigh
63XXX.XXX.XXX.XXXXxxxXxxxxxxxxverifiedHigh
64XXX.XX.X.Xx.x.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxXxxxxxxxverifiedHigh
65XXX.XX.X.Xx.x.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxXxxxxxxxverifiedHigh
66XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
67XXX.XX.X.Xx.x.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxXxxxxxxxverifiedHigh
68XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
69XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
70XXX.XX.X.Xx.x.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxXxxxxxxxverifiedHigh
71XXX.XX.X.Xx.x.xx.xxx.xxxxx.xx.xx.xxxxxxx.xxxxxxx.xxx.xxXxxxXxxxxxxxverifiedHigh
72XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
73XXX.XX.X.XXxxxXxxxxxxxverifiedHigh
74XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh
75XXX.XXX.X.XXxxxXxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/public/plugins/predictiveHigh
2File/systemrw/predictiveMedium
3Fileadm/boardgroup_form_update.phppredictiveHigh
4Fileadmin/ueditor/uploadFilepredictiveHigh
5Filexxxxx_xx.xxxxpredictiveHigh
6Filexxx_xxxxx_xxx.xxxpredictiveHigh
7Filexxxxxxx.xxxpredictiveMedium
8Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
9Filexxxx/xxxxxx.xxxpredictiveHigh
10Filexxx.xpredictiveLow
11Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
12Filexx-xxxxxxxx/xxxxx.xxxpredictiveHigh
13Library/xxx/xxx/xxx/xxxx/xxxxxxxxxx/xxxxx/xxxxxxxxxx.xxxpredictiveHigh
14Libraryxxxxxxx.xxxpredictiveMedium
15Argumentxxxxx_xxpredictiveMedium
16ArgumentxxxxxxxxxxxpredictiveMedium
17Argumentxx_x~xxpredictiveLow
18ArgumentxxxxxpredictiveLow
19Argumentxxxxx_xxxxpredictiveMedium
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxxpredictiveMedium
22ArgumentxxxxpredictiveLow
23Input Valuexxxx.xxx::$xxxxpredictiveHigh
24Network Portxxx/xxxxpredictiveMedium
25Network Portxxx/xxxxxpredictiveMedium

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!