APT16 Analysis

IOB - Indicator of Behavior (29)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en18
zh6
pl4
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us22
cn8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

osCommerce2
Apple Mac OS X2
ThinkPHP2
OpenVPN2
Phorum2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable1.020.02800CVE-2007-0354
3OpenVPN External Authentication Plug-in authentication bypass3.73.7$0-$5k$0-$5kNot DefinedNot Defined0.000.01108CVE-2022-0547
4XXL-JOB permission7.17.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-36157
5ThinkPHP index.php Privilege Escalation6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000.01156CVE-2021-44892
6ThinkPHP AbstractCache.php deserialization7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000.01086CVE-2022-33107
7XXL-Job add cross-site request forgery4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-29002
8Bootstrap add_product.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-26624
9Yii ActiveRecord.php findByCondition sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2018-7269
10Yii unserialize deserialization7.76.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.38460CVE-2020-15148
11Oracle MySQL Server Stored Procedure denial of service4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00950CVE-2022-21534
12osCommerce currencies.php Reflected cross site scripting3.53.2$0-$5kCalculatingProof-of-ConceptNot Defined0.010.00000
13Microsoft Windows Kernel access control8.58.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000.01909CVE-2019-0881
14Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.090.01055CVE-2009-4935
15DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.910.04187CVE-2010-0966
16DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.260.06790CVE-2007-1167
17Phorum register.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.01213CVE-2004-0035
18Expinion.net News Manager Lite comment_add.asp cross site scripting4.33.8$0-$5kCalculatingUnprovenOfficial Fix0.010.03129CVE-2004-1845
19Adult Script Pro download sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.01564CVE-2017-15959
20Apple Mac OS X File Sharing privileges management3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01055CVE-2003-0379

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
1121.127.249.74APT16verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/downloadpredictiveMedium
2File/gaia-job-admin/user/addpredictiveHigh
3File/oscommerce/admin/currencies.phppredictiveHigh
4File/xxxxxx/xxxxx/xxx_xxxxxxx.xxxpredictiveHigh
5Filexxxxxxx_xxx.xxxpredictiveHigh
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxxxxx/xx/xxxxxxxxxxxx.xxxpredictiveHigh
9Filexxx/xxxxxx.xxxpredictiveHigh
10Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxx_xxxx.xxxpredictiveMedium
13Filexxxxxxxx.xxxpredictiveMedium
14Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
15ArgumentxxxxxxxxpredictiveMedium
16ArgumentxxxxxxxpredictiveLow
17ArgumentxxxxpredictiveLow
18Argumentxxxx_xxxxxpredictiveMedium
19ArgumentxxpredictiveLow
20ArgumentxxxxpredictiveLow
21Argumentxxxx_xxxxpredictiveMedium
22ArgumentxxxxxpredictiveLow
23Argumentxxxxx[_xxxxxxxx]predictiveHigh
24Input Value%xx%xx%xxxxxxxx%xxxxxxx%xxxxxxxxxx.xxxxxx%xx%xx/xxxxxx%xx%xxxxx%xxxxxxx=%xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!