APT17 Analysisinfo

IOB - Indicator of Behavior (250)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en216
zh16
ja14
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress6
WeiPHP4
FreeBSD4
Intuitive Custom Post Order Plugin2
Postfix Admin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.02CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
3jforum username User input validation5.35.3$0-$5k$0-$5kNot definedNot defined 0.004430.05CVE-2019-7550
4ESET Server Security for Linux privileges management7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.000440.05CVE-2023-2847
5CrowdStrike Falcon Uninstallation authorization3.53.5$0-$5k$0-$5kFunctionalOfficial fix 0.012420.03CVE-2022-2841
6Postfix Admin functions.inc.php sql injection7.37.0$5k-$25k$0-$5kHighOfficial fix 0.005150.03CVE-2014-2655
7OpenSSH Login Session information exposure4.54.4$5k-$25k$0-$5kNot definedOfficial fix 0.200040.04CVE-2016-20012
8ESET Cyber Security/Endpoint Security temp file5.55.3$0-$5k$0-$5kNot definedOfficial fix 0.000430.08CVE-2024-6654
9Realink C-Arbre richtxt_functions.inc.php file inclusion9.88.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.046600.00CVE-2007-1721
10Scripter.ch Gastebuch sinagb.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptUnavailable 0.057350.00CVE-2007-1130
11lighttpd burl.c burl_normalize_2F_to_slash_fix integer overflow9.08.9$0-$5k$0-$5kNot definedOfficial fix 0.050230.00CVE-2019-11072
12WP-Members Membership Plugin Setting authorization5.35.2$0-$5k$0-$5kNot definedNot defined 0.001200.00CVE-2023-2869
13SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000940.13CVE-2024-1875
14OPNsense setJob command injection7.67.5$0-$5k$0-$5kNot definedOfficial fix 0.046080.06CVE-2023-39008
15Fortinet FortiOS/FortiProxy HA Request privileges management8.88.6$0-$5k$0-$5kNot definedOfficial fix 0.001260.00CVE-2023-44250
16jQuery Cookie Prototype cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000690.00CVE-2022-23395
17Flexera FlexNet Publisher Command lmadmin.exe unusual condition6.46.4$0-$5k$0-$5kNot definedNot defined 0.003890.03CVE-2019-8960
18ESET NOD32 Antivirus File permission7.87.6$0-$5k$0-$5kNot definedOfficial fix 0.000440.00CVE-2023-3160
19Citrix StoreFront SAML Authentication cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.005870.05CVE-2022-27503
20QNAP QTS/QuTS hero/QuTScloud os command injection9.89.6$0-$5k$0-$5kNot definedOfficial fix 0.046630.00CVE-2023-23368

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CCleaner

IOC - Indicator of Compromise (21)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (62)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/cron/settings/setJob/predictiveHigh
3File/api/DownloadUrlResponse.ashxpredictiveHigh
4File/wbg/core/_includes/authorization.inc.phppredictiveHigh
5Fileaddentry.phppredictiveMedium
6Fileburl.cpredictiveLow
7Filedata/gbconfiguration.datpredictiveHigh
8Filedetail.phppredictiveMedium
9Filexxxxxxxxx.xxx.xxxpredictiveHigh
10Filexxxxxx/xxxxxxxxxxxxpredictiveHigh
11Filexxxx.xxxpredictiveMedium
12Filexxxxxxxxx.xxxpredictiveHigh
13Filexxx/xxxxxx.xxxpredictiveHigh
14Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxxx.xxxpredictiveMedium
18Filexxx_xx_xx_xxxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
23Filexxxxxxx_xxxxxxxxx.xxx.xxxpredictiveHigh
24Filexxxx.xpredictiveLow
25Filexxxxxx.xxxpredictiveMedium
26Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxx.xxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
31Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexx-xxxxx/xxxxx.xxxpredictiveHigh
34Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveHigh
35Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
36Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
37Filexx-xxxxx.xxxpredictiveMedium
38Libraryxxxxxxxx.xxxpredictiveMedium
39Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxpredictiveLow
43ArgumentxxxxpredictiveLow
44ArgumentxxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxxxpredictiveLow
47ArgumentxxxxpredictiveLow
48ArgumentxxxxpredictiveLow
49Argumentxxxx/xxxxxxxxxxxpredictiveHigh
50ArgumentxxxxxpredictiveLow
51ArgumentxxxxxxxxxxpredictiveMedium
52Argumentxxxx_xxxxpredictiveMedium
53Argumentxxxx_xxxxxpredictiveMedium
54ArgumentxxxxxxxpredictiveLow
55Argumentxxxx_xxpredictiveLow
56ArgumentxxxpredictiveLow
57Argumentxxx_xxxxxpredictiveMedium
58Argumentx_xxxxpredictiveLow
59Argument\xxxxxx\predictiveMedium
60Argument_xxx_xxxxxxxxxxx_predictiveHigh
61Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
62Input Value/%xxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!