APT2 Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (102)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en72
zh18
es10
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China92
FJ: Fiji6
US: USA2
KR: South Korea2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APT24
United States of America1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
Operating System10
Web Browser8
Router Operating System8
Firewall Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
Cisco6
Apple6
Microsoft6
Mozilla4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox4
Cisco IOS XE4
Microsoft Internet Explorer4
SuperEnergy2
Cisco Firepower System Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Zoho ManageEngine Applications Manager Agent.java sql injection7.57.2$1k-$2k$0-$1kNot definedOfficial fix 0.073940.04CVE-2019-19650
2Cisco ASA/Firepower Threat Defense RSA Key information exposure6.26.2$10k-$25k$0-$1kNot definedOfficial fix 0.238520.00CVE-2022-20866
3TikiWiki tiki-register.php input validation7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial fix 0.042770.50CVE-2006-6168
4Wireshark unxorFrame input validation5.35.1$2k-$5k$0-$1kNot definedOfficial fix 0.014400.06CVE-2011-3484
5DokuWiki code injection9.88.8$2k-$5k$0-$1kProof-of-ConceptOfficial fix 0.307020.05CVE-2009-1960
6Grafana/Grafana Enterprise Email authorization5.05.0$2k-$5k$0-$1kNot definedOfficial fix 0.002290.06CVE-2023-6152
7Fortinet FortiOS FortiClient SSL_VPN Linux access control7.87.8$2k-$5k$0-$1kNot definedNot defined 0.000000.00CVE-2016-8497
8Xpdf DCT Stream uninitialized resource6.26.2$0-$1k$0-$1kNot definedNot defined 0.000340.00CVE-2024-7868
9Panabit Panalog sprog_upstatus.php sql injection8.18.0$2k-$5k$0-$1kProof-of-ConceptNot defined 0.001440.02CVE-2024-2014
10Oracle MySQL Server Packaging information disclosure7.57.3$5k-$10k$0-$1kNot definedOfficial fix 0.020520.02CVE-2023-5363
11Sun Solaris denial of service6.26.2$2k-$5k$0-$1kNot definedNot defined 0.000490.03CVE-2011-2259
12Spring Boot Admins Notifier env code injection7.57.4$1k-$2k$0-$1kNot definedOfficial fixpossible0.381350.00CVE-2022-46166
13ASUS RT-AC51U Network Request cross site scripting4.64.6$0-$1k$0-$1kNot definedNot defined 0.025620.00CVE-2023-29772
14Zoho ManageEngine Desktop Central HTTP Redirect information disclosure3.53.4$0-$1k$0-$1kNot definedOfficial fixpossible0.711550.08CVE-2022-23779
15Dropbear SSH dropbearconvert input validation8.07.7$2k-$5k$0-$1kNot definedOfficial fix 0.015250.08CVE-2016-7407
16MediaTek MT6983 tinysys out-of-bounds write5.45.3$0-$1k$0-$1kNot definedOfficial fix 0.000110.00CVE-2023-20621
17Router/Firewall Routing privileges management7.37.1$2k-$5k$0-$1kNot definedWorkaround 0.004890.05CVE-1999-0510
18Kibana Region Map cross site scripting4.44.4$1k-$2k$0-$1kNot definedOfficial fix 0.003490.02CVE-2019-7621
19Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$10k$0-$1kNot definedNot defined 0.004990.10CVE-2009-2814

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Putter Panda

IOC - Indicator of Compromise (42)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.170.110.163io.uu3.netAPT2Putter Panda01/01/2021verifiedLow
258.196.156.15APT2Putter Panda01/01/2021verifiedLow
359.120.168.19959-120-168-199.hinet-ip.hinet.netAPT212/20/2020verifiedLow
461.34.97.69APT212/20/2020verifiedLow
561.74.190.14APT212/20/2020verifiedLow
661.78.37.121APT212/20/2020verifiedLow
761.78.75.96APT212/20/2020verifiedLow
861.221.54.9961-221-54-99.hinet-ip.hinet.netAPT212/20/2020verifiedLow
967.42.255.50mail.provocc.orgAPT212/20/2020verifiedLow
10XXX.XX.XXX.XXXxxxxxxx.xxxxxx.xxXxxxXxxxxx Xxxxx01/01/2021verifiedLow
11XXX.XXX.XXX.XXXXxxx12/20/2020verifiedLow
12XXX.XXX.XXX.XXXxxxxxxx.xxxx.xxx.xxxxx.xxxXxxx12/20/2020verifiedVery Low
13XXX.XXX.XX.XXXxxxxxxxx.xx.xxx.xxx.xxXxxx12/20/2020verifiedLow
14XXX.XXX.XX.Xxxxxxxxxxx.xx.xxx.xxx.xxXxxx12/20/2020verifiedLow
15XXX.XXX.XX.XXXxx-xx-xxx.xx.xxxx.xxx.xxXxxx12/20/2020verifiedVery Low
16XXX.XXX.XXX.XXxxxxxxx.xx.xxxx.xxx.xxXxxx12/20/2020verifiedVery Low
17XXX.XXX.XX.XXxxxxxxxxx.xxxx.xxx.xxXxxx12/20/2020verifiedVery Low
18XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxx.xxxXxxx12/20/2020verifiedLow
19XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxXxxx12/20/2020verifiedVery Low
20XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxXxxx12/20/2020verifiedVery Low
21XXX.XXX.XXX.XXxxx12/20/2020verifiedLow
22XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxxxxx.xxxXxxx12/20/2020verifiedLow
23XXX.XXX.XX.XXXxxxx.xxxxxxxxx.xxxxxxx.xx.xxXxxx12/20/2020verifiedLow
24XXX.XX.XXX.XXXxxxxxxxxxx.xxxXxxx12/20/2020verifiedLow
25XXX.XXX.XXX.XXXXxxx12/20/2020verifiedLow
26XXX.XXX.XX.XXXxxx12/20/2020verifiedLow
27XXX.X.XX.XXXxxx12/20/2020verifiedLow
28XXX.X.XX.XXXxxx12/20/2020verifiedLow
29XXX.XX.XXX.XXXXxxx12/20/2020verifiedLow
30XXX.XXX.XX.XXxxxxx-xxx-xx-xx.xxxx.xxxxxx.xxxx.xxx.xxXxxx12/20/2020verifiedLow
31XXX.XX.XX.XXxxx-xx-xx-xx.xxxxx-xx.xxxxx.xxxXxxx12/20/2020verifiedLow
32XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxx12/20/2020verifiedLow
33XXX.XX.XXX.XXXxxx12/20/2020verifiedLow
34XXX.XXX.XXX.XXXxxxx.xxxxxxxxx.xxXxxx12/20/2020verifiedLow
35XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxx.xxXxxxXxxxxx Xxxxx01/01/2021verifiedVery Low
36XXX.XXX.XX.XXXxxx12/20/2020verifiedLow
37XXX.XXX.XX.XXXXxxx12/20/2020verifiedLow
38XXX.XXX.XX.XXXxxx12/20/2020verifiedLow
39XXX.XXX.XX.XXXxxx12/20/2020verifiedLow
40XXX.XXX.XX.XXXXxxx12/20/2020verifiedLow
41XXX.XXX.XXX.XXxxx12/20/2020verifiedLow
42XXX.XXX.XX.XXXXxxx12/20/2020verifiedLow

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/blog/blogcategory/add/?_to_field=id&_popup=1predictiveHigh
2File/bin/boapredictiveMedium
3File/DOWN/FIRMWAREUPDATE/ROM1predictiveHigh
4File/envpredictiveLow
5File/Maintain/sprog_upstatus.phppredictiveHigh
6Filexxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
7Filexxxxxxxx.xxxpredictiveMedium
8Filexxxxxx-xxxxxx.xxxxpredictiveHigh
9Filexxxxxxxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxx/xxx/xxxxxxxxx/xxxxx.xpredictiveHigh
12Filexxxxxxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxx/xxxx.xxx.xxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxx_xxxxxxxx.xpredictiveHigh
16Filexxxxxx/xxxxx.xxxpredictiveHigh
17Filexxxx-xxxxxxxx.xxxpredictiveHigh
18Filexxxxxxx_xxx.xxxpredictiveHigh
19Libraryxxx_xxxxx_xxxxxxxpredictiveHigh
20Libraryxxxxxxxx.xxxpredictiveMedium
21ArgumentxxxxxxxpredictiveLow
22ArgumentxxxxxxxxxxxxxpredictiveHigh
23Argumentxxxxxx_xxxxxxx[xxxx][xxxxxxx][]predictiveHigh
24Argumentxxxxxxx-xxxxxxpredictiveHigh
25Argumentxxx_xxxxpredictiveMedium
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxpredictiveLow
28Argumentxxxxx_xxpredictiveMedium
29Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
30Argumentxxxx_xxxxxxpredictiveMedium
31ArgumentxxxxxxpredictiveLow
32ArgumentxxxxxxxpredictiveLow
33ArgumentxxxxxpredictiveLow
34ArgumentxxxxpredictiveLow
35ArgumentxxxxxxxxpredictiveMedium
36Patternxxxxxxx-xxxxxx|xx|predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!