APT2 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (96)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en68
zh18
es10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China86
US: USA4
KR: South Korea2
FJ: Fiji2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APT26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined32
Operating System12
Database Software4
Application Server Software4
Firewall Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined30
Microsoft10
Oracle8
VMware4
Apache4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Oracle MySQL Server4
Microsoft Internet Explorer4
Nuclide2
Dream4 Koobi2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Zoho ManageEngine Applications Manager Agent.java sql injection7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002730.00CVE-2019-19650
2Cisco ASA/Firepower Threat Defense RSA Key information exposure6.26.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.001630.02CVE-2022-20866
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010759.94CVE-2006-6168
4Oracle MySQL Server Packaging information disclosure7.57.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.001150.05CVE-2023-5363
5Sun Solaris denial of service6.26.2$5k-$25k$0-$5kNot DefinedNot Defined0.000440.06CVE-2011-2259
6Spring Boot Admins Notifier env code injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003100.04CVE-2022-46166
7ASUS RT-AC51U Network Request cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000630.05CVE-2023-29772
8Zoho ManageEngine Desktop Central HTTP Redirect information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006360.04CVE-2022-23779
9Dropbear SSH dropbearconvert input validation8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009560.05CVE-2016-7407
10MediaTek MT6983 tinysys out-of-bounds write5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-20621
11Router/Firewall Routing privileges management7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.015000.05CVE-1999-0510
12Kibana Region Map cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2019-7621
13Apple Mac OS X Server Wiki Server cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002630.05CVE-2009-2814
14ajenti API privileges management7.16.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030950.14CVE-2019-25066
15Oracle MySQL Server InnoDB numeric error9.19.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.013810.05CVE-2016-9843
16Redmine Issues API permission7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001440.03CVE-2021-30164
17Google Go WASM module buffer overflow5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.005140.04CVE-2021-38297
18D-Link DIR-867/DIR-878/DIR-882 unknown vulnerability8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.002400.00CVE-2020-8863
19Ruckus Wireless C110 webs information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.006700.00CVE-2020-13918

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Putter Panda

IOC - Indicator of Compromise (42)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.170.110.163io.uu3.netAPT2Putter Panda01/01/2021verifiedLow
258.196.156.15APT2Putter Panda01/01/2021verifiedLow
359.120.168.19959-120-168-199.hinet-ip.hinet.netAPT212/20/2020verifiedLow
461.34.97.69APT212/20/2020verifiedLow
561.74.190.14APT212/20/2020verifiedLow
661.78.37.121APT212/20/2020verifiedLow
761.78.75.96APT212/20/2020verifiedLow
861.221.54.9961-221-54-99.hinet-ip.hinet.netAPT212/20/2020verifiedLow
967.42.255.50mail.provocc.orgAPT212/20/2020verifiedLow
10XXX.XX.XXX.XXXxxxxxxx.xxxxxx.xxXxxxXxxxxx Xxxxx01/01/2021verifiedLow
11XXX.XXX.XXX.XXXXxxx12/20/2020verifiedLow
12XXX.XXX.XXX.XXXxxxxxxx.xxxx.xxx.xxxxx.xxxXxxx12/20/2020verifiedVery Low
13XXX.XXX.XX.XXXxxxxxxxx.xx.xxx.xxx.xxXxxx12/20/2020verifiedLow
14XXX.XXX.XX.Xxxxxxxxxxx.xx.xxx.xxx.xxXxxx12/20/2020verifiedLow
15XXX.XXX.XX.XXXxx-xx-xxx.xx.xxxx.xxx.xxXxxx12/20/2020verifiedLow
16XXX.XXX.XXX.XXxxxxxxx.xx.xxxx.xxx.xxXxxx12/20/2020verifiedLow
17XXX.XXX.XX.XXxxxxxxxxx.xxxx.xxx.xxXxxx12/20/2020verifiedLow
18XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxx.xxxXxxx12/20/2020verifiedLow
19XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxXxxx12/20/2020verifiedLow
20XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxXxxx12/20/2020verifiedLow
21XXX.XXX.XXX.XXxxx12/20/2020verifiedLow
22XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxxxxx.xxxXxxx12/20/2020verifiedLow
23XXX.XXX.XX.XXXxxxx.xxxxxxxxx.xxxxxxx.xx.xxXxxx12/20/2020verifiedLow
24XXX.XX.XXX.XXXxxxxxxxxxx.xxxXxxx12/20/2020verifiedLow
25XXX.XXX.XXX.XXXXxxx12/20/2020verifiedLow
26XXX.XXX.XX.XXXxxx12/20/2020verifiedLow
27XXX.X.XX.XXXxxx12/20/2020verifiedLow
28XXX.X.XX.XXXxxx12/20/2020verifiedLow
29XXX.XX.XXX.XXXXxxx12/20/2020verifiedLow
30XXX.XXX.XX.XXxxxxx-xxx-xx-xx.xxxx.xxxxxx.xxxx.xxx.xxXxxx12/20/2020verifiedLow
31XXX.XX.XX.XXxxx-xx-xx-xx.xxxxx-xx.xxxxx.xxxXxxx12/20/2020verifiedLow
32XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxx12/20/2020verifiedLow
33XXX.XX.XXX.XXXxxx12/20/2020verifiedLow
34XXX.XXX.XXX.XXXxxxx.xxxxxxxxx.xxXxxx12/20/2020verifiedLow
35XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxx.xxXxxxXxxxxx Xxxxx01/01/2021verifiedVery Low
36XXX.XXX.XX.XXXxxx12/20/2020verifiedLow
37XXX.XXX.XX.XXXXxxx12/20/2020verifiedLow
38XXX.XXX.XX.XXXxxx12/20/2020verifiedLow
39XXX.XXX.XX.XXXxxx12/20/2020verifiedLow
40XXX.XXX.XX.XXXXxxx12/20/2020verifiedLow
41XXX.XXX.XXX.XXxxx12/20/2020verifiedLow
42XXX.XXX.XX.XXXXxxx12/20/2020verifiedLow

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/blog/blogcategory/add/?_to_field=id&_popup=1predictiveHigh
2File/bin/boapredictiveMedium
3File/DOWN/FIRMWAREUPDATE/ROM1predictiveHigh
4File/envpredictiveLow
5Filexxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveHigh
6Filexxxxxxxx.xxxpredictiveMedium
7Filexxxxxx-xxxxxx.xxxxpredictiveHigh
8Filexxxxxxxxxx.xxxpredictiveHigh
9Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxx/xxx/xxxxxxxxx/xxxxx.xpredictiveHigh
11Filexxxxxxxx/xxxx/xxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxx/xxxx.xxx.xxxpredictiveHigh
13Filexxxxx.xxxpredictiveMedium
14Filexxx_xxxxxxxx.xpredictiveHigh
15Filexxxxxx/xxxxx.xxxpredictiveHigh
16Filexxxx-xxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx_xxx.xxxpredictiveHigh
18Libraryxxx_xxxxx_xxxxxxxpredictiveHigh
19Libraryxxxxxxxx.xxxpredictiveMedium
20ArgumentxxxxxxxpredictiveLow
21ArgumentxxxxxxxxxxxxxpredictiveHigh
22Argumentxxxxxxx-xxxxxxpredictiveHigh
23Argumentxxx_xxxxpredictiveMedium
24ArgumentxxxxxxxxpredictiveMedium
25Argumentxxxxx_xxpredictiveMedium
26Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
27Argumentxxxx_xxxxxxpredictiveMedium
28ArgumentxxxxxxpredictiveLow
29ArgumentxxxxxxxpredictiveLow
30ArgumentxxxxxpredictiveLow
31ArgumentxxxxpredictiveLow
32ArgumentxxxxxxxxpredictiveMedium
33Patternxxxxxxx-xxxxxx|xx|predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!