APT3 Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
Campaigns (2)
These are the campaigns that can be associated with the actor:
- CVE-2015-5119
- Xxxxxx Xxx
IOC - Indicator of Compromise (11)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
ID | IP address | Hostname | Actor | Campaigns | Type | Confidence |
---|---|---|---|---|---|---|
1 | 23.99.20.198 | APT3 | verified | High | ||
2 | 54.169.89.240 | ec2-54-169-89-240.ap-southeast-1.compute.amazonaws.com | APT3 | verified | Medium | |
3 | 104.151.248.173 | 173.248-151-104.rdns.scalabledns.com | APT3 | Double Tap | verified | High |
4 | XXX.XX.XXX.XX | xxx-xxx-xx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx | Xxxx | verified | Medium | |
5 | XXX.XX.XX.XX | Xxxx | verified | High | ||
6 | XXX.XXX.X.XXX | Xxxx | Xxx-xxxx-xxxx | verified | High | |
7 | XXX.XXX.XXX.XXX | Xxxx | verified | High | ||
8 | XXX.XXX.XX.XXX | xxxxxxxxxx.xxxxxx.xxx | Xxxx | Xxxxxx Xxx | verified | High |
9 | XXX.XX.XXX.XXX | Xxxx | verified | High | ||
10 | XXX.XX.XXX.XX | xxxxxx-xx.xxxxxxxxxxxxxxxx.xxx | Xxxx | Xxxxxx Xxx | verified | High |
11 | XXX.XXX.XX.XX | Xxxx | Xxxxxx Xxx | verified | High |
TTP - Tactics, Techniques, Procedures (26)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (415)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | /+CSCOE+/logon.html | predictive | High |
2 | File | /.env | predictive | Low |
3 | File | /.ssh/authorized_keys | predictive | High |
4 | File | /admin/default.asp | predictive | High |
5 | File | /ajax/networking/get_netcfg.php | predictive | High |
6 | File | /app/options.py | predictive | High |
7 | File | /assets/ctx | predictive | Medium |
8 | File | /bin/httpd | predictive | Medium |
9 | File | /cgi-bin/wapopen | predictive | High |
10 | File | /ci_spms/admin/category | predictive | High |
11 | File | /ci_spms/admin/search/searching/ | predictive | High |
12 | File | /classes/Master.php?f=delete_appointment | predictive | High |
13 | File | /classes/Master.php?f=delete_train | predictive | High |
14 | File | /cms/print.php | predictive | High |
15 | File | /concat?/%2557EB-INF/web.xml | predictive | High |
16 | File | /Content/Template/root/reverse-shell.aspx | predictive | High |
17 | File | /ctcprotocol/Protocol | predictive | High |
18 | File | /dashboard/menu-list.php | predictive | High |
19 | File | /data/remove | predictive | Medium |
20 | File | /etc/passwd | predictive | Medium |
21 | File | /ffos/classes/Master.php?f=save_category | predictive | High |
22 | File | /forum/away.php | predictive | High |
23 | File | /goforms/rlminfo | predictive | High |
24 | File | /Items/*/RemoteImages/Download | predictive | High |
25 | File | /login | predictive | Low |
26 | File | /menu.html | predictive | Medium |
27 | File | /navigate/navigate_download.php | predictive | High |
28 | File | /ocwbs/admin/?page=user/manage_user | predictive | High |
29 | File | /ofrs/admin/?page=user/manage_user | predictive | High |
30 | File | /out.php | predictive | Medium |
31 | File | /owa/auth/logon.aspx | predictive | High |
32 | File | /password.html | predictive | High |
33 | File | /php_action/fetchSelectedUser.php | predictive | High |
34 | File | /proc/ioports | predictive | High |
35 | File | /property-list/property_view.php | predictive | High |
36 | File | /ptms/classes/Users.php | predictive | High |
37 | File | /resources//../ | predictive | High |
38 | File | /rest/api/2/search | predictive | High |
39 | File | /s/ | predictive | Low |
40 | File | /scripts/cpan_config | predictive | High |
41 | File | /secure/admin/InsightDefaultCustomFieldConfig.jspa | predictive | High |
42 | File | /services/system/setup.json | predictive | High |
43 | File | /spip.php | predictive | Medium |
44 | File | /sys/dict/queryTableData | predictive | High |
45 | File | /tmp | predictive | Low |
46 | File | /uncpath/ | predictive | Medium |
47 | File | /vloggers_merch/?p=view_product | predictive | High |
48 | File | /webconsole/APIController | predictive | High |
49 | File | /websocket/exec | predictive | High |
50 | File | /xxxx/?xxxx=xx_xxxxxxxx | predictive | High |
51 | File | /xx-xxxxx/xxxxx-xxxx.xxx | predictive | High |
52 | File | /xx-xxxx | predictive | Medium |
53 | File | /xx-xxxx/xxxxxx/x.x/xxxxx?xxx | predictive | High |
54 | File | /_xxxx | predictive | Low |
55 | File | x.xxx.xxx\xxxx\xxxxxxxx.xxx | predictive | High |
56 | File | xxxxx.xxx/xxxxx-x.x.xxx/xxxxxxx.xxx/xxxx.xxx | predictive | High |
57 | File | xxxxxxx.xxx | predictive | Medium |
58 | File | xxxxxxxx.xxx | predictive | Medium |
59 | File | xxxxx/?xxxx=xxxxxxx | predictive | High |
60 | File | xxxxx/xxxxxxxx.xxx.xxx | predictive | High |
61 | File | xxxxx/xxxx_xxxxx_xxxx.xxx | predictive | High |
62 | File | xxxxx/xx_xxxxxxxx.xxx | predictive | High |
63 | File | xxxxx/xxxx-xxxxx.xxx | predictive | High |
64 | File | xxxxx/xxxxx.xxx | predictive | High |
65 | File | xxxxx/xxxxxxxx_xxxxxxxxx.xxx | predictive | High |
66 | File | xxxxx/xxxxxxxx.xxxx | predictive | High |
67 | File | xxxxx.xxx | predictive | Medium |
68 | File | xxxx/xxxxxxx-xxxxxxx-xxxxxx.xxx | predictive | High |
69 | File | xxxx_xxxxxxx.xxx | predictive | High |
70 | File | xxx/xxx/xxxxx | predictive | High |
71 | File | xxx/xxxxxxxxxxx/xxxx/xxxxxxxx_xxxxxxxxxx.xx | predictive | High |
72 | File | xxxxxxxxxxxx/xxxxxxxxx/xxx/xxxxx.xxx | predictive | High |
73 | File | xxxxxx/xxxxxxxxx.xx | predictive | High |
74 | File | xxxxxxxx.xxx | predictive | Medium |
75 | File | xxxx.xxx_xxxxx_xxxx_xxxx-xxxx.xxx | predictive | High |
76 | File | xxxx/xxxxx | predictive | Medium |
77 | File | xxxxxxx.xx | predictive | Medium |
78 | File | xxxxxx/xxxxxx.xxx | predictive | High |
79 | File | xxxxxx.xxxx | predictive | Medium |
80 | File | xxxxxxxx.xxx | predictive | Medium |
81 | File | xxxxxx.xxx | predictive | Medium |
82 | File | xxxxx.xxx | predictive | Medium |
83 | File | x:\xxxxxxxx | predictive | Medium |
84 | File | xxxx/xxx/.../xxxxxx | predictive | High |
85 | File | xxx.xxx | predictive | Low |
86 | File | xxx-xxxx.xxx | predictive | Medium |
87 | File | xxx-xxx/xxxxxxxxx.xxx | predictive | High |
88 | File | xxx-xxx/xxxxx/xxxxx.xxx | predictive | High |
89 | File | xxxxxxxxx.xxx | predictive | High |
90 | File | xxx.xxxx | predictive | Medium |
91 | File | xx.xxxxxx.xxxx.xxxx.xxxxxxx.xxxx | predictive | High |
92 | File | xxxxxx/xxx.x | predictive | Medium |
93 | File | xxxx_xxxx.xxx | predictive | High |
94 | File | xxxxxxx.xxxxxxxx.xxx | predictive | High |
95 | File | xxxxxxx.xxx | predictive | Medium |
96 | File | xxxx/xxxxx/xxxxxxx_xxxxxx_xxxxxx.xxx | predictive | High |
97 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
98 | File | xxxxxxxxxxxxxxx.xxxx | predictive | High |
99 | File | xx.xxx | predictive | Low |
100 | File | xxxxxxxxxxxx.xxx | predictive | High |
101 | File | xxxx_xxxx.xxx | predictive | High |
102 | File | xxxxxxxxx.xxx | predictive | High |
103 | File | xxxx/xxxxxxx.xxx | predictive | High |
104 | File | xxxxxx.xxx | predictive | Medium |
105 | File | xxxxxxx/xxx/xxxxxxxx/xxx/xxxxxx/xxx.x | predictive | High |
106 | File | xxxxxxx.xxx | predictive | Medium |
107 | File | xxxxxxxx.xxx | predictive | Medium |
108 | File | xxxxx.xxx | predictive | Medium |
109 | File | xxxxxxx.xxx | predictive | Medium |
110 | File | xxxx-xxxxx.x | predictive | Medium |
111 | File | xxxx.x | predictive | Low |
112 | File | xxxx.xxx | predictive | Medium |
113 | File | xxx.xxx | predictive | Low |
114 | File | xxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
115 | File | xxxxxxxxxxxx.xxx | predictive | High |
116 | File | xxxxxxx.xxx | predictive | Medium |
117 | File | xxxxxxx.xxx | predictive | Medium |
118 | File | xxxxxx.x | predictive | Medium |
119 | File | xxxxxx_xxxx.xxx | predictive | High |
120 | File | xxxxxxxxx.xxx.xxx | predictive | High |
121 | File | xxxxxxx.xxx | predictive | Medium |
122 | File | xxxxxxxxxx.xxx | predictive | High |
123 | File | xxxxx.xxx | predictive | Medium |
124 | File | xxxxxxxxxxxxxxxxx.xxxx | predictive | High |
125 | File | xxxx.xxx | predictive | Medium |
126 | File | xxxxxxxx/xxxx_xxxx | predictive | High |
127 | File | xxxx_xxxxxxx.xxx.xxx | predictive | High |
128 | File | xxxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
129 | File | xxxxxxxxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
130 | File | xxx/xxx.x | predictive | Medium |
131 | File | xxxxxxx.x | predictive | Medium |
132 | File | xxx/xxxxxx.xxx | predictive | High |
133 | File | xxx/xxxxxxxxxxx/xxxxxxx.xxx | predictive | High |
134 | File | xxxxxxx/xxxxxxxxxx.xxx | predictive | High |
135 | File | xxxxxxx/xxxxxxxxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
136 | File | xxxxxxx\xxxxxxx\xxxxxxx_xxxxx.xxx | predictive | High |
137 | File | xxxxx.xxx | predictive | Medium |
138 | File | xxxxx.xxxx | predictive | Medium |
139 | File | xxxxx.xx | predictive | Medium |
140 | File | xxxxx.xxx | predictive | Medium |
141 | File | xxxxx_xxxxxx_xxxxxxxxxx.xxx | predictive | High |
142 | File | xxxxxxx.x | predictive | Medium |
143 | File | xxxxxxxxxx | predictive | Medium |
144 | File | xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx | predictive | High |
145 | File | xxx.x | predictive | Low |
146 | File | xxxx.xxx | predictive | Medium |
147 | File | xxx_xxxxxx_xxxxxx.xx | predictive | High |
148 | File | xx/xxxxxx.xxxxxxxxxxx.xx | predictive | High |
149 | File | xxxxxx/xxxxxx/xxxxxx-xx.x | predictive | High |
150 | File | xx.xxx | predictive | Low |
151 | File | xxxxxxxxxxx/xxxxxxxxxxxxx.x | predictive | High |
152 | File | xxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxx | predictive | High |
153 | File | xxxxxxxxx/xxxxxx.xxx.xxx | predictive | High |
154 | File | xxxx/xxxxxxxx/xxxxxx_xxxxxxxx.x | predictive | High |
155 | File | xxxxx.xxx | predictive | Medium |
156 | File | xxxxx_xxxxx.xxx | predictive | High |
157 | File | xxxxxxxx.xxx | predictive | Medium |
158 | File | xxxxxxx.xxx | predictive | Medium |
159 | File | xxxxxxx/xxxx/xxxx_xxxx.xx | predictive | High |
160 | File | xxx_xxxxx.x | predictive | Medium |
161 | File | xxx_xxxxx_xxxxx.x | predictive | High |
162 | File | xxxxxx/xxxxxx.xxx | predictive | High |
163 | File | xxxxxxxx.xx | predictive | Medium |
164 | File | xxxxx.xxx | predictive | Medium |
165 | File | xxxxxx-xxxxxx/xxxxx/xxxxxxxxx/xxxxxxx/xxx_xxxxx.xxx | predictive | High |
166 | File | xxxxxx.xxx | predictive | Medium |
167 | File | xxx_xx/xxx_xx_xxxxxx.x | predictive | High |
168 | File | xxx/xxxxxxxxx/xxx_xxxxx.x | predictive | High |
169 | File | xxxx.xxx | predictive | Medium |
170 | File | xxxx.xxxx | predictive | Medium |
171 | File | xxxx_xxxx.xxx | predictive | High |
172 | File | xxx_xx_xxx.xx | predictive | High |
173 | File | xxxxxxx.xxx | predictive | Medium |
174 | File | xxx_xxxxxx.xx | predictive | High |
175 | File | xxxxxxxxx.xxx.xxx | predictive | High |
176 | File | xxx%xx.xxx | predictive | Medium |
177 | File | xxx.xxx | predictive | Low |
178 | File | xxxxxxxx.xxx | predictive | Medium |
179 | File | xxxxxxx/xxxxxxxx/xx-xxxxxx.xxx | predictive | High |
180 | File | xxxxxxxx_xxx.xxx | predictive | High |
181 | File | xxxxxx/xxxxx_xxxxxxxx/xxxxxxx.xxxx | predictive | High |
182 | File | xxxxxxxxxxxx/xxx.xxx/xxxxx/xxxxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxx.xx | predictive | High |
183 | File | xxxxxxxxxxxx.xxx | predictive | High |
184 | File | xxxx.xxx | predictive | Medium |
185 | File | xxxxxxx.xxx | predictive | Medium |
186 | File | xxxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
187 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
188 | File | xxxxxxxx.xxx | predictive | Medium |
189 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | predictive | High |
190 | File | xxxxxxxx.xxx | predictive | Medium |
191 | File | xxxxx_xxx_xxxxxx | predictive | High |
192 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
193 | File | xxxxxxxx.xxx | predictive | Medium |
194 | File | xxxxx-xxxxxxxx-xxxxxxxxx.xxx | predictive | High |
195 | File | xxxx.xxx | predictive | Medium |
196 | File | xxxxx.xxx | predictive | Medium |
197 | File | xxxxxxxxxx.xxx | predictive | High |
198 | File | xxxxxxxx.xxx | predictive | Medium |
199 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | High |
200 | File | xxxxxx.x | predictive | Medium |
201 | File | xxx.x | predictive | Low |
202 | File | xxxxxx_xxx_xxxxxx.xxx | predictive | High |
203 | File | xxxxxxxxxxxxxxxxxxxxx.xxx | predictive | High |
204 | File | xxxxxx.xxx | predictive | Medium |
205 | File | xxxxxxxxxxxxx.xxxx | predictive | High |
206 | File | xxxx-xxxxxx.x | predictive | High |
207 | File | xxxx.xxx | predictive | Medium |
208 | File | xxxxxxxxxxxxxx.xxx | predictive | High |
209 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | High |
210 | File | xxxxxxxxxxxxxxxx.xx | predictive | High |
211 | File | xxxx.x | predictive | Low |
212 | File | xxxxxxx.xxx | predictive | Medium |
213 | File | xxx.xxx | predictive | Low |
214 | File | xxx/xxxxxxx/xxx_xxxx.x | predictive | High |
215 | File | xxx/xxxx-xxxxxxxx.x | predictive | High |
216 | File | xx_xxxx/xxxx_xxxx.x | predictive | High |
217 | File | xx_xxxx/xxxxxxxxxxxxxxxx.x | predictive | High |
218 | File | xxx_xxxxx.x | predictive | Medium |
219 | File | xxxxxxx.xxx | predictive | Medium |
220 | File | xxxxxx.xxx | predictive | Medium |
221 | File | xxxxxxxxx.xxx | predictive | High |
222 | File | xxx-xxxx.x | predictive | Medium |
223 | File | xxxxxxxxx.xxx | predictive | High |
224 | File | xxxxxx/xxxxxxx/xxxxxxxxxx.xxx | predictive | High |
225 | File | xxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxx | predictive | High |
226 | File | xxxx-xxxxxxx/xxxxx.xxx | predictive | High |
227 | File | xxxxxxx.xxx | predictive | Medium |
228 | File | xxxx-xxxxxxxx.xxx | predictive | High |
229 | File | xxxxx/xxxx_xxxxx.x | predictive | High |
230 | File | xxxxxxxxxx.xxx | predictive | High |
231 | File | xxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxx | predictive | High |
232 | File | xxx.xxx | predictive | Low |
233 | File | xxxxxxx_xxxxx.xxx | predictive | High |
234 | File | xxxxxx.xxx | predictive | Medium |
235 | File | xxxx-xxxxxxx.xxx | predictive | High |
236 | File | xxxx.xxxx | predictive | Medium |
237 | File | xxxx/xxxx.xxx | predictive | High |
238 | File | xxxx/xxxxx.xxx | predictive | High |
239 | File | xxxxx.xxx | predictive | Medium |
240 | File | xxxxx.x | predictive | Low |
241 | File | xxxx-xxxxx-xxxxxxx.xxx | predictive | High |
242 | File | xxxxxxxx.xxx | predictive | Medium |
243 | File | xxxxxxxxxxxx.xxx | predictive | High |
244 | File | xxx/xxxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
245 | File | xxxxxxx-xxxx.xxx | predictive | High |
246 | File | xx-xxxxx/xxxxxxxxx.xxx | predictive | High |
247 | File | xxxxxx.xxxx | predictive | Medium |
248 | File | \xxxxx\xxxxxxxxxx\xxxxxxxx.xxx | predictive | High |
249 | File | ~/xxxxxxxx-xxxxxxxx.xxx | predictive | High |
250 | File | ~/xxxxxxxx/xxxxx/xxxxx-xx-xxxxxx-xxxxx-xxxx-xxxx.xxx | predictive | High |
251 | File | ~/xxxxxx-xxxxx-xxxxxxx.xxx | predictive | High |
252 | Library | /xxxxxx/xxx/xxx.xx.xxx | predictive | High |
253 | Library | xxxxxx/xxx/xxxxxxx_xxxxxx_xxxx.xxx | predictive | High |
254 | Library | xxxxxx.xxx | predictive | Medium |
255 | Library | xxxxxxxxxx.xxx | predictive | High |
256 | Library | xxx/xxxxxx/xxxxxxxxx/xxx_xxxxxxx.x | predictive | High |
257 | Library | xxxxx.xxx | predictive | Medium |
258 | Library | xxxxxxxxxx.xxx | predictive | High |
259 | Library | xxxxxxx/xxxxxxxx.xxx | predictive | High |
260 | Library | xxxxxx.xxx | predictive | Medium |
261 | Library | xxx/xxx/xxx/xxxxxx/xxxxx/xxxxxxxxx.xxxxx.xxx | predictive | High |
262 | Library | xxxxx_xxx/xxxxxxx/xxxxxxxxx/ | predictive | High |
263 | Argument | --xxxxxx/--xxxxxxxx | predictive | High |
264 | Argument | ?xxxxxx | predictive | Low |
265 | Argument | xxxxxxxxxxxx | predictive | Medium |
266 | Argument | xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx: | predictive | High |
267 | Argument | xxxx | predictive | Low |
268 | Argument | xxxxx_xxxxx | predictive | Medium |
269 | Argument | xxxxx_xxxxxxxx | predictive | High |
270 | Argument | xx_xxxx_xxxx | predictive | Medium |
271 | Argument | xxxxx | predictive | Low |
272 | Argument | xxx | predictive | Low |
273 | Argument | xxxxx | predictive | Low |
274 | Argument | xxxx(xxxx_xxxx) | predictive | High |
275 | Argument | xxxxx | predictive | Low |
276 | Argument | xxxxxx_xxxx | predictive | Medium |
277 | Argument | xxxxxxxxxxxxxx | predictive | High |
278 | Argument | xxxxxxxx | predictive | Medium |
279 | Argument | xxxxx | predictive | Low |
280 | Argument | xxxxxx | predictive | Low |
281 | Argument | xxxxxxxxxx | predictive | Medium |
282 | Argument | xxxxxxxxxx_xxxx | predictive | High |
283 | Argument | xxx | predictive | Low |
284 | Argument | xxxxxxxxx | predictive | Medium |
285 | Argument | xxxxxxxx[xxxxxxx] | predictive | High |
286 | Argument | xxxxx | predictive | Low |
287 | Argument | xxxx_xxx | predictive | Medium |
288 | Argument | xxx_xx | predictive | Low |
289 | Argument | xxx | predictive | Low |
290 | Argument | xxx | predictive | Low |
291 | Argument | xxx | predictive | Low |
292 | Argument | xxxxxxx | predictive | Low |
293 | Argument | xxxxxx | predictive | Low |
294 | Argument | xxxxxxx | predictive | Low |
295 | Argument | xxxxxxx-xxxxxx | predictive | High |
296 | Argument | xxxxxxx-xxxxxxxx-xxxxxx | predictive | High |
297 | Argument | xxxxxx_xx | predictive | Medium |
298 | Argument | xxxxxxxxx | predictive | Medium |
299 | Argument | xxxxxx_xx | predictive | Medium |
300 | Argument | xxxx | predictive | Low |
301 | Argument | xxxx_xxxx | predictive | Medium |
302 | Argument | xxxx | predictive | Low |
303 | Argument | xxxx_xxxxxx=xxxx | predictive | High |
304 | Argument | xxxxx | predictive | Low |
305 | Argument | xxxxx/xxxxxxxx | predictive | High |
306 | Argument | xxxxxx | predictive | Low |
307 | Argument | xxxx | predictive | Low |
308 | Argument | xxxxxxxxxx | predictive | Medium |
309 | Argument | xxxxxxxx | predictive | Medium |
310 | Argument | xxxxxxxx | predictive | Medium |
311 | Argument | xxxxxxxxxxxxxxx | predictive | High |
312 | Argument | xxxxx | predictive | Low |
313 | Argument | xxxx | predictive | Low |
314 | Argument | xxxxxxxxxxxxx_xxxxxx | predictive | High |
315 | Argument | xxxxxx | predictive | Low |
316 | Argument | xxxxxxxx_xxxxxxx | predictive | High |
317 | Argument | xxxxxxx | predictive | Low |
318 | Argument | xxxx_xxxxx | predictive | Medium |
319 | Argument | xxxx | predictive | Low |
320 | Argument | xxxx/xxxxxx | predictive | Medium |
321 | Argument | xxxxxxxxxxxxxx | predictive | High |
322 | Argument | xxxx_xxxxxxx | predictive | Medium |
323 | Argument | xx | predictive | Low |
324 | Argument | xx/xxxxx | predictive | Medium |
325 | Argument | xxxxxxxxx | predictive | Medium |
326 | Argument | xxxxx | predictive | Low |
327 | Argument | xxxxxxxx | predictive | Medium |
328 | Argument | xxxxxxxxx | predictive | Medium |
329 | Argument | xxxxxx | predictive | Low |
330 | Argument | xxxx | predictive | Low |
331 | Argument | xxxxxxx | predictive | Low |
332 | Argument | xxxx/xxx_xxxxxxxxx | predictive | High |
333 | Argument | xxxxxxxxxx | predictive | Medium |
334 | Argument | xx-xxxxxxx | predictive | Medium |
335 | Argument | xxxx | predictive | Low |
336 | Argument | xxxxxxxx | predictive | Medium |
337 | Argument | xxx | predictive | Low |
338 | Argument | xxxxxxx | predictive | Low |
339 | Argument | xxx | predictive | Low |
340 | Argument | xxxx/xxxxxxxxxxx | predictive | High |
341 | Argument | xxx | predictive | Low |
342 | Argument | xxxxxx | predictive | Low |
343 | Argument | xxxxxxxx | predictive | Medium |
344 | Argument | xxxxxx xxxxxx | predictive | High |
345 | Argument | xxxxxx | predictive | Low |
346 | Argument | xxxxxxxxxx | predictive | Medium |
347 | Argument | xxxx | predictive | Low |
348 | Argument | xxxxxx | predictive | Low |
349 | Argument | xxxxxx | predictive | Low |
350 | Argument | xxxxxxxx/xxxxxx | predictive | High |
351 | Argument | xxxxxxxxx | predictive | Medium |
352 | Argument | xxxxxxxxxxxxxxx | predictive | High |
353 | Argument | xxxxxxxx | predictive | Medium |
354 | Argument | xxxxxxxxx | predictive | Medium |
355 | Argument | xxx_xxxxxx_xxxx | predictive | High |
356 | Argument | xxxxxxxx | predictive | Medium |
357 | Argument | xxxxx | predictive | Low |
358 | Argument | xxxxxx | predictive | Low |
359 | Argument | xxxxx-xxxxxxxxxxxxx | predictive | High |
360 | Argument | x_xxx_xxx | predictive | Medium |
361 | Argument | xxx | predictive | Low |
362 | Argument | xxxxx_xxxxxx | predictive | Medium |
363 | Argument | xxxxxxxx | predictive | Medium |
364 | Argument | xxxxxxxx | predictive | Medium |
365 | Argument | xxxxxxx | predictive | Low |
366 | Argument | xxxxxxxxxx | predictive | Medium |
367 | Argument | xxxxxxx | predictive | Low |
368 | Argument | xxxxxx_xxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxxx_xxxxxx | predictive | High |
369 | Argument | xxxxxx/xxxxxx/xxx | predictive | High |
370 | Argument | xxxxxx | predictive | Low |
371 | Argument | xxxxxx xxxx | predictive | Medium |
372 | Argument | xxxxxx_xxxxxx | predictive | High |
373 | Argument | xxxxxxxxxx | predictive | Medium |
374 | Argument | xxxxxxx_xx | predictive | Medium |
375 | Argument | xxxxxxxx[xxxx xxxxxxx][xxxxxxxxxxxxxxxxxx] | predictive | High |
376 | Argument | xxxx_xxxxx | predictive | Medium |
377 | Argument | xxxx | predictive | Low |
378 | Argument | xxxxxxx | predictive | Low |
379 | Argument | xxx | predictive | Low |
380 | Argument | xxxxxxx | predictive | Low |
381 | Argument | xxxxxxxx | predictive | Medium |
382 | Argument | xxx_xx | predictive | Low |
383 | Argument | xxxxxxxxx | predictive | Medium |
384 | Argument | x:xxxxxxxx | predictive | Medium |
385 | Argument | xxx | predictive | Low |
386 | Argument | xxx | predictive | Low |
387 | Argument | xxxxxx/xxxxxxxx/xxxx/xxx | predictive | High |
388 | Argument | xxxxx_xxxxx | predictive | Medium |
389 | Argument | xxx | predictive | Low |
390 | Argument | xxx | predictive | Low |
391 | Argument | xxxxxx | predictive | Low |
392 | Argument | xxxxxxxx | predictive | Medium |
393 | Argument | xxxxxxxx/xxxx | predictive | High |
394 | Argument | xxxxxxx_xxxx | predictive | Medium |
395 | Argument | xxxxxxxxxxxxxxxxxxxxxx | predictive | High |
396 | Argument | xxxxx | predictive | Low |
397 | Argument | xx_xxxx_xxxxxx_xxxxxxxxxx | predictive | High |
398 | Argument | xxxxxxxx | predictive | Medium |
399 | Argument | x-xxxxxxxxx-xxx | predictive | High |
400 | Argument | x-xxxxxxxxx-xxx | predictive | High |
401 | Argument | xxxxxxxxxxx[xxxxxxxx] | predictive | High |
402 | Argument | __xxxxxxxxxxxxx | predictive | High |
403 | Input Value | "><xxxxxx>xxxxx("xxx")</xxxxxx> | predictive | High |
404 | Input Value | '"><xxxxxx>xxxxx(/xxx/)</xxxxxx> | predictive | High |
405 | Input Value | ../ | predictive | Low |
406 | Input Value | ../.. | predictive | Low |
407 | Input Value | /.. | predictive | Low |
408 | Input Value | xxx' xxx xxxxx(x) xxx 'xxxx'='xxxx | predictive | High |
409 | Input Value | ?<!xxxxxx? | predictive | Medium |
410 | Input Value | x=x | predictive | Low |
411 | Pattern | |xx xx xx| | predictive | Medium |
412 | Network Port | xxxxx | predictive | Low |
413 | Network Port | xxx/xxxx | predictive | Medium |
414 | Network Port | xxx/xxx (xxx) | predictive | High |
415 | Network Port | xxx xxxxxx xxxx | predictive | High |
References (9)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/fireeye/iocs/blob/master/APT3/62f65dae-9475-44b0-a9eb-c1baebbd9885.ioc
- https://github.com/fireeye/iocs/blob/master/APT3/db0b6ac6-874a-498e-892b-ac7c2020e061.ioc
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/APT3
- https://www.fireeye.com/blog/threat-research/2014/11/operation_doubletap.html
- https://www.fireeye.com/blog/threat-research/2015/07/demonstrating_hustle.html
- https://www.recordedfuture.com/chinese-mss-behind-apt3/
- https://www.threatminer.org/report.php?q=APTGroupUPSTargetsUSGovernmentwithHackingTeamFlashExploit-PaloAltoNetworksBlogPaloAltoNetworksBlog.pdf&y=2015
- https://www.threatminer.org/report.php?q=OperationDoubleTap.pdf&y=2014
- https://www.threatminer.org/report.php?q=SecondAdobeFlashZero-DayCVE-2015-5122fromHackingTeamExploitedinStrategicWebCompromiseTargetingJapaneseVictims%C2%ABThreatResearchBlog_FireEyeInc.pdf&y=2015