APT31 Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en18
fr3
ja1

Country

us11
fr11

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Google Android System permission7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.07CVE-2017-13209
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.80CVE-2010-0966
3Apple Mac OS X Wiki Server path traversal8.87.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2008-1000
4Siemens Automation License Manager ALM Service sql injection6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2016-8564
5DT Register Extension sql injection8.57.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.03CVE-2018-6584
6GE Intelligent Platforms Proficy Historian ActiveX Control KeyHelp.ocx os command injection9.89.8$0-$5k$0-$5kHighNot Defined0.04CVE-2012-2516
7Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
8Joomla CMS File Upload media.php input validation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.04CVE-2013-5576
9Horde Webmail Redirect go.php privileges management5.34.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.03
10Orange Livebox Service Port 8080 get_getnetworkconf.cgi credentials management8.58.3$0-$5k$0-$5kNot DefinedWorkaround0.04CVE-2018-20377
11Host Web Server phpinfo.php phpinfo information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.06
12FS Groupon Clone item_details.php sql injection8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.07CVE-2017-17575
13jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2019-7550
14Microsoft Windows UPnP memory corruption7.36.6$100k and more$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2001-0876
15PhpWebGallery comments.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2005-4228
16PhpWebGallery code injection8.87.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2008-4645
17PhpWebGallery picture.php privileges management5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.00CVE-2006-2041
18PunBB profile.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2005-1051
19Microsoft Windows SMB Processor EducatedScholar resource management7.37.0$5k-$25k$0-$5kHighOfficial Fix0.06CVE-2009-3103
20SPIP valider_xml is_dir server-side request forgery7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-7999

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (1)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1222CWE-275Permission IssuespredictiveHigh

IOA - Indicator of Attack (21)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/get_getnetworkconf.cgipredictiveHigh
2File/horde/util/go.phppredictiveHigh
3Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
4Filexxxxxxxx.xxxpredictiveMedium
5Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxxx_xxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxxxx.xxxpredictiveMedium
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
13Filexxxxxxx_xxxpredictiveMedium
14ArgumentxxxxxxxxpredictiveMedium
15ArgumentxxxpredictiveLow
16ArgumentxxpredictiveLow
17Argumentxxxxx_xxpredictiveMedium
18ArgumentxxxxpredictiveLow
19ArgumentxxxpredictiveLow
20Network Portxxx/xxxxpredictiveMedium
21Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!