APT31 Analysis

IOB - Indicator of Behavior (263)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en236
zh10
fr8
de4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us54
sg24
cn22
no20
se16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS6
Microsoft Exchange Server4
Apple Mac OS X4
PhpWebGallery4
OpenSSH4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1wp-google-maps Plugin REST API class.rest-api.php input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.45979CVE-2019-10692
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined3.030.00000CVE-2020-12440
3ZyXEL P660HN-T v1 ViewLog.asp command injection7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.060.00000
4OpenSSH ssh-agent double free5.85.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.090.01282CVE-2021-28041
5VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00954CVE-2019-13275
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
7CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.35200CVE-2019-11447
8WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01034CVE-2022-21663
9Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.060.02288CVE-2022-26923
10QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.030.27000CVE-2017-13067
11WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.220.01034CVE-2022-21664
12Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.450.25090CVE-2017-0055
13Google Android System permission7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.040.02515CVE-2017-13209
14Linux Kernel HDLC_PPP Module memory corruption6.36.3$5k-$25k$5k-$25kNot DefinedOfficial Fix0.040.01282CVE-2020-25643
15Cougar LG lg.cgi cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.060.01213CVE-2014-3926
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
17Joomla CMS File Upload media.php input validation6.36.0$5k-$25k$0-$5kHighOfficial Fix0.070.85088CVE-2013-5576
18YunoHost-Apps transmission_ynh nginx.conf path traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01018CVE-2020-36647
19Sophos Firewall User Portal/Webadmin code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.060.01156CVE-2022-3236
20PicoFlat CMS index.php path traversal9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.04187CVE-2008-6604

IOC - Indicator of Compromise (69)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.252.176.102no-rdns.mivocloud.comAPT31verifiedHigh
245.147.229.194APT31verifiedHigh
350.71.100.164S010690a7c1a10cf2.wp.shawcable.netAPT31verifiedHigh
458.96.237.98APT31verifiedHigh
558.182.61.137137.61.182.58.starhub.net.sgAPT31verifiedHigh
668.146.18.127S010690a7c1b6e041.cg.shawcable.netAPT31verifiedHigh
771.64.151.132cpe-71-64-151-132.cinci.res.rr.comAPT31verifiedHigh
873.229.137.54c-73-229-137-54.hsd1.co.comcast.netAPT31verifiedHigh
978.82.247.3778-82-247-37.customers.ownit.seAPT31verifiedHigh
1081.83.4.48d51530430.static.telenet.beAPT31verifiedHigh
1181.227.88.10881-227-88-108-no2661.tbcn.telia.comAPT31verifiedHigh
1281.232.51.16181-232-51-161-no600.tbcn.telia.comAPT31verifiedHigh
1381.234.227.6281-234-227-62-no551.tbcn.telia.comAPT31verifiedHigh
1481.236.182.19981-236-182-199-no272.tbcn.telia.comAPT31verifiedHigh
15XX.XXX.XX.XXXxxxxxxxxxxxxxx-xxx-x-xxx-xxx.xxx-xxx.xxx.xxxxxxx.xxXxxxxverifiedHigh
16XX.XXX.XX.XXXxxxxxxxxxxxxxxx.xx-xxx.xxxxxxx.xxXxxxxverifiedHigh
17XX.XX.XX.XXxx-xx-xx-xx.xxxxx.xxxxxxx.xx.xxxxx.xxXxxxxverifiedHigh
18XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxx.xxXxxxxverifiedHigh
19XX.XX.XXX.XXXxxx.xxxxxxxxxxxxxxx.xxxxxxxx.xxxXxxxxverifiedHigh
20XX.XXX.XXX.XXxxxxxxxxxx-xxxx.xx.xxxxxx.xxXxxxxverifiedHigh
21XX.XXX.XXX.XXXxxxxverifiedHigh
22XX.XXX.XX.XXXx-xxxxxxxx.xx-xx-xxxxxxxx.xxxxxx.xxxxxxx.xxXxxxxverifiedHigh
23XX.X.XXX.XXXxxxxxxxxx-xxxxxx-x-x-xxxxxxx.x-x.xxxxx.xxxxxxx.xxxXxxxxverifiedHigh
24XX.XX.XXX.XXXxxxxxxxxxx-xxxx.xx.xxxxxx.xxXxxxxverifiedHigh
25XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
26XX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
27XX.XX.XXX.XXXXxxxxverifiedHigh
28XX.XX.XXX.XXXxx.xx.xxxx.xxxxx.xxxxx.xxxXxxxxverifiedHigh
29XX.XX.XXX.XXXxx.xx.xxxx.xxxxx.xxxxx.xxxXxxxxverifiedHigh
30XX.XXX.XXX.XXxx-xxx-xxx-xx-xxxxxx.xxxx.xxxxx.xxxXxxxxverifiedHigh
31XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxxx.xxxxxxx-xxxxx-x.xxxXxxxxverifiedHigh
32XX.XXX.XXX.XXXXxxxxverifiedHigh
33XX.XXX.XXX.XXXXxxxxverifiedHigh
34XX.XX.X.XXXxxxxxxxxxx-xxxx.xx.xxxxxx.xxXxxxxverifiedHigh
35XX.XXX.XX.XXXXxxxxverifiedHigh
36XX.XX.XXX.XXXxx-xx-xxx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxxverifiedHigh
37XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xxxx.xxxxxxx.xxXxxxxverifiedHigh
38XX.XXX.XXX.XXxxxxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxx.xxx.xxxxx.xxxxxx.xxxXxxxxverifiedHigh
39XXX.XXX.XX.XXXXxxxxverifiedHigh
40XXX.XXX.XXX.XXxxxxverifiedHigh
41XXX.XXX.XXX.XXXxxxxverifiedHigh
42XXX.XX.XXX.XXXxxxx-xxx-xx-xxx-xxx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxverifiedHigh
43XXX.XX.XXX.XXxxxx-xxx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxxXxxxxverifiedHigh
44XXX.XX.XXX.XXXxxxxx-xxxxx-xxx.xxxxxx.xxxXxxxxverifiedHigh
45XXX.XX.XXX.XXXxxxxverifiedHigh
46XXX.XXX.XXX.XXXxxxxverifiedHigh
47XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xxxxxxx.xxx.xxXxxxxverifiedHigh
48XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxx.xx.xxXxxxxverifiedHigh
49XXX.XXX.XX.XXxxxx.xxxxxxxxx.xxXxxxxverifiedHigh
50XXX.XXX.XX.XXXXxxxxverifiedHigh
51XXX.XX.XXX.XXxxxx-xxxx.xxxx-xxx-xx.xxxxxxx.xxxxxxxxxxx.xxxXxxxxverifiedHigh
52XXX.XX.XX.XXXxxxxxxxxxxxxx.xxxxxx.xxxxx.xxxXxxxxverifiedHigh
53XXX.XXX.XXX.XXXXxxxxverifiedHigh
54XXX.XX.XX.XXXxxxxverifiedHigh
55XXX.XXX.XXX.XXxxxx-xxx.xxx.xx.xxx-xxxxxx.xxxxxx.xxxXxxxxverifiedHigh
56XXX.XXX.XX.XXXxxxx-xxx.xxx.xxx.xx-xxxxxx.xxxxxx.xxxXxxxxverifiedHigh
57XXX.XXX.XXX.XXXxxxx-xxx.xxx.xxx.xxx-xxxxxx.xxxxxx.xxxXxxxxverifiedHigh
58XXX.XXX.XXX.XXx-xxx-xxx-xxx-xx.xxxx.xxxx.xxxxxxx.xxXxxxxverifiedHigh
59XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxx.xxxxxxxx.xxXxxxxverifiedHigh
60XXX.XX.XX.XXxxxxx.xxxxxxxxxx.xxXxxxxverifiedHigh
61XXX.XX.XXX.XXXxxxxverifiedHigh
62XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xxxxxxxx.xxXxxxxverifiedHigh
63XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxx.xx-xxxxxxxxx.xxXxxxxverifiedHigh
64XXX.XXX.XX.XXxxxx.xx-xxx-xxx-xx.xxXxxxxverifiedHigh
65XXX.XXX.XXX.XXXxxxxxxxx.xxxxxx.xxx.xxXxxxxverifiedHigh
66XXX.XX.XXX.XXXxxxx-xx-xxx-xxx.xxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
67XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxxx.xxXxxxxverifiedHigh
68XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxxxx.xxxx.xxxxx.xxxXxxxxverifiedHigh
69XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxx.xxxxx.xxxXxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (115)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/etc/openstack-dashboard/local_settingspredictiveHigh
3File/get_getnetworkconf.cgipredictiveHigh
4File/goform/RgDhcppredictiveHigh
5File/goform/RGFirewallELpredictiveHigh
6File/horde/util/go.phppredictiveHigh
7File/rapi/read_urlpredictiveHigh
8File/uncpath/predictiveMedium
9File/usr/bin/pkexecpredictiveHigh
10File/wp-admin/admin-post.php?es_skip=1&option_namepredictiveHigh
11File/wp-content/uploads/photo-gallery/predictiveHigh
12Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
13Filebb_usage_stats.phppredictiveHigh
14Filexxxxxx/xxx.xpredictiveMedium
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxx/xxxxx.xxxxpredictiveHigh
17Filexxxxxxxxx.xxx.xxxpredictiveHigh
18Filexxxxx/xxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxx_xxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx.xpredictiveHigh
23Filexxxxxx.xxxpredictiveMedium
24Filexxxxxxx.xxxpredictiveMedium
25Filexx/xx-xx.xpredictiveMedium
26Filexxx/xxxx_xxxx.xpredictiveHigh
27Filexxxx_xxxxxx.xpredictiveHigh
28Filexxxx/xxxxxxx.xpredictiveHigh
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
31Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
34Filexxxxxxxx/xxx_xxxx_xxxx.xpredictiveHigh
35Filexxxxxxxxxx.xxxpredictiveHigh
36Filexxxx_xxxxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxxpredictiveMedium
38Filexx.xxxpredictiveLow
39Filexxxxxx.xxpredictiveMedium
40Filexxxxxx.xx.x.xpredictiveHigh
41Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexxx/xxx.xxxpredictiveMedium
43Filexxx/xxxx/xxx_xxxxxx.xpredictiveHigh
44Filexxxxxxx/xxxxxxxxxx/xxxx_xxx.xpredictiveHigh
45Filexxxx.xpredictiveLow
46Filexxxx_xxxxx.xxxpredictiveHigh
47Filexxxxxxx.xxxpredictiveMedium
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxxx.xpredictiveMedium
50Filexxxx.xxxpredictiveMedium
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxx.xxxpredictiveMedium
53Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
54Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
55Filexxxx.xxxpredictiveMedium
56Filexxxxx/xxxxx.xxxpredictiveHigh
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
59Filexx/xxxxxx/xxxxxpredictiveHigh
60Filexxxxxxx_xxxpredictiveMedium
61FilexxxxxxxxxxpredictiveMedium
62Filexxxxxxx.xxxpredictiveMedium
63Filexxxxxxx/xxxxx.xxxpredictiveHigh
64Filexx-xxxxx/xxxx.xxxpredictiveHigh
65Libraryxxx/xxxx/xxxxxx.xxxx.xxxpredictiveHigh
66Argument$()predictiveLow
67ArgumentxxxxpredictiveLow
68Argumentxxxxxx_xxxxpredictiveMedium
69ArgumentxxxxxxxxxxxxxxpredictiveHigh
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxpredictiveLow
72Argumentxxx.xxxxxx.xxxxxxxx.xxxxxxxxxxxxxxxpredictiveHigh
73ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
74Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
75Argumentxxxxxx_xxpredictiveMedium
76Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxxxxpredictiveLow
78Argumentxxxxxxx_xx/xxx/xxxxx_xx/_xxpredictiveHigh
79ArgumentxxxxpredictiveLow
80ArgumentxxpredictiveLow
81Argumentxx_xxxxxxxxpredictiveMedium
82Argumentxxxxx_xxpredictiveMedium
83Argumentxxxxxx/xxxxxxpredictiveHigh
84ArgumentxxxxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxpredictiveLow
87Argumentxxxxxx_xxxxpredictiveMedium
88ArgumentxxxxxxpredictiveLow
89Argumentxxxxx_xxxx_xxxxpredictiveHigh
90ArgumentxxxpredictiveLow
91Argumentxxx_xxxxxxxxpredictiveMedium
92Argumentxxxx_xxxxxpredictiveMedium
93ArgumentxxxxxxxxxxxpredictiveMedium
94Argumentxxxxxx_xxxxpredictiveMedium
95Argumentxxxxxx_xxxxpredictiveMedium
96Argumentxxxxxxx_xxpredictiveMedium
97Argumentxxxx_xxpredictiveLow
98ArgumentxxxxpredictiveLow
99Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
100ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
101ArgumentxxxpredictiveLow
102ArgumentxxxxpredictiveLow
103Argumentxxxx/xx/xxxx/xxxpredictiveHigh
104Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
105Input Value.%xx.../.%xx.../predictiveHigh
106Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
107Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
108Input ValuexxxxxxxxxxpredictiveMedium
109Pattern|xx|predictiveLow
110Network PortxxxxpredictiveLow
111Network Portxxxx xxxxpredictiveMedium
112Network Portxxx/xxxpredictiveLow
113Network Portxxx/xxxxpredictiveMedium
114Network Portxxx/xxxxpredictiveMedium
115Network Portxxx/xxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!