APT31 Analysis

IOB - Indicator of Behavior (346)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en308
zh12
fr10
sv8
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us88
cn62
no24
se22
sg22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Linux Kernel6
Microsoft Exchange Server6
Microsoft IIS6
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1wp-google-maps Plugin REST API class.rest-api.php input validation8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.97373CVE-2019-10692
2Atmail Remote Code Execution9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00251CVE-2013-5033
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.020.00241CVE-2020-12440
4Palo Alto PAN-OS GlobalProtect Clientless VPN buffer overflow8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00112CVE-2021-3056
5ZyXEL P660HN-T v1 ViewLog.asp command injection7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.080.00000
6Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.00548CVE-2017-0055
7WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00467CVE-2022-21664
8OpenSSH ssh-agent double free5.85.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.040.00184CVE-2021-28041
9VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00250CVE-2019-13275
10DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.380.00943CVE-2010-0966
11Linksys WRT54GL Web Management Interface SysInfo1.htm information disclosure4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.110.00046CVE-2024-1406
12Teclib GLPI unlock_tasks.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.080.12149CVE-2019-10232
13Sophos Firewall User Portal/Webadmin improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.080.97434CVE-2022-1040
14CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.02086CVE-2019-11447
15WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.080.00432CVE-2022-21663
16Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.040.07920CVE-2022-26923
17QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.030.01575CVE-2017-13067
18Google Android System permission7.06.3$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.070.00306CVE-2017-13209
19Linux Kernel HDLC_PPP Module memory corruption6.36.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00084CVE-2020-25643
20Cougar LG lg.cgi cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.040.00327CVE-2014-3926

IOC - Indicator of Compromise (70)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.252.176.102no-rdns.mivocloud.comAPT3111/28/2022verifiedHigh
220.11.11.67APT3102/19/2024verifiedHigh
345.147.229.194APT3111/28/2022verifiedHigh
450.71.100.164S010690a7c1a10cf2.wp.shawcable.netAPT3111/28/2022verifiedHigh
558.96.237.98APT3111/28/2022verifiedHigh
658.182.61.137137.61.182.58.starhub.net.sgAPT3111/28/2022verifiedHigh
768.146.18.127S010690a7c1b6e041.cg.shawcable.netAPT3111/28/2022verifiedHigh
871.64.151.132cpe-71-64-151-132.cinci.res.rr.comAPT3111/28/2022verifiedHigh
973.229.137.54c-73-229-137-54.hsd1.co.comcast.netAPT3111/28/2022verifiedHigh
1078.82.247.3778-82-247-37.customers.ownit.seAPT3111/28/2022verifiedHigh
1181.83.4.48d51530430.static.telenet.beAPT3111/28/2022verifiedHigh
1281.227.88.10881-227-88-108-no2661.tbcn.telia.comAPT3111/28/2022verifiedHigh
1381.232.51.16181-232-51-161-no600.tbcn.telia.comAPT3111/28/2022verifiedHigh
1481.234.227.6281-234-227-62-no551.tbcn.telia.comAPT3111/28/2022verifiedHigh
15XX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxxxx.xxxx.xxxxx.xxxXxxxx11/28/2022verifiedHigh
16XX.XXX.XX.XXXxxxxxxxxxxxxxx-xxx-x-xxx-xxx.xxx-xxx.xxx.xxxxxxx.xxXxxxx11/28/2022verifiedHigh
17XX.XXX.XX.XXXxxxxxxxxxxxxxxx.xx-xxx.xxxxxxx.xxXxxxx11/28/2022verifiedHigh
18XX.XX.XX.XXxx-xx-xx-xx.xxxxx.xxxxxxx.xx.xxxxx.xxXxxxx11/28/2022verifiedHigh
19XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxx.xxxxx.xxXxxxx11/28/2022verifiedHigh
20XX.XX.XXX.XXXxxx.xxxxxxxxxxxxxxx.xxxxxxxx.xxxXxxxx11/28/2022verifiedHigh
21XX.XXX.XXX.XXxxxxxxxxxx-xxxx.xx.xxxxxx.xxXxxxx11/28/2022verifiedHigh
22XX.XXX.XXX.XXXxxxx11/28/2022verifiedHigh
23XX.XXX.XX.XXXx-xxxxxxxx.xx-xx-xxxxxxxx.xxxxxx.xxxxxxx.xxXxxxx11/28/2022verifiedHigh
24XX.X.XXX.XXXxxxxxxxxx-xxxxxx-x-x-xxxxxxx.x-x.xxxxx.xxxxxxx.xxxXxxxx11/28/2022verifiedHigh
25XX.XX.XXX.XXXxxxxxxxxxx-xxxx.xx.xxxxxx.xxXxxxx11/28/2022verifiedHigh
26XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxx.xxxxxxxxx.xxxXxxxx11/28/2022verifiedHigh
27XX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxx.xxxxxxxxx.xxxXxxxx11/28/2022verifiedHigh
28XX.XX.XXX.XXXXxxxx11/28/2022verifiedHigh
29XX.XX.XXX.XXXxx.xx.xxxx.xxxxx.xxxxx.xxxXxxxx11/28/2022verifiedHigh
30XX.XX.XXX.XXXxx.xx.xxxx.xxxxx.xxxxx.xxxXxxxx11/28/2022verifiedHigh
31XX.XXX.XXX.XXxx-xxx-xxx-xx-xxxxxx.xxxx.xxxxx.xxxXxxxx11/28/2022verifiedHigh
32XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxxx.xxxxxxx-xxxxx-x.xxxXxxxx11/28/2022verifiedHigh
33XX.XXX.XXX.XXXXxxxx11/28/2022verifiedHigh
34XX.XXX.XXX.XXXXxxxx11/28/2022verifiedHigh
35XX.XX.X.XXXxxxxxxxxxx-xxxx.xx.xxxxxx.xxXxxxx11/28/2022verifiedHigh
36XX.XXX.XX.XXXXxxxx11/28/2022verifiedHigh
37XX.XX.XXX.XXXxx-xx-xxx-xxx-xxxxxx.xxx.xxxxxxxxxxxxxxx.xxxXxxxx11/28/2022verifiedHigh
38XX.XXX.XXX.XXXx-xx-xxx-xxx-xxx.xxxx.xxxx.xxxxxxx.xxXxxxx11/28/2022verifiedHigh
39XX.XXX.XXX.XXxxxxxxxxxxxxxxx-xxxxxxxxxxxxxx.xxx.xxx.xxxxx.xxxxxx.xxxXxxxx11/28/2022verifiedHigh
40XXX.XXX.XX.XXXXxxxx08/26/2021verifiedHigh
41XXX.XXX.XXX.XXxxxx08/26/2021verifiedHigh
42XXX.XXX.XXX.XXXxxxx08/26/2021verifiedHigh
43XXX.XX.XXX.XXXxxxx-xxx-xx-xxx-xxx.xxxxxx.xxxx.xxxxxxx.xxxXxxxx11/28/2022verifiedHigh
44XXX.XX.XXX.XXxxxx-xxx-xx-xxx-xx.xxxxxx.xxxx.xxxxxxx.xxxXxxxx11/28/2022verifiedHigh
45XXX.XX.XXX.XXXxxxxx-xxxxx-xxx.xxxxxx.xxxXxxxx08/26/2021verifiedHigh
46XXX.XX.XXX.XXXxxxx08/26/2021verifiedHigh
47XXX.XXX.XXX.XXXxxxx08/26/2021verifiedHigh
48XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xxxxxxx.xxx.xxXxxxx11/28/2022verifiedHigh
49XXX.XXX.XXX.XXxxxxxx-xxx-xxx-xxx-xx.xxxxxx.xx.xxXxxxx08/26/2021verifiedHigh
50XXX.XXX.XX.XXxxxx.xxxxxxxxx.xxXxxxx08/26/2021verifiedHigh
51XXX.XXX.XX.XXXXxxxx08/26/2021verifiedHigh
52XXX.XX.XXX.XXxxxx-xxxx.xxxx-xxx-xx.xxxxxxx.xxxxxxxxxxx.xxxXxxxx08/26/2021verifiedHigh
53XXX.XX.XX.XXXxxxxxxxxxxxxx.xxxxxx.xxxxx.xxxXxxxx08/26/2021verifiedHigh
54XXX.XXX.XXX.XXXXxxxx08/26/2021verifiedHigh
55XXX.XX.XX.XXXxxxx08/26/2021verifiedHigh
56XXX.XXX.XXX.XXxxxx-xxx.xxx.xx.xxx-xxxxxx.xxxxxx.xxxXxxxx08/26/2021verifiedHigh
57XXX.XXX.XX.XXXxxxx-xxx.xxx.xxx.xx-xxxxxx.xxxxxx.xxxXxxxx08/26/2021verifiedHigh
58XXX.XXX.XXX.XXXxxxx-xxx.xxx.xxx.xxx-xxxxxx.xxxxxx.xxxXxxxx08/26/2021verifiedHigh
59XXX.XXX.XXX.XXx-xxx-xxx-xxx-xx.xxxx.xxxx.xxxxxxx.xxXxxxx11/28/2022verifiedHigh
60XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxx.xxxxxxxx.xxXxxxx11/28/2022verifiedHigh
61XXX.XX.XX.XXxxxxx.xxxxxxxxxx.xxXxxxx11/28/2022verifiedHigh
62XXX.XX.XXX.XXXxxxx11/28/2022verifiedHigh
63XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xxxxxxxx.xxXxxxx11/28/2022verifiedHigh
64XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxx.xx-xxxxxxxxx.xxXxxxx11/28/2022verifiedHigh
65XXX.XXX.XX.XXxxxx.xx-xxx-xxx-xx.xxXxxxx11/28/2022verifiedHigh
66XXX.XXX.XXX.XXXxxxxxxxx.xxxxxx.xxx.xxXxxxx11/28/2022verifiedHigh
67XXX.XX.XXX.XXXxxxx-xx-xxx-xxx.xxxx.xxxxxxxxx.xxxXxxxx11/28/2022verifiedHigh
68XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxxx.xxXxxxx11/28/2022verifiedHigh
69XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxxxx.xxxx.xxxxx.xxxXxxxx11/28/2022verifiedHigh
70XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxx.xxxxx.xxxXxxxx11/28/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (145)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/api/RecordingList/DownloadRecord?file=predictiveHigh
3File/apply.cgipredictiveMedium
4File/etc/openstack-dashboard/local_settingspredictiveHigh
5File/get_getnetworkconf.cgipredictiveHigh
6File/goform/RgDhcppredictiveHigh
7File/goform/RGFirewallELpredictiveHigh
8File/horde/util/go.phppredictiveHigh
9File/php/ping.phppredictiveHigh
10File/rapi/read_urlpredictiveHigh
11File/scripts/unlock_tasks.phppredictiveHigh
12File/SysInfo1.htmpredictiveHigh
13File/sysinfo_json.cgipredictiveHigh
14File/system/user/modules/mod_users/controller.phppredictiveHigh
15File/uncpath/predictiveMedium
16File/usr/bin/pkexecpredictiveHigh
17File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
18File/xx-xxxxxxx/xxxxxxx/xxxxx-xxxxxxx/predictiveHigh
19Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
20Filexxxxxxx/xxxx.xxxpredictiveHigh
21Filexxxx/xxx/xxx/xxx/xxxxxx.xpredictiveHigh
22Filexx_xxxxx_xxxxx.xxxpredictiveHigh
23Filexxxxxx/xxx.xpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxx/xxxxx.xxxxpredictiveHigh
26Filexxxxxxxxx.xxx.xxxpredictiveHigh
27Filexxxxx/xxxxx.xxxpredictiveHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxx_xxxxx.xxxpredictiveHigh
30Filexxxxx.xxxpredictiveMedium
31Filexxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx.xpredictiveHigh
32Filexxxxxx.xxxpredictiveMedium
33Filexxxxxxx.xxxpredictiveMedium
34Filexx/xx-xx.xpredictiveMedium
35Filexxx/xxxx_xxxx.xpredictiveHigh
36Filexxxxxx/xxxxxxxxxxxpredictiveHigh
37Filexxxx_xxxxxx.xpredictiveHigh
38Filexxxx/xxxxxxx.xpredictiveHigh
39Filexxx/xxxxxx.xxxpredictiveHigh
40Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictiveHigh
42Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
43Filexxxxx.xxxpredictiveMedium
44Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
45Filexxxxxxxx/xxx_xxxx_xxxx.xpredictiveHigh
46Filexxxxxxxxxx.xxxpredictiveHigh
47Filexxxx_xxxxxxx.xxxpredictiveHigh
48Filexxxxxxx.xxxpredictiveMedium
49Filexx.xxxpredictiveLow
50Filexxxxxx.xxpredictiveMedium
51Filexxxxxx.xx.x.xpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxx/xxx.xxxpredictiveMedium
55Filexxx/xxxx/xxx_xxxxxx.xpredictiveHigh
56Filexxxxxxx/xxxxxxxxxx/xxxx_xxx.xpredictiveHigh
57Filexxxx.xpredictiveLow
58Filexxxx_xxxxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxxxx.xxxpredictiveMedium
61Filexxxxxx.xpredictiveMedium
62Filexxxx.xxxpredictiveMedium
63Filexxxxxxx.xxxpredictiveMedium
64Filexxxxx.xxxpredictiveMedium
65Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
66Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
67Filexxxxxxxx.xxxpredictiveMedium
68Filexxxx.xxxpredictiveMedium
69Filexxxxx/xxxxx.xxxpredictiveHigh
70Filexxxxxxxx.xxxpredictiveMedium
71Filexxxxxxxxx.xxxpredictiveHigh
72Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
73Filexx/xxxxxx/xxxxxpredictiveHigh
74Filexxxxxxx_xxxpredictiveMedium
75FilexxxxxxxxxxpredictiveMedium
76Filexxxxxxx.xxxpredictiveMedium
77Filexxxxxxx/xxxxx.xxxpredictiveHigh
78Filexx-xxxxx/xxxx.xxxpredictiveHigh
79File~/xxxxx/xxxxxx/xxxxx-xxxxxxxxx-xxxxx.xxxpredictiveHigh
80Libraryxxx/xxxx/xxxxxx.xxxx.xxxpredictiveHigh
81Argument$()predictiveLow
82ArgumentxxxxxxpredictiveLow
83ArgumentxxxxpredictiveLow
84Argumentxxxxxxx_xxxxpredictiveMedium
85Argumentxxxxxx_xxxxpredictiveMedium
86ArgumentxxxxxxxxxxxxxxpredictiveHigh
87ArgumentxxxxxxxxpredictiveMedium
88ArgumentxxxpredictiveLow
89Argumentxxx.xxxxxx.xxxxxxxx.xxxxxxxxxxxxxxxpredictiveHigh
90ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
91ArgumentxxxxxpredictiveLow
92Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
93Argumentxxxxxx_xxpredictiveMedium
94Argumentxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
95ArgumentxxxxxxpredictiveLow
96Argumentxxxxxxx_xx/xxx/xxxxx_xx/_xxpredictiveHigh
97ArgumentxxxxpredictiveLow
98ArgumentxxxxpredictiveLow
99ArgumentxxpredictiveLow
100Argumentxx_xxxxxxxxpredictiveMedium
101Argumentxxxxx_xxpredictiveMedium
102Argumentxxxxxx/xxxxxxpredictiveHigh
103Argumentxxxxxxxx[xx]predictiveMedium
104ArgumentxxxxxxxpredictiveLow
105ArgumentxxxxxxxxpredictiveMedium
106ArgumentxxxxxxxpredictiveLow
107Argumentxxx_xxxxpredictiveMedium
108ArgumentxxxxpredictiveLow
109Argumentxxxxxx_xxxxpredictiveMedium
110ArgumentxxxxxxpredictiveLow
111ArgumentxxxxxxxxpredictiveMedium
112Argumentxxxxx_xxxx_xxxxpredictiveHigh
113ArgumentxxxpredictiveLow
114Argumentxxx_xxxxxxxxpredictiveMedium
115Argumentxxxx_xxxxxpredictiveMedium
116ArgumentxxxxxxxxxxxpredictiveMedium
117Argumentxxxxxxx/xxxxxpredictiveHigh
118Argumentxxxxxx_xxxxpredictiveMedium
119Argumentxxxxxx_xxxpredictiveMedium
120Argumentxxxxxx_xxxxpredictiveMedium
121Argumentxxxxxxx_xxpredictiveMedium
122Argumentxxxx_xxpredictiveLow
123ArgumentxxxxpredictiveLow
124Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
125ArgumentxxxxxpredictiveLow
126ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
127Argumentxxxx_xxpredictiveLow
128ArgumentxxxpredictiveLow
129ArgumentxxxxpredictiveLow
130ArgumentxxxxxxxxpredictiveMedium
131Argumentxxxx/xx/xxxx/xxxpredictiveHigh
132Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
133Input Value.%xx.../.%xx.../predictiveHigh
134Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
135Input Value><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
136Input Valuexxxxxxx -xxxpredictiveMedium
137Input ValuexxxxxxxxxxpredictiveMedium
138Pattern|xx|predictiveLow
139Network PortxxxxpredictiveLow
140Network PortxxxxpredictiveLow
141Network Portxxxx xxxxpredictiveMedium
142Network Portxxx/xxxpredictiveLow
143Network Portxxx/xxxxpredictiveMedium
144Network Portxxx/xxxxpredictiveMedium
145Network Portxxx/xxxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!