APT32 Analysis
IOB - Indicator of Behavior (769)
Timeline
The analysis of the timeline helps to identify the required approach and handling of single items and item collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Prioritizing items becomes possible.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
Campaigns (2)
These are the campaigns that can be associated with the actor:
- Cobalt Kitty
- OceanLotus
IOC - Indicator of Compromise (68)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
ID | IP address | Hostname | Actor | Campaigns | Identified | Type | Confidence |
---|---|---|---|---|---|---|---|
1 | 5.230.35.192 | APT32 | 08/29/2024 | verified | Very High | ||
2 | 23.227.196.126 | 23-227-196-126.static.hvvc.us | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low |
3 | 23.227.196.210 | 23-227-196-210.static.hvvc.us | APT32 | 12/15/2020 | verified | Low | |
4 | 23.227.199.121 | 23-227-199-121.static.hvvc.us | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low |
5 | 27.102.70.211 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
6 | 37.59.198.130 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
7 | 37.59.198.131 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
8 | 45.32.100.179 | 45.32.100.179.vultr.com | APT32 | OceanLotus | 12/15/2020 | verified | Very Low |
9 | 45.32.105.45 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
10 | 45.32.114.49 | 45.32.114.49.vultr.com | APT32 | OceanLotus | 12/15/2020 | verified | Very Low |
11 | 45.76.147.201 | 45.76.147.201.vultr.com | APT32 | OceanLotus | 12/15/2020 | verified | Very Low |
12 | 45.76.179.28 | 45.76.179.28.vultr.com | APT32 | OceanLotus | 12/15/2020 | verified | Very Low |
13 | 45.76.179.151 | 45.76.179.151.vultr.com | APT32 | OceanLotus | 12/15/2020 | verified | Very Low |
14 | 45.77.39.101 | 45.77.39.101.vultr.com | APT32 | OceanLotus | 12/15/2020 | verified | Very Low |
15 | 45.114.117.137 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
16 | 45.114.117.164 | folien.reisnart.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
17 | 46.183.223.79 | ip-223-79.dataclub.info | APT32 | 08/29/2024 | verified | Very High | |
18 | 51.81.29.44 | ip44.ip-51-81-29.us | APT32 | 08/29/2024 | verified | Very High | |
19 | 64.62.174.9 | agent2.jenkins.aoindustries.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
20 | 64.62.174.16 | unassigned16.net2.fc.aoindustries.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
21 | 64.62.174.17 | unassigned17.net2.fc.aoindustries.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
22 | 64.62.174.21 | unassigned21.net2.fc.aoindustries.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
23 | 64.62.174.41 | dev1.plant-orbit.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
24 | 64.62.174.99 | unassigned99.net2.fc.aoindustries.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
25 | 64.62.174.145 | unassigned145.net2.fc.aoindustries.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
26 | 64.62.174.146 | unassigned146.net2.fc.aoindustries.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
27 | 79.143.87.174 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
28 | 80.255.3.87 | APT32 | 12/15/2020 | verified | Low | ||
29 | 89.33.64.207 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
30 | 89.33.64.232 | mypicsfromplane.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
31 | 91.231.182.18 | 425761.vps.hostiko.network | APT32 | 08/29/2024 | verified | High | |
32 | 103.28.44.112 | 103028044112.hkserverdomain.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
33 | 103.28.44.115 | 103028044115.hkserverdomain.com | APT32 | OceanLotus | 12/15/2020 | verified | Low |
34 | 103.41.177.33 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
35 | 103.53.197.202 | sg06.dewaweb.com | APT32 | 12/15/2020 | verified | Low | |
36 | 104.24.118.185 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
37 | 104.24.119.185 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
38 | 104.27.166.79 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
39 | 104.27.167.79 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
40 | 104.237.218.67 | usgreatly.com | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low |
41 | 104.237.218.70 | 70.utdanne.104.xandien.nl | APT32 | 12/15/2020 | verified | Low | |
42 | 104.237.218.72 | emudd.pointumetwe.com | APT32 | 12/15/2020 | verified | Low | |
43 | 108.170.31.69 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
44 | 110.10.179.65 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
45 | 128.199.90.216 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
46 | 128.199.227.80 | 426977.cloudwaysapps.com | APT32 | OceanLotus | 12/15/2020 | verified | Very Low |
47 | 138.197.236.215 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
48 | 139.59.217.207 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
49 | 139.59.220.10 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
50 | 139.59.220.12 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
51 | 139.59.223.191 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
52 | 176.103.63.48 | APT32 | 08/29/2024 | verified | Very High | ||
53 | 176.107.176.6 | 176.107.176.6.ptr | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low |
54 | 176.107.177.216 | 176.107.177.216.deltahost-ptr | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low |
55 | 176.223.111.116 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
56 | 184.95.51.179 | pen179.penflexhost.com | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low |
57 | 184.95.51.181 | mx.earthgeneration.org | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low |
58 | 184.95.51.190 | laudantiumkvgqi.finewonu.club | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low |
59 | 185.43.220.188 | vz24.hostlife.net | APT32 | 08/29/2024 | verified | Very High | |
60 | 185.157.79.3 | 185.157.79.3.deltahost-ptr | APT32 | 12/15/2020 | verified | Low | |
61 | 185.198.57.184 | 185-198-57-184.hostsailor.com | APT32 | 08/29/2024 | verified | Very High | |
62 | 188.166.219.18 | 696006.cloudwaysapps.com | APT32 | OceanLotus | 12/15/2020 | verified | Very Low |
63 | 192.121.176.148 | APT32 | Cobalt Kitty | 12/15/2020 | verified | Low | |
64 | 193.107.109.148 | 321780.vps.hostiko.network | APT32 | 08/29/2024 | verified | High | |
65 | 193.169.245.78 | 193.169.245.78.deltahost-ptr | APT32 | 12/15/2020 | verified | Low | |
66 | 193.169.245.137 | n116.deltahost.com.ua | APT32 | 12/15/2020 | verified | Low | |
67 | 203.114.75.22 | APT32 | OceanLotus | 12/15/2020 | verified | Low | |
68 | 203.114.75.73 | APT32 | OceanLotus | 12/15/2020 | verified | Low |
TTP - Tactics, Techniques, Procedures (23)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Class | Vulnerabilities | Access Vector | Type | Confidence |
---|---|---|---|---|---|---|
1 | T1006 | CAPEC-126 | CWE-21, CWE-22, CWE-23 | Path Traversal | predictive | High |
2 | T1040 | CAPEC-102 | CWE-319 | Authentication Bypass by Capture-replay | predictive | High |
3 | T1055 | CAPEC-10 | CWE-74 | Improper Neutralization of Data within XPath Expressions | predictive | High |
4 | T1059 | CAPEC-242 | CWE-94 | Argument Injection | predictive | High |
5 | T1059.007 | CAPEC-209 | CWE-79, CWE-80 | Basic Cross Site Scripting | predictive | High |
6 | T1068 | CAPEC-122 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | predictive | High |
7 | T1110.001 | CAPEC-191 | CWE-798 | Hard-coded Credentials | predictive | High |
8 | T1202 | CAPEC-136 | CWE-77, CWE-78 | Command Shell in Externally Accessible Directory | predictive | High |
9 | T1204.001 | CAPEC-178 | CWE-601 | Open Redirect | predictive | High |
10 | T1211 | CWE-254 | 7PK Security Features | predictive | High | |
11 | T1222 | CAPEC-1 | CWE-275, CWE-276 | Permission Issues | predictive | High |
12 | T1505 | CAPEC-108 | CWE-89 | SQL Injection | predictive | High |
13 | T1548.002 | CAPEC-1 | CWE-285 | Improper Authorization | predictive | High |
14 | T1552 | CAPEC-102 | CWE-255, CWE-522, CWE-640 | Credentials Management | predictive | High |
15 | T1574 | CAPEC-38 | CWE-426, CWE-427 | Untrusted Search Path | predictive | High |
16 | T1587.003 | CAPEC-459 | CWE-295 | Improper Certificate Validation | predictive | High |
17 | T1588.001 | CAPEC-133 | CWE-912 | Backdoor | predictive | High |
18 | T1592 | CAPEC-116 | CWE-200, CWE-209, CWE-532 | Invocation of Process Using Visible Sensitive Information | predictive | High |
19 | T1592.004 | CWE-16 | Configuration | predictive | High | |
20 | T1600 | CAPEC-157 | CWE-310, CWE-311, CWE-326, CWE-327 | Cryptographic Issues | predictive | High |
21 | T1600.001 | CWE-320, CWE-321, CWE-547 | Key Management Error | predictive | High | |
22 | T1608.002 | CAPEC-1 | CWE-434 | Incomplete Identification of Uploaded File Variables | predictive | High |
23 | T1611 | CWE-265 | Containment Errors | predictive | High |
IOA - Indicator of Attack (305)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | /admin/ | predictive | Low |
2 | File | /admin/article.php | predictive | High |
3 | File | /admin/uesrs.php&action=type&userrole=Admin&userid=3 | predictive | High |
4 | File | /api/ | predictive | Low |
5 | File | /cgi-bin/cgiServer.exx | predictive | High |
6 | File | /cgi-bin/login_action.cgi | predictive | High |
7 | File | /cgi-bin/nobody/Search.cgi | predictive | High |
8 | File | /cgi-bin/system_mgr.cgi | predictive | High |
9 | File | /cgi-bin/webviewer_login_page | predictive | High |
10 | File | /dev/sg0 | predictive | Medium |
11 | File | /event/runquery.do | predictive | High |
12 | File | /export | predictive | Low |
13 | File | /filemanager/php/connector.php | predictive | High |
14 | File | /forum/away.php | predictive | High |
15 | File | /goform/setmac | predictive | High |
16 | File | /log_download.cgi | predictive | High |
17 | File | /manager?action=getlogcat | predictive | High |
18 | File | /mgmt/tm/util/bash | predictive | High |
19 | File | /nova/bin/detnet | predictive | High |
20 | File | /pages/systemcall.php?command={COMMAND} | predictive | High |
21 | File | /password.html | predictive | High |
22 | File | /php_action/fetchSelectedCategories.php | predictive | High |
23 | File | /public/login.htm | predictive | High |
24 | File | /services/prefs.php | predictive | High |
25 | File | /system/ws/v11/ss/email | predictive | High |
26 | File | /uncpath/ | predictive | Medium |
27 | File | /upload | predictive | Low |
28 | File | /user/update_booking.php | predictive | High |
29 | File | add_edit_user.asp | predictive | High |
30 | File | add_vhost.php | predictive | High |
31 | File | admin/gv_mail.php | predictive | High |
32 | File | admin/images.aspx | predictive | High |
33 | File | admin/index.php | predictive | High |
34 | File | administrator.php | predictive | High |
35 | File | administrator/components/com_media/helpers/media.php | predictive | High |
36 | File | adminpanel/admin/facebox_modal/updateCourse.php | predictive | High |
37 | File | adv2.php?action=modify | predictive | High |
38 | File | agent.cfg | predictive | Medium |
39 | File | arch/x86/include/asm/fpu/internal.h | predictive | High |
40 | File | asm/float.c | predictive | Medium |
41 | File | asm/nasm.c | predictive | Medium |
42 | File | auth.php | predictive | Medium |
43 | File | awstatstotals.php | predictive | High |
44 | File | backup.cgi | predictive | Medium |
45 | File | binder.c | predictive | Medium |
46 | File | bitfield.c | predictive | Medium |
47 | File | blob.cpp | predictive | Medium |
48 | File | books.php | predictive | Medium |
49 | File | c.php | predictive | Low |
50 | File | cat.php | predictive | Low |
51 | File | categories.php | predictive | High |
52 | File | category.cfm | predictive | Medium |
53 | File | cgi-bin/ | predictive | Medium |
54 | File | cgi-bin/ddns_enc.cgi | predictive | High |
55 | File | cgi-bin/luci/admin/network/firewall/rules | predictive | High |
56 | File | cgi-bin/MANGA/admin.cgi | predictive | High |
57 | File | cgi-mod/index.cgi | predictive | High |
58 | File | cli.conf | predictive | Medium |
59 | File | coders/png.c | predictive | Medium |
60 | File | coders/tiff.c | predictive | High |
61 | File | coffgen.c | predictive | Medium |
62 | File | config.xml | predictive | Medium |
63 | File | connector.minimal.php | predictive | High |
64 | File | customer-add.php | predictive | High |
65 | File | customer.area/customer.browse.list.php | predictive | High |
66 | File | customer.php | predictive | Medium |
67 | File | data/gbconfiguration.dat | predictive | High |
68 | File | db.php | predictive | Low |
69 | File | detail.php | predictive | Medium |
70 | File | devtools.sh | predictive | Medium |
71 | File | domain/section/markdown/markdown.go | predictive | High |
72 | File | drivers/gpu/drm/udl/udl_fb.c | predictive | High |
73 | File | drivers/scsi/sr_ioctl.c | predictive | High |
74 | File | drivers/usb/misc/iowarrior.c | predictive | High |
75 | File | ebmlstring.c | predictive | Medium |
76 | File | elf.c | predictive | Low |
77 | File | email.php | predictive | Medium |
78 | File | events-manager.js | predictive | High |
79 | File | ExceptionHandler.php | predictive | High |
80 | File | extensions.load | predictive | High |
81 | File | features.php | predictive | Medium |
82 | File | FlexPaperViewer.swf | predictive | High |
83 | File | folder_view.php | predictive | High |
84 | File | FortiClientOnlineInstaller.exe | predictive | High |
85 | File | framework/core/subsystems/expRouter.php | predictive | High |
86 | File | fs/userfaultfd.c | predictive | High |
87 | File | function.c | predictive | Medium |
88 | File | functions.php | predictive | High |
89 | File | functions_mod_user.php | predictive | High |
90 | File | getRemoteImage.php | predictive | High |
91 | File | get_set.ccp | predictive | Medium |
92 | File | gki_buffer.cc | predictive | High |
93 | File | handle_load_config.php | predictive | High |
94 | File | hh.exe | predictive | Low |
95 | File | image_upload.php | predictive | High |
96 | File | imap/lmtp_sieve.c | predictive | High |
97 | File | inc/config.php | predictive | High |
98 | File | inc/filebrowser/browser.php | predictive | High |
99 | File | include/findusers.php | predictive | High |
100 | File | includes/head.inc.php | predictive | High |
101 | File | index.cgi | predictive | Medium |
102 | File | index.php | predictive | Medium |
103 | File | init.inc.php | predictive | Medium |
104 | File | intervalCheck.jsp | predictive | High |
105 | File | iptc.c | predictive | Low |
106 | File | item.asp | predictive | Medium |
107 | File | ItemReview.php | predictive | High |
108 | File | items.c | predictive | Low |
109 | File | items.queries.php | predictive | High |
110 | File | item_show.php | predictive | High |
111 | File | JBIG2Stream.cc | predictive | High |
112 | File | jeecgFormDemoController.do?commonUpload | predictive | High |
113 | File | jfinal_cms/admin/filemanager/list | predictive | High |
114 | File | jpgraph.php | predictive | Medium |
115 | File | kbdint.c | predictive | Medium |
116 | File | kernel/events/core.c | predictive | High |
117 | File | kernel/exit.c | predictive | High |
118 | File | kernel/trace/trace_events_filter.c | predictive | High |
119 | File | launchd | predictive | Low |
120 | File | libnvmmlite_video.so | predictive | High |
121 | File | libr/asm/asm.c | predictive | High |
122 | File | Login.php | predictive | Medium |
123 | File | machine.aspx | predictive | Medium |
124 | File | main/scala/authentikat/jwt/JsonWebToken.scala | predictive | High |
125 | File | misc/apr_rmm.c | predictive | High |
126 | File | mm/mempolicy.c | predictive | High |
127 | File | mm/oom_kill.c | predictive | High |
128 | File | mod1/index.php | predictive | High |
129 | File | model/__show_info.php | predictive | High |
130 | File | modules/m_sasl.c | predictive | High |
131 | File | NativeNfcManager.cpp | predictive | High |
132 | File | net/ipv4/datagram.c | predictive | High |
133 | File | net/ipv4/inet_connection_sock.c | predictive | High |
134 | File | net/packet/af_packet.c | predictive | High |
135 | File | net/tipc/crypto.c | predictive | High |
136 | File | openjp2/pi.c | predictive | Medium |
137 | File | orderdetails.aspx | predictive | High |
138 | File | pages_system_settings.php | predictive | High |
139 | File | phpinfo.php | predictive | Medium |
140 | File | PingIframeRpm.htm | predictive | High |
141 | File | player.asp | predictive | Medium |
142 | File | plugins\meta_engine\libfolder_plugin.dll | predictive | High |
143 | File | prod.php | predictive | Medium |
144 | File | prog/htmlviewer.c | predictive | High |
145 | File | proxy.cgi | predictive | Medium |
146 | File | public/index.php/home | predictive | High |
147 | File | public/index.php/home/membersnsfriend/findlist.html | predictive | High |
148 | File | QueryComponentRendererValue!Default.jspa | predictive | High |
149 | File | RecentLocationApps.java | predictive | High |
150 | File | register/check/username?username | predictive | High |
151 | File | registration_detailed.inc.php | predictive | High |
152 | File | report.cgi | predictive | Medium |
153 | File | reports_mta_queue_status.html | predictive | High |
154 | File | rss.php | predictive | Low |
155 | File | sapi/cgi/cgi_main.c | predictive | High |
156 | File | secure_img_render.php | predictive | High |
157 | File | server_databases.php | predictive | High |
158 | File | setenv.sh | predictive | Medium |
159 | File | setup/index.php | predictive | High |
160 | File | shop.cgi | predictive | Medium |
161 | File | shop.php | predictive | Medium |
162 | File | shop_display_products.php | predictive | High |
163 | File | showcat.php | predictive | Medium |
164 | File | SimpleDecodingSource.cpp | predictive | High |
165 | File | software-description.php | predictive | High |
166 | File | svox_ssml_parser.cpp | predictive | High |
167 | File | SystemEvent.jsp | predictive | High |
168 | File | system_log.cgi | predictive | High |
169 | File | test_presenter.php | predictive | High |
170 | File | tls1.c | predictive | Low |
171 | File | ui/artifact/upload | predictive | High |
172 | File | upgrade_handle.php | predictive | High |
173 | File | users.php | predictive | Medium |
174 | File | view/ProductsView.php | predictive | High |
175 | File | ViewItem.php | predictive | Medium |
176 | File | view_all_bug_page.php | predictive | High |
177 | File | WealthT24/GetImage | predictive | High |
178 | File | welcome.php | predictive | Medium |
179 | File | wp-login.php | predictive | Medium |
180 | File | www/content/lessons/"lesson | predictive | High |
181 | File | ~/admin/vendor/datatables/examples/resources/examples.php | predictive | High |
182 | Library | AeXNSPkgDLLib.dll | predictive | High |
183 | Library | ATIDXX64.DLL | predictive | Medium |
184 | Library | ENCDEC.DLL | predictive | Medium |
185 | Library | filmfd.sys | predictive | Medium |
186 | Library | fs/ncpfs/ncplib_kernel.c | predictive | High |
187 | Library | igcore19d.dll | predictive | High |
188 | Library | Lib/DocXMLRPCServer.py | predictive | High |
189 | Library | lib/MongoLite/Database.php | predictive | High |
190 | Library | lib/rrd.php | predictive | Medium |
191 | Library | lib/session.cls.php | predictive | High |
192 | Library | Monitor_win7_x64.sys | predictive | High |
193 | Library | Monitor_x86.sys | predictive | High |
194 | Library | PROCOBSRVESX.SYS | predictive | High |
195 | Library | wsdk-driver.sys | predictive | High |
196 | Argument | $line | predictive | Low |
197 | Argument | $_SERVER['QUERY_STRING'] | predictive | High |
198 | Argument | %s | predictive | Low |
199 | Argument | -a | predictive | Low |
200 | Argument | agentid | predictive | Low |
201 | Argument | app | predictive | Low |
202 | Argument | AUTHENTICATE | predictive | Medium |
203 | Argument | basePath | predictive | Medium |
204 | Argument | bauth | predictive | Low |
205 | Argument | bookid | predictive | Low |
206 | Argument | cat | predictive | Low |
207 | Argument | categoriesId | predictive | Medium |
208 | Argument | category_id | predictive | Medium |
209 | Argument | catid | predictive | Low |
210 | Argument | cat_id | predictive | Low |
211 | Argument | ccp_act | predictive | Low |
212 | Argument | charset | predictive | Low |
213 | Argument | cid | predictive | Low |
214 | Argument | code_no | predictive | Low |
215 | Argument | configFile | predictive | Medium |
216 | Argument | content | predictive | Low |
217 | Argument | Content-Length | predictive | High |
218 | Argument | CPG_M_DIR | predictive | Medium |
219 | Argument | Custid | predictive | Low |
220 | Argument | data3 | predictive | Low |
221 | Argument | description/expenses/tasks/customer | predictive | High |
222 | Argument | dir | predictive | Low |
223 | Argument | docDownloadPath/uploadLocation | predictive | High |
224 | Argument | err | predictive | Low |
225 | Argument | fid | predictive | Low |
226 | Argument | file | predictive | Low |
227 | Argument | filename | predictive | Medium |
228 | Argument | fromName/message | predictive | High |
229 | Argument | go | predictive | Low |
230 | Argument | group/homePostalCode | predictive | High |
231 | Argument | groups | predictive | Low |
232 | Argument | HOST | predictive | Low |
233 | Argument | hostname | predictive | Medium |
234 | Argument | id | predictive | Low |
235 | Argument | ipAddr | predictive | Low |
236 | Argument | IP address | predictive | Medium |
237 | Argument | ItemID | predictive | Low |
238 | Argument | ItemNum | predictive | Low |
239 | Argument | item_id | predictive | Low |
240 | Argument | l/dl/del | predictive | Medium |
241 | Argument | lang | predictive | Low |
242 | Argument | langID/id | predictive | Medium |
243 | Argument | layout | predictive | Low |
244 | Argument | lng | predictive | Low |
245 | Argument | location | predictive | Medium |
246 | Argument | mapTitle | predictive | Medium |
247 | Argument | mls | predictive | Low |
248 | Argument | mosConfig_absolute_path | predictive | High |
249 | Argument | name | predictive | Low |
250 | Argument | OrderID | predictive | Low |
251 | Argument | page | predictive | Low |
252 | Argument | password | predictive | Medium |
253 | Argument | Password | predictive | Medium |
254 | Argument | pattern_0 | predictive | Medium |
255 | Argument | phpbb_root_path | predictive | High |
256 | Argument | priority | predictive | Medium |
257 | Argument | prodid | predictive | Low |
258 | Argument | qb_path | predictive | Low |
259 | Argument | reason | predictive | Low |
260 | Argument | redirect | predictive | Medium |
261 | Argument | redirect_uri | predictive | Medium |
262 | Argument | Referer | predictive | Low |
263 | Argument | referer | predictive | Low |
264 | Argument | referrer | predictive | Medium |
265 | Argument | resourceName | predictive | Medium |
266 | Argument | rootpath | predictive | Medium |
267 | Argument | sbp | predictive | Low |
268 | Argument | search | predictive | Low |
269 | Argument | searchid | predictive | Medium |
270 | Argument | set_depth | predictive | Medium |
271 | Argument | sid | predictive | Low |
272 | Argument | site | predictive | Low |
273 | Argument | sms_content | predictive | Medium |
274 | Argument | sort | predictive | Low |
275 | Argument | sort_by | predictive | Low |
276 | Argument | src | predictive | Low |
277 | Argument | Swfile | predictive | Low |
278 | Argument | sys_name | predictive | Medium |
279 | Argument | tournament_id | predictive | High |
280 | Argument | tpldir/filename/type/nid | predictive | High |
281 | Argument | unique_id | predictive | Medium |
282 | Argument | upfile | predictive | Low |
283 | Argument | uploaddir | predictive | Medium |
284 | Argument | up_auto_log | predictive | Medium |
285 | Argument | url | predictive | Low |
286 | Argument | uselang | predictive | Low |
287 | Argument | userid | predictive | Low |
288 | Argument | username | predictive | Medium |
289 | Argument | user_id | predictive | Low |
290 | Argument | wd | predictive | Low |
291 | Argument | year/month/host | predictive | High |
292 | Argument | \prodid\ | predictive | Medium |
293 | Argument | _receivers | predictive | Medium |
294 | Input Value | %0a/%0d | predictive | Low |
295 | Input Value | -s | predictive | Low |
296 | Input Value | ./../../../ | predictive | Medium |
297 | Input Value | 1" onmouseover=prompt(947671) bad=" | predictive | High |
298 | Input Value | </script><script>alert(1)</script> | predictive | High |
299 | Input Value | <ScRiPt >alert(991)</ScRiPt> | predictive | High |
300 | Input Value | welc0me | predictive | Low |
301 | Input Value | \x3D../../../../etc/passwd | predictive | High |
302 | Network Port | 8888 | predictive | Low |
303 | Network Port | tcp/80 (Web Services) | predictive | High |
304 | Network Port | tcp/873 | predictive | Low |
305 | Network Port | tcp/6200 | predictive | Medium |
References (5)
The following list contains external sources which discuss the actor and the associated activities:
- https://cdn2.hubspot.net/hubfs/3354902/Cybereason%20Labs%20Analysis%20Operation%20Cobalt%20Kitty.pdf
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/a/APT32
- https://www.fireeye.com/blog/threat-research/2017/05/cyber-espionage-apt32.html
- https://www.huntress.com/blog/advanced-persistent-threat-targeting-vietnamese-human-rights-defenders
- https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/