APT35 Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (101)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	100
de	2

Country

DE: Germany	90
US: USA	12

Actors

APT17	1
IRGC	1

Activities

Interest

Timeline

Type

Forum Software	2
Not Defined	2
Server Management Software	2
Remote Access Software	2

Vendor

Not Defined	2
Thomas R. Pasawicz	2
VMware	2
SonicWALL	2

Product

jforum	2
Thomas R. Pasawicz HyperBook Guestbook	2
VMware vCenter Server	2
SonicWALL Secure Remote Access	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$2k-$5k	$0-$1k	Proof-of-Concept	Official fix		0.00970	0.52	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$10k-$25k	Calculating	High	Workaround	possible	0.02956	0.00	CVE-2007-1192
3	jforum username User input validation	5.3	5.3	$1k-$2k	$0-$1k	Not defined	Not defined		0.00443	0.08	CVE-2019-7550
4	SonicWALL Secure Remote Access cross site scripting	6.6	6.6	$0-$1k	$0-$1k	High	Not defined	verified	0.84343	0.09	CVE-2021-20028
5	SonicWall SSLVPN SMA100 sql injection	8.5	8.5	$1k-$2k	$0-$1k	High	Not defined	verified	0.80445	0.07	CVE-2021-20016
6	Microsoft Exchange Server privilege escalation	9.0	8.2	$25k-$50k	$2k-$5k	Unproven	Official fix		0.00646	0.06	CVE-2022-21969
7	VMware vCenter Server Analytics Service unrestricted upload	8.9	8.8	$5k-$10k	Calculating	High	Official fix	verified	0.94455	0.00	CVE-2021-22005

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	107.173.231.114	107-173-231-114-host.colocrossing.com	APT35		04/26/2022	verified	Low
2	XXX.XXX.XX.XXX	xxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx		04/26/2022	verified	Very Low

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
2	TXXXX.XXX	CAPEC-XXX	CWE-XX	Xxxxx Xxxxx Xxxx Xxxxxxxxx	predictive	High
3	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-X	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	data/gbconfiguration.dat	predictive	High
2	File	xxx/xxxxxx.xxx	predictive	High
3	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
4	Argument	xxxxxxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!