APT36 Analysis
IOB - Indicator of Behavior (1000)
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Activities
Interest
Timeline
The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.
Vulnerabilities
Campaigns (2)
These are the campaigns that can be associated with the actor:
- C-Major
- Xxxxxxx Xxx
IOC - Indicator of Compromise (59)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (20)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (359)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Class | Indicator | Type | Confidence |
---|---|---|---|---|
1 | File | /about.php | predictive | Medium |
2 | File | /admin | predictive | Low |
3 | File | /admin/?page=inmates/view_inmate | predictive | High |
4 | File | /admin/?page=system_info | predictive | High |
5 | File | /admin/?page=system_info/contact_info | predictive | High |
6 | File | /admin/conferences/get-all-status/ | predictive | High |
7 | File | /admin/conferences/list/ | predictive | High |
8 | File | /admin/countrymanagement.php | predictive | High |
9 | File | /admin/edit.php | predictive | High |
10 | File | /admin/edit_admin_details.php?id=admin | predictive | High |
11 | File | /admin/general/change-lang | predictive | High |
12 | File | /admin/group/list/ | predictive | High |
13 | File | /admin/lab.php | predictive | High |
14 | File | /admin/new-content | predictive | High |
15 | File | /admin/renewaldue.php | predictive | High |
16 | File | /admin/sign/out | predictive | High |
17 | File | /admin/usermanagement.php | predictive | High |
18 | File | /aqpg/users/login.php | predictive | High |
19 | File | /artist-display.php | predictive | High |
20 | File | /backups/ | predictive | Medium |
21 | File | /bcms/admin/?page=user/list | predictive | High |
22 | File | /cardo/api | predictive | Medium |
23 | File | /catcompany.php | predictive | High |
24 | File | /CCMAdmin/serverlist.asp | predictive | High |
25 | File | /cgi-bin/editBookmark | predictive | High |
26 | File | /cgi-bin/mesh.cgi?page=upgrade | predictive | High |
27 | File | /cgi-bin/nightled.cgi | predictive | High |
28 | File | /cgi-bin/touchlist_sync.cgi | predictive | High |
29 | File | /ci_hms/massage_room/edit/1 | predictive | High |
30 | File | /ci_hms/search | predictive | High |
31 | File | /ci_spms/admin/category | predictive | High |
32 | File | /ci_spms/admin/search/searching/ | predictive | High |
33 | File | /ci_ssms/index.php/orders/create | predictive | High |
34 | File | /classes/Users.php?f=save | predictive | High |
35 | File | /cwms/admin/?page=articles/view_article/ | predictive | High |
36 | File | /cwms/classes/Master.php?f=save_contact | predictive | High |
37 | File | /editbrand.php | predictive | High |
38 | File | /film-rating.php | predictive | High |
39 | File | /front/roomtype-details.php | predictive | High |
40 | File | /goform/RgDdns | predictive | High |
41 | File | /goform/RgDhcp | predictive | High |
42 | File | /goform/RGFirewallEL | predictive | High |
43 | File | /goform/RgTime | predictive | High |
44 | File | /goform/RgUrlBlock.asp | predictive | High |
45 | File | /goform/wlanPrimaryNetwork | predictive | High |
46 | File | /xxxxx/xxx/xxxxxx.xxx | predictive | High |
47 | File | /xxxxx.xxx | predictive | Medium |
48 | File | /xxxxxxxxx/xxxxxxxxxxx.xxx | predictive | High |
49 | File | /xxxxx/xxxxx/ | predictive | High |
50 | File | /xxxxx.xxx | predictive | Medium |
51 | File | /xxxx.xxx | predictive | Medium |
52 | File | /xxxxxxxxx.xxx | predictive | High |
53 | File | /xxxx/xxx/xxxxxxxxxxxxxxxxxx.xxx | predictive | High |
54 | File | /xxxx/xxxxx.xxx | predictive | High |
55 | File | /xxxxxxx.xxx?xx=x | predictive | High |
56 | File | /xxxxxxxxxxxxx.xxxx | predictive | High |
57 | File | /xxxxx.xxx | predictive | Medium |
58 | File | /xxxxxxx.xxx | predictive | Medium |
59 | File | /xxx_xxxxxx/xxxxxxxxxxxxx.xxx | predictive | High |
60 | File | /xxx_xxxxxx/xxxxxxxxxxxx.xxx | predictive | High |
61 | File | /xxx.xxx | predictive | Medium |
62 | File | /xxx/xxxxx/xxxxxx/xxxx_xxxxx.xxx | predictive | High |
63 | File | /xxx/xxxxx.xxx | predictive | High |
64 | File | /xxx/xxxxxx_xxxx.xxx?xxxx_xx=x | predictive | High |
65 | File | /xxxxxxx.xxx | predictive | Medium |
66 | File | /xxxxxxxx/xxxxxxx.xxx | predictive | High |
67 | File | /xxxx-xxxxxx-xxxxxx/xxxxxx_xxxxxxxx.xxx | predictive | High |
68 | File | /xxxxxxxx.xxx | predictive | High |
69 | File | /xxx_xxxxxxxxxxx_xxxxxx/xxxxxxxxxxx/xxx_xxxxx.xxx | predictive | High |
70 | File | /xxxx/xxxxx/ | predictive | Medium |
71 | File | /xxxx/xxxxxxx/xxxxx.xxx?x=xxxx_xxxx | predictive | High |
72 | File | /xxxxxxx/xxxxxx | predictive | High |
73 | File | /xxxxxxxxx/xxxxx.xxx | predictive | High |
74 | File | /xxxxxxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
75 | File | /xxxx.xxx | predictive | Medium |
76 | File | /xxxxxxxxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxx | predictive | High |
77 | File | /xxxxx-xxx/xxxxx.xxx | predictive | High |
78 | File | /xxx/xxx/xxxxxxxx.xxx | predictive | High |
79 | File | /xxx/xxxxxx_xxxxx | predictive | High |
80 | File | /xxx/xxxx/_xxxxxxxx/xxxxxxxxxxxxx.xxx.xxx | predictive | High |
81 | File | /xxxxxxx/?/xxxxx/xxxx/xxx | predictive | High |
82 | File | /xxx/xxxxx/xxxxxx_xxxx/xxxx_xxxxxxxx?xxxx=xxxxxxxxx | predictive | High |
83 | File | xxxxxxx.xxx | predictive | Medium |
84 | File | xxxxx/?xxxx=xxxxxxxx | predictive | High |
85 | File | xxxxx/xxx/xxxxxxxxxxxx | predictive | High |
86 | File | xxxxx/xxxxx.xxx | predictive | High |
87 | File | xxxxx/xxxxx.xxx | predictive | High |
88 | File | xxxxx/xxxxxx-xxxxxx.xxx | predictive | High |
89 | File | xxxxx/xxxxxx_xxxxxx/xxxx.xxxx | predictive | High |
90 | File | xxxxxxxxxx.xxx | predictive | High |
91 | File | xxxxxxx.xx | predictive | Medium |
92 | File | xxxxxxx_xxx/xxxxxx_xxxxxx.xxx | predictive | High |
93 | File | xxxxx.xxx | predictive | Medium |
94 | File | xxxxxx/xxxxxx.xxx.xxx | predictive | High |
95 | File | x:\xxxxxxx xxxxx\xxxxxxxxx xxx xxxxxx\xxxxxxxxx.xxx | predictive | High |
96 | File | xxxxxxxx.xxx | predictive | Medium |
97 | File | xxxx.xxxxxxxxxxx.xxx | predictive | High |
98 | File | xxxxxxxx.xxx | predictive | Medium |
99 | File | xxx-xxx/xxx/xxxxxxxx_xxx.xxx | predictive | High |
100 | File | xxxxxxxxx.xxx | predictive | High |
101 | File | xxxxx.xxx | predictive | Medium |
102 | File | xxxxxx.xxx | predictive | Medium |
103 | File | xxxxxxx.xxx | predictive | Medium |
104 | File | xxxxxxxxx.xx | predictive | Medium |
105 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | High |
106 | File | xxx_xxxxxx_xxxx_xxxxxx.x | predictive | High |
107 | File | xxxxxx.xxx | predictive | Medium |
108 | File | xxxxxxx.xxx | predictive | Medium |
109 | File | xxxxxxx/xxx/xxxx/xxxx.x | predictive | High |
110 | File | xxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.x | predictive | High |
111 | File | xxxx_xxx_xxxx.xxx | predictive | High |
112 | File | xxxx_xxxx_xxx.xxx | predictive | High |
113 | File | xx/xxxxx/xxxxxx_xxxxx.xxx | predictive | High |
114 | File | xxxxxx.xxx | predictive | Medium |
115 | File | xxxx.xxx | predictive | Medium |
116 | File | xxxxxxxxx.xxx | predictive | High |
117 | File | xx/xxxxxxxxx.x | predictive | High |
118 | File | xxxxxxxxxxxx_xxxx.xxx | predictive | High |
119 | File | xxxxx_xxxxx.xxx | predictive | High |
120 | File | xxxxxxxx.x | predictive | Medium |
121 | File | xxxxxx.xxx | predictive | Medium |
122 | File | xx.xx | predictive | Low |
123 | File | xxxxxxx.xxx | predictive | Medium |
124 | File | xxxxx.xxx | predictive | Medium |
125 | File | xxxxxxx/xxxxxxxx.xxx | predictive | High |
126 | File | xxxxx.xxxxxxx.xxx | predictive | High |
127 | File | xxxx_xxxxxxx.xxx | predictive | High |
128 | File | xxxx_xxxx.xxx | predictive | High |
129 | File | xxxxxxx.xxxxx/xxx_xxxxxx.xxx | predictive | High |
130 | File | xxx.xxx | predictive | Low |
131 | File | xxxxxxxxxx/xxxx.x | predictive | High |
132 | File | xxxxxxxxxx/xxxxxxxx.x | predictive | High |
133 | File | xxxxxxxxxx/xxxxxx.x | predictive | High |
134 | File | xxxxxxxxxx/xxx.x | predictive | High |
135 | File | xxxxxxxxxx/xxxx.x | predictive | High |
136 | File | xxxxxxxxxx/xxxxxxxx_xxxxxxxx.x | predictive | High |
137 | File | xxxxxxxxxx/xxxxxxxxxxx.x | predictive | High |
138 | File | xxxxxxxxxx/xxxxxxxxxxxxx.x | predictive | High |
139 | File | xxxxxxxxxx/xxxxx.x | predictive | High |
140 | File | xxxxxxxxxx/xxxx.x | predictive | High |
141 | File | xxxxxxxxxx/xxxx.x | predictive | High |
142 | File | xxxxxxxxxxx/xxxxxxxxxxxxxx.x | predictive | High |
143 | File | xxxxxxx/xx_xxx.x | predictive | High |
144 | File | xxx.xxx | predictive | Low |
145 | File | xxxxx.xxx | predictive | Medium |
146 | File | xxxxx_xx.xxxx | predictive | High |
147 | File | xxxx_xxxxxxxxx.xxx | predictive | High |
148 | File | xxxx.xxx | predictive | Medium |
149 | File | xxxxxx.xxx | predictive | Medium |
150 | File | xx/xxxx.xxx | predictive | Medium |
151 | File | xxxxxx_xxxxx_xxxxxxx.x | predictive | High |
152 | File | xxx.xxx | predictive | Low |
153 | File | xxx/xx/xxxxx.xxx | predictive | High |
154 | File | xxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxx.xxxx_xxxxxx.xxx/xxxx_xxxxxx.xxx | predictive | High |
155 | File | xxx_xxxxx_xxxxxxxx.x | predictive | High |
156 | File | xxx_xxxxx_xxxx.x | predictive | High |
157 | File | xxxx.xxx | predictive | Medium |
158 | File | xxxxxxxxxxxxxxxxxxxxx.xxxx | predictive | High |
159 | File | x=xxxxxxx | predictive | Medium |
160 | File | xxxxxxxxxxxx.xxx | predictive | High |
161 | File | xxxxxxxxxxxxx.xxx | predictive | High |
162 | File | xxxxx.xxx | predictive | Medium |
163 | File | xxxx/xxxxxx/xxxxxx/xxxxxxxx | predictive | High |
164 | File | xxxx.xxx | predictive | Medium |
165 | File | xxxxxxx.xxxxxx.xxx | predictive | High |
166 | File | xxxxxxxxxx.xxx | predictive | High |
167 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | predictive | High |
168 | File | xxxxxxxxx.xxxx | predictive | High |
169 | File | xxxxx.xxx | predictive | Medium |
170 | File | xxxxxxxx.xx | predictive | Medium |
171 | File | xxxxxxxx.xxx | predictive | Medium |
172 | File | xxxxxxxxxx.xxx | predictive | High |
173 | File | xxxxxxxx.xxx | predictive | Medium |
174 | File | xxxxxxxx.xxx?xxxx=xxxxxxxxxxx | predictive | High |
175 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | High |
176 | File | xxxxxxxxxx_xxxxxxxxxx.xxx | predictive | High |
177 | File | xxxxxxx.xxx | predictive | Medium |
178 | File | xxxx_xxx_xx.x | predictive | High |
179 | File | xxx.xxx | predictive | Low |
180 | File | xxxxxx.xxx | predictive | Medium |
181 | File | xxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxx | predictive | High |
182 | File | xxxx.xxx | predictive | Medium |
183 | File | xxxx_xxxxxxx_xxxxxxxx.xxx | predictive | High |
184 | File | xxxxxxxxxxx.xxx | predictive | High |
185 | File | xxxxxxx/xxxxxx.xxx | predictive | High |
186 | File | xxxxxxx.xx | predictive | Medium |
187 | File | xxxxxxx-xxxxxxx.xxx | predictive | High |
188 | File | xxxxxxxx.xxxxx.xxx | predictive | High |
189 | File | xxxxx.xxx | predictive | Medium |
190 | File | xxxx-xxxxx.xxx | predictive | High |
191 | File | xxxxxxxxxx.xxx | predictive | High |
192 | File | xxxxxxxxxx.xxx | predictive | High |
193 | File | xxxx/xxx-xxx.xxx | predictive | High |
194 | File | xxxxx.x | predictive | Low |
195 | File | xxxxxxxxx.xxx | predictive | High |
196 | File | xx-xxxxx/xxxxx.xxx | predictive | High |
197 | File | xx-xxxxxxxx.xxx | predictive | High |
198 | File | xxxxxxxxxxxxx.xxxx | predictive | High |
199 | File | _xxxxxxxx/xxxxxxxxx/xxxxxx.xxx | predictive | High |
200 | File | _xxxxxxxx/xxxxxxxx.xxx | predictive | High |
201 | Library | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.x | predictive | High |
202 | Library | xx/xxx.xxx.xxx | predictive | High |
203 | Library | xxxxxxxxxxx.xxx | predictive | High |
204 | Argument | $xxx_xxxx | predictive | Medium |
205 | Argument | --xx xxx | predictive | Medium |
206 | Argument | xxx | predictive | Low |
207 | Argument | xxxxx_xxxx | predictive | Medium |
208 | Argument | xx | predictive | Low |
209 | Argument | xxxx | predictive | Low |
210 | Argument | xxxxxxxxxxxxxxxxxxxxxxx | predictive | High |
211 | Argument | xxx | predictive | Low |
212 | Argument | xxxxxx | predictive | Low |
213 | Argument | xxx | predictive | Low |
214 | Argument | xxxxxxxxxx | predictive | Medium |
215 | Argument | xxxxx | predictive | Low |
216 | Argument | xxx_xx | predictive | Low |
217 | Argument | xxxxxxx_xxxxx_xx | predictive | High |
218 | Argument | xxx | predictive | Low |
219 | Argument | xxxxxxxxx | predictive | Medium |
220 | Argument | xxxx_xx | predictive | Low |
221 | Argument | xxxxxxxxxxx/xxxxx/xxxxxxxxxxxxxx/xxxxxxxxxxxx | predictive | High |
222 | Argument | xxxxxx | predictive | Low |
223 | Argument | xxxxxx[xxxx] | predictive | Medium |
224 | Argument | xxxxxxx | predictive | Low |
225 | Argument | xxxxxxxxx[x] | predictive | Medium |
226 | Argument | xxxxxxxx_xxxx | predictive | High |
227 | Argument | xxxxxxxx_xxxx_xxxxxx/xxxxxxx_xxxxxx/xxxxxxx_xxxxxx_xxxxxx/xxxxxxx_xxxx_xxxxxx | predictive | High |
228 | Argument | xxxxx | predictive | Low |
229 | Argument | xxxxxxxxxxxx | predictive | Medium |
230 | Argument | xxxxxxxxxxx | predictive | Medium |
231 | Argument | xxxx | predictive | Low |
232 | Argument | xxxxxx | predictive | Low |
233 | Argument | xxxxx | predictive | Low |
234 | Argument | xxxxxxxxxxxx/xxxxxxxxxxxxxx | predictive | High |
235 | Argument | xxxxx xxxx/xxxxxx xxxx/xxxx xxxx | predictive | High |
236 | Argument | xxxxx_xxxx | predictive | Medium |
237 | Argument | xxxxx_xxxx/xxxxxx_xxxx/xxxxxxx | predictive | High |
238 | Argument | xxxxxxxx | predictive | Medium |
239 | Argument | xxxx | predictive | Low |
240 | Argument | xxxxx_xx | predictive | Medium |
241 | Argument | xxxxxxxxxxxxx/xxxxxxx | predictive | High |
242 | Argument | xxxx | predictive | Low |
243 | Argument | xxxxxxxx | predictive | Medium |
244 | Argument | xx | predictive | Low |
245 | Argument | xx | predictive | Low |
246 | Argument | xx_xxxxxxxx | predictive | Medium |
247 | Argument | xx_xxxxxxxxx | predictive | Medium |
248 | Argument | xxxxx | predictive | Low |
249 | Argument | xxxxxxxxxx | predictive | Medium |
250 | Argument | xx | predictive | Low |
251 | Argument | xxxx_xx | predictive | Low |
252 | Argument | xxx | predictive | Low |
253 | Argument | xxxx[] | predictive | Low |
254 | Argument | xxxxx | predictive | Low |
255 | Argument | xxxxx_xxxx | predictive | Medium |
256 | Argument | xxxxxxxxxxxxxxxxxx | predictive | High |
257 | Argument | xxxx | predictive | Low |
258 | Argument | xxxxxxx | predictive | Low |
259 | Argument | xxx | predictive | Low |
260 | Argument | xxxx | predictive | Low |
261 | Argument | xxxx | predictive | Low |
262 | Argument | xxxxxx | predictive | Low |
263 | Argument | xxxxx_xx/xxxxx | predictive | High |
264 | Argument | xxxx | predictive | Low |
265 | Argument | xxxxxx | predictive | Low |
266 | Argument | xxxx_xxxx | predictive | Medium |
267 | Argument | xxxxxxxx | predictive | Medium |
268 | Argument | xxxxxxx | predictive | Low |
269 | Argument | xx | predictive | Low |
270 | Argument | xxxxxxx_xxx | predictive | Medium |
271 | Argument | xx_xxxx | predictive | Low |
272 | Argument | xxxx-xxxxxxx | predictive | Medium |
273 | Argument | xxxxxxxxxxx | predictive | Medium |
274 | Argument | xxxxxx | predictive | Low |
275 | Argument | xxxxxx | predictive | Low |
276 | Argument | xxxxxxx_xx | predictive | Medium |
277 | Argument | xxxxxxx_xxxxxxx | predictive | High |
278 | Argument | xxxxxxxx_xxx | predictive | Medium |
279 | Argument | xx_xxxxxxx_xxxxxxx | predictive | High |
280 | Argument | xxxxxxxx_xxx | predictive | Medium |
281 | Argument | xxxxx | predictive | Low |
282 | Argument | xxx | predictive | Low |
283 | Argument | xxxxxx | predictive | Low |
284 | Argument | xxxxxxxx | predictive | Medium |
285 | Argument | xxxxxx | predictive | Low |
286 | Argument | xxxxxxx | predictive | Low |
287 | Argument | xxxxxxx | predictive | Low |
288 | Argument | xxxxxxxxxxxxxxxxxxxx | predictive | High |
289 | Argument | xxx | predictive | Low |
290 | Argument | xxxxxx | predictive | Low |
291 | Argument | xxxx_xxxx | predictive | Medium |
292 | Argument | xxxxxx | predictive | Low |
293 | Argument | xxxxxxxxx | predictive | Medium |
294 | Argument | xxxxx_xxxx | predictive | Medium |
295 | Argument | xxxxxxxxxx | predictive | Medium |
296 | Argument | xxxxxx | predictive | Low |
297 | Argument | xxxxxxxxx | predictive | Medium |
298 | Argument | xxxxx_xxx | predictive | Medium |
299 | Argument | xxx | predictive | Low |
300 | Argument | xxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxxxx | predictive | High |
301 | Argument | xxxxx | predictive | Low |
302 | Argument | xxxxx | predictive | Low |
303 | Argument | xxxxx | predictive | Low |
304 | Argument | xxxxx_xx | predictive | Medium |
305 | Argument | xxx | predictive | Low |
306 | Argument | xxxxxx_xxx | predictive | Medium |
307 | Argument | xxx | predictive | Low |
308 | Argument | xxxx | predictive | Low |
309 | Argument | xxxxxxxx | predictive | Medium |
310 | Argument | xxxxxxxx | predictive | Medium |
311 | Argument | xxxx xxxx | predictive | Medium |
312 | Argument | xxxxxxxx/xxxxxxxx | predictive | High |
313 | Argument | xxxx_xxxxx | predictive | Medium |
314 | Argument | xxxx_xxxx | predictive | Medium |
315 | Argument | xxxxxxx_xxxx | predictive | Medium |
316 | Argument | xxx_xxxxx | predictive | Medium |
317 | Argument | \xxxxxx\ | predictive | Medium |
318 | Input Value | "><xxxxxx>xxxxx("xxx")</xxxxxx> | predictive | High |
319 | Input Value | "><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx> | predictive | High |
320 | Input Value | %xx | predictive | Low |
321 | Input Value | %xx%xx%xxxxx%xxxxx=x%xxxxxxxxx=xxxxx(x)%xx | predictive | High |
322 | Input Value | ' xxx (xxxxxx * xxxx(xxxxxx(xxxxx(xx)))xxx) xxx 'xxx' = 'xxx | predictive | High |
323 | Input Value | ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx | predictive | High |
324 | Input Value | '||x=x# | predictive | Low |
325 | Input Value | -x%xxxxxxx%xxxxx%xxxxxxxx%xxx,x,x,x,xxxxxxxx() | predictive | High |
326 | Input Value | /'-xxxxx(xxxxxxxx.xxxxxx)-'x/x/x/ | predictive | High |
327 | Input Value | x%xx%xxxxx%xxx=x%xxxxxxx%xxxxxxxx%xxx,xxxx(),x,x,x,x,x,x,x,x,xxxxxxxx(),x,x,x,x,x,x,x,x,x,x,x,x,x--+ | predictive | High |
328 | Input Value | x'xxx x=x xxxxx xxxxxx x,xxxxx(xx),x,x,x --+ | predictive | High |
329 | Input Value | x' xxxxx xxx xxxxxx xxxx,xxxx,xxxx,xxxx,xxxx,xxxxxx(xxxxxxxxxxxx,xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,xxxxxxxxxxxx),xxxx,xxxx,xxxx,xxxx# | predictive | High |
330 | Input Value | x'||(xxxxxx xxxxxxxxxx xxxxx xxxx=xxxx xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x))||' | predictive | High |
331 | Input Value | x'||(xxxxxx xxxxxxxxxx xxxxx xxxx=xxxx xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxx xxxxx xx x)x))||' | predictive | High |
332 | Input Value | x@x.xxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx | predictive | High |
333 | Input Value | x%xxxxx%xxx=x%xxxxxxx%xxxxxxxx%xxx,x,x,x,x,x,x,xxxx(),xxxxxxxx()--+ | predictive | High |
334 | Input Value | x' xxx xxxx=xxxx xxx 'xxxx'='xxxx | predictive | High |
335 | Input Value | xxxx%xx%xxxxx%xx(xxxxxx%xxxxxx%xxxxxx%xx(xxxxxx(xxxxx(x)))xxxx)%xxxxx%xx%xxxxxx%xx=%xxxxxx | predictive | High |
336 | Input Value | xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxx | predictive | High |
337 | Input Value | xxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxx | predictive | High |
338 | Input Value | </xx><xxx xxx="" xxxxxxx="xxxxx(x)"><xx>x | predictive | High |
339 | Input Value | </xxxxx><xxx xxx=xx xxxxxxx=xxxxx(x)> | predictive | High |
340 | Input Value | <?xxx xxxxxxx();?> | predictive | High |
341 | Input Value | <xxx%xxxxx='xxxx://xxx.xxxx.xx/xxxx.xxx'%xxxxxxx='xxxxxx:%xxxxx%xxxxxxx%xxxxxxx;'> | predictive | High |
342 | Input Value | <xxx xxx="" xxxxxxx="xxxxx(x)"> | predictive | High |
343 | Input Value | <xxxxxx>xxxxx("xxx")</xxxxxx> | predictive | High |
344 | Input Value | <xxxxxx>xxxxx(x);</xxxxxx> | predictive | High |
345 | Input Value | <xxxxxx>xxxxx(x)</xxxxxx> | predictive | High |
346 | Input Value | ><xxxxxx>xxxxx(x)</xxxxxx> | predictive | High |
347 | Input Value | xxxxx%'/**/xxx/**/(xxxxxx/**/xxxx/**/xxxx/**/(xxxxxx(xxxxx(x)))xxxx)/**/xxx/**/'xxxx%'='xxxx | predictive | High |
348 | Input Value | xxxxx%'/**/xxx/**/(xxxxxx/**/xxxx/**/xxxx/**/(xxxxxx(xxxxx(x)))xxxx)/**/xxx/**/'xxxx%'='xxxx | predictive | High |
349 | Input Value | xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx&xxxxxxxx=xxxxxxxxxx | predictive | High |
350 | Input Value | xxxxx' xx 'x'='x | predictive | High |
351 | Input Value | xxxxx.xxx | predictive | Medium |
352 | Input Value | xxx%xx(xxxxxx*xxxx(xxxxxx(xxxxx(x)))x) | predictive | High |
353 | Input Value | xxx "><xxx xxx="" xxxxxxx="xxxxx(xxxxxxxx.xxxxxx)"> | predictive | High |
354 | Input Value | xxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx> | predictive | High |
355 | Input Value | xxxxxxxx | predictive | Medium |
356 | Network Port | xxx/xxxx | predictive | Medium |
357 | Network Port | xxx/xxxxx | predictive | Medium |
358 | Network Port | xxx/xxxxx | predictive | Medium |
359 | Network Port | xxx xxxxxx xxxx | predictive | High |
References (5)
The following list contains external sources which discuss the actor and the associated activities:
- https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/APT36
- https://vxug.fakedoma.in/archive/APTs/2021/2021.05.13/Transparent%20Tribe.pdf
- https://www.threatminer.org/report.php?q=indian-military-personnel-targeted-by-information-theft-campaign-cmajor.pdf&y=2016
- https://www.trendmicro.com/en_us/research/22/a/investigating-apt36-or-earth-karkaddans-attack-chain-and-malware.html