APT36 Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en818
de46
es31
fr17
it16

Country

us794
nl44
ru18
ca17
fr7

Actors

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Apache HTTP Server mod_proxy_balancer.c balancer_handler cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2012-4558
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
3Google Android Proxy Auto-Config ic.cc UpdateLoadElement out-of-bounds write8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.07CVE-2019-2047
4Telegram Desktop Proxy credentials management8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2018-17613
5https-proxy-agent JSON memory corruption7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-3739
6jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2019-7550
7Apache HTTP Server mod_proxy_fcgi.c handle_headers memory corruption5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.17CVE-2014-3583
8Apple iOS Proxy Authentication 7pk security6.66.4$100k and more$5k-$25kNot DefinedOfficial Fix0.04CVE-2016-4642
9YoungZSoft CCProxy Proxy Service memory corruption7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2004-2685
10CNCF Envoy Proxy resource consumption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.05CVE-2020-8659
11Blue Coat ProxySG SGOS information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2015-4334
12Juniper WLC Proxy ARP/No Broadcast Feature input validation5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2014-6381
13Symantec ASG/ProxySG FTP Proxy WebFTP Mode Stored cross site scripting5.75.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-18370
14Palo Alto PAN-OS DNS Proxy input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2017-8390
15QNAP Proxy Server Setting improper authentication7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2017-7639
16DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.90CVE-2010-0966
17Squid Web Proxy cachemgr.cgi injection6.15.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2019-18860
18Bluecoat SGOS Management Console cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2010-5192
19Artica Proxy fw.progrss.details.php path traversal7.47.1$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2020-13158
20Artica Proxy settings.inc command injection4.94.9$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-7300

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (59)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.189.137.8vending.softjourn.if.uaAPT36C-MajorverifiedHigh
25.189.143.225APT36C-MajorverifiedHigh
35.189.152.147ccloud.armax.deAPT36C-MajorverifiedHigh
45.189.167.23mltx.deAPT36C-MajorverifiedHigh
55.189.167.65vmi437585.contaboserver.netAPT36C-MajorverifiedHigh
623.254.119.11APT36verifiedHigh
764.188.12.12664.188.12.126.static.quadranet.comAPT36verifiedHigh
864.188.25.20564.188.25.205.static.quadranet.comAPT36Crimson RATverifiedHigh
964.188.25.23264.188.25.232.static.quadranet.comAPT36verifiedHigh
1075.98.175.79a2s83.a2hosting.comAPT36C-MajorverifiedHigh
1175.119.139.169server1.immacolata.comAPT36verifiedHigh
1280.240.134.51APT36C-MajorverifiedHigh
13XX.XXX.XX.XXXxxxxX-xxxxxverifiedHigh
14XX.XX.XX.XXXxxxxX-xxxxxverifiedHigh
15XX.XXX.XXX.XXXXxxxxverifiedHigh
16XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxverifiedHigh
17XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxverifiedHigh
18XXX.XXX.XX.XXXXxxxxverifiedHigh
19XXX.XXX.XX.XXXXxxxxverifiedHigh
20XXX.XXX.XX.XXXxxxxverifiedHigh
21XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
22XXX.XX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxverifiedHigh
23XXX.XXX.XXX.XXxxxx.xx-xxx-xxx-xxx.xxxXxxxxverifiedHigh
24XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxx.xxxxxxxxx.xxxXxxxxverifiedHigh
25XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxverifiedHigh
26XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxverifiedHigh
27XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxverifiedHigh
28XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxverifiedHigh
29XXX.XXX.XX.XXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxverifiedHigh
30XXX.XX.XXX.XXx-xxx-xx-xxx-xx.xxxx.xxxx.xxxxxxx.xxXxxxxX-xxxxxverifiedHigh
31XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxverifiedHigh
32XXX.XXX.X.XXXxxx-xxx-x-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxverifiedHigh
33XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxX-xxxxxverifiedHigh
34XXX.XXX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxX-xxxxxverifiedHigh
35XXX.XXX.XXX.XXXxxxxx.xxxxxxxxxxxxx.xxxXxxxxX-xxxxxverifiedHigh
36XXX.XXX.XX.XXXXxxxxverifiedHigh
37XXX.XXX.XXX.XXXXxxxxX-xxxxxverifiedHigh
38XXX.XXX.XX.XXXXxxxxverifiedHigh
39XXX.XXX.XXX.XXXXxxxxverifiedHigh
40XXX.XXX.XXX.XXXXxxxxverifiedHigh
41XXX.XXX.XXX.XXXXxxxxverifiedHigh
42XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxverifiedHigh
43XXX.XXX.XX.XXXXxxxxverifiedHigh
44XXX.XX.XXX.XXxxxxverifiedHigh
45XXX.XX.XXX.XXxx-xx-xxx-xx-xxx.xxxxxx.xxxxxxx.xxxXxxxxX-xxxxxverifiedHigh
46XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxx-xxxXxxxxverifiedHigh
47XXX.XXX.XXX.XXxxxxxxxx.xxxxxxx.xxxxXxxxxX-xxxxxverifiedHigh
48XXX.XXX.XXX.XXXxxxxx.xxxxxx.xxXxxxxX-xxxxxverifiedHigh
49XXX.XX.XXX.XXxxx-xx-xxx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxverifiedHigh
50XXX.XX.XXX.XXXxxxxxxxxx-x.xxx-xxxxxxx.xxxXxxxxverifiedHigh
51XXX.XX.XX.XXXXxxxxverifiedHigh
52XXX.XXX.XXX.XXXxxxxverifiedHigh
53XXX.XXX.XX.XXXXxxxxverifiedHigh
54XXX.XXX.XX.XXXXxxxxverifiedHigh
55XXX.X.XXX.XXXxxx-x-xxx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxxverifiedHigh
56XXX.XXX.XX.XXXxx-xxx-xx-xxx-xxx.xxxxxx.xxxxxxx.xxxXxxxxX-xxxxxverifiedHigh
57XXX.XXX.XX.XXxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxX-xxxxxverifiedHigh
58XXX.XXX.XX.XXXxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxX-xxxxxverifiedHigh
59XXX.XXX.XXX.XXXxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (197)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/etc/sudoerspredictiveMedium
2File/forum/away.phppredictiveHigh
3File/inc/HTTPClient.phppredictiveHigh
4File/out.phppredictiveMedium
5File/products/details.asppredictiveHigh
6File/service/uploadpredictiveHigh
7File/uncpath/predictiveMedium
8Fileadclick.phppredictiveMedium
9Fileadd_comment.phppredictiveHigh
10Fileadmin/system_manage/save.htmlpredictiveHigh
11Fileadmin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/listpredictiveHigh
12Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
13Filearm/t7xx/r5p0/mali_kbase_core_linux.cpredictiveHigh
14Fileawstats.plpredictiveMedium
15Filebooks.phppredictiveMedium
16Filebridge/yabbse.inc.phppredictiveHigh
17Filecachemgr.cgipredictiveMedium
18Filecaptcha.phppredictiveMedium
19Filecatagorie.phppredictiveHigh
20Filecategory.phppredictiveMedium
21Filecgi-bin/predictiveMedium
22Filecgi-bin/cmh/webcam.shpredictiveHigh
23Filechannels/chan_skinny.cpredictiveHigh
24Fileclwarn.cgipredictiveMedium
25Filecoders/dcm.cpredictiveMedium
26Filecomment_add.asppredictiveHigh
27Filecontent.phppredictiveMedium
28FilexxxxxxxpredictiveLow
29Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxxx.xxxpredictiveMedium
32Filexxxx/xxxxxxx.xxxpredictiveHigh
33Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveHigh
34Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveHigh
35Filexxxxxxx/xxxx/xxxx_xxxxxxxxx_xxxxx.xpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxx.xxxpredictiveMedium
38Filexxxxxxxxx.xxxxpredictiveHigh
39Filexxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxpredictiveMedium
41Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
42Filexx/xxxxxxxxx.xpredictiveHigh
43Filexxxxxxxxx.xxx.xxxpredictiveHigh
44Filexx.xxxxxxx.xxxxxxx.xxxpredictiveHigh
45Filexxxxxxx-xxxxxx/xxxxxxxx/xxxxx/xxxxxxxx/xxxxxxx_xxxxxxx.xxxpredictiveHigh
46Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxxxx_xxxxx.xxxpredictiveHigh
49Filexxxxxxxx/xxxx/xxxx.xxpredictiveHigh
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxxxxx-xxxxx-xxxxxxxx.xpredictiveHigh
52Filexx.xxpredictiveLow
53Filexxxxxx.xxxpredictiveMedium
54Filexxx/xxxxxx.xxxpredictiveHigh
55Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
56Filexxxxxxx.xxxpredictiveMedium
57Filexxxxxxx/xxxxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
58Filexxxxx.xxxpredictiveMedium
59Filexxxxx.xxxxxxx.xxxpredictiveHigh
60Filexxxx_xxxxxxx.xxxpredictiveHigh
61Filexxxx_xxxx.xxxpredictiveHigh
62Filexxxxxx.xpredictiveMedium
63Filexxxxxx/xxxx/xxxxxxxxxxx.xpredictiveHigh
64Filexxxxxxxxxxx/xxxxxx_xxxx.xpredictiveHigh
65Filexxxxxxx/xx_xxx.xpredictiveHigh
66Filexxxx.xxxpredictiveMedium
67Filexxxx_xxxxxxxxx.xxxpredictiveHigh
68Filexxxx.xxxpredictiveMedium
69Filexxxxxx_xxxxx_xxxxxxx.xpredictiveHigh
70Filexxx/xx/xxxxx.xxxpredictiveHigh
71Filexxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxx.xxxx_xxxxxx.xxx/xxxx_xxxxxx.xxxpredictiveHigh
72Filexxx_xxxxx_xxxxxxxx.xpredictiveHigh
73Filexxx_xxxxx_xxxx.xpredictiveHigh
74Filexxxx.xxxpredictiveMedium
75Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
76Filexxxxxxxxxxxx.xxxpredictiveHigh
77Filexxxxxxxxxxxxx.xxxpredictiveHigh
78Filexxxxx.xxxpredictiveMedium
79Filexxxx.xxxpredictiveMedium
80Filexxxxxxx.xxxxxx.xxxpredictiveHigh
81Filexxxxxxxxxx.xxxpredictiveHigh
82Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
83Filexxxxx.xxxpredictiveMedium
84Filexxxxx.xxxpredictiveMedium
85Filexxxxxxxx.xxxpredictiveMedium
86Filexxxxxxxxxx.xxxpredictiveHigh
87Filexxxxxxxx.xxxpredictiveMedium
88Filexxxxxxxx.xxxpredictiveMedium
89Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
90Filexxxxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
91Filexxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
92Filexxxxxxx.xxxpredictiveMedium
93Filexxx.xxxpredictiveLow
94Filexxxxxx/xxxxxxxx.xxxpredictiveHigh
95Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
96Filexxxxx.xxxxxxxpredictiveHigh
97Filexxxx.xxxpredictiveMedium
98Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
99Filexxxxxxxxxxx.xxxpredictiveHigh
100Filexxxxxx.xxxpredictiveMedium
101Filexxxxxxxxxxxxxxxx.xxpredictiveHigh
102Filexxxxxxx/xxxxxx.xxxpredictiveHigh
103Filexxxxx.xxxpredictiveMedium
104Filexxxx-xxxxxxxx.xxxpredictiveHigh
105Filexxxxxxxxxx.xxxpredictiveHigh
106Filexxx.xxxpredictiveLow
107Filexxxxxxxxx.xpredictiveMedium
108Filexxxxxxx.xxxpredictiveMedium
109Filexxxx/xxxxxxxx.xxxpredictiveHigh
110Filexxxxxxxxx.xxxpredictiveHigh
111Filexxxxxxxxx.xxxpredictiveHigh
112Filexxxxxxx.xxxpredictiveMedium
113Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
114Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveHigh
115Filexx-xxxxx.xxxpredictiveMedium
116Filexx-xxxxxxxxxxx.xxxpredictiveHigh
117Filexx-xxxxxxxx.xxxpredictiveHigh
118Libraryxxxx/xxx/xxxxxx/xx-xxxx-xxxxxx.xxxpredictiveHigh
119Libraryxxxxxx.xxxpredictiveMedium
120Libraryxxxxxxxxx/xxxxxx_xxxxxxxxxxx.xxx.xxxpredictiveHigh
121Libraryxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxx.xpredictiveHigh
122Libraryxxxx.xxxpredictiveMedium
123Libraryxx/xxx.xxx.xxxpredictiveHigh
124Argument$xxxxpredictiveLow
125Argument-xpredictiveLow
126Argumentxxx_xxxxpredictiveMedium
127ArgumentxxxxxxpredictiveLow
128ArgumentxxxxpredictiveLow
129ArgumentxxxxxxxxpredictiveMedium
130ArgumentxxxxxxxxpredictiveMedium
131ArgumentxxxxxxpredictiveLow
132ArgumentxxxpredictiveLow
133ArgumentxxxxxpredictiveLow
134Argumentxxx_xxpredictiveLow
135ArgumentxxxpredictiveLow
136Argumentxxxx_xxpredictiveLow
137ArgumentxxxxxxpredictiveLow
138ArgumentxxxxxxxxxxxxxpredictiveHigh
139Argumentxxxxxx[xxxx]predictiveMedium
140Argumentxxxxxxx-xxxxxxpredictiveHigh
141ArgumentxxxxpredictiveLow
142ArgumentxxxxxpredictiveLow
143ArgumentxxxpredictiveLow
144ArgumentxxxxpredictiveLow
145ArgumentxxxxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxpredictiveMedium
147ArgumentxxxxpredictiveLow
148Argumentxxxx_xxxxxpredictiveMedium
149ArgumentxxxxpredictiveLow
150ArgumentxxxxpredictiveLow
151ArgumentxxxxxxxxpredictiveMedium
152ArgumentxxpredictiveLow
153Argumentxx_xxxxpredictiveLow
154ArgumentxxxxxxxxxxpredictiveMedium
155Argumentxxxxxxx_xxxxpredictiveMedium
156Argumentxxxx_xxpredictiveLow
157ArgumentxxxxpredictiveLow
158Argumentxxxx_xxxxx/xxxx_xxxxxxxxpredictiveHigh
159Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
160ArgumentxxxxpredictiveLow
161ArgumentxxxxpredictiveLow
162ArgumentxxpredictiveLow
163ArgumentxxxxxxpredictiveLow
164Argumentxxxx_xxxxpredictiveMedium
165ArgumentxxxxxxxxpredictiveMedium
166ArgumentxxpredictiveLow
167Argumentxxxxxxx_xxxpredictiveMedium
168Argumentxx_xxxxpredictiveLow
169ArgumentxxxxxpredictiveLow
170ArgumentxxxxxxpredictiveLow
171ArgumentxxxxxxpredictiveLow
172Argumentxxxxxxx_xxpredictiveMedium
173ArgumentxxxxxxxxpredictiveMedium
174ArgumentxxxxxpredictiveLow
175ArgumentxxxpredictiveLow
176Argumentxxxx_xxxxxpredictiveMedium
177ArgumentxxxpredictiveLow
178ArgumentxxxxxxpredictiveLow
179Argumentxxxx_xxxxpredictiveMedium
180ArgumentxxpredictiveLow
181ArgumentxxxxxxxxxpredictiveMedium
182ArgumentxxxxxxxxxxpredictiveMedium
183Argumentxxxxx_xxxpredictiveMedium
184ArgumentxxxpredictiveLow
185Argumentxxxxx_xxpredictiveMedium
186ArgumentxxxxxpredictiveLow
187ArgumentxxxpredictiveLow
188ArgumentxxxpredictiveLow
189ArgumentxxxxpredictiveLow
190ArgumentxxxxxxxxpredictiveMedium
191Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
192Argumentxxxx_xxxxxpredictiveMedium
193Argumentxxxx->xxxxxxxpredictiveHigh
194Argument\xxxxxx\predictiveMedium
195Input Value%xxpredictiveLow
196Input Value%xx%xx%xxpredictiveMedium
197Input Valuexxxxxxxxxx' xxx xxxx=xxxx xxx 'xxxx'='xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!