APT37 Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (144)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en80
de36
zh22
pl4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA90
CN: China22
PL: Poland20
RU: Russia8
ID: Indonesia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

APT373
Cobalt Strike1
STRRAT1
Feodo1
Houdini1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined28
Content Management System8
Groupware Software4
Policy Management Software2
Router Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Siemens4
ONLYOFFICE4
Synacor4
DZCP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Siemens EN100 Ethernet Module4
ONLYOFFICE Document Server4
Synacor Zimbra Collaboration4
FLDS2
TikiWiki2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1PHP phpinfo cross site scripting4.33.9$5k-$10k$0-$1kProof-of-ConceptOfficial fix 0.140280.87CVE-2007-1287
2Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$1k-$2k$0-$1kNot definedNot defined 0.002970.10CVE-2005-4222
3RDM Intuitive 650 TDB Controller Password access control7.57.2$2k-$5k$0-$1kNot definedOfficial fix 0.002270.07CVE-2016-4505
4Siemens EN100 Ethernet Module Web Server Memory information disclosure5.35.2$5k-$10k$0-$1kNot definedOfficial fix 0.009370.00CVE-2016-4785
5DZCP deV!L`z Clanportal config.php code injection7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial fix 0.009700.78CVE-2010-0966
6Siemens EN100 Ethernet Module Web Server information disclosure5.35.2$5k-$10k$0-$1kNot definedOfficial fix 0.009370.02CVE-2016-4784
7RDM Intuitive 650 TDB Controller cross-site request forgery6.15.8$1k-$2k$0-$1kNot definedOfficial fix 0.000560.00CVE-2016-4506
8TikiWiki tiki-register.php input validation7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial fix 0.042772.26CVE-2006-6168
9LogicBoard CMS away.php redirect6.36.1$2k-$5k$0-$1kNot definedUnavailable 0.000001.88
10MGB OpenSource Guestbook email.php sql injection7.37.3$2k-$5k$0-$1kHighUnavailablepossible0.016860.16CVE-2007-0354
11FLDS redir.php sql injection7.37.3$2k-$5k$0-$1kHighUnavailablepossible0.002020.16CVE-2008-5928
12SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$1k-$2k$0-$1kProof-of-ConceptNot defined 0.000530.10CVE-2023-2090
13Apple Mac OS X Server Wiki Server sql injection5.34.6$10k-$25k$0-$1kUnprovenOfficial fix 0.005530.87CVE-2015-5911
14Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$1k$0-$1kNot definedOfficial fix 0.002970.09CVE-2018-25085
15PHPWind goto.php redirect6.36.3$1k-$2k$0-$1kNot definedNot defined 0.003650.18CVE-2015-4134
16D-Link DIR-850L category_view.php improper authentication8.58.2$10k-$25k$0-$1kProof-of-ConceptNot definedexpected0.898940.07CVE-2018-9032
17Winn Winn GuestBook addPost cross site scripting4.34.1$0-$1k$0-$1kHighOfficial fixpossible0.005740.02CVE-2011-5026
18WordPress path traversal5.75.5$5k-$10k$0-$1kProof-of-ConceptOfficial fixpossible0.698850.43CVE-2023-2745
19Cacti graph_view.php sql injection8.58.4$1k-$2k$0-$1kNot definedOfficial fixexpected0.933600.11CVE-2023-39361
20Cplinks cpDynaLinks category.php sql injection7.37.1$2k-$5k$0-$1kHighUnavailablepossible0.003720.11CVE-2007-5408

Campaigns (4)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.13.42.35APT37Scarcruft12/15/2020verifiedLow
2120.192.73.202APT37Scarcruft12/15/2020verifiedLow
3XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxx-xxxXxxxx03/18/2024verifiedHigh
4XXX.XXX.XX.XXXxxxxXxxxxxxxx12/15/2020verifiedLow
5XXX.XXX.XX.XXXXxxxxXxxxx#xxxxx07/26/2022verifiedMedium
6XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxXxxxxxxx Xxxxx10/04/2024verifiedHigh
7XXX.X.XXX.XXxxx-x-xxx-xx.xxxxxx.xxXxxxxXxxxxxxx12/15/2020verifiedLow

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/category_view.phppredictiveHigh
3File/forum/away.phppredictiveHigh
4File/uploadpredictiveLow
5Fileadclick.phppredictiveMedium
6Fileadmin/inst_lang.phppredictiveHigh
7Filexxxxxxxx.xxxpredictiveMedium
8Filexxx/xxxxxxx.xxpredictiveHigh
9Filexxxxxxx.xxxxpredictiveMedium
10Filexxxxx.xxxpredictiveMedium
11Filexxxxxxxx/xxxxxx.xxxpredictiveHigh
12Filexxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveHigh
13Filexxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx.xxxpredictiveMedium
15Filexxxxx_xxxx.xxxpredictiveHigh
16Filexxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxx.xxxpredictiveHigh
19Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxxxx/xxxxxx.xxxpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxx.xxxxxx.xxpredictiveHigh
24Filexxx_xxxx.xxxpredictiveMedium
25Filexxxxx.xxxpredictiveMedium
26Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
27Filexxxxxx\xxxxxxxx\xx_xxxxx_xxxxxxx.xxxpredictiveHigh
28Filexxxx-xxxxxxxx.xxxpredictiveHigh
29Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
30Libraryxxx/xxxxxx/xxxxxxxxx.xxpredictiveHigh
31ArgumentxxxxxxxxpredictiveMedium
32ArgumentxxxxxxxxpredictiveMedium
33ArgumentxxxxpredictiveLow
34ArgumentxxxxxpredictiveLow
35ArgumentxxpredictiveLow
36Argumentxxxxx_xxxx_xxxxxxpredictiveHigh
37ArgumentxxxpredictiveLow
38ArgumentxxxxpredictiveLow
39ArgumentxxxxxxxxpredictiveMedium
40ArgumentxxxxxxpredictiveLow
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxpredictiveLow

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!