APT38 Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (37)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	38

Country

US: USA	26
KR: South Korea	10
RU: Russia	2

Actors

APT38	2
DPRK	2

Activities

Interest

Timeline

Type

Web Browser	10
Operating System	6
Smartphone Operating System	4
Office Suite Software	4
Not Defined	2

Vendor

Google	12
Microsoft	6
Kingsoft	4
Not Defined	4
Linux	2

Product

Google Chrome	8
Google Android	4
Microsoft Windows	4
Microsoft Edge	2
Kingsoft WPS Office	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	KEV	EPSS	CTI	CVE
1	Microsoft Windows DNSAPI DNSAPI.dll access control	8.3	7.9	$50k-$100k	$10k-$25k	Not defined	Official fix	possible	0.38264	0.02	CVE-2017-11779
2	Microsoft Windows DNSAPI DNSAPI.dll access control	8.1	8.0	$50k-$100k	$10k-$25k	Not defined	Official fix	possible	0.54961	0.02	CVE-2018-8225
3	Google Chrome IPC/Gamepad API/V8 code	7.3	6.4	$50k-$100k	$0-$1k	Unproven	Official fix		0.28721	0.00	CVE-2015-1233
4	Google Chrome Blink doSerialize privileges management	7.3	6.4	$50k-$100k	$0-$1k	Proof-of-Concept	Official fix		0.00000	0.00
5	Google Chrome v8 json-stringifier.h SerializeJSArray memory corruption	7.3	7.0	$50k-$100k	$10k-$25k	Not defined	Official fix		0.13719	0.06	CVE-2015-6764
6	nginx request smuggling	6.9	6.9	$2k-$5k	$0-$1k	Not defined	Not defined		0.00000	0.05	CVE-2020-12440
7	Microsoft Word memory corruption	7.0	6.7	$10k-$25k	$0-$1k	Not defined	Official fix		0.12398	0.09	CVE-2019-1201
8	Microsoft Edge AppContainer Sandbox access control	6.5	6.2	$50k-$100k	$5k-$10k	Not defined	Official fix		0.00663	0.00	CVE-2019-0938
9	WordPress Thumbnail input validation	7.5	7.5	$10k-$25k	$5k-$10k	Not defined	Not defined		0.28868	0.02	CVE-2018-1000773
10	Google Chrome Catalog Service input validation	8.0	7.9	$25k-$50k	$0-$1k	Proof-of-Concept	Official fix		0.00598	0.07	CVE-2018-6055
11	Sir GNUboard sql injection	6.3	5.7	$1k-$2k	$0-$1k	Proof-of-Concept	Not defined		0.00178	0.06	CVE-2014-2339
12	Zakkis Technology Php Excel Parser file inclusion	7.3	6.6	$2k-$5k	$0-$1k	Proof-of-Concept	Unavailable		0.05079	0.00	CVE-2007-2857
13	Microsoft Windows DNSAPI DNSAPI.dll data processing	5.2	5.1	$25k-$50k	$0-$1k	Not defined	Official fix		0.17678	0.05	CVE-2018-8304
14	Oracle HTTP Server Web Listener memory corruption	5.3	5.1	$10k-$25k	$0-$1k	High	Official fix	expected	0.87600	0.04	CVE-2010-0425
15	Kingsoft WPS Office Free WpsCloudSvr access control	6.1	6.1	$1k-$2k	$0-$1k	Not defined	Not defined		0.00047	0.00	CVE-2018-6400
16	Kingsoft WPS Office kso.dll _alloc_iostr_data input validation	4.4	4.4	$0-$1k	$0-$1k	Not defined	Not defined		0.00235	0.00	CVE-2018-6217
17	Google Chrome Sandbox memory corruption	5.3	4.6	$50k-$100k	$5k-$10k	Unproven	Official fix		0.01241	0.00	CVE-2015-1252
18	Microsoft Office memory corruption	7.5	7.2	$10k-$25k	$0-$1k	Not defined	Official fix		0.31895	0.06	CVE-2018-0795
19	OpenSSH Authentication Username information disclosure	5.3	4.8	$10k-$25k	$0-$1k	High	Official fix	expected	0.92487	0.14	CVE-2016-6210
20	Dell EMC Avamar Server/Integrated Data Protection Appliance Installation Manager credentials management	8.5	8.2	$10k-$25k	$0-$1k	Proof-of-Concept	Official fix		0.23085	0.05	CVE-2018-1217

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Actor	Identified	Type	Confidence
1	175.45.176.	APT38	12/12/2020	verified	Low
2	XXX.XX.XXX.	Xxxxx	12/12/2020	verified	Low
3	XXX.XX.XXX.	Xxxxx	12/12/2020	verified	Low
4	XXX.XX.XXX.	Xxxxx	12/12/2020	verified	Low
5	XXX.XX.XXX.	Xxxxx	12/12/2020	verified	Low

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
2	T1068	CAPEC-122	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	predictive	High
3	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
4	TXXXX		CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
6	TXXXX.XXX		CWE-XX	Xxxxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	json-stringifier.h	predictive	High
2	File	mm/memory.c	predictive	Medium
3	File	\\.\pipe\WPSCloudSvr\WpsCloudSvr	predictive	High
4	Library	xxxxxx.xxx	predictive	Medium
5	Library	xxx.xxx	predictive	Low
6	Library	xxxxxx.xxx	predictive	Medium
7	Library	xxxxxx/xxxxxxxxx/xxxxx.xxx	predictive	High
8	Argument	xxxxxxx	predictive	Low
9	Argument	xxxxx->xxxx	predictive	Medium
10	Argument	xxxxxxxx.xxxx	predictive	High
11	Argument	xxxxxx_xxxx	predictive	Medium
12	Argument	xxxxxxxx	predictive	Medium
13	Input Value	xx-xxxx://	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!