APT39 Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en160
es6
it5
fr4
zh3

Country

us101
ru15
ir11
cn10
gb10

Actors

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.80CVE-2020-12440
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.59CVE-2017-0055
4Rust Programming Language Standard Library type_id memory corruption7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-12083
5Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.12CVE-2011-0643
6Lotus Domino Request information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2002-0245
7PHP socket_connect memory corruption7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.03CVE-2011-1938
8Microsoft Windows Remote Procedure Call Runtime Remote Code Execution9.88.9$100k and more$25k-$100kUnprovenOfficial Fix5.65CVE-2022-26809
9Microsoft Windows Image Acquisition Service information disclosure4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2020-1474
10VMware Spring Boot SpringShell code injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.19CVE-2022-22965
11VMware Spring Cloud Function SpEL Expression code injection9.89.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.31CVE-2022-22963
12DUware DUpaypal detail.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.06CVE-2006-6365
13Apache APR-util apr-util apr_rmm.c apr_rmm_realloc numeric error10.09.4$25k-$100k$5k-$25kProof-of-ConceptNot Defined0.06CVE-2009-2412
14WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.31CVE-2022-21664
15Stormshield Network Security SSLVPN Service denial of service3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2022-23989
16Gitea Avatar Middleware pathname traversal5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2021-29134
17Nicotine+ Download Request denial of service3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2021-45848
18Semantic Versioning Plugin Message protection mechanism5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.20CVE-2022-27201
19microweber HTTP integer overflow4.84.8$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2022-0961
20Bareos PAM Authentication authorization6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.08CVE-2022-24755

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Chafer

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (70)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File//etc/RT2870STA.datHigh
2File/admin/index.php?id=themes&action=edit_template&filename=blogHigh
3File/cwp_{SESSION_HASH}/admin/loader_ajax.phpHigh
4File/jquery_file_upload/server/php/index.phpHigh
5File/magnoliaPublic/travel/members/login.htmlHigh
6File/Main_AdmStatus_Content.aspHigh
7File/server-statusHigh
8File/uncpath/Medium
9File/xxx/xxx/xxxxxHigh
10Filexxxxx/xxxx_xxxxx_xxxx.xxxHigh
11Filexxxxx/xxxxx.xxxHigh
12Filexxxxxxxxxx.xxxHigh
13Filexxxxxxxxxxx.xxxHigh
14Filexx_xxxxxxxxxx.xxxHigh
15Filexxxxxxxx.xxxMedium
16Filexxxx/xxxxxxxxxxxxxxx.xxxHigh
17Filexxxxxx.xxxMedium
18Filexxx.xxxLow
19Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxHigh
20Filexxx_xxxxxx.xxxHigh
21Filexxxx_xxxx.xMedium
22Filexxxxxxxx/xxxxx.xxxx-xxx.xxxHigh
23Filexxxxx.xxxMedium
24Filexxxxxx.xMedium
25Filexxxx/xxx_xxx.xHigh
26Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xHigh
27Filexxxxxx.xxxMedium
28Filexxxxxxxxxxxxxx.xxxHigh
29Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]High
30Filexxxxxxxx_xxxx.xxxHigh
31Filexxxxxx.xxxMedium
32Filexxxxx/xxx/xxxx.xHigh
33Filexxxxxx_xxx_xxxxx_xxx.xxxHigh
34Filexxx_xxx_xxxxx.xxxHigh
35Filexxxxxx.xxxMedium
36Filexxxxxx.xxxMedium
37Filexxxxxxxxxxxxxx.xxxHigh
38Filexxxxxxx.xxxMedium
39Filexx-xxxxx/xxxx-xxx.xxxHigh
40Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/High
41Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
42Filexx-xxxxxxxxxxx.xxxHigh
43Libraryxxxxxx.xxxMedium
44Argument$xxxxx_xxxxxxxxxxHigh
45Argument$_xxxxxxxMedium
46ArgumentxxxxxxLow
47ArgumentxxxLow
48ArgumentxxxxxLow
49ArgumentxxxxxxxxxxxxxxxHigh
50Argumentxxxx/xxxxMedium
51ArgumentxxxxLow
52ArgumentxxLow
53ArgumentxxxxxLow
54Argumentxxxx_xxxxxxxMedium
55ArgumentxxxxLow
56ArgumentxxxxxxxxxxMedium
57ArgumentxxxxxxxxxxxxxHigh
58Argumentxxxxxxxxx_xxxxxxxx_xxxxHigh
59Argumentxxxxx_xxxxMedium
60ArgumentxxxxxxxxMedium
61ArgumentxxxxxxxxMedium
62ArgumentxxxxxxxLow
63Argumentxxxx xxxxxMedium
64ArgumentxxxxLow
65ArgumentxxxxxxxxMedium
66ArgumentxxxxxxxxxxMedium
67ArgumentxxxLow
68ArgumentxxxxxxxxMedium
69Network Portxxx/xxxxMedium
70Network Portxxx/xxx (xxx)High

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!