APT17 تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

التسلسل الزمني

اللغة

en212
ja16
zh10
es4
it2

البلد

us104
de82
cn30
jp18
it2

الفاعلين

APT179
Cobalt Strike3
FunnySwitch2
Sandworm Team1
TAG-531

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined36
Content Management System16
Router Operating System6
Operating System6
Network Attached Storage Software4

المجهز

Not Defined42
QNAP4
Cisco4
Fortinet4
Microsoft4

منتج

WordPress10
WeiPHP4
QNAP QTS4
Fortinet FortiOS4
Fortinet FortiProxy4

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.75CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25kجاري الحسابHighWorkaround0.020160.00CVE-2007-1192
3jforum User تجاوز الصلاحيات5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
4ESET Server Security for Linux تجاوز الصلاحيات7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.06CVE-2023-2847
5CrowdStrike Falcon Uninstallation تجاوز الصلاحيات3.53.5$0-$5k$0-$5kFunctionalOfficial Fix0.012900.18CVE-2022-2841
6Postfix Admin functions.inc.php حقن إس كيو إل7.37.0$5k-$25k$0-$5kHighOfficial Fix0.002530.03CVE-2014-2655
7SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php تجاوز الصلاحيات6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000451.19CVE-2024-1875
8OPNsense تجاوز الصلاحيات7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001220.04CVE-2023-39008
9Fortinet FortiOS/FortiProxy HA Request تجاوز الصلاحيات8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.04CVE-2023-44250
10jQuery Cookie Prototype سكربتات مشتركة3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000680.05CVE-2022-23395
11Flexera FlexNet Publisher Command lmadmin.exe تجاوز الصلاحيات6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001030.00CVE-2019-8960
12ESET NOD32 Antivirus File تجاوز الصلاحيات7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2023-3160
13Citrix StoreFront SAML Authentication سكربتات مشتركة3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2022-27503
14QNAP QTS/QuTS hero/QuTScloud تجاوز الصلاحيات9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.02CVE-2023-23368
15cURL SOCKS5 Proxy تلف الذاكرة4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003190.02CVE-2023-38545
16Fortinet FortiOS prof-admin Profile تجاوز الصلاحيات7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.03CVE-2023-41841
17Juniper Junos OS J-Web ثغرات غير معروفة5.35.2$5k-$25k$0-$5kHighOfficial Fix0.966630.04CVE-2023-36845
18QNAP QTS/QuTS Hero تشفير ضعيف4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.00CVE-2023-34972
19Hitachi Energy TXpert Hub CoreTec 4 تجاوز الصلاحيات8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-2625
20Trend Micro Apex One/Apex One as a Service Management Server اجتياز الدليل8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.002150.00CVE-2023-32557

حملات (1)

These are the campaigns that can be associated with the actor:

  • CCleaner

IOC - Indicator of Compromise (21)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
11.234.52.111APT1715/12/2020verifiedعالي
28.9.11.1308.9.11.130.vultr.comAPT1705/03/2022verifiedمتوسط
345.76.6.14945.76.6.149.vultr.comAPT1705/03/2022verifiedمتوسط
445.76.31.15945.76.31.159.vultr.comAPT1705/03/2022verifiedمتوسط
569.80.72.165APT1715/12/2020verifiedعالي
6XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxx05/03/2022verifiedعالي
7XXX.XXX.XX.XXxxxxxxxxxx.xxxxx.xxXxxxx15/12/2020verifiedعالي
8XXX.XXX.XX.XXXxxxxxxxxxxxxxx.xxxxx.xxXxxxx15/12/2020verifiedعالي
9XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx05/03/2022verifiedعالي
10XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxx05/03/2022verifiedمتوسط
11XXX.XX.XXX.XXXxxxx15/12/2020verifiedعالي
12XXX.XXX.XX.XXXxxxxxxx.xxxxxxxx.xx.xx-xxx.xx.xxXxxxx15/12/2020verifiedعالي
13XXX.XXX.XXX.XXXXxxxx05/03/2022verifiedعالي
14XXX.XXX.XXX.XXXxxxx15/12/2020verifiedعالي
15XXX.XXX.XX.XXxxxxxxx.xxxx.xxXxxxx15/12/2020verifiedعالي
16XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxx05/03/2022verifiedمتوسط
17XXX.XX.XX.XXxxx.xx.xx.xx.xxxxx.xxxXxxxx05/03/2022verifiedمتوسط
18XXX.XXX.XXX.XXXXxxxx15/12/2020verifiedعالي
19XXX.XX.XX.XXXXxxxx15/12/2020verifiedعالي
20XXX.XXX.XXX.XXXXxxxxXxxxxxxx23/12/2020verifiedعالي
21XXX.XXX.XXX.XXXxxxx15/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1T1006CAPEC-126CWE-22Path Traversalpredictiveعالي
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CAPEC-242CWE-94Argument Injectionpredictiveعالي
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXX.XXXCAPEC-CWE-XXXXxx-xxx Xxxx Xxxxxxx Xxxxpredictiveعالي
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
11TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictiveعالي
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictiveعالي
14TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
16TXXXX.XXXCAPEC-459CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveعالي
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (56)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File.htaccesspredictiveمتوسط
2File/api/cron/settings/setJob/predictiveعالي
3File/api/DownloadUrlResponse.ashxpredictiveعالي
4File/wbg/core/_includes/authorization.inc.phppredictiveعالي
5Fileaddentry.phppredictiveمتوسط
6Filedata/gbconfiguration.datpredictiveعالي
7Filedetail.phppredictiveمتوسط
8Filexxxxxxxxx.xxx.xxxpredictiveعالي
9Filexxxxxx/xxxxxxxxxxxxpredictiveعالي
10Filexxxx.xxxpredictiveمتوسط
11Filexxxxxxxxx.xxxpredictiveعالي
12Filexxx/xxxxxx.xxxpredictiveعالي
13Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveعالي
14Filexxxxxxxxxx/xxxxxxx.xpredictiveعالي
15Filexxxxxxx.xxxpredictiveمتوسط
16Filexxxxxxx.xxxpredictiveمتوسط
17Filexxx_xx_xx_xxxxxxxx.xxxpredictiveعالي
18Filexxxxx.xxxpredictiveمتوسط
19Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictiveعالي
20Filexxxxxxxx.xxxpredictiveمتوسط
21Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveعالي
22Filexxxx.xpredictiveواطئ
23Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveعالي
24Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictiveعالي
25Filexxxxxxxx.xxxxx.xxxpredictiveعالي
26Filexxxxx.xxxpredictiveمتوسط
27Filexxxxxxx/xxxxxxxx.xxxpredictiveعالي
28Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveعالي
29Filexxxxx.xxxpredictiveمتوسط
30Filexx-xxxxx/xxxxx.xxxpredictiveعالي
31Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictiveعالي
32Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
33Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveعالي
34Filexx-xxxxx.xxxpredictiveمتوسط
35Libraryxxxxxxxx.xxxpredictiveمتوسط
36Argumentxx_xxxxx_xxx_xxxxpredictiveعالي
37Argumentxxxxxxxxpredictiveمتوسط
38Argumentxxxxxxxxxxpredictiveمتوسط
39Argumentxxxxxxxpredictiveواطئ
40Argumentxxxxpredictiveواطئ
41Argumentxxxxpredictiveواطئ
42Argumentxxxxpredictiveواطئ
43Argumentxxxxpredictiveواطئ
44Argumentxxxxpredictiveواطئ
45Argumentxxxx/xxxxxxxxxxxpredictiveعالي
46Argumentxxxxxpredictiveواطئ
47Argumentxxxxxxxxxxpredictiveمتوسط
48Argumentxxxx_xxxxxpredictiveمتوسط
49Argumentxxxxxxxpredictiveواطئ
50Argumentxxxx_xxpredictiveواطئ
51Argumentxxxpredictiveواطئ
52Argumentxxx_xxxxxpredictiveمتوسط
53Argumentx_xxxxpredictiveواطئ
54Argument\xxxxxx\predictiveمتوسط
55Argument_xxx_xxxxxxxxxxx_predictiveعالي
56Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveعالي

المصادر (4)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!