APT2 تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (94)

التسلسل الزمني

اللغة

en74
zh14
es6

البلد

cn84
us4
fj4

الفاعلين

APT25

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined32
Web Browser10
Operating System8
Router Operating System4
Project Management Software4

المجهز

Not Defined26
Microsoft10
Mozilla4
Cisco4
Oracle4

منتج

Microsoft Internet Explorer6
Mozilla Firefox4
Microsoft Windows4
Dropbear SSH2
Thomas Loeffler twittersearch2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Zoho ManageEngine Applications Manager Agent.java حقن إس كيو إل7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00273CVE-2019-19650
2Cisco ASA/Firepower Threat Defense RSA Key الكشف عن المعلومات6.26.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00163CVE-2022-20866
3TikiWiki tiki-register.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix8.620.01009CVE-2006-6168
4Spring Boot Admins Notifier env تجاوز الصلاحيات7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00262CVE-2022-46166
5ASUS RT-AC51U Network Request سكربتات مشتركة3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00062CVE-2023-29772
6Zoho ManageEngine Desktop Central HTTP Redirect الكشف عن المعلومات3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00667CVE-2022-23779
7Dropbear SSH dropbearconvert تجاوز الصلاحيات8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00956CVE-2016-7407
8MediaTek MT6983 tinysys تلف الذاكرة5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00042CVE-2023-20621
9Router/Firewall Routing تجاوز الصلاحيات7.37.1$0-$5k$0-$5kNot DefinedWorkaround0.000.01500CVE-1999-0510
10Kibana Region Map سكربتات مشتركة4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00054CVE-2019-7621
11Apple Mac OS X Server Wiki Server سكربتات مشتركة4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.000.00263CVE-2009-2814
12ajenti API تجاوز الصلاحيات7.16.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.070.01285CVE-2019-25066
13Oracle MySQL Server InnoDB Privilege Escalation9.19.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01381CVE-2016-9843
14Redmine Issues API تجاوز الصلاحيات7.67.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00144CVE-2021-30164
15Google Go WASM module تلف الذاكرة5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00605CVE-2021-38297
16D-Link DIR-867/DIR-878/DIR-882 Remote Code Execution7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00240CVE-2020-8863
17Ruckus Wireless C110 webs الكشف عن المعلومات6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00491CVE-2020-13918
18Cisco IOS XE Easy Virtual Switching System تلف الذاكرة8.98.5$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.00438CVE-2021-1451
19NullSoft WinAmp تلف الذاكرة10.09.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.03838CVE-2009-1788

حملات (1)

These are the campaigns that can be associated with the actor:

  • Putter Panda

IOC - Indicator of Compromise (42)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
131.170.110.163io.uu3.netAPT2Putter Panda01/01/2021verifiedعالي
258.196.156.15APT2Putter Panda01/01/2021verifiedعالي
359.120.168.19959-120-168-199.hinet-ip.hinet.netAPT220/12/2020verifiedعالي
461.34.97.69APT220/12/2020verifiedعالي
561.74.190.14APT220/12/2020verifiedعالي
661.78.37.121APT220/12/2020verifiedعالي
761.78.75.96APT220/12/2020verifiedعالي
861.221.54.9961-221-54-99.hinet-ip.hinet.netAPT220/12/2020verifiedعالي
967.42.255.50mail.provocc.orgAPT220/12/2020verifiedعالي
10XXX.XX.XXX.XXXxxxxxxx.xxxxxx.xxXxxxXxxxxx Xxxxx01/01/2021verifiedعالي
11XXX.XXX.XXX.XXXXxxx20/12/2020verifiedعالي
12XXX.XXX.XXX.XXXxxxxxxx.xxxx.xxx.xxxxx.xxxXxxx20/12/2020verifiedعالي
13XXX.XXX.XX.XXXxxxxxxxx.xx.xxx.xxx.xxXxxx20/12/2020verifiedعالي
14XXX.XXX.XX.Xxxxxxxxxxx.xx.xxx.xxx.xxXxxx20/12/2020verifiedعالي
15XXX.XXX.XX.XXXxx-xx-xxx.xx.xxxx.xxx.xxXxxx20/12/2020verifiedعالي
16XXX.XXX.XXX.XXxxxxxxx.xx.xxxx.xxx.xxXxxx20/12/2020verifiedعالي
17XXX.XXX.XX.XXxxxxxxxxx.xxxx.xxx.xxXxxx20/12/2020verifiedعالي
18XXX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxx.xxxxx.xxxXxxx20/12/2020verifiedعالي
19XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxXxxx20/12/2020verifiedعالي
20XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxXxxx20/12/2020verifiedعالي
21XXX.XXX.XXX.XXxxx20/12/2020verifiedعالي
22XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxxxxx.xxxXxxx20/12/2020verifiedعالي
23XXX.XXX.XX.XXXxxxx.xxxxxxxxx.xxxxxxx.xx.xxXxxx20/12/2020verifiedعالي
24XXX.XX.XXX.XXXxxxxxxxxxx.xxxXxxx20/12/2020verifiedعالي
25XXX.XXX.XXX.XXXXxxx20/12/2020verifiedعالي
26XXX.XXX.XX.XXXxxx20/12/2020verifiedعالي
27XXX.X.XX.XXXxxx20/12/2020verifiedعالي
28XXX.X.XX.XXXxxx20/12/2020verifiedعالي
29XXX.XX.XXX.XXXXxxx20/12/2020verifiedعالي
30XXX.XXX.XX.XXxxxxx-xxx-xx-xx.xxxx.xxxxxx.xxxx.xxx.xxXxxx20/12/2020verifiedعالي
31XXX.XX.XX.XXxxx-xx-xx-xx.xxxxx-xx.xxxxx.xxxXxxx20/12/2020verifiedعالي
32XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxxXxxx20/12/2020verifiedعالي
33XXX.XX.XXX.XXXxxx20/12/2020verifiedعالي
34XXX.XXX.XXX.XXXxxxx.xxxxxxxxx.xxXxxx20/12/2020verifiedعالي
35XXX.XXX.XXX.XXXxxxxxxx.xxxxxxxxx.xxx.xxXxxxXxxxxx Xxxxx01/01/2021verifiedعالي
36XXX.XXX.XX.XXXxxx20/12/2020verifiedعالي
37XXX.XXX.XX.XXXXxxx20/12/2020verifiedعالي
38XXX.XXX.XX.XXXxxx20/12/2020verifiedعالي
39XXX.XXX.XX.XXXxxx20/12/2020verifiedعالي
40XXX.XXX.XX.XXXXxxx20/12/2020verifiedعالي
41XXX.XXX.XXX.XXxxx20/12/2020verifiedعالي
42XXX.XXX.XX.XXXXxxx20/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
6TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
7TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
9TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
10TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/blog/blogcategory/add/?_to_field=id&_popup=1predictiveعالي
2File/bin/boapredictiveمتوسط
3File/DOWN/FIRMWAREUPDATE/ROM1predictiveعالي
4File/envpredictiveواطئ
5Filexxxxx/xxxxx/xxxxxxxxx.xxxxpredictiveعالي
6Filexxxxxxxx.xxxpredictiveمتوسط
7Filexxxxxx-xxxxxx.xxxxpredictiveعالي
8Filexxxxxxxxxx.xxxpredictiveعالي
9Filexxxx/xxxxxxxxxxxx.xxxpredictiveعالي
10Filexxxxxxx/xxx/xxxxxxxxx/xxxxx.xpredictiveعالي
11Filexxxxxxxx/xxxx/xxxxxxxx.xxxpredictiveعالي
12Filexxxxxxxx/xxxx.xxx.xxxpredictiveعالي
13Filexxxxx.xxxpredictiveمتوسط
14Filexxx_xxxxxxxx.xpredictiveعالي
15Filexxxxxx/xxxxx.xxxpredictiveعالي
16Filexxxx-xxxxxxxx.xxxpredictiveعالي
17Filexxxxxxx_xxx.xxxpredictiveعالي
18Libraryxxx_xxxxx_xxxxxxxpredictiveعالي
19Libraryxxxxxxxx.xxxpredictiveمتوسط
20Argumentxxxxxxxpredictiveواطئ
21Argumentxxxxxxxxxxxxxpredictiveعالي
22Argumentxxxxxxx-xxxxxxpredictiveعالي
23Argumentxxx_xxxxpredictiveمتوسط
24Argumentxxxxxxxxpredictiveمتوسط
25Argumentxxxxx_xxpredictiveمتوسط
26Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveعالي
27Argumentxxxx_xxxxxxpredictiveمتوسط
28Argumentxxxxxxpredictiveواطئ
29Argumentxxxxxxxpredictiveواطئ
30Argumentxxxxxpredictiveواطئ
31Argumentxxxxpredictiveواطئ
32Argumentxxxxxxxxpredictiveمتوسط
33Patternxxxxxxx-xxxxxx|xx|predictiveعالي

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!