APT35 تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (101)

اللغة

en	102

البلد

de	94
us	8

الفاعلين

APT17	1
IRGC	1

الاهتمام

النوع

Groupware Software	2
Not Defined	2
Remote Access Software	2
Server Management Software	2

المجهز

Microsoft	2
DZCP	2
SonicWALL	2
VMware	2

منتج

Microsoft Exchange Server	2
DZCP deV!L`z Clanportal	2
SonicWALL Secure Remote Access	2
VMware vCenter Server	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.81	0.00943	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
3	jforum User تجاوز الصلاحيات	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00289	CVE-2019-7550
4	SonicWALL Secure Remote Access سكربتات مشتركة	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.03350	CVE-2021-20028
5	SonicWall SSLVPN SMA100 حقن إس كيو إل	7.3	7.1	$0-$5k	$0-$5k	Functional	Not Defined	0.02	0.02628	CVE-2021-20016
6	Microsoft Exchange Server Privilege Escalation	9.0	8.2	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00	0.00223	CVE-2022-21969
7	VMware vCenter Server Analytics Service تجاوز الصلاحيات	8.6	8.5	$5k-$25k	$0-$5k	Functional	Official Fix	0.02	0.97389	CVE-2021-22005

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	حملات	Identified	النوع	الثقة
1	107.173.231.114	107-173-231-114-host.colocrossing.com	APT35		26/04/2022	verified	عالي
2	XXX.XXX.XX.XXX	xxxxxx.xxx.xx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxx		26/04/2022	verified	عالي

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1059	CWE-94	Argument Injection	predictive	عالي
2	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
5	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	data/gbconfiguration.dat	predictive	عالي
2	File	xxx/xxxxxx.xxx	predictive	عالي
3	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	عالي
4	Argument	xxxxxxxx	predictive	متوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!