APT37 تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (117)

التسلسل الزمني

اللغة

en92
de24
es2

البلد

us96
pl10
ru8
vn2

الفاعلين

APT372
Cobalt Strike1
STRRAT1
BumbleBee1
Houdini1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined20
Database Administration Software4
Programming Language Software4
Forum Software2
NPM Package2

المجهز

Not Defined20
RDM4
Siemens4
DZCP2
Lars Ellingsen2

منتج

RDM Intuitive 650 TDB Controller4
Siemens EN100 Ethernet Module4
phpMyAdmin4
PHP4
phpBB2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1PHP phpinfo سكربتات مشتركة4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.160.02101CVE-2007-1287
2Lars Ellingsen Guestserver guestbook.cgi سكربتات مشتركة4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.120.00169CVE-2005-4222
3RDM Intuitive 650 TDB Controller Password تجاوز الصلاحيات7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00206CVE-2016-4505
4Siemens EN100 Ethernet Module Web Server Memory الكشف عن المعلومات5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00516CVE-2016-4785
5DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.430.00943CVE-2010-0966
6Siemens EN100 Ethernet Module Web Server الكشف عن المعلومات5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00516CVE-2016-4784
7RDM Intuitive 650 TDB Controller طلب تزوير مشترك6.15.8$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00069CVE-2016-4506
8TikiWiki tiki-register.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix8.580.01009CVE-2006-6168
9LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable5.090.00000
10MGB OpenSource Guestbook email.php حقن إس كيو إل7.37.3$0-$5k$0-$5kHighUnavailable0.740.01302CVE-2007-0354
11FLDS redir.php حقن إس كيو إل7.37.3$0-$5k$0-$5kHighUnavailable0.160.00203CVE-2008-5928
12SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php حقن إس كيو إل7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00135CVE-2023-2090
13Apple Mac OS X Server Wiki Server حقن إس كيو إل5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix2.680.00339CVE-2015-5911
14Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit سكربتات مشتركة3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00073CVE-2018-25085
15PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00348CVE-2015-4134
16Winn Winn GuestBook addPost سكربتات مشتركة4.34.1$0-$5kجاري الحسابHighOfficial Fix0.020.00336CVE-2011-5026
17Cplinks cpDynaLinks category.php حقن إس كيو إل7.37.1$0-$5kجاري الحسابHighUnavailable0.020.00387CVE-2007-5408
18vldPersonals index.php سكربتات مشتركة4.33.9$0-$5kجاري الحسابProof-of-ConceptOfficial Fix0.040.00155CVE-2014-9004
19esoftpro Online Guestbook Pro ogp_show.php حقن إس كيو إل7.37.1$0-$5k$0-$5kHighUnavailable0.060.00135CVE-2010-4996
20PHP locale_methods.c get_icu_disp_value_src_php تلف الذاكرة8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01086CVE-2014-9912

حملات (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
134.13.42.35APT37Scarcruft15/12/2020verifiedعالي
2120.192.73.202APT37Scarcruft15/12/2020verifiedعالي
3XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxx-xxxXxxxx18/03/2024verifiedعالي
4XXX.XXX.XX.XXXxxxxXxxxxxxxx15/12/2020verifiedعالي
5XXX.XXX.XX.XXXXxxxxXxxxx#xxxxx26/07/2022verifiedعالي
6XXX.X.XXX.XXxxx-x-xxx-xx.xxxxxx.xxXxxxxXxxxxxxx15/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059CWE-94Argument Injectionpredictiveعالي
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
6TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/maintenance/view_designation.phppredictiveعالي
2File/forum/away.phppredictiveعالي
3Fileadclick.phppredictiveمتوسط
4Filecategory.phppredictiveمتوسط
5Filexxxxx.xxxpredictiveمتوسط
6Filexxxxxxxx/xxxxxx.xxxpredictiveعالي
7Filexxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveعالي
8Filexxxxxxxxxxx.xxxpredictiveعالي
9Filexxxx.xxxpredictiveمتوسط
10Filexxxxxxxxx.xxxpredictiveعالي
11Filexxx/xxxxxx.xxxpredictiveعالي
12Filexxxxxxxx/xxxxxxx.xxxpredictiveعالي
13Filexxxxx.xxxpredictiveمتوسط
14Filexxxxxxxxx/xxxxxx.xxxpredictiveعالي
15Filexxx_xxxx.xxxpredictiveمتوسط
16Filexxxxx.xxxpredictiveمتوسط
17Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveعالي
18Filexxxx-xxxxxxxx.xxxpredictiveعالي
19Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
20Argumentxxxxxxxxpredictiveمتوسط
21Argumentxxxxxxxxpredictiveمتوسط
22Argumentxxxxpredictiveواطئ
23Argumentxxpredictiveواطئ
24Argumentxxxpredictiveواطئ
25Argumentxxxxpredictiveواطئ
26Argumentxxxxxxxxpredictiveمتوسط
27Argumentxxxxxxpredictiveواطئ
28Argumentxxxxxxxxpredictiveمتوسط
29Argumentxxxpredictiveواطئ

المصادر (5)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Interested in the pricing of exploits?

See the underground prices here!