APT15 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (6)

Sprache

en	6

Land

cn	2

Akteure

APT15	1

Interesse

Typ

Operating System	2
Not Defined	2
Unified Communication Software	2

Hersteller

Microsoft	4
Cisco	2

Produkt

Microsoft Windows	2
Microsoft Indexing Service	2
Cisco WebEx Meeting Center	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Microsoft Indexing Service ISAPI Extension idq.dll Pufferüberlauf	10.0	9.5	$100k und mehr	$0-$5k	High	Official Fix	0.00	0.96728	CVE-2001-0500
2	CloudBees Jenkins CLI Subsystem commons-collections-*.jar Serialized erweiterte Rechte	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00	0.80770	CVE-2015-8103
3	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.7	$100k und mehr	$5k-$25k	Functional	Official Fix	0.00	0.00044	CVE-2022-24521
4	Cisco WebEx Event Center Information Disclosure	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00084	CVE-2017-12365
5	Cisco WebEx Meeting Center Access Control erweiterte Rechte	5.7	5.7	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.04	0.00091	CVE-2017-12297
6	Microsoft NuGet/ADAL.NET Azure Active Directory erweiterte Rechte	7.5	7.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00	0.00123	CVE-2019-1258

Kampagnen (1)

These are the campaigns that can be associated with the actor:

Ke3chang

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	45.56.84.25	45-56-84-25.ip.linodeusercontent.com	APT15		12.02.2024	verifiziert	High
2	XX.XXX.XXX.XX		Xxxxx	Xxxxxxxx	01.01.2021	verifiziert	High
3	XXX.XXX.XXX.XXX		Xxxxx	Xxxxxxxx	01.01.2021	verifiziert	High

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1068	CWE-264	Execution with Unnecessary Privileges	prädiktiv	High
2	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
3	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	Library	idq.dll	prädiktiv	Low
2	Library	xxxxxxx/xxxx/xxx-xxx/xxx/xxxxxxx-xxxxxxxxxxx-*.xxx	prädiktiv	High

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!