APT16 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (29)

Sprache

en	16
zh	12
pl	2

Land

us	16
cn	14

Akteure

APT16	1
Cobalt Strike	1

Interesse

Typ

Not Defined	12
Operating System	4
Database Software	2
E-Commerce Management Software	2

Hersteller

Not Defined	10
Oracle	2
Apple	2
Esoftpro	2
Thomas R. Pasawicz	2

Produkt

Adult Script Pro	2
Oracle MySQL Server	2
Apple Mac OS X	2
ThinkPHP	2
osCommerce	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	MGB OpenSource Guestbook email.php SQL Injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.68	CVE-2007-0354
3	OpenVPN External Authentication Plug-in schwache Authentisierung	3.7	3.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00502	0.00	CVE-2022-0547
4	XXL-JOB erweiterte Rechte	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00087	0.02	CVE-2022-36157
5	ThinkPHP index.php Privilege Escalation	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00344	0.03	CVE-2021-44892
6	ThinkPHP AbstractCache.php erweiterte Rechte	7.6	7.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00201	0.04	CVE-2022-33107
7	XXL-Job add Cross Site Request Forgery	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.00	CVE-2022-29002
8	Bootstrap add_product.php Cross Site Scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00068	0.03	CVE-2022-26624
9	Yii ActiveRecord.php findByCondition SQL Injection	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00119	0.04	CVE-2018-7269
10	Yii unserialize erweiterte Rechte	7.7	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02822	0.00	CVE-2020-15148
11	Oracle MySQL Server Stored Procedure Denial of Service	4.9	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2022-21534
12	osCommerce currencies.php Reflected Cross Site Scripting	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
13	Microsoft Windows Kernel erweiterte Rechte	8.5	8.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00053	0.00	CVE-2019-0881
14	Esoftpro Online Guestbook Pro ogp_show.php SQL Injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00108	0.85	CVE-2009-4935
15	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.72	CVE-2010-0966
16	DZCP deV!L`z Clanportal browser.php Information Disclosure	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.30	CVE-2007-1167
17	Phorum register.php SQL Injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00509	0.00	CVE-2004-0035
18	Expinion.net News Manager Lite comment_add.asp Cross Site Scripting	4.3	3.8	$0-$5k	$0-$5k	Unproven	Official Fix	0.00607	0.02	CVE-2004-1845
19	Adult Script Pro download SQL Injection	8.5	8.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00224	0.03	CVE-2017-15959
20	Apple Mac OS X File-Sharing fehlerhafte Schreibrechte	3.7	3.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00140	0.00	CVE-2003-0379

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Kampagnen	Identifiziert	Typ	Akzeptanz
1	121.127.249.74		APT16		11.12.2020	verifiziert	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1059	CWE-94	Argument Injection	prädiktiv	High
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	prädiktiv	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (24)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/download	prädiktiv	Medium
2	File	/gaia-job-admin/user/add	prädiktiv	High
3	File	/oscommerce/admin/currencies.php	prädiktiv	High
4	File	/xxxxxx/xxxxx/xxx_xxxxxxx.xxx	prädiktiv	High
5	File	xxxxxxx_xxx.xxx	prädiktiv	High
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	prädiktiv	High
7	File	xxxxx.xxx	prädiktiv	Medium
8	File	xxxxxxxxx/xx/xxxxxxxxxxxx.xxx	prädiktiv	High
9	File	xxx/xxxxxx.xxx	prädiktiv	High
10	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	prädiktiv	High
11	File	xxxxx.xxx	prädiktiv	Medium
12	File	xxx_xxxx.xxx	prädiktiv	Medium
13	File	xxxxxxxx.xxx	prädiktiv	Medium
14	File	xxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxx	prädiktiv	High
15	Argument	xxxxxxxx	prädiktiv	Medium
16	Argument	xxxxxxx	prädiktiv	Low
17	Argument	xxxx	prädiktiv	Low
18	Argument	xxxx_xxxxx	prädiktiv	Medium
19	Argument	xx	prädiktiv	Low
20	Argument	xxxx	prädiktiv	Low
21	Argument	xxxx_xxxx	prädiktiv	Medium
22	Argument	xxxxx	prädiktiv	Low
23	Argument	xxxxx[_xxxxxxxx]	prädiktiv	High
24	Input Value	%xx%xx%xxxxxxxx%xxxxxxx%xxxxxxxxxx.xxxxxx%xx%xx/xxxxxx%xx%xxxxx%xxxxxxx=%xxx	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!