APT30 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (7)

Sprache

en	6
zh	2

Land

cn	6
us	2

Akteure

APT30	1

Interesse

Typ

Anti-Spam Software	2
Not Defined	2
Operating System	2

Hersteller

Softnext	2
Combodo	2
Linux	2

Produkt

Softnext SPAM SQR	2
Combodo iTop	2
Linux Kernel	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Combodo iTop config.php TestConfig erweiterte Rechte	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00089	CVE-2018-10642
2	Inter7 SqWebMail Error Message Information Disclosure	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00591	CVE-2004-2313
3	Softnext SPAM SQR erweiterte Rechte	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00143	CVE-2023-24835
4	Microsoft Exchange Server Privilege Escalation	8.8	7.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.01258	CVE-2021-28482
5	Linux Kernel z90crypt_unlocked_ioctl erweiterte Rechte	5.9	5.6	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00042	CVE-2009-1883
6	Zabbix Dashboard Page schwache Authentisierung	8.2	8.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.35520	CVE-2019-17382

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	5.1.0.29	5-1-0-29.datagroup.ua	APT30	26.12.2020	verifiziert	High
2	XXX.XXX.XX.XXX		Xxxxx	19.02.2024	verifiziert	High
3	XXX.XXX.X.XXX		Xxxxx	24.12.2020	verifiziert	High
4	XXX.XXX.XXX.XXX		Xxxxx	19.02.2024	verifiziert	High

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1059	CWE-94	Argument Injection	prädiktiv	High
2	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
3	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	web/env-production/itop-config/config.php	prädiktiv	High
2	File	xxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=x	prädiktiv	High

Referenzen (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!