APT37 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (117)

Zeitverlauf

Sprache

en78
de32
pl4
zh2
es2

Land

us94
pl12
ru4
vn4

Akteure

APT372
Cobalt Strike1
STRRAT1
BumbleBee1
Houdini1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined14
Database Administration Software6
Programming Language Software4
Content Management System4
Web Server2

Hersteller

Not Defined22
Siemens4
SourceCodester2
Microsoft2
RDM2

Produkt

phpMyAdmin6
Siemens EN100 Ethernet Module4
SourceCodester Employee and Visitor Gate Pass Logg ...2
nginx2
Microsoft .NET Framework2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1PHP phpinfo Cross Site Scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.02101CVE-2007-1287
2Lars Ellingsen Guestserver guestbook.cgi Cross Site Scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.150.00169CVE-2005-4222
3RDM Intuitive 650 TDB Controller Password erweiterte Rechte7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00206CVE-2016-4505
4Siemens EN100 Ethernet Module Web Server Memory Information Disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00516CVE-2016-4785
5DZCP deV!L`z Clanportal config.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.430.00943CVE-2010-0966
6Siemens EN100 Ethernet Module Web Server Information Disclosure5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00516CVE-2016-4784
7RDM Intuitive 650 TDB Controller Cross Site Request Forgery6.15.8$0-$5kWird berechnetNot DefinedOfficial Fix0.000.00069CVE-2016-4506
8TikiWiki tiki-register.php erweiterte Rechte7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix8.860.01009CVE-2006-6168
9LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable4.950.00000
10MGB OpenSource Guestbook email.php SQL Injection7.37.3$0-$5k$0-$5kHighUnavailable0.740.01302CVE-2007-0354
11FLDS redir.php SQL Injection7.37.3$0-$5k$0-$5kHighUnavailable0.150.00203CVE-2008-5928
12SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php SQL Injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00135CVE-2023-2090
13Apple Mac OS X Server Wiki Server SQL Injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix2.750.00339CVE-2015-5911
14Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit Cross Site Scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00073CVE-2018-25085
15PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.060.00348CVE-2015-4134
16Winn Winn GuestBook addPost Cross Site Scripting4.34.1$0-$5kWird berechnetHighOfficial Fix0.020.00336CVE-2011-5026
17Cplinks cpDynaLinks category.php SQL Injection7.37.1$0-$5kWird berechnetHighUnavailable0.020.00387CVE-2007-5408
18vldPersonals index.php Cross Site Scripting4.33.9$0-$5kWird berechnetProof-of-ConceptOfficial Fix0.040.00155CVE-2014-9004
19esoftpro Online Guestbook Pro ogp_show.php SQL Injection7.37.1$0-$5k$0-$5kHighUnavailable0.060.00135CVE-2010-4996
20PHP locale_methods.c get_icu_disp_value_src_php Pufferüberlauf8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.01086CVE-2014-9912

Kampagnen (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
134.13.42.35APT37Scarcruft15.12.2020verifiziertHigh
2120.192.73.202APT37Scarcruft15.12.2020verifiziertHigh
3XXX.XX.XXX.XXXxxx-xxx-xx-xxx.xxxxxxx-xxxXxxxx18.03.2024verifiziertHigh
4XXX.XXX.XX.XXXxxxxXxxxxxxxx15.12.2020verifiziertHigh
5XXX.XXX.XX.XXXXxxxxXxxxx#xxxxx26.07.2022verifiziertHigh
6XXX.X.XXX.XXxxx-x-xxx-xx.xxxxxx.xxXxxxxXxxxxxxx15.12.2020verifiziertHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1059CWE-94Argument InjectionprädiktivHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
5TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
6TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
8TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/admin/maintenance/view_designation.phpprädiktivHigh
2File/forum/away.phpprädiktivHigh
3Fileadclick.phpprädiktivMedium
4Filecategory.phpprädiktivMedium
5Filexxxxx.xxxprädiktivMedium
6Filexxxxxxxx/xxxxxx.xxxprädiktivHigh
7Filexxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.xprädiktivHigh
8Filexxxxxxxxxxx.xxxprädiktivHigh
9Filexxxx.xxxprädiktivMedium
10Filexxxxxxxxx.xxxprädiktivHigh
11Filexxx/xxxxxx.xxxprädiktivHigh
12Filexxxxxxxx/xxxxxxx.xxxprädiktivHigh
13Filexxxxx.xxxprädiktivMedium
14Filexxxxxxxxx/xxxxxx.xxxprädiktivHigh
15Filexxx_xxxx.xxxprädiktivMedium
16Filexxxxx.xxxprädiktivMedium
17Filexxxxxxxxxx_xxxxx.xxxxxxprädiktivHigh
18Filexxxx-xxxxxxxx.xxxprädiktivHigh
19Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxprädiktivHigh
20ArgumentxxxxxxxxprädiktivMedium
21ArgumentxxxxxxxxprädiktivMedium
22ArgumentxxxxprädiktivLow
23ArgumentxxprädiktivLow
24ArgumentxxxprädiktivLow
25ArgumentxxxxprädiktivLow
26ArgumentxxxxxxxxprädiktivMedium
27ArgumentxxxxxxprädiktivLow
28ArgumentxxxxxxxxprädiktivMedium
29ArgumentxxxprädiktivLow

Referenzen (5)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!