APT39 Analyse
IOB - Indicator of Behavior (337)
Aktivitäten
Interesse
Schwachstellen
Kampagnen (1)
These are the campaigns that can be associated with the actor:
- Chafer
IOC - Indicator of Compromise (17)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (19)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (144)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Klasse | Indicator | Typ | Akzeptanz |
---|---|---|---|---|
1 | File | //etc/RT2870STA.dat | prädiktiv | High |
2 | File | /admin/index.php?id=themes&action=edit_template&filename=blog | prädiktiv | High |
3 | File | /api/login | prädiktiv | Medium |
4 | File | /appConfig/userDB.json | prädiktiv | High |
5 | File | /bin/boa | prädiktiv | Medium |
6 | File | /cgi-bin/wapopen | prädiktiv | High |
7 | File | /CPE | prädiktiv | Low |
8 | File | /cwp_{SESSION_HASH}/admin/loader_ajax.php | prädiktiv | High |
9 | File | /jquery_file_upload/server/php/index.php | prädiktiv | High |
10 | File | /librarian/bookdetails.php | prädiktiv | High |
11 | File | /magnoliaPublic/travel/members/login.html | prädiktiv | High |
12 | File | /Main_AdmStatus_Content.asp | prädiktiv | High |
13 | File | /public/login.htm | prädiktiv | High |
14 | File | /requests.php | prädiktiv | High |
15 | File | /self.key | prädiktiv | Medium |
16 | File | /server-status | prädiktiv | High |
17 | File | /xxxxxxx/ | prädiktiv | Medium |
18 | File | /xxx/xxx/xxxxx | prädiktiv | High |
19 | File | /xxxxxxxx/xxxx_xxxxx.xxx | prädiktiv | High |
20 | File | xxxxxxx.xxx | prädiktiv | Medium |
21 | File | xxxxx.xxx | prädiktiv | Medium |
22 | File | xxxxx/xxxx_xxxxx_xxxx.xxx | prädiktiv | High |
23 | File | xxxxx/xxxxx.xxx | prädiktiv | High |
24 | File | xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx | prädiktiv | High |
25 | File | xxxxxxxxxx.xxx | prädiktiv | High |
26 | File | xxxxxxxxxxx.xxx | prädiktiv | High |
27 | File | xx_xxxxxxxxxx.xxx | prädiktiv | High |
28 | File | xxx:.xxx | prädiktiv | Medium |
29 | File | xxx/xxx.xxx | prädiktiv | Medium |
30 | File | xxxxxxx.xxx | prädiktiv | Medium |
31 | File | xxxxxx_xxxxxx.xxx | prädiktiv | High |
32 | File | xxxxxxxx.xxx | prädiktiv | Medium |
33 | File | xxx-xxx/xxxx_xxx.xxx | prädiktiv | High |
34 | File | xxxxxx.xxx | prädiktiv | Medium |
35 | File | xxxx/xxxxxxxxxxxxxxx.xxx | prädiktiv | High |
36 | File | xxxxxx.xxx | prädiktiv | Medium |
37 | File | xxx.xxx | prädiktiv | Low |
38 | File | xxxxx.xxx | prädiktiv | Medium |
39 | File | xxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xx | prädiktiv | High |
40 | File | xxxxxxxxx.xxx.xxx | prädiktiv | High |
41 | File | xxxxxxxxxxxx_xxxx.xxx | prädiktiv | High |
42 | File | xxx_xxxxxx.xxx | prädiktiv | High |
43 | File | xxxx_xxxxxxx.xxx.xxx | prädiktiv | High |
44 | File | xxxx_xxxx.x | prädiktiv | Medium |
45 | File | xxxxxxxxx.xxx | prädiktiv | High |
46 | File | xxxxxxxx/xxxxx.xxxx-xxx.xxx | prädiktiv | High |
47 | File | xxxxx.xxx | prädiktiv | Medium |
48 | File | xxxxxx.x | prädiktiv | Medium |
49 | File | xxxx/xxx_xxx.x | prädiktiv | High |
50 | File | xxxxxxxx.xxx | prädiktiv | Medium |
51 | File | xxxxxxx/xxxxxxx/xxx_xxxxxxx.x | prädiktiv | High |
52 | File | xxx_xxxxxx.xx | prädiktiv | High |
53 | File | xxxx/xxxx/xxxxx.xxx | prädiktiv | High |
54 | File | xxx_xxxxxx.xxx | prädiktiv | High |
55 | File | xxxxxx.xxx | prädiktiv | Medium |
56 | File | xxxxxxxxxxxxxx.xxx | prädiktiv | High |
57 | File | xxxxxxx.xxx | prädiktiv | Medium |
58 | File | xxxxx.xxxxx.xxx | prädiktiv | High |
59 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | prädiktiv | High |
60 | File | xxxx/xxxxx | prädiktiv | Medium |
61 | File | xxxxx.xxx | prädiktiv | Medium |
62 | File | xxxxxxxx.xxx | prädiktiv | Medium |
63 | File | xxxxxxxxxx.xxx | prädiktiv | High |
64 | File | xxxxxxxx_xxxx.xxx | prädiktiv | High |
65 | File | xxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxx | prädiktiv | High |
66 | File | xxxxxxx.x | prädiktiv | Medium |
67 | File | xxxxxx.xxx | prädiktiv | Medium |
68 | File | xxxx.xxx | prädiktiv | Medium |
69 | File | xxxxx/xxx/xxxx.x | prädiktiv | High |
70 | File | xxxxxx_xxx_xxxxx_xxx.xxx | prädiktiv | High |
71 | File | xxx_xxx_xxxxx.xxx | prädiktiv | High |
72 | File | xxxx/xxxxxxxxxxxxxxx.xxxxxx | prädiktiv | High |
73 | File | xxxxxxx_xxxxx.xxx | prädiktiv | High |
74 | File | xxxxxxx_xxxxxxxxxx.xxx | prädiktiv | High |
75 | File | xxx.xxx | prädiktiv | Low |
76 | File | xxxxxx.xxx | prädiktiv | Medium |
77 | File | xxxxxx.xxx | prädiktiv | Medium |
78 | File | xxxxxxxxxxxxxx.xxx | prädiktiv | High |
79 | File | xxxxxxx.xxx | prädiktiv | Medium |
80 | File | xx-xxxxx/xxxx-xxx.xxx | prädiktiv | High |
81 | File | xx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/ | prädiktiv | High |
82 | File | xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx | prädiktiv | High |
83 | File | xx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxx | prädiktiv | High |
84 | File | xx-xxxxxxxxxxx.xxx | prädiktiv | High |
85 | Library | xxxxxxx/xxx/xxxxxx.xxx.xxx | prädiktiv | High |
86 | Library | xxxxxx.xxx | prädiktiv | Medium |
87 | Argument | $xxxxx_xxxxxxxxxx | prädiktiv | High |
88 | Argument | $_xxxxxxx | prädiktiv | Medium |
89 | Argument | xxxxxxx | prädiktiv | Low |
90 | Argument | xxxxx | prädiktiv | Low |
91 | Argument | xxxxxx | prädiktiv | Low |
92 | Argument | xxx | prädiktiv | Low |
93 | Argument | xxxxx | prädiktiv | Low |
94 | Argument | xxxxxxxxxxxxxxx | prädiktiv | High |
95 | Argument | xxxx/xxxx | prädiktiv | Medium |
96 | Argument | xxxxxxxx | prädiktiv | Medium |
97 | Argument | xxxx | prädiktiv | Low |
98 | Argument | xxxxxxxxxx | prädiktiv | Medium |
99 | Argument | xxxx | prädiktiv | Low |
100 | Argument | xxxxxxxxxx | prädiktiv | Medium |
101 | Argument | xxxx_xxxxxxxx | prädiktiv | High |
102 | Argument | xx_xx | prädiktiv | Low |
103 | Argument | xxxx[xxx] | prädiktiv | Medium |
104 | Argument | xx | prädiktiv | Low |
105 | Argument | xxxxxxxx | prädiktiv | Medium |
106 | Argument | xxxx | prädiktiv | Low |
107 | Argument | xxxxx | prädiktiv | Low |
108 | Argument | xxxxx_xx | prädiktiv | Medium |
109 | Argument | xxxx_xxxxxxx | prädiktiv | Medium |
110 | Argument | xx | prädiktiv | Low |
111 | Argument | xxxx | prädiktiv | Low |
112 | Argument | xxxxxxxxxxxxx/xxxxxxxxxxxxxx | prädiktiv | High |
113 | Argument | x/xx/xxx | prädiktiv | Medium |
114 | Argument | xxxx_xxxx | prädiktiv | Medium |
115 | Argument | xx_xxxxxxx | prädiktiv | Medium |
116 | Argument | xxx | prädiktiv | Low |
117 | Argument | xxxxxxxxx/xxxxxx/xxxxxxxxx | prädiktiv | High |
118 | Argument | xxxxxxxxxx | prädiktiv | Medium |
119 | Argument | xxxxxxxxxxxxx | prädiktiv | High |
120 | Argument | xxxxxxxxx_xxxxxxxx_xxxx | prädiktiv | High |
121 | Argument | xxxxxx | prädiktiv | Low |
122 | Argument | xxxxx_xxxx | prädiktiv | Medium |
123 | Argument | xxxxxxxx | prädiktiv | Medium |
124 | Argument | xxxxxxxx | prädiktiv | Medium |
125 | Argument | xxxxxxxx | prädiktiv | Medium |
126 | Argument | xxxxxxx | prädiktiv | Low |
127 | Argument | xxxx xxxxx | prädiktiv | Medium |
128 | Argument | xxxx_xxxxx | prädiktiv | Medium |
129 | Argument | xxxx | prädiktiv | Low |
130 | Argument | xxxxxx | prädiktiv | Low |
131 | Argument | xxxxxxxxxx | prädiktiv | Medium |
132 | Argument | x/xxxxxxxxxxxx | prädiktiv | High |
133 | Argument | xxxx | prädiktiv | Low |
134 | Argument | xxxxxxxx | prädiktiv | Medium |
135 | Argument | xxxxx/xxx | prädiktiv | Medium |
136 | Argument | xxxxxxxxxx | prädiktiv | Medium |
137 | Argument | xxx | prädiktiv | Low |
138 | Argument | xxxxxx | prädiktiv | Low |
139 | Argument | xxxxxxxx | prädiktiv | Medium |
140 | Argument | xxxxxxxxx_xxxxxx_xx_[xxxx] | prädiktiv | High |
141 | Input Value | ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx | prädiktiv | High |
142 | Input Value | ../.. | prädiktiv | Low |
143 | Network Port | xxx/xxxx | prädiktiv | Medium |
144 | Network Port | xxx/xxx (xxx) | prädiktiv | High |
Referenzen (4)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/APT39
- xxxxx://xxxxxxxxxx.xxx/xxxxxx-xxxx-xxxxxx-xxxxxxx/xxxxx/
- xxxxx://xxxxxxxx-xxxxxxxxxx-xxxxx.xxxxxxxx.xxx/xxxxx/xxxxxx-xxxxxxxxxxxx/xxxxxx-xxxxxx-xxxxxxx-xxxxxx-xxxxxxxxxx-xxxxxxxxx
- xxxxx://xxxxxx.xxxxxxxxxxxxxxxx.xxx/xxx-xxxxxx-xxxxx-xxxxxxx-xxxxxxxxxxxxx-xxxx-xx-xxxxxx/