APT37 Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (117)

Idioma

en	82
de	28
es	4
pl	2
zh	2

País

us	94
pl	14
ru	4
vn	2
id	2

Actores

APT37	2
Cobalt Strike	1
STRRAT	1
BumbleBee	1
Houdini	1

Interesar

Escribe

Not Defined	18
Programming Language Software	6
Database Administration Software	2
Operating System	2
Forum Software	2

Proveedor

Not Defined	16
RDM	4
Apple	2
Siemens	2
Microsoft	2

Producto

PHP	4
RDM Intuitive 650 TDB Controller	4
vldPersonals	2
PHPWind	2
phpMyAdmin	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	CTI	EPSS	CVE
1	PHP phpinfo cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.02101	CVE-2007-1287
2	Lars Ellingsen Guestserver guestbook.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00169	CVE-2005-4222
3	RDM Intuitive 650 TDB Controller Password escalada de privilegios	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00206	CVE-2016-4505
4	Siemens EN100 Ethernet Module Web Server Memory divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00516	CVE-2016-4785
5	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.29	0.00943	CVE-2010-0966
6	Siemens EN100 Ethernet Module Web Server divulgación de información	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.00516	CVE-2016-4784
7	RDM Intuitive 650 TDB Controller cross site request forgery	6.1	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00069	CVE-2016-4506
8	TikiWiki tiki-register.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	3.71	0.01009	CVE-2006-6168
9	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	2.24	0.00000
10	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.34	0.01302	CVE-2007-0354
11	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.02	0.00203	CVE-2008-5928
12	SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00135	CVE-2023-2090
13	Apple Mac OS X Server Wiki Server sql injection	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.06	0.00339	CVE-2015-5911
14	Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting	3.2	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.12	0.00073	CVE-2018-25085
15	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00348	CVE-2015-4134
16	Winn Winn GuestBook addPost cross site scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.02	0.00336	CVE-2011-5026
17	Cplinks cpDynaLinks category.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.02	0.00387	CVE-2007-5408
18	vldPersonals index.php cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04	0.00155	CVE-2014-9004
19	esoftpro Online Guestbook Pro ogp_show.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.04	0.00135	CVE-2010-4996
20	PHP locale_methods.c get_icu_disp_value_src_php desbordamiento de búfer	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04	0.01086	CVE-2014-9912

Campañas (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Campañas	Identified	Escribe	Confianza
1	34.13.42.35		APT37	Scarcruft	2020-12-15	verified	Alto
2	120.192.73.202		APT37	Scarcruft	2020-12-15	verified	Alto
3	XXX.XX.XXX.XXX	xxx-xxx-xx-xxx.xxxxxxx-xxx	Xxxxx		2024-03-18	verified	Alto
4	XXX.XXX.XX.XX		Xxxxx	Xxxxxxxxx	2020-12-15	verified	Alto
5	XXX.XXX.XX.XXX		Xxxxx	Xxxxx#xxxxx	2022-07-26	verified	Alto
6	XXX.X.XXX.XX	xxx-x-xxx-xx.xxxxxx.xx	Xxxxx	Xxxxxxxx	2020-12-15	verified	Alto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/admin/maintenance/view_designation.php	predictive	Alto
2	File	/forum/away.php	predictive	Alto
3	File	adclick.php	predictive	Medio
4	File	category.php	predictive	Medio
5	File	xxxxx.xxx	predictive	Medio
6	File	xxxxxxxx/xxxxxx.xxx	predictive	Alto
7	File	xxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.x	predictive	Alto
8	File	xxxxxxxxxxx.xxx	predictive	Alto
9	File	xxxx.xxx	predictive	Medio
10	File	xxxxxxxxx.xxx	predictive	Alto
11	File	xxx/xxxxxx.xxx	predictive	Alto
12	File	xxxxxxxx/xxxxxxx.xxx	predictive	Alto
13	File	xxxxx.xxx	predictive	Medio
14	File	xxxxxxxxx/xxxxxx.xxx	predictive	Alto
15	File	xxx_xxxx.xxx	predictive	Medio
16	File	xxxxx.xxx	predictive	Medio
17	File	xxxxxxxxxx_xxxxx.xxxxxx	predictive	Alto
18	File	xxxx-xxxxxxxx.xxx	predictive	Alto
19	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Alto
20	Argument	xxxxxxxx	predictive	Medio
21	Argument	xxxxxxxx	predictive	Medio
22	Argument	xxxx	predictive	Bajo
23	Argument	xx	predictive	Bajo
24	Argument	xxx	predictive	Bajo
25	Argument	xxxx	predictive	Bajo
26	Argument	xxxxxxxx	predictive	Medio
27	Argument	xxxxxx	predictive	Bajo
28	Argument	xxxxxxxx	predictive	Medio
29	Argument	xxx	predictive	Bajo

Referencias (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!