APT31 Analyse
IOB - Indicator of Behavior (346)
Activités
Intérêt
Vulnérabilités
IOC - Indicator of Compromise (70)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (21)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (145)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Classe | Indicator | Taper | Confiance |
---|---|---|---|---|
1 | File | /+CSCOE+/logon.html | predictive | Élevé |
2 | File | /api/RecordingList/DownloadRecord?file= | predictive | Élevé |
3 | File | /apply.cgi | predictive | Moyen |
4 | File | /etc/openstack-dashboard/local_settings | predictive | Élevé |
5 | File | /get_getnetworkconf.cgi | predictive | Élevé |
6 | File | /goform/RgDhcp | predictive | Élevé |
7 | File | /goform/RGFirewallEL | predictive | Élevé |
8 | File | /horde/util/go.php | predictive | Élevé |
9 | File | /php/ping.php | predictive | Élevé |
10 | File | /rapi/read_url | predictive | Élevé |
11 | File | /scripts/unlock_tasks.php | predictive | Élevé |
12 | File | /SysInfo1.htm | predictive | Élevé |
13 | File | /sysinfo_json.cgi | predictive | Élevé |
14 | File | /system/user/modules/mod_users/controller.php | predictive | Élevé |
15 | File | /uncpath/ | predictive | Moyen |
16 | File | /usr/bin/pkexec | predictive | Élevé |
17 | File | /xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxx | predictive | Élevé |
18 | File | /xx-xxxxxxx/xxxxxxx/xxxxx-xxxxxxx/ | predictive | Élevé |
19 | File | xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx | predictive | Élevé |
20 | File | xxxxxxx/xxxx.xxx | predictive | Élevé |
21 | File | xxxx/xxx/xxx/xxx/xxxxxx.x | predictive | Élevé |
22 | File | xx_xxxxx_xxxxx.xxx | predictive | Élevé |
23 | File | xxxxxx/xxx.x | predictive | Moyen |
24 | File | xxxxxxxx.xxx | predictive | Moyen |
25 | File | xxxx/xxxxx.xxxx | predictive | Élevé |
26 | File | xxxxxxxxx.xxx.xxx | predictive | Élevé |
27 | File | xxxxx/xxxxx.xxx | predictive | Élevé |
28 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | Élevé |
29 | File | xxxx_xxxxx.xxx | predictive | Élevé |
30 | File | xxxxx.xxx | predictive | Moyen |
31 | File | xxxxxxx/xxx/xxxxxxxx/xxx/xxxxx/xxx.x | predictive | Élevé |
32 | File | xxxxxx.xxx | predictive | Moyen |
33 | File | xxxxxxx.xxx | predictive | Moyen |
34 | File | xx/xx-xx.x | predictive | Moyen |
35 | File | xxx/xxxx_xxxx.x | predictive | Élevé |
36 | File | xxxxxx/xxxxxxxxxxx | predictive | Élevé |
37 | File | xxxx_xxxxxx.x | predictive | Élevé |
38 | File | xxxx/xxxxxxx.x | predictive | Élevé |
39 | File | xxx/xxxxxx.xxx | predictive | Élevé |
40 | File | xxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxx | predictive | Élevé |
41 | File | xxxxxxxx/xxxxx.xxxx-xxx.xxx | predictive | Élevé |
42 | File | xxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxx | predictive | Élevé |
43 | File | xxxxx.xxx | predictive | Moyen |
44 | File | xxxxx.xxx?xxx=xxxx&xxx=xxxxxxxx | predictive | Élevé |
45 | File | xxxxxxxx/xxx_xxxx_xxxx.x | predictive | Élevé |
46 | File | xxxxxxxxxx.xxx | predictive | Élevé |
47 | File | xxxx_xxxxxxx.xxx | predictive | Élevé |
48 | File | xxxxxxx.xxx | predictive | Moyen |
49 | File | xx.xxx | predictive | Faible |
50 | File | xxxxxx.xx | predictive | Moyen |
51 | File | xxxxxx.xx.x.x | predictive | Élevé |
52 | File | xxxxx.xxx | predictive | Moyen |
53 | File | xxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxx | predictive | Élevé |
54 | File | xxx/xxx.xxx | predictive | Moyen |
55 | File | xxx/xxxx/xxx_xxxxxx.x | predictive | Élevé |
56 | File | xxxxxxx/xxxxxxxxxx/xxxx_xxx.x | predictive | Élevé |
57 | File | xxxx.x | predictive | Faible |
58 | File | xxxx_xxxxx.xxx | predictive | Élevé |
59 | File | xxxxxxx.xxx | predictive | Moyen |
60 | File | xxxxxxx.xxx | predictive | Moyen |
61 | File | xxxxxx.x | predictive | Moyen |
62 | File | xxxx.xxx | predictive | Moyen |
63 | File | xxxxxxx.xxx | predictive | Moyen |
64 | File | xxxxx.xxx | predictive | Moyen |
65 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | predictive | Élevé |
66 | File | xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx | predictive | Élevé |
67 | File | xxxxxxxx.xxx | predictive | Moyen |
68 | File | xxxx.xxx | predictive | Moyen |
69 | File | xxxxx/xxxxx.xxx | predictive | Élevé |
70 | File | xxxxxxxx.xxx | predictive | Moyen |
71 | File | xxxxxxxxx.xxx | predictive | Élevé |
72 | File | xxxx/xxxxxxxx/xxxxxxxx.xxxx | predictive | Élevé |
73 | File | xx/xxxxxx/xxxxx | predictive | Élevé |
74 | File | xxxxxxx_xxx | predictive | Moyen |
75 | File | xxxxxxxxxx | predictive | Moyen |
76 | File | xxxxxxx.xxx | predictive | Moyen |
77 | File | xxxxxxx/xxxxx.xxx | predictive | Élevé |
78 | File | xx-xxxxx/xxxx.xxx | predictive | Élevé |
79 | File | ~/xxxxx/xxxxxx/xxxxx-xxxxxxxxx-xxxxx.xxx | predictive | Élevé |
80 | Library | xxx/xxxx/xxxxxx.xxxx.xxx | predictive | Élevé |
81 | Argument | $() | predictive | Faible |
82 | Argument | xxxxxx | predictive | Faible |
83 | Argument | xxxx | predictive | Faible |
84 | Argument | xxxxxxx_xxxx | predictive | Moyen |
85 | Argument | xxxxxx_xxxx | predictive | Moyen |
86 | Argument | xxxxxxxxxxxxxx | predictive | Élevé |
87 | Argument | xxxxxxxx | predictive | Moyen |
88 | Argument | xxx | predictive | Faible |
89 | Argument | xxx.xxxxxx.xxxxxxxx.xxxxxxxxxxxxxxx | predictive | Élevé |
90 | Argument | xxxxxxxxxxxxxxxxx | predictive | Élevé |
91 | Argument | xxxxx | predictive | Faible |
92 | Argument | xxxxxxxxxxx/xxxxxxxx/xxx/xxxxx | predictive | Élevé |
93 | Argument | xxxxxx_xx | predictive | Moyen |
94 | Argument | xxxxxxxxxxxx/xxxxxxxxxxxxxx | predictive | Élevé |
95 | Argument | xxxxxx | predictive | Faible |
96 | Argument | xxxxxxx_xx/xxx/xxxxx_xx/_xx | predictive | Élevé |
97 | Argument | xxxx | predictive | Faible |
98 | Argument | xxxx | predictive | Faible |
99 | Argument | xx | predictive | Faible |
100 | Argument | xx_xxxxxxxx | predictive | Moyen |
101 | Argument | xxxxx_xx | predictive | Moyen |
102 | Argument | xxxxxx/xxxxxx | predictive | Élevé |
103 | Argument | xxxxxxxx[xx] | predictive | Moyen |
104 | Argument | xxxxxxx | predictive | Faible |
105 | Argument | xxxxxxxx | predictive | Moyen |
106 | Argument | xxxxxxx | predictive | Faible |
107 | Argument | xxx_xxxx | predictive | Moyen |
108 | Argument | xxxx | predictive | Faible |
109 | Argument | xxxxxx_xxxx | predictive | Moyen |
110 | Argument | xxxxxx | predictive | Faible |
111 | Argument | xxxxxxxx | predictive | Moyen |
112 | Argument | xxxxx_xxxx_xxxx | predictive | Élevé |
113 | Argument | xxx | predictive | Faible |
114 | Argument | xxx_xxxxxxxx | predictive | Moyen |
115 | Argument | xxxx_xxxxx | predictive | Moyen |
116 | Argument | xxxxxxxxxxx | predictive | Moyen |
117 | Argument | xxxxxxx/xxxxx | predictive | Élevé |
118 | Argument | xxxxxx_xxxx | predictive | Moyen |
119 | Argument | xxxxxx_xxx | predictive | Moyen |
120 | Argument | xxxxxx_xxxx | predictive | Moyen |
121 | Argument | xxxxxxx_xx | predictive | Moyen |
122 | Argument | xxxx_xx | predictive | Faible |
123 | Argument | xxxx | predictive | Faible |
124 | Argument | xxxxxxxx_xxxxxxxx | predictive | Élevé |
125 | Argument | xxxxx | predictive | Faible |
126 | Argument | xxxxxxxxxxxxxxxxxxxxx | predictive | Élevé |
127 | Argument | xxxx_xx | predictive | Faible |
128 | Argument | xxx | predictive | Faible |
129 | Argument | xxxx | predictive | Faible |
130 | Argument | xxxxxxxx | predictive | Moyen |
131 | Argument | xxxx/xx/xxxx/xxx | predictive | Élevé |
132 | Input Value | %xxxxxx+-x+x+xx.x.xx.xxx%xx%xx | predictive | Élevé |
133 | Input Value | .%xx.../.%xx.../ | predictive | Élevé |
134 | Input Value | ../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxx | predictive | Élevé |
135 | Input Value | ><xxxxxx>xxxxx(x)</xxxxxx> | predictive | Élevé |
136 | Input Value | xxxxxxx -xxx | predictive | Moyen |
137 | Input Value | xxxxxxxxxx | predictive | Moyen |
138 | Pattern | |xx| | predictive | Faible |
139 | Network Port | xxxx | predictive | Faible |
140 | Network Port | xxxx | predictive | Faible |
141 | Network Port | xxxx xxxx | predictive | Moyen |
142 | Network Port | xxx/xxx | predictive | Faible |
143 | Network Port | xxx/xxxx | predictive | Moyen |
144 | Network Port | xxx/xxxx | predictive | Moyen |
145 | Network Port | xxx/xxxxx | predictive | Moyen |
Références (4)
The following list contains external sources which discuss the actor and the associated activities:
- https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory-apt31-targeting-france/
- xxxxx://xxxxxx.xxx/xxxxxx-xx/xxxxxxxxx/xxxx/xxxx/xxxx/xxxx-xx-xx%xxxxxxx%xxxxxx.xxx
- xxxxx://xxxxxx.xxx/xxxxx/xxxxx_xxxxxx_xxxxxxxxxxxx/xxxx/xxxx/xxxxxx/xxxxx
- xxxxx://xxx.xxxxxxxxxx.xxx/xx-xx/xxxxxxxxx/xx-xxx-xxxxxx-xxxxxxxxxxxx/xxxxx-xxx-xxxxxxx/