APT37 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (117)

Langue

en	88
de	24
es	2
zh	2
pl	2

De campagne

us	100
pl	10
vn	2
ru	2

Acteurs

APT37	2
Grizzly Steppe	1
CryptoPHP	1
Cobalt Strike	1
STRRAT	1

Intérêt

Taper

Not Defined	14
Content Management System	8
Programming Language Software	6
Database Administration Software	4
Connectivity Software	2

Fournisseur

Not Defined	20
LogicBoard	2
DZCP	2
RDM	2
Sixnet	2

Produit

phpMyAdmin	4
PHP	4
TikiWiki	2
WordPress	2
FLDS	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	PHP phpinfo cross site scripting	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02101	0.05	CVE-2007-1287
2	Lars Ellingsen Guestserver guestbook.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00169	0.14	CVE-2005-4222
3	RDM Intuitive 650 TDB Controller Password elévation de privilèges	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00206	0.03	CVE-2016-4505
4	Siemens EN100 Ethernet Module Web Server Memory divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00516	0.00	CVE-2016-4785
5	DZCP deV!L`z Clanportal config.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.15	CVE-2010-0966
6	Siemens EN100 Ethernet Module Web Server divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00516	0.03	CVE-2016-4784
7	RDM Intuitive 650 TDB Controller cross site request forgery	6.1	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00069	0.00	CVE-2016-4506
8	TikiWiki tiki-register.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	2.07	CVE-2006-6168
9	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	3.04
10	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.88	CVE-2007-0354
11	FLDS redir.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00203	0.09	CVE-2008-5928
12	SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00135	0.09	CVE-2023-2090
13	Apple Mac OS X Server Wiki Server sql injection	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00339	2.67	CVE-2015-5911
14	Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting	3.2	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00073	0.09	CVE-2018-25085
15	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.09	CVE-2015-4134
16	Winn Winn GuestBook addPost cross site scripting	4.3	4.1	$0-$5k	$0-$5k	High	Official Fix	0.00336	0.02	CVE-2011-5026
17	Cplinks cpDynaLinks category.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00387	0.02	CVE-2007-5408
18	vldPersonals index.php cross site scripting	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00155	0.04	CVE-2014-9004
19	esoftpro Online Guestbook Pro ogp_show.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00135	0.05	CVE-2010-4996
20	PHP locale_methods.c get_icu_disp_value_src_php buffer overflow	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01086	0.04	CVE-2014-9912

Campagnes (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	34.13.42.35		APT37	Scarcruft	15/12/2020	verified	Élevé
2	120.192.73.202		APT37	Scarcruft	15/12/2020	verified	Élevé
3	XXX.XX.XXX.XXX	xxx-xxx-xx-xxx.xxxxxxx-xxx	Xxxxx		18/03/2024	verified	Élevé
4	XXX.XXX.XX.XX		Xxxxx	Xxxxxxxxx	15/12/2020	verified	Élevé
5	XXX.XXX.XX.XXX		Xxxxx	Xxxxx#xxxxx	26/07/2022	verified	Élevé
6	XXX.X.XXX.XX	xxx-x-xxx-xx.xxxxxx.xx	Xxxxx	Xxxxxxxx	15/12/2020	verified	Élevé

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1059	CWE-94	Argument Injection	predictive	Élevé
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
5	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/admin/maintenance/view_designation.php	predictive	Élevé
2	File	/forum/away.php	predictive	Élevé
3	File	adclick.php	predictive	Moyen
4	File	category.php	predictive	Moyen
5	File	xxxxx.xxx	predictive	Moyen
6	File	xxxxxxxx/xxxxxx.xxx	predictive	Élevé
7	File	xxx/xxxx/xxxxxx/xxxxxx_xxxxxxx.x	predictive	Élevé
8	File	xxxxxxxxxxx.xxx	predictive	Élevé
9	File	xxxx.xxx	predictive	Moyen
10	File	xxxxxxxxx.xxx	predictive	Élevé
11	File	xxx/xxxxxx.xxx	predictive	Élevé
12	File	xxxxxxxx/xxxxxxx.xxx	predictive	Élevé
13	File	xxxxx.xxx	predictive	Moyen
14	File	xxxxxxxxx/xxxxxx.xxx	predictive	Élevé
15	File	xxx_xxxx.xxx	predictive	Moyen
16	File	xxxxx.xxx	predictive	Moyen
17	File	xxxxxxxxxx_xxxxx.xxxxxx	predictive	Élevé
18	File	xxxx-xxxxxxxx.xxx	predictive	Élevé
19	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Élevé
20	Argument	xxxxxxxx	predictive	Moyen
21	Argument	xxxxxxxx	predictive	Moyen
22	Argument	xxxx	predictive	Faible
23	Argument	xx	predictive	Faible
24	Argument	xxx	predictive	Faible
25	Argument	xxxx	predictive	Faible
26	Argument	xxxxxxxx	predictive	Moyen
27	Argument	xxxxxx	predictive	Faible
28	Argument	xxxxxxxx	predictive	Moyen
29	Argument	xxx	predictive	Faible

Références (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Interested in the pricing of exploits?

See the underground prices here!