APT39 Analyse
IOB - Indicator of Behavior (338)
Activités
Intérêt
Vulnérabilités
Campagnes (1)
These are the campaigns that can be associated with the actor:
- Chafer
IOC - Indicator of Compromise (17)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
ID | adresse IP | Hostname | Acteur | Campagnes | Identified | Taper | Confiance |
---|---|---|---|---|---|---|---|
1 | 83.142.230.113 | APT39 | 12/12/2020 | verified | Élevé | ||
2 | 86.105.227.224 | APT39 | 12/12/2020 | verified | Élevé | ||
3 | 87.117.204.113 | APT39 | 12/12/2020 | verified | Élevé | ||
4 | 87.117.204.115 | APT39 | 12/12/2020 | verified | Élevé | ||
5 | XX.XX.XX.XXX | xx-xx-xx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxx | Xxxxx | 12/12/2020 | verified | Élevé | |
6 | XX.XX.XX.XXX | Xxxxx | 12/12/2020 | verified | Élevé | ||
7 | XX.XXX.XXX.XXX | Xxxxx | 12/12/2020 | verified | Élevé | ||
8 | XX.XXX.XXX.XXX | Xxxxx | 12/12/2020 | verified | Élevé | ||
9 | XX.XXX.XX.XXX | xxx.xx.xxx.xx.xxxx-xxxxx.xxxxxx.xx | Xxxxx | 12/12/2020 | verified | Élevé | |
10 | XX.XXX.XX.XXX | xx-xxx-xx-xxx.xxxxxx.xxxx.xx | Xxxxx | 12/12/2020 | verified | Élevé | |
11 | XXX.XXX.XX.XX | xxx.xxx.xx.xx.xxxxx.xxx | Xxxxx | 12/12/2020 | verified | Moyen | |
12 | XXX.XX.XXX.XXX | xxx.xx.xxx.xxx.xxxxx.xxx | Xxxxx | 15/12/2020 | verified | Moyen | |
13 | XXX.XXX.XXX.XX | Xxxxx | 12/12/2020 | verified | Élevé | ||
14 | XXX.XXX.XXX.XX | Xxxxx | Xxxxxx | 12/12/2020 | verified | Élevé | |
15 | XXX.XXX.XXX.XXX | xxx-xx.xxxxxx.xx | Xxxxx | 12/12/2020 | verified | Élevé | |
16 | XXX.XX.XXX.XX | xxx.xxxxxxxxxxxxxxx.xxxx | Xxxxx | 12/12/2020 | verified | Élevé | |
17 | XXX.XXX.XX.XX | Xxxxx | Xxxxxx | 12/12/2020 | verified | Élevé |
TTP - Tactics, Techniques, Procedures (19)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
IOA - Indicator of Attack (144)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Classe | Indicator | Taper | Confiance |
---|---|---|---|---|
1 | File | //etc/RT2870STA.dat | predictive | Élevé |
2 | File | /admin/index.php?id=themes&action=edit_template&filename=blog | predictive | Élevé |
3 | File | /api/login | predictive | Moyen |
4 | File | /appConfig/userDB.json | predictive | Élevé |
5 | File | /bin/boa | predictive | Moyen |
6 | File | /cgi-bin/wapopen | predictive | Élevé |
7 | File | /CPE | predictive | Faible |
8 | File | /cwp_{SESSION_HASH}/admin/loader_ajax.php | predictive | Élevé |
9 | File | /jquery_file_upload/server/php/index.php | predictive | Élevé |
10 | File | /librarian/bookdetails.php | predictive | Élevé |
11 | File | /magnoliaPublic/travel/members/login.html | predictive | Élevé |
12 | File | /Main_AdmStatus_Content.asp | predictive | Élevé |
13 | File | /public/login.htm | predictive | Élevé |
14 | File | /requests.php | predictive | Élevé |
15 | File | /self.key | predictive | Moyen |
16 | File | /server-status | predictive | Élevé |
17 | File | /xxxxxxx/ | predictive | Moyen |
18 | File | /xxx/xxx/xxxxx | predictive | Élevé |
19 | File | /xxxxxxxx/xxxx_xxxxx.xxx | predictive | Élevé |
20 | File | xxxxxxx.xxx | predictive | Moyen |
21 | File | xxxxx.xxx | predictive | Moyen |
22 | File | xxxxx/xxxx_xxxxx_xxxx.xxx | predictive | Élevé |
23 | File | xxxxx/xxxxx.xxx | predictive | Élevé |
24 | File | xxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxx | predictive | Élevé |
25 | File | xxxxxxxxxx.xxx | predictive | Élevé |
26 | File | xxxxxxxxxxx.xxx | predictive | Élevé |
27 | File | xx_xxxxxxxxxx.xxx | predictive | Élevé |
28 | File | xxx:.xxx | predictive | Moyen |
29 | File | xxx/xxx.xxx | predictive | Moyen |
30 | File | xxxxxxx.xxx | predictive | Moyen |
31 | File | xxxxxx_xxxxxx.xxx | predictive | Élevé |
32 | File | xxxxxxxx.xxx | predictive | Moyen |
33 | File | xxx-xxx/xxxx_xxx.xxx | predictive | Élevé |
34 | File | xxxxxx.xxx | predictive | Moyen |
35 | File | xxxx/xxxxxxxxxxxxxxx.xxx | predictive | Élevé |
36 | File | xxxxxx.xxx | predictive | Moyen |
37 | File | xxx.xxx | predictive | Faible |
38 | File | xxxxx.xxx | predictive | Moyen |
39 | File | xxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xx | predictive | Élevé |
40 | File | xxxxxxxxx.xxx.xxx | predictive | Élevé |
41 | File | xxxxxxxxxxxx_xxxx.xxx | predictive | Élevé |
42 | File | xxx_xxxxxx.xxx | predictive | Élevé |
43 | File | xxxx_xxxxxxx.xxx.xxx | predictive | Élevé |
44 | File | xxxx_xxxx.x | predictive | Moyen |
45 | File | xxxxxxxxx.xxx | predictive | Élevé |
46 | File | xxxxxxxx/xxxxx.xxxx-xxx.xxx | predictive | Élevé |
47 | File | xxxxx.xxx | predictive | Moyen |
48 | File | xxxxxx.x | predictive | Moyen |
49 | File | xxxx/xxx_xxx.x | predictive | Élevé |
50 | File | xxxxxxxx.xxx | predictive | Moyen |
51 | File | xxxxxxx/xxxxxxx/xxx_xxxxxxx.x | predictive | Élevé |
52 | File | xxx_xxxxxx.xx | predictive | Élevé |
53 | File | xxxx/xxxx/xxxxx.xxx | predictive | Élevé |
54 | File | xxx_xxxxxx.xxx | predictive | Élevé |
55 | File | xxxxxx.xxx | predictive | Moyen |
56 | File | xxxxxxxxxxxxxx.xxx | predictive | Élevé |
57 | File | xxxxxxx.xxx | predictive | Moyen |
58 | File | xxxxx.xxxxx.xxx | predictive | Élevé |
59 | File | xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][] | predictive | Élevé |
60 | File | xxxx/xxxxx | predictive | Moyen |
61 | File | xxxxx.xxx | predictive | Moyen |
62 | File | xxxxxxxx.xxx | predictive | Moyen |
63 | File | xxxxxxxxxx.xxx | predictive | Élevé |
64 | File | xxxxxxxx_xxxx.xxx | predictive | Élevé |
65 | File | xxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxx | predictive | Élevé |
66 | File | xxxxxxx.x | predictive | Moyen |
67 | File | xxxxxx.xxx | predictive | Moyen |
68 | File | xxxx.xxx | predictive | Moyen |
69 | File | xxxxx/xxx/xxxx.x | predictive | Élevé |
70 | File | xxxxxx_xxx_xxxxx_xxx.xxx | predictive | Élevé |
71 | File | xxx_xxx_xxxxx.xxx | predictive | Élevé |
72 | File | xxxx/xxxxxxxxxxxxxxx.xxxxxx | predictive | Élevé |
73 | File | xxxxxxx_xxxxx.xxx | predictive | Élevé |
74 | File | xxxxxxx_xxxxxxxxxx.xxx | predictive | Élevé |
75 | File | xxx.xxx | predictive | Faible |
76 | File | xxxxxx.xxx | predictive | Moyen |
77 | File | xxxxxx.xxx | predictive | Moyen |
78 | File | xxxxxxxxxxxxxx.xxx | predictive | Élevé |
79 | File | xxxxxxx.xxx | predictive | Moyen |
80 | File | xx-xxxxx/xxxx-xxx.xxx | predictive | Élevé |
81 | File | xx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/ | predictive | Élevé |
82 | File | xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx | predictive | Élevé |
83 | File | xx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxx | predictive | Élevé |
84 | File | xx-xxxxxxxxxxx.xxx | predictive | Élevé |
85 | Library | xxxxxxx/xxx/xxxxxx.xxx.xxx | predictive | Élevé |
86 | Library | xxxxxx.xxx | predictive | Moyen |
87 | Argument | $xxxxx_xxxxxxxxxx | predictive | Élevé |
88 | Argument | $_xxxxxxx | predictive | Moyen |
89 | Argument | xxxxxxx | predictive | Faible |
90 | Argument | xxxxx | predictive | Faible |
91 | Argument | xxxxxx | predictive | Faible |
92 | Argument | xxx | predictive | Faible |
93 | Argument | xxxxx | predictive | Faible |
94 | Argument | xxxxxxxxxxxxxxx | predictive | Élevé |
95 | Argument | xxxx/xxxx | predictive | Moyen |
96 | Argument | xxxxxxxx | predictive | Moyen |
97 | Argument | xxxx | predictive | Faible |
98 | Argument | xxxxxxxxxx | predictive | Moyen |
99 | Argument | xxxx | predictive | Faible |
100 | Argument | xxxxxxxxxx | predictive | Moyen |
101 | Argument | xxxx_xxxxxxxx | predictive | Élevé |
102 | Argument | xx_xx | predictive | Faible |
103 | Argument | xxxx[xxx] | predictive | Moyen |
104 | Argument | xx | predictive | Faible |
105 | Argument | xxxxxxxx | predictive | Moyen |
106 | Argument | xxxx | predictive | Faible |
107 | Argument | xxxxx | predictive | Faible |
108 | Argument | xxxxx_xx | predictive | Moyen |
109 | Argument | xxxx_xxxxxxx | predictive | Moyen |
110 | Argument | xx | predictive | Faible |
111 | Argument | xxxx | predictive | Faible |
112 | Argument | xxxxxxxxxxxxx/xxxxxxxxxxxxxx | predictive | Élevé |
113 | Argument | x/xx/xxx | predictive | Moyen |
114 | Argument | xxxx_xxxx | predictive | Moyen |
115 | Argument | xx_xxxxxxx | predictive | Moyen |
116 | Argument | xxx | predictive | Faible |
117 | Argument | xxxxxxxxx/xxxxxx/xxxxxxxxx | predictive | Élevé |
118 | Argument | xxxxxxxxxx | predictive | Moyen |
119 | Argument | xxxxxxxxxxxxx | predictive | Élevé |
120 | Argument | xxxxxxxxx_xxxxxxxx_xxxx | predictive | Élevé |
121 | Argument | xxxxxx | predictive | Faible |
122 | Argument | xxxxx_xxxx | predictive | Moyen |
123 | Argument | xxxxxxxx | predictive | Moyen |
124 | Argument | xxxxxxxx | predictive | Moyen |
125 | Argument | xxxxxxxx | predictive | Moyen |
126 | Argument | xxxxxxx | predictive | Faible |
127 | Argument | xxxx xxxxx | predictive | Moyen |
128 | Argument | xxxx_xxxxx | predictive | Moyen |
129 | Argument | xxxx | predictive | Faible |
130 | Argument | xxxxxx | predictive | Faible |
131 | Argument | xxxxxxxxxx | predictive | Moyen |
132 | Argument | x/xxxxxxxxxxxx | predictive | Élevé |
133 | Argument | xxxx | predictive | Faible |
134 | Argument | xxxxxxxx | predictive | Moyen |
135 | Argument | xxxxx/xxx | predictive | Moyen |
136 | Argument | xxxxxxxxxx | predictive | Moyen |
137 | Argument | xxx | predictive | Faible |
138 | Argument | xxxxxx | predictive | Faible |
139 | Argument | xxxxxxxx | predictive | Moyen |
140 | Argument | xxxxxxxxx_xxxxxx_xx_[xxxx] | predictive | Élevé |
141 | Input Value | ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx | predictive | Élevé |
142 | Input Value | ../.. | predictive | Faible |
143 | Network Port | xxx/xxxx | predictive | Moyen |
144 | Network Port | xxx/xxx (xxx) | predictive | Élevé |
Références (4)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/APT39
- xxxxx://xxxxxxxxxx.xxx/xxxxxx-xxxx-xxxxxx-xxxxxxx/xxxxx/
- xxxxx://xxxxxxxx-xxxxxxxxxx-xxxxx.xxxxxxxx.xxx/xxxxx/xxxxxx-xxxxxxxxxxxx/xxxxxx-xxxxxx-xxxxxxx-xxxxxx-xxxxxxxxxx-xxxxxxxxx
- xxxxx://xxxxxx.xxxxxxxxxxxxxxxx.xxx/xxx-xxxxxx-xxxxx-xxxxxxx-xxxxxxxxxxxxx-xxxx-xx-xxxxxx/