APT38 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (37)

タイムライン

言語

en38

国・地域

us32
kr4
cn2

アクター

APT382
DPRK2

アクティビティ

関心

タイムライン

タイプ

Web Browser6
Operating System6
Not Defined4
Smartphone Operating System4
Web Server2

ベンダー

Google10
Not Defined8
Microsoft6
Oracle2
Zakkis Technology2

製品

Google Chrome6
Microsoft Windows6
Google Android4
Oracle HTTP Server2
rsync2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Microsoft Windows DNSAPI DNSAPI.dll 特権昇格8.37.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.449120.00CVE-2017-11779
2Microsoft Windows DNSAPI DNSAPI.dll 特権昇格8.18.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.224030.02CVE-2018-8225
3Google Chrome IPC/Gamepad API/V8 Remote Code Execution7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.062700.00CVE-2015-1233
4Google Chrome Blink doSerialize 特権昇格7.36.4$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000000.00
5Google Chrome v8 json-stringifier.h SerializeJSArray メモリ破損7.37.0$25k-$100k$0-$5kNot DefinedOfficial Fix0.020920.00CVE-2015-6764
6nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.93CVE-2020-12440
7Microsoft Word メモリ破損7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.013560.03CVE-2019-1201
8Microsoft Edge AppContainer Sandbox 特権昇格6.56.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.007030.00CVE-2019-0938
9WordPress Thumbnail 特権昇格7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.009900.03CVE-2018-1000773
10Google Chrome Catalog Service 特権昇格8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004910.02CVE-2018-6055
11Sir GNUboard SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001120.00CVE-2014-2339
12Zakkis Technology Php Excel Parser 特権昇格7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.100260.00CVE-2007-2857
13Microsoft Windows DNSAPI DNSAPI.dll サービス拒否5.25.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.004250.02CVE-2018-8304
14Oracle HTTP Server Web Listener メモリ破損5.35.1$5k-$25k$0-$5kHighOfficial Fix0.972740.02CVE-2010-0425
15Kingsoft WPS Office Free WpsCloudSvr 特権昇格6.16.1$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2018-6400
16Kingsoft WPS Office kso.dll _alloc_iostr_data 特権昇格4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.001520.05CVE-2018-6217
17Google Chrome Sandbox メモリ破損5.34.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.023690.04CVE-2015-1252
18Microsoft Office メモリ破損7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.157680.00CVE-2018-0795
19OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.43CVE-2016-6210
20Dell EMC Avamar Server/Integrated Data Protection Appliance Installation Manager 特権昇格8.58.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.793770.03CVE-2018-1217

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1175.45.176.APT382020年12月12日verified
2XXX.XX.XXX.Xxxxx2020年12月12日verified
3XXX.XX.XXX.Xxxxx2020年12月12日verified
4XXX.XX.XXX.Xxxxx2020年12月12日verified
5XXX.XX.XXX.Xxxxx2020年12月12日verified

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
2T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary Privilegespredictive
3TXXXXCWE-XXXxx Xxxxxxxxxpredictive
4TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictive

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1Filejson-stringifier.hpredictive
2Filemm/memory.cpredictive
3File\\.\pipe\WPSCloudSvr\WpsCloudSvrpredictive
4Libraryxxxxxx.xxxpredictive
5Libraryxxx.xxxpredictive
6Libraryxxxxxx.xxxpredictive
7Libraryxxxxxx/xxxxxxxxx/xxxxx.xxxpredictive
8Argumentxxxxxxxpredictive
9Argumentxxxxx->xxxxpredictive
10Argumentxxxxxxxx.xxxxpredictive
11Argumentxxxxxx_xxxxpredictive
12Argumentxxxxxxxxpredictive
13Input Valuexx-xxxx://predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!