APT39 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (338)

タイムライン

言語

en276
es18
fr10
it8
ru8

国・地域

us182
ru26
es20
cn18
ir12

アクター

Chafer7
APT394
Cobalt Strike2
MechaFlounder2
MyKings1

アクティビティ

関心

タイムライン

タイプ

Not Defined116
Content Management System20
Operating System16
Web Server16
WordPress Plugin14

ベンダー

Not Defined134
Microsoft22
Google6
Apache6
D-Link6

製品

Microsoft Windows10
phpMyAdmin8
PHP8
WordPress6
Google Chrome6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.07CVE-2020-12440
3Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.13CVE-2017-0055
4VMware vRealize Orchestrator Path Redirect3.02.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2021-22036
5vm2 特権昇格9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.005370.04CVE-2023-32314
6OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.26CVE-2016-6210
7PHPMailer Phar Deserialization addAttachment 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
8jQuery Property extend Pollution クロスサイトスクリプティング6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.13CVE-2019-11358
9Rust Programming Language Standard Library type_id メモリ破損7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003010.00CVE-2019-12083
10WordPress SQLインジェクション6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.03CVE-2022-21664
11Apple iOS WebKit メモリ破損6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.004240.00CVE-2021-30666
12WordPress ディレクトリトラバーサル5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.04CVE-2023-2745
13Canon IJ Network Tool Wi-Fi Connection Setup 情報の漏洩5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2023-1763
14ciubotaru share-on-diaspora new_window.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.03CVE-2017-20176
15Postfix Admin functions.inc.php SQLインジェクション7.37.0$5k-$25k$0-$5kHighOfficial Fix0.002530.03CVE-2014-2655
16D-Link DCS-2530L/DCS-2670L ddns_enc.cgi 特権昇格7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001350.02CVE-2020-25079
17Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.39CVE-2014-4078
18SourceCodester Library Management System bookdetails.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003220.03CVE-2022-2214
19Phplinkdirectory PHP Link Directory conf_users_edit.php 未知の脆弱性6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
20Lotus Domino Request 情報の漏洩5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.008770.00CVE-2002-0245

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Chafer

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
183.142.230.113APT392020年12月12日verified
286.105.227.224APT392020年12月12日verified
387.117.204.113APT392020年12月12日verified
487.117.204.115APT392020年12月12日verified
5XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxx2020年12月12日verified
6XX.XX.XX.XXX Xxxxx2020年12月12日verified
7XX.XXX.XXX.XXXXxxxx2020年12月12日verified
8XX.XXX.XXX.XXXXxxxx2020年12月12日verified
9XX.XXX.XX.XXXxxx.xx.xxx.xx.xxxx-xxxxx.xxxxxx.xxXxxxx2020年12月12日verified
10XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxx2020年12月12日verified
11XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxx2020年12月12日verified
12XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxx2020年12月15日verified
13XXX.XXX.XXX.XXXxxxx2020年12月12日verified
14XXX.XXX.XXX.XXXxxxxXxxxxx2020年12月12日verified
15XXX.XXX.XXX.XXXxxx-xx.xxxxxx.xxXxxxx2020年12月12日verified
16XXX.XX.XXX.XXxxx.xxxxxxxxxxxxxxx.xxxxXxxxx2020年12月12日verified
17XXX.XXX.XX.XXXxxxxXxxxxx2020年12月12日verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
19TXXXXCAPEC-0CWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (144)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File//etc/RT2870STA.datpredictive
2File/admin/index.php?id=themes&action=edit_template&filename=blogpredictive
3File/api/loginpredictive
4File/appConfig/userDB.jsonpredictive
5File/bin/boapredictive
6File/cgi-bin/wapopenpredictive
7File/CPEpredictive
8File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictive
9File/jquery_file_upload/server/php/index.phppredictive
10File/librarian/bookdetails.phppredictive
11File/magnoliaPublic/travel/members/login.htmlpredictive
12File/Main_AdmStatus_Content.asppredictive
13File/public/login.htmpredictive
14File/requests.phppredictive
15File/self.keypredictive
16File/server-statuspredictive
17File/xxxxxxx/predictive
18File/xxx/xxx/xxxxxpredictive
19File/xxxxxxxx/xxxx_xxxxx.xxxpredictive
20Filexxxxxxx.xxxpredictive
21Filexxxxx.xxxpredictive
22Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
23Filexxxxx/xxxxx.xxxpredictive
24Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictive
25Filexxxxxxxxxx.xxxpredictive
26Filexxxxxxxxxxx.xxxpredictive
27Filexx_xxxxxxxxxx.xxxpredictive
28Filexxx:.xxxpredictive
29Filexxx/xxx.xxxpredictive
30Filexxxxxxx.xxxpredictive
31Filexxxxxx_xxxxxx.xxxpredictive
32Filexxxxxxxx.xxxpredictive
33Filexxx-xxx/xxxx_xxx.xxxpredictive
34Filexxxxxx.xxxpredictive
35Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
36Filexxxxxx.xxxpredictive
37Filexxx.xxxpredictive
38Filexxxxx.xxxpredictive
39Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictive
40Filexxxxxxxxx.xxx.xxxpredictive
41Filexxxxxxxxxxxx_xxxx.xxxpredictive
42Filexxx_xxxxxx.xxxpredictive
43Filexxxx_xxxxxxx.xxx.xxxpredictive
44Filexxxx_xxxx.xpredictive
45Filexxxxxxxxx.xxxpredictive
46Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictive
47Filexxxxx.xxxpredictive
48Filexxxxxx.xpredictive
49Filexxxx/xxx_xxx.xpredictive
50Filexxxxxxxx.xxxpredictive
51Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictive
52Filexxx_xxxxxx.xxpredictive
53Filexxxx/xxxx/xxxxx.xxxpredictive
54Filexxx_xxxxxx.xxxpredictive
55Filexxxxxx.xxxpredictive
56Filexxxxxxxxxxxxxx.xxxpredictive
57Filexxxxxxx.xxxpredictive
58Filexxxxx.xxxxx.xxxpredictive
59Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
60Filexxxx/xxxxxpredictive
61Filexxxxx.xxxpredictive
62Filexxxxxxxx.xxxpredictive
63Filexxxxxxxxxx.xxxpredictive
64Filexxxxxxxx_xxxx.xxxpredictive
65Filexxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictive
66Filexxxxxxx.xpredictive
67Filexxxxxx.xxxpredictive
68Filexxxx.xxxpredictive
69Filexxxxx/xxx/xxxx.xpredictive
70Filexxxxxx_xxx_xxxxx_xxx.xxxpredictive
71Filexxx_xxx_xxxxx.xxxpredictive
72Filexxxx/xxxxxxxxxxxxxxx.xxxxxxpredictive
73Filexxxxxxx_xxxxx.xxxpredictive
74Filexxxxxxx_xxxxxxxxxx.xxxpredictive
75Filexxx.xxxpredictive
76Filexxxxxx.xxxpredictive
77Filexxxxxx.xxxpredictive
78Filexxxxxxxxxxxxxx.xxxpredictive
79Filexxxxxxx.xxxpredictive
80Filexx-xxxxx/xxxx-xxx.xxxpredictive
81Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/predictive
82Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
83Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictive
84Filexx-xxxxxxxxxxx.xxxpredictive
85Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictive
86Libraryxxxxxx.xxxpredictive
87Argument$xxxxx_xxxxxxxxxxpredictive
88Argument$_xxxxxxxpredictive
89Argumentxxxxxxxpredictive
90Argumentxxxxxpredictive
91Argumentxxxxxxpredictive
92Argumentxxxpredictive
93Argumentxxxxxpredictive
94Argumentxxxxxxxxxxxxxxxpredictive
95Argumentxxxx/xxxxpredictive
96Argumentxxxxxxxxpredictive
97Argumentxxxxpredictive
98Argumentxxxxxxxxxxpredictive
99Argumentxxxxpredictive
100Argumentxxxxxxxxxxpredictive
101Argumentxxxx_xxxxxxxxpredictive
102Argumentxx_xxpredictive
103Argumentxxxx[xxx]predictive
104Argumentxxpredictive
105Argumentxxxxxxxxpredictive
106Argumentxxxxpredictive
107Argumentxxxxxpredictive
108Argumentxxxxx_xxpredictive
109Argumentxxxx_xxxxxxxpredictive
110Argumentxxpredictive
111Argumentxxxxpredictive
112Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictive
113Argumentx/xx/xxxpredictive
114Argumentxxxx_xxxxpredictive
115Argumentxx_xxxxxxxpredictive
116Argumentxxxpredictive
117Argumentxxxxxxxxx/xxxxxx/xxxxxxxxxpredictive
118Argumentxxxxxxxxxxpredictive
119Argumentxxxxxxxxxxxxxpredictive
120Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
121Argumentxxxxxxpredictive
122Argumentxxxxx_xxxxpredictive
123Argumentxxxxxxxxpredictive
124Argumentxxxxxxxxpredictive
125Argumentxxxxxxxxpredictive
126Argumentxxxxxxxpredictive
127Argumentxxxx xxxxxpredictive
128Argumentxxxx_xxxxxpredictive
129Argumentxxxxpredictive
130Argumentxxxxxxpredictive
131Argumentxxxxxxxxxxpredictive
132Argumentx/xxxxxxxxxxxxpredictive
133Argumentxxxxpredictive
134Argumentxxxxxxxxpredictive
135Argumentxxxxx/xxxpredictive
136Argumentxxxxxxxxxxpredictive
137Argumentxxxpredictive
138Argumentxxxxxxpredictive
139Argumentxxxxxxxxpredictive
140Argumentxxxxxxxxx_xxxxxx_xx_[xxxx]predictive
141Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
142Input Value../..predictive
143Network Portxxx/xxxxpredictive
144Network Portxxx/xxx (xxx)predictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!