APT17 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

タイムライン

言語

en206
ja20
zh14
es2
pt2

国・地域

us92
de92
cn28
jp24
mn4

アクター

APT178
Cobalt Strike3
FunnySwitch2
Nanocore1
pupy1

アクティビティ

関心

タイムライン

タイプ

Not Defined42
Content Management System8
Firewall Software6
Database Software6
Operating System4

ベンダー

Not Defined32
Fortinet8
Oracle6
DZCP4
QNAP4

製品

Fortinet FortiOS6
Oracle MySQL Server6
FreeBSD4
DZCP deV!L`z Clanportal4
Fortinet FortiProxy4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.49CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
3jforum User 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
4ESET Server Security for Linux 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.06CVE-2023-2847
5CrowdStrike Falcon Uninstallation 特権昇格3.53.5$0-$5k$0-$5kFunctionalOfficial Fix0.022950.23CVE-2022-2841
6Postfix Admin functions.inc.php SQLインジェクション7.37.0$5k-$25k$0-$5kHighOfficial Fix0.002530.03CVE-2014-2655
7SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php 特権昇格6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.03CVE-2024-1875
8OPNsense 特権昇格7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000860.09CVE-2023-39008
9Fortinet FortiOS/FortiProxy HA Request 特権昇格8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.02CVE-2023-44250
10jQuery Cookie Prototype クロスサイトスクリプティング3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000680.02CVE-2022-23395
11Flexera FlexNet Publisher Command lmadmin.exe 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001030.00CVE-2019-8960
12ESET NOD32 Antivirus File 特権昇格7.87.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2023-3160
13Citrix StoreFront SAML Authentication クロスサイトスクリプティング3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2022-27503
14QNAP QTS/QuTS hero/QuTScloud 特権昇格9.89.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.02CVE-2023-23368
15cURL SOCKS5 Proxy メモリ破損4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.003190.02CVE-2023-38545
16Fortinet FortiOS prof-admin Profile 特権昇格7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000500.03CVE-2023-41841
17Juniper Junos OS J-Web 未知の脆弱性5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.966640.03CVE-2023-36845
18QNAP QTS/QuTS Hero 弱い暗号化4.64.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.00CVE-2023-34972
19Hitachi Energy TXpert Hub CoreTec 4 特権昇格8.38.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-2625
20Trend Micro Apex One/Apex One as a Service Management Server ディレクトリトラバーサル8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.002150.00CVE-2023-32557

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CCleaner

IOC - Indicator of Compromise (21)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
11.234.52.111APT172020年12月15日verified
28.9.11.1308.9.11.130.vultr.comAPT172022年03月05日verified
345.76.6.14945.76.6.149.vultr.comAPT172022年03月05日verified
445.76.31.15945.76.31.159.vultr.comAPT172022年03月05日verified
569.80.72.165APT172020年12月15日verified
6XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxx.xxxxxxxx.xxxXxxxx2022年03月05日verified
7XXX.XXX.XX.XXxxxxxxxxxx.xxxxx.xxXxxxx2020年12月15日verified
8XXX.XXX.XX.XXXxxxxxxxxxxxxxx.xxxxx.xxXxxxx2020年12月15日verified
9XXX.XXX.XX.XXXxxx-xxx-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx2022年03月05日verified
10XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxx.xxxXxxxx2022年03月05日verified
11XXX.XX.XXX.XXXxxxx2020年12月15日verified
12XXX.XXX.XX.XXXxxxxxxx.xxxxxxxx.xx.xx-xxx.xx.xxXxxxx2020年12月15日verified
13XXX.XXX.XXX.XXXXxxxx2022年03月05日verified
14XXX.XXX.XXX.XXXxxxx2020年12月15日verified
15XXX.XXX.XX.XXxxxxxxx.xxxx.xxXxxxx2020年12月15日verified
16XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxx.xxxXxxxx2022年03月05日verified
17XXX.XX.XX.XXxxx.xx.xx.xx.xxxxx.xxxXxxxx2022年03月05日verified
18XXX.XXX.XXX.XXXXxxxx2020年12月15日verified
19XXX.XX.XX.XXXXxxxx2020年12月15日verified
20XXX.XXX.XXX.XXXXxxxxXxxxxxxx2020年12月23日verified
21XXX.XXX.XXX.XXXxxxx2020年12月15日verified

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-242CWE-94Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-0CWE-XXXXxx-xxx Xxxx Xxxxxxx Xxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCAPEC-0CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
14TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
16TXXXX.XXXCAPEC-459CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
18TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (56)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.htaccesspredictive
2File/api/cron/settings/setJob/predictive
3File/api/DownloadUrlResponse.ashxpredictive
4File/wbg/core/_includes/authorization.inc.phppredictive
5Fileaddentry.phppredictive
6Filedata/gbconfiguration.datpredictive
7Filedetail.phppredictive
8Filexxxxxxxxx.xxx.xxxpredictive
9Filexxxxxx/xxxxxxxxxxxxpredictive
10Filexxxx.xxxpredictive
11Filexxxxxxxxx.xxxpredictive
12Filexxx/xxxxxx.xxxpredictive
13Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
14Filexxxxxxxxxx/xxxxxxx.xpredictive
15Filexxxxxxx.xxxpredictive
16Filexxxxxxx.xxxpredictive
17Filexxx_xx_xx_xxxxxxxx.xxxpredictive
18Filexxxxx.xxxpredictive
19Filexxxxx-xxxx/xxxxx-xxxxx-xxxx.xxxpredictive
20Filexxxxxxxx.xxxpredictive
21Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
22Filexxxx.xpredictive
23Filexxx/xxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxx.xxxpredictive
24Filexxxxxxx.xxx.xx.xxxxxxxxxxx.xxxpredictive
25Filexxxxxxxx.xxxxx.xxxpredictive
26Filexxxxx.xxxpredictive
27Filexxxxxxx/xxxxxxxx.xxxpredictive
28Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictive
29Filexxxxx.xxxpredictive
30Filexx-xxxxx/xxxxx.xxxpredictive
31Filexx-xxxxx/xxxxx-xxxxxx.xxxpredictive
32Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
33Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictive
34Filexx-xxxxx.xxxpredictive
35Libraryxxxxxxxx.xxxpredictive
36Argumentxx_xxxxx_xxx_xxxxpredictive
37Argumentxxxxxxxxpredictive
38Argumentxxxxxxxxxxpredictive
39Argumentxxxxxxxpredictive
40Argumentxxxxpredictive
41Argumentxxxxpredictive
42Argumentxxxxpredictive
43Argumentxxxxpredictive
44Argumentxxxxpredictive
45Argumentxxxx/xxxxxxxxxxxpredictive
46Argumentxxxxxpredictive
47Argumentxxxxxxxxxxpredictive
48Argumentxxxx_xxxxxpredictive
49Argumentxxxxxxxpredictive
50Argumentxxxx_xxpredictive
51Argumentxxxpredictive
52Argumentxxx_xxxxxpredictive
53Argumentx_xxxxpredictive
54Argument\xxxxxx\predictive
55Argument_xxx_xxxxxxxxxxx_predictive
56Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!