APT39 解析

IOB - Indicator of Behavior (334)

タイムライン

言語

en298
fr10
es8
ru6
pt4

国・地域

us206
ru30
cn18
es14
ir14

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

Apache HTTP Server10
Microsoft Windows10
Microsoft IIS8
Joomla6
WordPress6

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined3.240.00241CVE-2020-12440
3Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.060.00548CVE-2017-0055
4VMware vRealize Orchestrator Path Redirect3.02.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00119CVE-2021-22036
5vm2 特権昇格9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00456CVE-2023-32314
6OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.800.10737CVE-2016-6210
7PHPMailer Phar Deserialization addAttachment 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00528CVE-2020-36326
8jQuery Property extend Pollution クロスサイトスクリプティング6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.060.03625CVE-2019-11358
9Rust Programming Language Standard Library type_id メモリ破損7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00301CVE-2019-12083
10WordPress SQLインジェクション6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00467CVE-2022-21664
11Apple iOS WebKit メモリ破損6.36.0$100k 以上$5k-$25kHighOfficial Fix0.000.00349CVE-2021-30666
12WordPress ディレクトリトラバーサル5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.00250CVE-2023-2745
13Canon IJ Network Tool Wi-Fi Connection Setup 情報の漏洩5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00052CVE-2023-1763
14ciubotaru share-on-diaspora new_window.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.070.00058CVE-2017-20176
15Postfix Admin functions.inc.php SQLインジェクション7.37.0$5k-$25k$0-$5kHighOfficial Fix0.000.00263CVE-2014-2655
16D-Link DCS-2530L/DCS-2670L ddns_enc.cgi 特権昇格7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.040.00135CVE-2020-25079
17Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.270.00817CVE-2014-4078
18SourceCodester Library Management System bookdetails.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00322CVE-2022-2214
19Phplinkdirectory PHP Link Directory conf_users_edit.php 未知の脆弱性6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.120.00526CVE-2011-0643
20Lotus Domino Request 情報の漏洩5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00877CVE-2002-0245

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Chafer

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (141)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File//etc/RT2870STA.datpredictive
2File/admin/index.php?id=themes&action=edit_template&filename=blogpredictive
3File/api/loginpredictive
4File/appConfig/userDB.jsonpredictive
5File/bin/boapredictive
6File/cgi-bin/wapopenpredictive
7File/CPEpredictive
8File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictive
9File/jquery_file_upload/server/php/index.phppredictive
10File/librarian/bookdetails.phppredictive
11File/magnoliaPublic/travel/members/login.htmlpredictive
12File/Main_AdmStatus_Content.asppredictive
13File/public/login.htmpredictive
14File/requests.phppredictive
15File/self.keypredictive
16File/server-statuspredictive
17File/xxxxxxx/predictive
18File/xxx/xxx/xxxxxpredictive
19File/xxxxxxxx/xxxx_xxxxx.xxxpredictive
20Filexxxxxxx.xxxpredictive
21Filexxxxx.xxxpredictive
22Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
23Filexxxxx/xxxxx.xxxpredictive
24Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictive
25Filexxxxxxxxxx.xxxpredictive
26Filexxxxxxxxxxx.xxxpredictive
27Filexx_xxxxxxxxxx.xxxpredictive
28Filexxx:.xxxpredictive
29Filexxxxxxx.xxxpredictive
30Filexxxxxx_xxxxxx.xxxpredictive
31Filexxxxxxxx.xxxpredictive
32Filexxx-xxx/xxxx_xxx.xxxpredictive
33Filexxxxxx.xxxpredictive
34Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
35Filexxxxxx.xxxpredictive
36Filexxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictive
39Filexxxxxxxxx.xxx.xxxpredictive
40Filexxxxxxxxxxxx_xxxx.xxxpredictive
41Filexxx_xxxxxx.xxxpredictive
42Filexxxx_xxxxxxx.xxx.xxxpredictive
43Filexxxx_xxxx.xpredictive
44Filexxxxxxxxx.xxxpredictive
45Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictive
46Filexxxxx.xxxpredictive
47Filexxxxxx.xpredictive
48Filexxxx/xxx_xxx.xpredictive
49Filexxxxxxxx.xxxpredictive
50Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictive
51Filexxx_xxxxxx.xxpredictive
52Filexxxx/xxxx/xxxxx.xxxpredictive
53Filexxx_xxxxxx.xxxpredictive
54Filexxxxxx.xxxpredictive
55Filexxxxxxxxxxxxxx.xxxpredictive
56Filexxxxxxx.xxxpredictive
57Filexxxxx.xxxxx.xxxpredictive
58Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
59Filexxxxx.xxxpredictive
60Filexxxxxxxx.xxxpredictive
61Filexxxxxxxxxx.xxxpredictive
62Filexxxxxxxx_xxxx.xxxpredictive
63Filexxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictive
64Filexxxxxxx.xpredictive
65Filexxxxxx.xxxpredictive
66Filexxxx.xxxpredictive
67Filexxxxx/xxx/xxxx.xpredictive
68Filexxxxxx_xxx_xxxxx_xxx.xxxpredictive
69Filexxx_xxx_xxxxx.xxxpredictive
70Filexxxx/xxxxxxxxxxxxxxx.xxxxxxpredictive
71Filexxxxxxx_xxxxx.xxxpredictive
72Filexxxxxxx_xxxxxxxxxx.xxxpredictive
73Filexxx.xxxpredictive
74Filexxxxxx.xxxpredictive
75Filexxxxxx.xxxpredictive
76Filexxxxxxxxxxxxxx.xxxpredictive
77Filexxxxxxx.xxxpredictive
78Filexx-xxxxx/xxxx-xxx.xxxpredictive
79Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/predictive
80Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
81Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictive
82Filexx-xxxxxxxxxxx.xxxpredictive
83Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictive
84Libraryxxxxxx.xxxpredictive
85Argument$xxxxx_xxxxxxxxxxpredictive
86Argument$_xxxxxxxpredictive
87Argumentxxxxxxxpredictive
88Argumentxxxxxpredictive
89Argumentxxxxxxpredictive
90Argumentxxxpredictive
91Argumentxxxxxpredictive
92Argumentxxxxxxxxxxxxxxxpredictive
93Argumentxxxx/xxxxpredictive
94Argumentxxxxxxxxpredictive
95Argumentxxxxpredictive
96Argumentxxxxxxxxxxpredictive
97Argumentxxxxpredictive
98Argumentxxxxxxxxxxpredictive
99Argumentxxxx_xxxxxxxxpredictive
100Argumentxxxx[xxx]predictive
101Argumentxxpredictive
102Argumentxxxxxxxxpredictive
103Argumentxxxxpredictive
104Argumentxxxxxpredictive
105Argumentxxxxx_xxpredictive
106Argumentxxxx_xxxxxxxpredictive
107Argumentxxpredictive
108Argumentxxxxpredictive
109Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictive
110Argumentx/xx/xxxpredictive
111Argumentxxxx_xxxxpredictive
112Argumentxx_xxxxxxxpredictive
113Argumentxxxpredictive
114Argumentxxxxxxxxx/xxxxxx/xxxxxxxxxpredictive
115Argumentxxxxxxxxxxpredictive
116Argumentxxxxxxxxxxxxxpredictive
117Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
118Argumentxxxxxxpredictive
119Argumentxxxxx_xxxxpredictive
120Argumentxxxxxxxxpredictive
121Argumentxxxxxxxxpredictive
122Argumentxxxxxxxxpredictive
123Argumentxxxxxxxpredictive
124Argumentxxxx xxxxxpredictive
125Argumentxxxx_xxxxxpredictive
126Argumentxxxxpredictive
127Argumentxxxxxxpredictive
128Argumentxxxxxxxxxxpredictive
129Argumentx/xxxxxxxxxxxxpredictive
130Argumentxxxxpredictive
131Argumentxxxxxxxxpredictive
132Argumentxxxxx/xxxpredictive
133Argumentxxxxxxxxxxpredictive
134Argumentxxxpredictive
135Argumentxxxxxxpredictive
136Argumentxxxxxxxxpredictive
137Argumentxxxxxxxxx_xxxxxx_xx_[xxxx]predictive
138Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
139Input Value../..predictive
140Network Portxxx/xxxxpredictive
141Network Portxxx/xxx (xxx)predictive

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!