APT15 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (6)

Idioma

en	6

País

cn	2

Actores

APT15	1

Interesse

Tipo

Unified Communication Software	4
Not Defined	2

Fabricante

Cisco	4
Microsoft	2

Produto

Cisco WebEx Event Center	2
Microsoft Indexing Service	2
Cisco WebEx Meeting Center	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Microsoft Indexing Service ISAPI Extension idq.dll Excesso de tampão	10.0	9.5	$100k e mais	$0-$5k	High	Official Fix	0.96728	0.00	CVE-2001-0500
2	CloudBees Jenkins CLI Subsystem commons-collections-*.jar Serialized direitos alargados	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.80770	0.00	CVE-2015-8103
3	Microsoft Windows Common Log File System Driver Privilege Escalation	8.1	7.8	$25k-$100k	$5k-$25k	High	Official Fix	0.00044	0.04	CVE-2022-24521
4	Cisco WebEx Event Center Divulgação de Informação	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00084	0.00	CVE-2017-12365
5	Cisco WebEx Meeting Center Access Control direitos alargados	5.7	5.7	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00091	0.00	CVE-2017-12297
6	Microsoft NuGet/ADAL.NET Azure Active Directory direitos alargados	7.5	7.2	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.00123	0.02	CVE-2019-1258

Campanhas (1)

These are the campaigns that can be associated with the actor:

Ke3chang

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	45.56.84.25	45-56-84-25.ip.linodeusercontent.com	APT15		12/02/2024	verified	Alto
2	XX.XXX.XXX.XX		Xxxxx	Xxxxxxxx	01/01/2021	verified	Alto
3	XXX.XXX.XXX.XXX		Xxxxx	Xxxxxxxx	01/01/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1068		CWE-264	Execution with Unnecessary Privileges	predictive	Alto
2	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	Library	idq.dll	predictive	Baixo
2	Library	xxxxxxx/xxxx/xxx-xxx/xxx/xxxxxxx-xxxxxxxxxxx-*.xxx	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!