APT2 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (95)

Idioma

en	78
es	10
zh	6
sv	2

País

cn	88
kr	4
fj	2
us	2

Actores

APT2	5

Interesse

Tipo

Not Defined	28
Operating System	12
Router Operating System	8
Web Browser	6
Programming Language Software	4

Fabricante

Not Defined	24
Cisco	8
Oracle	6
Microsoft	6
D-Link	4

Produto

Microsoft Windows	4
Mozilla Firefox	4
Cisco IOS XE	4
Oracle Java SE	2
ClamAV	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Zoho ManageEngine Applications Manager Agent.java Injecção SQL	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00273	0.00	CVE-2019-19650
2	Cisco ASA/Firepower Threat Defense RSA Key Divulgação de Informação	6.2	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00163	0.02	CVE-2022-20866
3	TikiWiki tiki-register.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.73	CVE-2006-6168
4	Sun Solaris Negação de Serviço	6.2	6.2	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00044	0.06	CVE-2011-2259
5	Spring Boot Admins Notifier env direitos alargados	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00262	0.02	CVE-2022-46166
6	ASUS RT-AC51U Network Request Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00062	0.00	CVE-2023-29772
7	Zoho ManageEngine Desktop Central HTTP Redirect Divulgação de Informação	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00612	0.04	CVE-2022-23779
8	Dropbear SSH dropbearconvert direitos alargados	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00956	0.02	CVE-2016-7407
9	MediaTek MT6983 tinysys Excesso de tampão	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-20621
10	Router/Firewall Routing direitos alargados	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Workaround	0.01500	0.00	CVE-1999-0510
11	Kibana Region Map Roteiro Cruzado de Sítios	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2019-7621
12	Apple Mac OS X Server Wiki Server Roteiro Cruzado de Sítios	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00263	0.04	CVE-2009-2814
13	ajenti API direitos alargados	7.1	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01285	0.08	CVE-2019-25066
14	Oracle MySQL Server InnoDB Privilege Escalation	9.1	9.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01381	0.05	CVE-2016-9843
15	Redmine Issues API direitos alargados	7.6	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00144	0.03	CVE-2021-30164
16	Google Go WASM module Excesso de tampão	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00605	0.00	CVE-2021-38297
17	D-Link DIR-867/DIR-878/DIR-882 Remote Code Execution	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00240	0.00	CVE-2020-8863
18	Ruckus Wireless C110 webs Divulgação de Informação	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00472	0.00	CVE-2020-13918
19	Cisco IOS XE Easy Virtual Switching System Excesso de tampão	8.9	8.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00438	0.03	CVE-2021-1451

Campanhas (1)

These are the campaigns that can be associated with the actor:

Putter Panda

IOC - Indicator of Compromise (42)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	31.170.110.163	io.uu3.net	APT2	Putter Panda	01/01/2021	verified	Alto
2	58.196.156.15		APT2	Putter Panda	01/01/2021	verified	Alto
3	59.120.168.199	59-120-168-199.hinet-ip.hinet.net	APT2		20/12/2020	verified	Alto
4	61.34.97.69		APT2		20/12/2020	verified	Alto
5	61.74.190.14		APT2		20/12/2020	verified	Alto
6	61.78.37.121		APT2		20/12/2020	verified	Alto
7	61.78.75.96		APT2		20/12/2020	verified	Alto
8	61.221.54.99	61-221-54-99.hinet-ip.hinet.net	APT2		20/12/2020	verified	Alto
9	67.42.255.50	mail.provocc.org	APT2		20/12/2020	verified	Alto
10	XXX.XX.XXX.XXX	xxxxxxx.xxxxxx.xx	Xxxx	Xxxxxx Xxxxx	01/01/2021	verified	Alto
11	XXX.XXX.XXX.XXX		Xxxx		20/12/2020	verified	Alto
12	XXX.XXX.XXX.XXX	xxxxxxx.xxxx.xxx.xxxxx.xxx	Xxxx		20/12/2020	verified	Alto
13	XXX.XXX.XX.XXX	xxxxxxxx.xx.xxx.xxx.xx	Xxxx		20/12/2020	verified	Alto
14	XXX.XXX.XX.X	xxxxxxxxxx.xx.xxx.xxx.xx	Xxxx		20/12/2020	verified	Alto
15	XXX.XXX.XX.XXX	xx-xx-xxx.xx.xxxx.xxx.xx	Xxxx		20/12/2020	verified	Alto
16	XXX.XXX.XXX.XX	xxxxxxx.xx.xxxx.xxx.xx	Xxxx		20/12/2020	verified	Alto
17	XXX.XXX.XX.XX	xxxxxxxxx.xxxx.xxx.xx	Xxxx		20/12/2020	verified	Alto
18	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx.xxxxx.xxx	Xxxx		20/12/2020	verified	Alto
19	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxx	Xxxx		20/12/2020	verified	Alto
20	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxx	Xxxx		20/12/2020	verified	Alto
21	XXX.XXX.XXX.X		Xxxx		20/12/2020	verified	Alto
22	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxxx.xxxxxxx.xxx	Xxxx		20/12/2020	verified	Alto
23	XXX.XXX.XX.XXX	xxxx.xxxxxxxxx.xxxxxxx.xx.xx	Xxxx		20/12/2020	verified	Alto
24	XXX.XX.XXX.XXX	xxxxxxxxxx.xxx	Xxxx		20/12/2020	verified	Alto
25	XXX.XXX.XXX.XXX		Xxxx		20/12/2020	verified	Alto
26	XXX.XXX.XX.XX		Xxxx		20/12/2020	verified	Alto
27	XXX.X.XX.XX		Xxxx		20/12/2020	verified	Alto
28	XXX.X.XX.XX		Xxxx		20/12/2020	verified	Alto
29	XXX.XX.XXX.XXX		Xxxx		20/12/2020	verified	Alto
30	XXX.XXX.XX.XX	xxxxx-xxx-xx-xx.xxxx.xxxxxx.xxxx.xxx.xx	Xxxx		20/12/2020	verified	Alto
31	XXX.XX.XX.XX	xxx-xx-xx-xx.xxxxx-xx.xxxxx.xxx	Xxxx		20/12/2020	verified	Alto
32	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxx	Xxxx		20/12/2020	verified	Alto
33	XXX.XX.XXX.XX		Xxxx		20/12/2020	verified	Alto
34	XXX.XXX.XXX.XXX	xxxx.xxxxxxxxx.xx	Xxxx		20/12/2020	verified	Alto
35	XXX.XXX.XXX.XXX	xxxxxxx.xxxxxxxxx.xxx.xx	Xxxx	Xxxxxx Xxxxx	01/01/2021	verified	Alto
36	XXX.XXX.XX.XX		Xxxx		20/12/2020	verified	Alto
37	XXX.XXX.XX.XXX		Xxxx		20/12/2020	verified	Alto
38	XXX.XXX.XX.XX		Xxxx		20/12/2020	verified	Alto
39	XXX.XXX.XX.XX		Xxxx		20/12/2020	verified	Alto
40	XXX.XXX.XX.XXX		Xxxx		20/12/2020	verified	Alto
41	XXX.XXX.XXX.X		Xxxx		20/12/2020	verified	Alto
42	XXX.XXX.XX.XXX		Xxxx		20/12/2020	verified	Alto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
10	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/admin/blog/blogcategory/add/?_to_field=id&_popup=1	predictive	Alto
2	File	/bin/boa	predictive	Médio
3	File	/DOWN/FIRMWAREUPDATE/ROM1	predictive	Alto
4	File	/env	predictive	Baixo
5	File	xxxxx/xxxxx/xxxxxxxxx.xxxx	predictive	Alto
6	File	xxxxxxxx.xxx	predictive	Médio
7	File	xxxxxx-xxxxxx.xxxx	predictive	Alto
8	File	xxxxxxxxxx.xxx	predictive	Alto
9	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Alto
10	File	xxxxxxx/xxx/xxxxxxxxx/xxxxx.x	predictive	Alto
11	File	xxxxxxxx/xxxx/xxxxxxxx.xxx	predictive	Alto
12	File	xxxxxxxx/xxxx.xxx.xxx	predictive	Alto
13	File	xxxxx.xxx	predictive	Médio
14	File	xxx_xxxxxxxx.x	predictive	Alto
15	File	xxxxxx/xxxxx.xxx	predictive	Alto
16	File	xxxx-xxxxxxxx.xxx	predictive	Alto
17	File	xxxxxxx_xxx.xxx	predictive	Alto
18	Library	xxx_xxxxx_xxxxxxx	predictive	Alto
19	Library	xxxxxxxx.xxx	predictive	Médio
20	Argument	xxxxxxx	predictive	Baixo
21	Argument	xxxxxxxxxxxxx	predictive	Alto
22	Argument	xxxxxxx-xxxxxx	predictive	Alto
23	Argument	xxx_xxxx	predictive	Médio
24	Argument	xxxxxxxx	predictive	Médio
25	Argument	xxxxx_xx	predictive	Médio
26	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Alto
27	Argument	xxxx_xxxxxx	predictive	Médio
28	Argument	xxxxxx	predictive	Baixo
29	Argument	xxxxxxx	predictive	Baixo
30	Argument	xxxxx	predictive	Baixo
31	Argument	xxxx	predictive	Baixo
32	Argument	xxxxxxxx	predictive	Médio
33	Pattern	xxxxxxx-xxxxxx\|xx\|	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!