APT30 Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (7)

Язык

en	4
zh	4

Страна

cn	6
us	2

Акторы

APT30	1

Интерес

Тип

Not Defined	2
Groupware Software	2
Anti-Spam Software	2

Поставщик

Combodo	2
Microsoft	2
Softnext	2

Продукт

Combodo iTop	2
Microsoft Exchange Server	2
Softnext SPAM SQR	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Combodo iTop config.php TestConfig эскалация привилегий	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00089	0.04	CVE-2018-10642
2	Inter7 SqWebMail Error Message раскрытие информации	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00591	0.00	CVE-2004-2313
3	Softnext SPAM SQR эскалация привилегий	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00143	0.04	CVE-2023-24835
4	Microsoft Exchange Server Privilege Escalation	8.8	7.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.01258	0.00	CVE-2021-28482
5	Linux Kernel z90crypt_unlocked_ioctl эскалация привилегий	5.9	5.6	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.02	CVE-2009-1883
6	Zabbix Dashboard Page слабая аутентификация	8.2	8.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.35520	0.00	CVE-2019-17382

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	5.1.0.29	5-1-0-29.datagroup.ua	APT30	26.12.2020	verified	Высокий
2	XXX.XXX.XX.XXX		Xxxxx	19.02.2024	verified	Высокий
3	XXX.XXX.X.XXX		Xxxxx	24.12.2020	verified	Высокий
4	XXX.XXX.XXX.XXX		Xxxxx	19.02.2024	verified	Высокий

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Высокий
2	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
3	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
4	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	web/env-production/itop-config/config.php	predictive	Высокий
2	File	xxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=x	predictive	Высокий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!