APT38 Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (37)

Язык

en	38

Страна

us	32
kr	6

Акторы

APT38	3
DPRK	3

Интерес

Тип

Web Browser	12
Operating System	8
Office Suite Software	2
Web Server	2
Programming Language Software	2

Поставщик

Microsoft	10
Google	10
Not Defined	4
Oracle	2
Zakkis Technology	2

Продукт

Google Chrome	10
Microsoft Windows	6
Microsoft Office	2
Oracle HTTP Server	2
Zakkis Technology Php Excel Parser	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	Microsoft Windows DNSAPI DNSAPI.dll эскалация привилегий	8.3	7.9	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.44912	CVE-2017-11779
2	Microsoft Windows DNSAPI DNSAPI.dll эскалация привилегий	8.1	8.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.02	0.22403	CVE-2018-8225
3	Google Chrome IPC/Gamepad API/V8 Remote Code Execution	7.3	6.4	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00	0.06270	CVE-2015-1233
4	Google Chrome Blink doSerialize эскалация привилегий	7.3	6.4	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00000
5	Google Chrome v8 json-stringifier.h SerializeJSArray повреждение памяти	7.3	7.0	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.02092	CVE-2015-6764
6	nginx эскалация привилегий	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.36	0.00241	CVE-2020-12440
7	Microsoft Word повреждение памяти	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.03	0.01384	CVE-2019-1201
8	Microsoft Edge AppContainer Sandbox эскалация привилегий	6.5	6.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00	0.00703	CVE-2019-0938
9	WordPress Thumbnail эскалация привилегий	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.03	0.00990	CVE-2018-1000773
10	Google Chrome Catalog Service эскалация привилегий	8.0	7.9	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.02	0.00491	CVE-2018-6055
11	Sir GNUboard sql-инъекция	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00112	CVE-2014-2339
12	Zakkis Technology Php Excel Parser эскалация привилегий	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00	0.10026	CVE-2007-2857
13	Microsoft Windows DNSAPI DNSAPI.dll отказ в обслуживании	5.2	5.1	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.02	0.00425	CVE-2018-8304
14	Oracle HTTP Server Web Listener повреждение памяти	5.3	5.1	$5k-$25k	$0-$5k	High	Official Fix	0.02	0.97274	CVE-2010-0425
15	Kingsoft WPS Office Free WpsCloudSvr эскалация привилегий	6.1	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00042	CVE-2018-6400
16	Kingsoft WPS Office kso.dll _alloc_iostr_data эскалация привилегий	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00152	CVE-2018-6217
17	Google Chrome Sandbox повреждение памяти	5.3	4.6	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.04	0.02369	CVE-2015-1252
18	Microsoft Office повреждение памяти	7.5	7.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.15768	CVE-2018-0795
19	OpenSSH Authentication Username раскрытие информации	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.04	0.10737	CVE-2016-6210
20	Dell EMC Avamar Server/Integrated Data Protection Appliance Installation Manager эскалация привилегий	8.5	8.2	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.79377	CVE-2018-1217

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Актор	Identified	Тип	Уверенность
1	175.45.176.	APT38	12.12.2020	verified	Высокий
2	XXX.XX.XXX.	Xxxxx	12.12.2020	verified	Высокий
3	XXX.XX.XXX.	Xxxxx	12.12.2020	verified	Высокий
4	XXX.XX.XXX.	Xxxxx	12.12.2020	verified	Высокий
5	XXX.XX.XXX.	Xxxxx	12.12.2020	verified	Высокий

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
2	T1068	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	predictive	Высокий
3	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
4	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XX	Xxxxxxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	json-stringifier.h	predictive	Высокий
2	File	mm/memory.c	predictive	Средний
3	File	\\.\pipe\WPSCloudSvr\WpsCloudSvr	predictive	Высокий
4	Library	xxxxxx.xxx	predictive	Средний
5	Library	xxx.xxx	predictive	Низкий
6	Library	xxxxxx.xxx	predictive	Средний
7	Library	xxxxxx/xxxxxxxxx/xxxxx.xxx	predictive	Высокий
8	Argument	xxxxxxx	predictive	Низкий
9	Argument	xxxxx->xxxx	predictive	Средний
10	Argument	xxxxxxxx.xxxx	predictive	Высокий
11	Argument	xxxxxx_xxxx	predictive	Средний
12	Argument	xxxxxxxx	predictive	Средний
13	Input Value	xx-xxxx://	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Interested in the pricing of exploits?

See the underground prices here!