APT39 Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (338)

Временная шкала

Язык

en282
es20
it10
ru10
zh6

Страна

us182
ru28
es24
cn18
it12

Акторы

Chafer7
APT395
MechaFlounder2
Cobalt Strike2
Redaman1

Деятельность

Интерес

Временная шкала

Тип

Not Defined104
Web Server20
Content Management System20
Operating System14
WordPress Plugin12

Поставщик

Not Defined128
Microsoft16
Apache14
Apple6
D-Link6

Продукт

Microsoft Windows8
WordPress8
nginx8
Apache Tomcat6
Google Chrome6

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25kРасчетHighWorkaround0.020160.02CVE-2007-1192
2nginx эскалация привилегий6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002414.65CVE-2020-12440
3Microsoft IIS межсайтовый скриптинг5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.05CVE-2017-0055
4VMware vRealize Orchestrator Path Redirect3.02.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2021-22036
5vm2 эскалация привилегий9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.005370.00CVE-2023-32314
6OpenSSH Authentication Username раскрытие информации5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.24CVE-2016-6210
7PHPMailer Phar Deserialization addAttachment эскалация привилегий5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
8jQuery Property extend Pollution межсайтовый скриптинг6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.10CVE-2019-11358
9Rust Programming Language Standard Library type_id повреждение памяти7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003010.00CVE-2019-12083
10WordPress sql-инъекция6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.05CVE-2022-21664
11Apple iOS WebKit повреждение памяти6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.004240.00CVE-2021-30666
12WordPress обход каталога5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.04CVE-2023-2745
13Canon IJ Network Tool Wi-Fi Connection Setup раскрытие информации5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2023-1763
14ciubotaru share-on-diaspora new_window.php межсайтовый скриптинг4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2017-20176
15Postfix Admin functions.inc.php sql-инъекция7.37.0$5k-$25k$0-$5kHighOfficial Fix0.002530.05CVE-2014-2655
16D-Link DCS-2530L/DCS-2670L ddns_enc.cgi эскалация привилегий7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001350.02CVE-2020-25079
17Microsoft IIS IP/Domain Restriction эскалация привилегий6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.29CVE-2014-4078
18SourceCodester Library Management System bookdetails.php sql-инъекция7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003220.05CVE-2022-2214
19Phplinkdirectory PHP Link Directory conf_users_edit.php неизвестная уязвимость6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.04CVE-2011-0643
20Lotus Domino Request раскрытие информации5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.008770.00CVE-2002-0245

Кампании (1)

These are the campaigns that can be associated with the actor:

  • Chafer

IOC - Indicator of Compromise (17)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
183.142.230.113APT3912.12.2020verifiedВысокий
286.105.227.224APT3912.12.2020verifiedВысокий
387.117.204.113APT3912.12.2020verifiedВысокий
487.117.204.115APT3912.12.2020verifiedВысокий
5XX.XX.XX.XXXxx-xx-xx-xxx.xxxxxx-xx-xxxxxxxxxxx.xxxXxxxx12.12.2020verifiedВысокий
6XX.XX.XX.XXX Xxxxx12.12.2020verifiedВысокий
7XX.XXX.XXX.XXXXxxxx12.12.2020verifiedВысокий
8XX.XXX.XXX.XXXXxxxx12.12.2020verifiedВысокий
9XX.XXX.XX.XXXxxx.xx.xxx.xx.xxxx-xxxxx.xxxxxx.xxXxxxx12.12.2020verifiedВысокий
10XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxx12.12.2020verifiedВысокий
11XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxx.xxxXxxxx12.12.2020verifiedСредний
12XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxx.xxxXxxxx15.12.2020verifiedСредний
13XXX.XXX.XXX.XXXxxxx12.12.2020verifiedВысокий
14XXX.XXX.XXX.XXXxxxxXxxxxx12.12.2020verifiedВысокий
15XXX.XXX.XXX.XXXxxx-xx.xxxxxx.xxXxxxx12.12.2020verifiedВысокий
16XXX.XX.XXX.XXxxx.xxxxxxxxxxxxxxx.xxxxXxxxx12.12.2020verifiedВысокий
17XXX.XXX.XX.XXXxxxxXxxxxx12.12.2020verifiedВысокий

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueКлассУязвимостиВектор доступаТипУверенность
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveВысокий
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveВысокий
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
4T1059CAPEC-242CWE-94Argument InjectionpredictiveВысокий
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
7TXXXX.XXXCAPEC-16CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
9TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveВысокий
10TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
11TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveВысокий
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveВысокий
14TXXXXCAPEC-CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveВысокий
16TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
18TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий
19TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveВысокий

IOA - Indicator of Attack (144)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File//etc/RT2870STA.datpredictiveВысокий
2File/admin/index.php?id=themes&action=edit_template&filename=blogpredictiveВысокий
3File/api/loginpredictiveСредний
4File/appConfig/userDB.jsonpredictiveВысокий
5File/bin/boapredictiveСредний
6File/cgi-bin/wapopenpredictiveВысокий
7File/CPEpredictiveНизкий
8File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictiveВысокий
9File/jquery_file_upload/server/php/index.phppredictiveВысокий
10File/librarian/bookdetails.phppredictiveВысокий
11File/magnoliaPublic/travel/members/login.htmlpredictiveВысокий
12File/Main_AdmStatus_Content.asppredictiveВысокий
13File/public/login.htmpredictiveВысокий
14File/requests.phppredictiveВысокий
15File/self.keypredictiveСредний
16File/server-statuspredictiveВысокий
17File/xxxxxxx/predictiveСредний
18File/xxx/xxx/xxxxxpredictiveВысокий
19File/xxxxxxxx/xxxx_xxxxx.xxxpredictiveВысокий
20Filexxxxxxx.xxxpredictiveСредний
21Filexxxxx.xxxpredictiveСредний
22Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveВысокий
23Filexxxxx/xxxxx.xxxpredictiveВысокий
24Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveВысокий
25Filexxxxxxxxxx.xxxpredictiveВысокий
26Filexxxxxxxxxxx.xxxpredictiveВысокий
27Filexx_xxxxxxxxxx.xxxpredictiveВысокий
28Filexxx:.xxxpredictiveСредний
29Filexxx/xxx.xxxpredictiveСредний
30Filexxxxxxx.xxxpredictiveСредний
31Filexxxxxx_xxxxxx.xxxpredictiveВысокий
32Filexxxxxxxx.xxxpredictiveСредний
33Filexxx-xxx/xxxx_xxx.xxxpredictiveВысокий
34Filexxxxxx.xxxpredictiveСредний
35Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
36Filexxxxxx.xxxpredictiveСредний
37Filexxx.xxxpredictiveНизкий
38Filexxxxx.xxxpredictiveСредний
39Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveВысокий
40Filexxxxxxxxx.xxx.xxxpredictiveВысокий
41Filexxxxxxxxxxxx_xxxx.xxxpredictiveВысокий
42Filexxx_xxxxxx.xxxpredictiveВысокий
43Filexxxx_xxxxxxx.xxx.xxxpredictiveВысокий
44Filexxxx_xxxx.xpredictiveСредний
45Filexxxxxxxxx.xxxpredictiveВысокий
46Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictiveВысокий
47Filexxxxx.xxxpredictiveСредний
48Filexxxxxx.xpredictiveСредний
49Filexxxx/xxx_xxx.xpredictiveВысокий
50Filexxxxxxxx.xxxpredictiveСредний
51Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveВысокий
52Filexxx_xxxxxx.xxpredictiveВысокий
53Filexxxx/xxxx/xxxxx.xxxpredictiveВысокий
54Filexxx_xxxxxx.xxxpredictiveВысокий
55Filexxxxxx.xxxpredictiveСредний
56Filexxxxxxxxxxxxxx.xxxpredictiveВысокий
57Filexxxxxxx.xxxpredictiveСредний
58Filexxxxx.xxxxx.xxxpredictiveВысокий
59Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveВысокий
60Filexxxx/xxxxxpredictiveСредний
61Filexxxxx.xxxpredictiveСредний
62Filexxxxxxxx.xxxpredictiveСредний
63Filexxxxxxxxxx.xxxpredictiveВысокий
64Filexxxxxxxx_xxxx.xxxpredictiveВысокий
65Filexxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictiveВысокий
66Filexxxxxxx.xpredictiveСредний
67Filexxxxxx.xxxpredictiveСредний
68Filexxxx.xxxpredictiveСредний
69Filexxxxx/xxx/xxxx.xpredictiveВысокий
70Filexxxxxx_xxx_xxxxx_xxx.xxxpredictiveВысокий
71Filexxx_xxx_xxxxx.xxxpredictiveВысокий
72Filexxxx/xxxxxxxxxxxxxxx.xxxxxxpredictiveВысокий
73Filexxxxxxx_xxxxx.xxxpredictiveВысокий
74Filexxxxxxx_xxxxxxxxxx.xxxpredictiveВысокий
75Filexxx.xxxpredictiveНизкий
76Filexxxxxx.xxxpredictiveСредний
77Filexxxxxx.xxxpredictiveСредний
78Filexxxxxxxxxxxxxx.xxxpredictiveВысокий
79Filexxxxxxx.xxxpredictiveСредний
80Filexx-xxxxx/xxxx-xxx.xxxpredictiveВысокий
81Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/predictiveВысокий
82Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveВысокий
83Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveВысокий
84Filexx-xxxxxxxxxxx.xxxpredictiveВысокий
85Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveВысокий
86Libraryxxxxxx.xxxpredictiveСредний
87Argument$xxxxx_xxxxxxxxxxpredictiveВысокий
88Argument$_xxxxxxxpredictiveСредний
89ArgumentxxxxxxxpredictiveНизкий
90ArgumentxxxxxpredictiveНизкий
91ArgumentxxxxxxpredictiveНизкий
92ArgumentxxxpredictiveНизкий
93ArgumentxxxxxpredictiveНизкий
94ArgumentxxxxxxxxxxxxxxxpredictiveВысокий
95Argumentxxxx/xxxxpredictiveСредний
96ArgumentxxxxxxxxpredictiveСредний
97ArgumentxxxxpredictiveНизкий
98ArgumentxxxxxxxxxxpredictiveСредний
99ArgumentxxxxpredictiveНизкий
100ArgumentxxxxxxxxxxpredictiveСредний
101Argumentxxxx_xxxxxxxxpredictiveВысокий
102Argumentxx_xxpredictiveНизкий
103Argumentxxxx[xxx]predictiveСредний
104ArgumentxxpredictiveНизкий
105ArgumentxxxxxxxxpredictiveСредний
106ArgumentxxxxpredictiveНизкий
107ArgumentxxxxxpredictiveНизкий
108Argumentxxxxx_xxpredictiveСредний
109Argumentxxxx_xxxxxxxpredictiveСредний
110ArgumentxxpredictiveНизкий
111ArgumentxxxxpredictiveНизкий
112Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveВысокий
113Argumentx/xx/xxxpredictiveСредний
114Argumentxxxx_xxxxpredictiveСредний
115Argumentxx_xxxxxxxpredictiveСредний
116ArgumentxxxpredictiveНизкий
117Argumentxxxxxxxxx/xxxxxx/xxxxxxxxxpredictiveВысокий
118ArgumentxxxxxxxxxxpredictiveСредний
119ArgumentxxxxxxxxxxxxxpredictiveВысокий
120Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveВысокий
121ArgumentxxxxxxpredictiveНизкий
122Argumentxxxxx_xxxxpredictiveСредний
123ArgumentxxxxxxxxpredictiveСредний
124ArgumentxxxxxxxxpredictiveСредний
125ArgumentxxxxxxxxpredictiveСредний
126ArgumentxxxxxxxpredictiveНизкий
127Argumentxxxx xxxxxpredictiveСредний
128Argumentxxxx_xxxxxpredictiveСредний
129ArgumentxxxxpredictiveНизкий
130ArgumentxxxxxxpredictiveНизкий
131ArgumentxxxxxxxxxxpredictiveСредний
132Argumentx/xxxxxxxxxxxxpredictiveВысокий
133ArgumentxxxxpredictiveНизкий
134ArgumentxxxxxxxxpredictiveСредний
135Argumentxxxxx/xxxpredictiveСредний
136ArgumentxxxxxxxxxxpredictiveСредний
137ArgumentxxxpredictiveНизкий
138ArgumentxxxxxxpredictiveНизкий
139ArgumentxxxxxxxxpredictiveСредний
140Argumentxxxxxxxxx_xxxxxx_xx_[xxxx]predictiveВысокий
141Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveВысокий
142Input Value../..predictiveНизкий
143Network Portxxx/xxxxpredictiveСредний
144Network Portxxx/xxx (xxx)predictiveВысокий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

ПредыдущийОбзорДалее

Might our Artificial Intelligence support you?

Check our Alexa App!