APT2 Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (95)

Lang

en	72
zh	10
es	10
ko	2
it	2

Land

cn	84
us	4
fj	4
kr	4

Skådespelare

APT2	5

Intressera

Typ

Not Defined	32
Operating System	12
Firewall Software	4
Mail Server Software	4
Router Operating System	4

Säljare

Not Defined	26
Oracle	8
Apple	6
Cisco	4
Microsoft	4

Produkt

Squid Proxy	2
MailEnable Standard	2
Apache Tomcat	2
Dropbear SSH	2
Das U-Boot	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Zoho ManageEngine Applications Manager Agent.java sql injektion	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00273	0.00	CVE-2019-19650
2	Cisco ASA/Firepower Threat Defense RSA Key informationsgivning	6.2	6.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00163	0.02	CVE-2022-20866
3	TikiWiki tiki-register.php privilegier eskalering	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	2.71	CVE-2006-6168
4	Sun Solaris förnekande av tjänsten	6.2	6.2	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00044	0.06	CVE-2011-2259
5	Spring Boot Admins Notifier env privilegier eskalering	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00262	0.02	CVE-2022-46166
6	ASUS RT-AC51U Network Request cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00062	0.00	CVE-2023-29772
7	Zoho ManageEngine Desktop Central HTTP Redirect informationsgivning	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00612	0.04	CVE-2022-23779
8	Dropbear SSH dropbearconvert privilegier eskalering	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00956	0.02	CVE-2016-7407
9	MediaTek MT6983 tinysys minneskorruption	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-20621
10	Router/Firewall Routing privilegier eskalering	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Workaround	0.01500	0.00	CVE-1999-0510
11	Kibana Region Map cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2019-7621
12	Apple Mac OS X Server Wiki Server cross site scripting	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00263	0.04	CVE-2009-2814
13	ajenti API privilegier eskalering	7.1	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01285	0.00	CVE-2019-25066
14	Oracle MySQL Server InnoDB Privilege Escalation	9.1	9.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01381	0.05	CVE-2016-9843
15	Redmine Issues API privilegier eskalering	7.6	7.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00144	0.03	CVE-2021-30164
16	Google Go WASM module minneskorruption	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00605	0.00	CVE-2021-38297
17	D-Link DIR-867/DIR-878/DIR-882 Remote Code Execution	7.5	7.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00240	0.04	CVE-2020-8863
18	Ruckus Wireless C110 webs informationsgivning	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00472	0.00	CVE-2020-13918
19	Cisco IOS XE Easy Virtual Switching System minneskorruption	8.9	8.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00438	0.03	CVE-2021-1451

Kampanjer (1)

These are the campaigns that can be associated with the actor:

Putter Panda

IOC - Indicator of Compromise (42)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	31.170.110.163	io.uu3.net	APT2	Putter Panda	01/01/2021	verified	Hög
2	58.196.156.15		APT2	Putter Panda	01/01/2021	verified	Hög
3	59.120.168.199	59-120-168-199.hinet-ip.hinet.net	APT2		20/12/2020	verified	Hög
4	61.34.97.69		APT2		20/12/2020	verified	Hög
5	61.74.190.14		APT2		20/12/2020	verified	Hög
6	61.78.37.121		APT2		20/12/2020	verified	Hög
7	61.78.75.96		APT2		20/12/2020	verified	Hög
8	61.221.54.99	61-221-54-99.hinet-ip.hinet.net	APT2		20/12/2020	verified	Hög
9	67.42.255.50	mail.provocc.org	APT2		20/12/2020	verified	Hög
10	XXX.XX.XXX.XXX	xxxxxxx.xxxxxx.xx	Xxxx	Xxxxxx Xxxxx	01/01/2021	verified	Hög
11	XXX.XXX.XXX.XXX		Xxxx		20/12/2020	verified	Hög
12	XXX.XXX.XXX.XXX	xxxxxxx.xxxx.xxx.xxxxx.xxx	Xxxx		20/12/2020	verified	Hög
13	XXX.XXX.XX.XXX	xxxxxxxx.xx.xxx.xxx.xx	Xxxx		20/12/2020	verified	Hög
14	XXX.XXX.XX.X	xxxxxxxxxx.xx.xxx.xxx.xx	Xxxx		20/12/2020	verified	Hög
15	XXX.XXX.XX.XXX	xx-xx-xxx.xx.xxxx.xxx.xx	Xxxx		20/12/2020	verified	Hög
16	XXX.XXX.XXX.XX	xxxxxxx.xx.xxxx.xxx.xx	Xxxx		20/12/2020	verified	Hög
17	XXX.XXX.XX.XX	xxxxxxxxx.xxxx.xxx.xx	Xxxx		20/12/2020	verified	Hög
18	XXX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxx.xxxxx.xxx	Xxxx		20/12/2020	verified	Hög
19	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxx	Xxxx		20/12/2020	verified	Hög
20	XXX.XXX.XXX.XX	xxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxx	Xxxx		20/12/2020	verified	Hög
21	XXX.XXX.XXX.X		Xxxx		20/12/2020	verified	Hög
22	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxxx.xxxxxxx.xxx	Xxxx		20/12/2020	verified	Hög
23	XXX.XXX.XX.XXX	xxxx.xxxxxxxxx.xxxxxxx.xx.xx	Xxxx		20/12/2020	verified	Hög
24	XXX.XX.XXX.XXX	xxxxxxxxxx.xxx	Xxxx		20/12/2020	verified	Hög
25	XXX.XXX.XXX.XXX		Xxxx		20/12/2020	verified	Hög
26	XXX.XXX.XX.XX		Xxxx		20/12/2020	verified	Hög
27	XXX.X.XX.XX		Xxxx		20/12/2020	verified	Hög
28	XXX.X.XX.XX		Xxxx		20/12/2020	verified	Hög
29	XXX.XX.XXX.XXX		Xxxx		20/12/2020	verified	Hög
30	XXX.XXX.XX.XX	xxxxx-xxx-xx-xx.xxxx.xxxxxx.xxxx.xxx.xx	Xxxx		20/12/2020	verified	Hög
31	XXX.XX.XX.XX	xxx-xx-xx-xx.xxxxx-xx.xxxxx.xxx	Xxxx		20/12/2020	verified	Hög
32	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxxxx-xx.xxxxx.xxx	Xxxx		20/12/2020	verified	Hög
33	XXX.XX.XXX.XX		Xxxx		20/12/2020	verified	Hög
34	XXX.XXX.XXX.XXX	xxxx.xxxxxxxxx.xx	Xxxx		20/12/2020	verified	Hög
35	XXX.XXX.XXX.XXX	xxxxxxx.xxxxxxxxx.xxx.xx	Xxxx	Xxxxxx Xxxxx	01/01/2021	verified	Hög
36	XXX.XXX.XX.XX		Xxxx		20/12/2020	verified	Hög
37	XXX.XXX.XX.XXX		Xxxx		20/12/2020	verified	Hög
38	XXX.XXX.XX.XX		Xxxx		20/12/2020	verified	Hög
39	XXX.XXX.XX.XX		Xxxx		20/12/2020	verified	Hög
40	XXX.XXX.XX.XXX		Xxxx		20/12/2020	verified	Hög
41	XXX.XXX.XXX.X		Xxxx		20/12/2020	verified	Hög
42	XXX.XXX.XX.XXX		Xxxx		20/12/2020	verified	Hög

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Hög
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
7	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
10	TXXXX.XXX	CAPEC-0	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Hög

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/admin/blog/blogcategory/add/?_to_field=id&_popup=1	predictive	Hög
2	File	/bin/boa	predictive	Medium
3	File	/DOWN/FIRMWAREUPDATE/ROM1	predictive	Hög
4	File	/env	predictive	Låg
5	File	xxxxx/xxxxx/xxxxxxxxx.xxxx	predictive	Hög
6	File	xxxxxxxx.xxx	predictive	Medium
7	File	xxxxxx-xxxxxx.xxxx	predictive	Hög
8	File	xxxxxxxxxx.xxx	predictive	Hög
9	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Hög
10	File	xxxxxxx/xxx/xxxxxxxxx/xxxxx.x	predictive	Hög
11	File	xxxxxxxx/xxxx/xxxxxxxx.xxx	predictive	Hög
12	File	xxxxxxxx/xxxx.xxx.xxx	predictive	Hög
13	File	xxxxx.xxx	predictive	Medium
14	File	xxx_xxxxxxxx.x	predictive	Hög
15	File	xxxxxx/xxxxx.xxx	predictive	Hög
16	File	xxxx-xxxxxxxx.xxx	predictive	Hög
17	File	xxxxxxx_xxx.xxx	predictive	Hög
18	Library	xxx_xxxxx_xxxxxxx	predictive	Hög
19	Library	xxxxxxxx.xxx	predictive	Medium
20	Argument	xxxxxxx	predictive	Låg
21	Argument	xxxxxxxxxxxxx	predictive	Hög
22	Argument	xxxxxxx-xxxxxx	predictive	Hög
23	Argument	xxx_xxxx	predictive	Medium
24	Argument	xxxxxxxx	predictive	Medium
25	Argument	xxxxx_xx	predictive	Medium
26	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Hög
27	Argument	xxxx_xxxxxx	predictive	Medium
28	Argument	xxxxxx	predictive	Låg
29	Argument	xxxxxxx	predictive	Låg
30	Argument	xxxxx	predictive	Låg
31	Argument	xxxx	predictive	Låg
32	Argument	xxxxxxxx	predictive	Medium
33	Pattern	xxxxxxx-xxxxxx\|xx\|	predictive	Hög

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you need the next level of professionalism?

Upgrade your account now!