APT30 Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (7)

Lang

zh	6
en	2

Land

cn	8

Skådespelare

APT30	1

Intressera

Typ

Not Defined	2
Operating System	2
Groupware Software	2

Säljare

Combodo	2
Linux	2
Microsoft	2

Produkt

Combodo iTop	2
Linux Kernel	2
Microsoft Exchange Server	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	CTI	EPSS	CVE
1	Combodo iTop config.php TestConfig privilegier eskalering	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00089	CVE-2018-10642
2	Inter7 SqWebMail Error Message informationsgivning	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00591	CVE-2004-2313
3	Softnext SPAM SQR privilegier eskalering	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.08	0.00091	CVE-2023-24835
4	Microsoft Exchange Server Privilege Escalation	8.8	7.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.01258	CVE-2021-28482
5	Linux Kernel z90crypt_unlocked_ioctl privilegier eskalering	5.9	5.6	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00042	CVE-2009-1883
6	Zabbix Dashboard Page svag autentisering	8.2	8.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.31410	CVE-2019-17382

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	5.1.0.29	5-1-0-29.datagroup.ua	APT30	26/12/2020	verified	Hög
2	XXX.XXX.XX.XXX		Xxxxx	19/02/2024	verified	Hög
3	XXX.XXX.X.XXX		Xxxxx	24/12/2020	verified	Hög
4	XXX.XXX.XXX.XXX		Xxxxx	19/02/2024	verified	Hög

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1059	CWE-94	Argument Injection	predictive	Hög
2	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
3	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	web/env-production/itop-config/config.php	predictive	Hög
2	File	xxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=x	predictive	Hög

Referenser (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!