APT30 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (7)

语言

en	4
zh	4

国家/地区

cn	6
us	2

演员

APT30	1

利益

类型

Not Defined	4
Groupware Software	2

供应商

Microsoft	2
Inter7	2
Combodo	2

产品

Microsoft Exchange Server	2
Inter7 SqWebMail	2
Combodo iTop	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	Combodo iTop config.php TestConfig 权限升级	6.7	6.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00089	0.04	CVE-2018-10642
2	Inter7 SqWebMail Error Message 信息公开	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00591	0.00	CVE-2004-2313
3	Softnext SPAM SQR 权限升级	7.2	7.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00143	0.04	CVE-2023-24835
4	Microsoft Exchange Server Privilege Escalation	8.8	7.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.01258	0.00	CVE-2021-28482
5	Linux Kernel z90crypt_unlocked_ioctl 权限升级	5.9	5.6	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.00042	0.02	CVE-2009-1883
6	Zabbix Dashboard Page 弱身份验证	8.2	8.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.35520	0.00	CVE-2019-17382

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	5.1.0.29	5-1-0-29.datagroup.ua	APT30	2020-12-26	verified	高
2	XXX.XXX.XX.XXX		Xxxxx	2024-02-19	verified	高
3	XXX.XXX.X.XXX		Xxxxx	2020-12-24	verified	高
4	XXX.XXX.XXX.XXX		Xxxxx	2024-02-19	verified	高

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1059	CWE-94	Argument Injection	predictive	高
2	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
3	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (2)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	web/env-production/itop-config/config.php	predictive	高
2	File	xxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=x	predictive	高

参考 (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Interested in the pricing of exploits?

See the underground prices here!