ioc[.]one - OSINT Cyber Threat Intelligence Database

Detecting 5 current APTs without heavy lifting

Tags

country:	China Russia
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credential Stuffing - T1110.004 Dns - T1071.004 Dns - T1590.002 Hardware - T1592.001 Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Sharepoint - T1213.002 Software - T1592.002 Ssh - T1021.004 Tool - T1588.002 Powershell - T1086 Scripting - T1064 Denial Of Service Scripting

Show in Graph

Common Information

Type	Value
UUID	865ce532-987f-466e-90e6-e3c06a9e5b99
Fingerprint	3470c9d10db7b29e
Analysis status	DONE
Considered CTI value	2
Text language
Published	Nov. 8, 2022, midnight
Added to db	Jan. 18, 2023, 9:24 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Detecting 5 current APTs without heavy lifting
Title	Detecting 5 current APTs without heavy lifting
Detected Hints/Tags/Attributes	158/3/44

Source URLs

	Redirection	Url
Details	Source	https://corelight.com/blog/detecting-5-current-apts

URL Provider

Details	Provider	Source level domain
Details	corelight.com	corelight.com

Attributes

Details	Type	#Events	Value
Details	CVE	150	cve-2018-13379
Details	CVE	4	cve-2019-19521
Details	CVE	31	cve-2020-0601
Details	CVE	71	cve-2020-0688
Details	CVE	3	cve-2020-12695
Details	CVE	22	cve-2020-1350
Details	CVE	3	cve-2020-13777
Details	CVE	217	cve-2020-1472
Details	CVE	11	cve-2020-16898
Details	CVE	10	cve-2020-17144
Details	CVE	77	cve-2020-5902
Details	CVE	65	cve-2021-1675
Details	CVE	91	cve-2021-34527
Details	CVE	10	cve-2021-42292
Details	CVE	397	cve-2021-44228
Details	CVE	42	cve-2022-22954
Details	CVE	6	cve-2022-23270
Details	CVE	7	cve-2022-24491
Details	CVE	7	cve-2022-24497
Details	CVE	14	cve-2022-26809
Details	CVE	15	cve-2022-26937
Details	Domain	2	dtection.io
Details	File	1204	index.php
Details	File	14	http.log
Details	File	5	v.php
Details	File	13	c.php
Details	File	15	k.php
Details	File	20	p.php
Details	File	16	cmd.php
Details	File	101	gate.php
Details	File	5	config.log
Details	File	18	conn.log
Details	File	12	dns.log
Details	File	7	files.log
Details	File	77	http.sys
Details	File	5	notice.log
Details	File	2	rdp.log
Details	File	5	ssl.log
Details	File	3	weird.log
Details	File	2	x509.log
Details	Mandiant Uncategorized Groups	20	UNC2447
Details	Threat Actor Identifier - APT	194	APT35
Details	Threat Actor Identifier - APT	53	APT39
Details	Threat Actor Identifier - APT	143	APT40