UAC-0008 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

言語

en	36
zh	14
es	2

国・地域

ca	22
cn	14
us	6
es	2

アクター

UAC-0008	4
Pikabot	1

関心

タイプ

Not Defined	12
Router Operating System	4
Operating System	4
Connectivity Software	4
Content Management System	4

ベンダー

Not Defined	16
Cisco	6
Microsoft	6
EmbedThis	2
PaperCut	2

製品

Cisco IOS	4
Cisco IOS XE	4
Microsoft Windows	4
OpenSSH	4
WPA2	4

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Beaker Sandbox 特権昇格	9.1	8.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00489	0.00	CVE-2020-12079
2	Microsoft Windows Netlogon Zerologon 特権昇格	8.4	8.3	$25k-$100k	$0-$5k	High	Official Fix	0.48901	0.05	CVE-2020-1472
3	zzcms Cookie search.php SQLインジェクション	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00212	0.05	CVE-2018-18791
4	Gila CMS sql SQLインジェクション	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01138	0.04	CVE-2020-5515
5	part-db 特権昇格	9.9	9.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08859	0.02	CVE-2022-0848
6	CMS Made Simple Installation index.php 特権昇格	6.9	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.08285	0.03	CVE-2018-7448
7	IBM InfoSphere Information Governance Catalog Redirect	6.2	6.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00094	0.00	CVE-2018-1875
8	zzcms Parameter dl_sendmail.php SQLインジェクション	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.00	CVE-2021-40280
9	Order Listener for WooCommerce Plugin SQLインジェクション	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04120	0.04	CVE-2022-0948
10	VeronaLabs wp-statistics Plugin API Endpoint Blind SQLインジェクション	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00250	0.00	CVE-2019-13275
11	Elefant CMS File Upload drop 特権昇格	6.3	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.14	CVE-2017-20063
12	Piwigo SQLインジェクション	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02001	0.00	CVE-2023-26876
13	PaperCut MF/NG libsmb2 特権昇格	9.8	9.7	$0-$5k	$0-$5k	High	Official Fix	0.97124	0.04	CVE-2023-27350
14	IBM WebSphere Application Server Snoop Servlet 特権昇格	6.5	6.2	$25k-$100k	$0-$5k	High	Official Fix	0.00267	0.02	CVE-2012-2170
15	Mamboxchange Extended Registration registration_detailed.inc.php 特権昇格	7.3	6.4	$0-$5k	$0-$5k	Unproven	Unavailable	0.05054	0.04	CVE-2006-5254
16	MongoDB networkMessageCompressors メモリ破損	8.2	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00148	0.03	CVE-2017-15535
17	Oracle Retail Data Extractor for Merchandising Knowledge Module 弱い認証	3.7	3.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00191	0.00	CVE-2020-9488
18	rest-client Gem Backdoor 特権昇格	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00361	0.07	CVE-2019-15224
19	Cisco ASA/Firepower Threat Defense Session Initiation Protocol メモリ破損	7.1	7.1	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00159	0.00	CVE-2019-12678
20	Opentext Brava! Enterprise/Brava! Server Permission 特権昇格	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00159	0.00	CVE-2019-12270

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.76.85.232	45.76.85.232.vultrusercontent.com	UAC-0008	2022年07月21日	verified	高
2	XX.XXX.XXX.XX		Xxx-xxxx	2022年07月21日	verified	高
3	XX.XXX.XX.XXX	xxx.xxxx.xxxx.xx	Xxx-xxxx	2022年07月21日	verified	高
4	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxx-xxxx	2022年07月21日	verified	高
5	XXX.XXX.X.XXX	xxxxxxxx.xxxxxx-xx.xxxxxxxxxx.xxxxxx	Xxx-xxxx	2022年07月21日	verified	高

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	高
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
9	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
11	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	高

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/admin/sql	predictive	中
2	File	/cmsms-2.1.6-install.php/index.php	predictive	高
3	File	/filemanager/upload/drop	predictive	高
4	File	admin.php?page=history&filter_image_id=	predictive	高
5	File	xxxxx/xx_xxxxxxxx.xxx	predictive	高
6	File	xxxxxxxx.x	predictive	中
7	File	xxx.x	predictive	低
8	File	xxx/xxxxxx.xxx	predictive	高
9	File	xxxxx.xxx	predictive	中
10	File	xxx.x/xxxxxx.x	predictive	高
11	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	predictive	高
12	File	xxxx-xxxxxx.x	predictive	高
13	File	xx-xxxxx/xxxxx-xxxx.xxx	predictive	高
14	File	xx/xxxxxx.xxx	predictive	高
15	Argument	xxxxxxxx	predictive	中
16	Argument	xxxxxx_xxxx_xx	predictive	高
17	Argument	xxxxxxx	predictive	低
18	Argument	xx	predictive	低
19	Argument	xxx	predictive	低
20	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	高
21	Argument	xxxxx	predictive	低
22	Argument	xxxxxxxx	predictive	中
23	Network Port	xxx/xx (xxx)	predictive	中
24	Network Port	xxx/xx (xxxxxx)	predictive	高
25	Network Port	xxx/xxxx	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!