UAC-0056 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

タイムライン

言語

en856
ru62
de16
zh14
it10

国・地域

us308
ru66
tr28
cn12
gb12

アクター

Cobalt Strike5
Elephant3
RedLine Stealer3
Mirai2
Remcos2

アクティビティ

関心

タイムライン

タイプ

Not Defined318
Operating System58
Content Management System30
WordPress Plugin28
Document Reader Software22

ベンダー

Not Defined212
Oracle122
Foxit24
Apache18
Microsoft18

製品

Foxit PDF Reader20
GitLab Enterprise Edition16
Qualcomm Snapdragon Mobile16
Tracker Software PDF-XChange Editor16
Oracle MySQL Server14

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.41CVE-2010-0966
2Pligg cloud.php SQLインジェクション6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.06
3Trivantis Coursemill Learning Management System userlogin.jsp 特権昇格9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002900.00CVE-2013-3599
4TikiWiki tiki-register.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010753.08CVE-2006-6168
5Moodle Manifest locallib.php 情報の漏洩5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.003130.04CVE-2014-3543
6LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000001.22
7Tiki Admin Password tiki-login.php 弱い認証8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009361.65CVE-2020-15906
8PHPizabi index.php ディレクトリトラバーサル6.55.7$0-$5k$0-$5kUnprovenUnavailable0.008260.04CVE-2008-3723
9MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013020.61CVE-2007-0354
10V-EVA Press Release Script page.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.001870.29CVE-2010-5047
11OpenX adclick.php Redirect5.34.7$0-$5k$0-$5kUnprovenUnavailable0.004400.17CVE-2014-2230
12eTicket newticket.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kHighOfficial Fix0.002320.11CVE-2008-0093
13Hypersilence Silentum Guestbook silentum_guestbook.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.001070.04CVE-2009-4687
14Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.03CVE-2007-2046
15Microsoft ASP.NET Core Kestrel Web Application 特権昇格8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.027830.03CVE-2018-0787
16PHP phpinfo クロスサイトスクリプティング6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.05CVE-2006-0996
17PHPizabi template.class.php assignuser 情報の漏洩4.34.2$0-$5k$0-$5kHighUnavailable0.005070.03CVE-2008-2018
18DZCP deV!L`z Clanportal browser.php 情報の漏洩5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.61CVE-2007-1167
19PHP phpinfo クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.03CVE-2007-1287
20DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd 特権昇格4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.002050.06CVE-2022-41479

キャンペーン (4)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
131.42.185.63dedicated.vsys.hostUAC-0056Ukraine2022年03月03日verified
245.84.0.116n5336.mdUAC-00562022年06月27日verified
345.146.164.37UAC-0056Ukraine2022年03月03日verified
4XX.XXX.XXX.XXXxx-xxxxXxxxxxx2022年03月03日verified
5XX.XX.XX.XXXXxx-xxxx2022年08月04日verified
6XX.XXX.XXX.XXXXxx-xxxx2022年08月04日verified
7XX.XXX.XXX.XXxxxxxxxx.xx.xxxxxxxXxx-xxxx2022年03月22日verified
8XXX.XX.XXX.XXXxxxxxxxxx.xxXxx-xxxx2022年08月08日verified
9XXX.XXX.XX.XXXx-xx-x-xxx-xxxx-xxxxxxx-xx-xx.xxxXxx-xxxxXxxxxx Xxxxxx2022年07月14日verified
10XXX.XXX.XX.Xxxx-xxx-xxx-xx-x.xxxxx.xxxXxx-xxxx2022年06月27日verified
11XXX.XXX.XX.XXXXxx-xxxx2022年02月25日verified
12XXX.XX.XX.XXXXxx-xxxxXxxxxxxxxx/xxxxxxxxx2022年04月01日verified
13XXX.XXX.XXX.XXXXxx-xxxxXxxxxxx2022年03月03日verified
14XXX.XX.XXX.XXXxx-xxxxXxxxxxxxx2023年02月17日verified
15XXX.XXX.XXX.XXXXxx-xxxx2022年07月21日verified

TTP - Tactics, Techniques, Procedures (24)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path Traversalpredictive
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-137CWE-88, CWE-94Argument Injectionpredictive
5T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
6TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
8TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
11TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
12TXXXXCAPEC-1CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
13TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
15TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
16TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
17TXXXXCAPEC-102CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictive
18TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
19TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
20TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
21TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
22TXXXXCAPEC-157CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
23TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
24TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (254)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/products/controller.php?action=addpredictive
2File/admin/question/editpredictive
3File/admin/students/manage.phppredictive
4File/adminPage/main/uploadpredictive
5File/advanced-tools/nova/bin/netwatchpredictive
6File/api/predictive
7File/auth/registerpredictive
8File/bifs/field_decode.cpredictive
9File/bin/proc.cgipredictive
10File/bitrix/admin/ldap_server_edit.phppredictive
11File/book-services.phppredictive
12File/cgi-bin/system_mgr.cgipredictive
13File/cgi-bin/wlogin.cgipredictive
14File/common/run_cross_report.phppredictive
15File/Core/Ap4File.cpppredictive
16File/csms/?page=contact_uspredictive
17File/dev/audiopredictive
18File/DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnIdpredictive
19File/DXR.axdpredictive
20File/emap/devicePoint_addImgIco?hasSubsystem=truepredictive
21File/en/blog-comment-4predictive
22File/etc/crashpredictive
23File/etc/shadowpredictive
24File/EXCU_SHELLpredictive
25File/forum/away.phppredictive
26File/goform/addressNatpredictive
27File/goform/AddSysLogRulepredictive
28File/goform/NatStaticSettingpredictive
29File/goform/WifiBasicSetpredictive
30File/h/predictive
31File/index.php?module=configuration/applicationpredictive
32File/xxxxx.xxx?xxxxx=xxxxxxxxx/xxxxxx/xx_xxxxxx_xxxx_xx/xxxxxx_xxxxpredictive
33File/xxxxxxxx/xxx_xxxxx.xpredictive
34File/xxxxxxxx/xxxx.xpredictive
35File/xxxxxxx/xxxxxxx.xxxpredictive
36File/xxxxxxxx/xxxxx/xxxxxx_xxxxxxx-xxxxxxxxxx.xxxpredictive
37File/xxx/xxxxxx/xxxxx/xxxxxxx/xxxxxx/xxxxxxpredictive
38File/xxxxx/xxxxxxx.xxxpredictive
39File/xxxxx/xxxxx_xxxxxxx.xxxpredictive
40File/xxx-xxx/xxxxx/?xxxx=xxxxxxxx/xxxxxx_xxxxxxxpredictive
41File/xxx_xxxxxx/xxxxxxxxxxxxxxxx.xxxpredictive
42File/xxxxxxx/xxxxxxxxxxx/xxxxxxx/predictive
43File/xxxx/xxx/x/xxxx/xxxxxxpredictive
44File/xxxxx_xxxxxx/xxxxxx_xxxx.xxxpredictive
45File/xxxxx_xxxxxxx/xxxxx_xxxx.xpredictive
46File/xxxxxxxx/xxxx_xxxxxxx.xxxpredictive
47File/xxxxxpredictive
48File/xxxx.xxxpredictive
49File/xxx/xxxxxxxxxx/xxxxxxx.xxxpredictive
50File/xxxxxxxx/xxxxxxxxx.xxxpredictive
51File/xxxx_xxxxxxxxxx/xxxxxxx.xxxpredictive
52File/xxx/xxxx/xxpredictive
53File/xxxxxx/xxxxxxxx/xxxxxxxx/xxxxxxxxxxxx.xxxpredictive
54File/xx-xxxxx/xxxxxxx.xxxpredictive
55Filex.x/xxx/xxxxxxxx/xxx/xxxxxxxxx.xxxxpredictive
56Filexxxxxxxxxx/xxx/xxxxxx_xxxxxxxx/xxxxxxxxxx/xxxxxxxxx/xxxxxx/_xxxxx.xxxx.xxxpredictive
57Filexxxxxxx.xxxpredictive
58Filexxxxx-xxxx.xxxpredictive
59Filexxxxx/xxxxx.xxxpredictive
60Filexxxxx/xxxxxxx_xxxx.xxxpredictive
61Filexxxxx/xxxxx.xxxpredictive
62Filexxxxx/xxxxx-xxxx.xxxpredictive
63Filexxxxxxx.xxxpredictive
64Filexxxx_xxxxx.xxxpredictive
65Filexxxxxxxxxxx.xxxpredictive
66Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictive
67Filexxxxxxxxxxxxxxxxxxx.xxxpredictive
68Filexxxxxxxxxx.xxxpredictive
69Filexxxxxxxxxxxx.xxxpredictive
70Filexxxxx.xxxpredictive
71Filexxx.xxxpredictive
72Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictive
73Filexxxxxxxxxx\xxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
74Filexxxxxxx.xxxpredictive
75Filexxxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictive
76Filexxxxxxxxxxxx.xxxpredictive
77Filexxxxxxx/xxx/xxx/xxxxx.xpredictive
78Filexxxxxxx/xxx/xxxxxxxx/xxxxxxxxx/xxxxxxxx/xxx.xpredictive
79Filexxx_xxxxxxxx.xpredictive
80Filexxxxxxxxxxx.xxxpredictive
81Filexxxxxxxx.xxxpredictive
82Filexxxxx.xxxpredictive
83Filexxxx.xxxpredictive
84Filexxxxxxxxxxxxxx.xxxxpredictive
85Filexx-xxxxxxx/xxxxxxxxxxxx/xxxxxx/xxxxx.xxxxxxxxxxxx.xxxx.xxxpredictive
86Filexx/xxxx/xxxx.xpredictive
87Filexxxx.xxxpredictive
88Filexxxxxxxxxx\xxxxxx\xxxxxxxxxxxxx.xxxpredictive
89Filexxxxxx.xxxpredictive
90Filexxxxxxx/xxxxxx.xxxpredictive
91Filexxx.xxxpredictive
92Filexxxxxx_xxxxx_xxxxx.xpredictive
93Filexxx/xxxxxx.xxxpredictive
94Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
95Filexxxxxxxx/xxxxx-xx-xxxxxxxxx.xxxpredictive
96Filexxxxx.xxxxpredictive
97Filexxxxx.xxxpredictive
98Filexx/xxxxxxx.xpredictive
99Filexxxxxxxx/xxxx_xxxxxx.xpredictive
100Filexxxxxxxxxxxx.xxxpredictive
101Filexxxxx.xpredictive
102Filexxx.xxxpredictive
103Filexxxxx.xxxpredictive
104Filexxxxx.xxxpredictive
105Filexxxxx.xxxpredictive
106Filexxxxxx/xxxxx.xxxpredictive
107Filexx/xxxxxxx.xpredictive
108Filexxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
109Filexxx/xxxxxx/xxxxxxxxx.xxxpredictive
110Filexxx/xxx/xxxx.xxxpredictive
111Filexxxxxxx/xxxxx/xxxx.xpredictive
112Filexxxxx.xxxxxxpredictive
113Filexxxxxxxxx.xxxpredictive
114Filexxx_xxxx.xxxpredictive
115Filexxxxxxxxx.xxxpredictive
116Filexxxx.xxxpredictive
117Filexxxxxxx.xxxpredictive
118Filexxxxxxx.xxxpredictive
119Filexxxxxxxx.xxxpredictive
120Filexxxxxxx.xxxpredictive
121Filexxxxx.xxxpredictive
122Filexxxxxxxx.xxxpredictive
123Filexxxxxxxxxx.xxxpredictive
124Filexxxxxxxx.xxxpredictive
125Filexxxxxxxx_xxxxxx.xxxpredictive
126Filexxxxxx.xxxpredictive
127Filexxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictive
128Filexxx.xpredictive
129Filexxxxxx.xxpredictive
130Filexxxxxxx/xxx-xxxxxx-xxxxpredictive
131Filexxxxxx.xxxpredictive
132Filexxxxx.xxxpredictive
133Filexxxxxxxpredictive
134Filexxxx.xxxpredictive
135Filexxxxxxxx_xxxxxxxxx.xxxpredictive
136Filexxx/xxxxxxx/xx.xxxpredictive
137Filexxx/xxxxxxx/xxx_xxx/xxxxxx/xxxxxxxxx.xpredictive
138Filexxxxxxxxxxxxxx/xxxxx.xxpredictive
139Filexxxxxxx_xxxxxxxx.xxxpredictive
140Filexxx$xxxxx:xxxxxx.xxxpredictive
141Filexxxxxx.xxxpredictive
142Filexxxxxxxx.xxxxx.xxxpredictive
143Filexxxx-xxxxx.xxxpredictive
144Filexxxx-xxxxx.xxxpredictive
145Filexxxx-xxxxxxxx.xxxpredictive
146Filexxxxx/xxx/xxx/xxxxxx.xpredictive
147Filexxxxxxx/xxxxxxxx-xxxxpredictive
148Filexxxxxxxxx.xxxpredictive
149Filexx.xxxpredictive
150Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictive
151Filexxxxxxx.xxxpredictive
152Filexxx/xxxxxx/xxxxxxxxxxxxx.xxxpredictive
153Filexxxxxxx/xxxxxx/xxxxx/xxxxxxx/xxx/xxx.xxxpredictive
154Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
155File~/xxx/xxxxxxxxx/xxxx/xxxx/xxxxxx.xxxpredictive
156File~/xxxxxxxx/xxxxx-xx-xxxxxxxxxx-xxxxxxx.xxxpredictive
157Library/_xxx_xxx/xxxxx.xxxpredictive
158Libraryxxxxxxxxxxxxxx.xxxpredictive
159Libraryxxxxxxxx.xxxpredictive
160Libraryxxxxx.xxxpredictive
161Libraryxxx/xxxxxx_xxxx/xxxx_xxxxxxx.xxpredictive
162Libraryxxx/xxxxx/xxxxxxxx.xxxpredictive
163Libraryxxx/xxx/xxxxxxxx.xxxpredictive
164Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictive
165Libraryxxxxx.xxxpredictive
166Argument-xpredictive
167Argument-xpredictive
168Argumentxx/xxpredictive
169Argumentxxx_xxxxx_xx /xxxx_xxxxx_xx /xxx_xxxxx_xx /xxxxxxx_xxxxx_xxpredictive
170Argumentxxxxxxxxpredictive
171Argumentxxxxxxxpredictive
172Argumentxxxxxxxxpredictive
173Argumentxxxxxxxxxxpredictive
174Argumentxxpredictive
175Argumentxxxxx_xxpredictive
176Argumentxxxpredictive
177Argumentxxxxxxxpredictive
178Argumentxxxxxxx_xxxx/xxxxxxx_xxxxxxxpredictive
179Argumentxxxxxxx-xxxxxxpredictive
180Argumentxxxxxxxxx xxxxpredictive
181Argumentxxpredictive
182Argumentxxxxxxxxxxpredictive
183Argumentxxxxxxxxxxxpredictive
184Argumentxxxxpredictive
185Argumentxxxxxxxxxxxpredictive
186Argumentxxxxxxxpredictive
187Argumentxxxxxx_xxxxpredictive
188Argumentxxxxxxxpredictive
189Argumentxxxxxxxxxxxxxxpredictive
190Argumentxxxxxpredictive
191Argumentxxxxx_xxxpredictive
192Argumentxxxxpredictive
193Argumentxxxxxxxxpredictive
194Argumentxxxx[]predictive
195Argumentxxxpredictive
196Argumentxxxxxpredictive
197Argumentxxxxpredictive
198Argumentxxxxxpredictive
199Argumentxxxx_xxxxxpredictive
200Argumentxxxxpredictive
201Argumentxxpredictive
202Argumentxxpredictive
203Argumentxxx_xxxxxxxxpredictive
204Argumentxxxxxxxpredictive
205Argumentxxxxxpredictive
206Argumentxxxxpredictive
207Argumentxxx/xxxpredictive
208Argumentxxxxxxxpredictive
209Argumentxxxxxxxxxpredictive
210Argumentxxx/xxxpredictive
211Argumentxxxxpredictive
212Argumentxxxx/xxxxxxxxxpredictive
213Argumentxxxxpredictive
214Argumentxxxxxpredictive
215Argumentxxxxxxpredictive
216Argumentxxxxpredictive
217Argumentxxxxxxxxpredictive
218Argumentxxxxxxxxpredictive
219Argumentxxxx_xxxpredictive
220Argumentxxxxxxxxpredictive
221Argumentxxxxxx_xxxxpredictive
222Argumentxxxxxxxpredictive
223Argumentxxxxxx/xxxxxpredictive
224Argumentxxxxxxpredictive
225Argumentxxxxxxxxxxxxxxxxxxxpredictive
226Argumentxxxxxx_xxxpredictive
227Argumentxxxpredictive
228Argumentxxxxxxxpredictive
229Argumentxxxx_xxxxxx/xxxxxx/xxxxxxpredictive
230Argumentxxxpredictive
231Argumentxxxxpredictive
232Argumentxxxxpredictive
233Argumentxxxxxxxxpredictive
234Argumentxxxxxpredictive
235Argumentxxxxxpredictive
236Argumentxxxxpredictive
237Argumentxxxxxxpredictive
238Argumentxxxxxx_xxxxpredictive
239Argumentxxxpredictive
240Argumentxxx_xxxpredictive
241Argumentxxxxxxxxpredictive
242Argumentxxxxxxxxpredictive
243Argumentxxxxxxxx/xxxxxxxxpredictive
244Argumentxxxxxpredictive
245Argumentxxxxxpredictive
246Argumentxxx_xxx_xxxxxxxx_xxxpredictive
247Argumentxxxxx_xxpredictive
248Argumentxxxx-xxxxxpredictive
249Argument_xxxxxxpredictive
250Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive
251Input Valuexxxxxpredictive
252Input Valuexxxx:xxxxxxpredictive
253Input Value…/.predictive
254Network Portxxx/xx (xxx)predictive

参考 (11)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!