UAC-0098 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (173)

タイムライン

言語

en152
ru10
zh4
es2
ar2

国・地域

us116
ru40
cn14
tr2
de2

アクター

Cobalt Strike10
IcedID7
IcedID Downloader4
Sliver4
PhotoLoader3

アクティビティ

関心

タイムライン

タイプ

Not Defined44
Operating System16
Programming Tool Software12
Content Management System8
Software Library8

ベンダー

Not Defined26
GNU20
Microsoft18
Oracle4
Cisco4

製品

Microsoft Windows14
GNU binutils12
GNU C Library8
Cisco TelePresence Video Communication Server4
Oracle BI Publisher2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1DGLogik DGLux Server IoT API 特権昇格8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.012600.02CVE-2019-1010009
2SolarWinds Serv-U 情報の漏洩6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.058350.00CVE-2021-35250
3libxslt EXSLT Math.random Prediction 弱い暗号化5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2015-9019
4GNU C Library fnmatch_loop.c fnmatch 情報の漏洩5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005460.00CVE-2015-8984
5GNU C Library strxfrm メモリ破損9.18.6$0-$5k$0-$5kNot DefinedOfficial Fix0.006700.03CVE-2015-8982
6Extreme EXOS メモリ破損7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.002090.00CVE-2017-14328
7IBM System Storage TS3100-TS3200 Tape Library 特権昇格8.08.0$5k-$25k$0-$5kNot DefinedNot Defined0.001830.00CVE-2016-9005
8Deltek Vision RPC over HTTP SQL SQLインジェクション8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.005760.08CVE-2018-18251
9SonicWALL Secure Remote Access クロスサイトスクリプティング3.53.5$0-$5k$0-$5kHighNot Defined0.023910.04CVE-2021-20028
10XiongMai uc-httpd メモリ破損8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.022010.04CVE-2018-10088
11Apache Spark UI 特権昇格7.17.0$5k-$25k$0-$5kHighOfficial Fix0.972820.00CVE-2022-33891
12Dropbear TCP Listener メモリ破損7.26.8$0-$5k$0-$5kNot DefinedOfficial Fix0.004990.05CVE-2017-9078
13Telligent Systems Zimbra Collaboration Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.007580.04CVE-2013-7217
14DeDeCMS recommend.php SQLインジェクション8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.024880.00CVE-2017-17731
15libxml2 Recover Mode サービス拒否4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003820.02CVE-2017-5969
16elfutils elf_getdata.c _libelf_set_rawdata_wrlock メモリ破損5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.012720.00CVE-2016-10255
17elfutils ELF File common.h allocate_elf メモリ破損5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.009860.00CVE-2016-10254
18GNU C Library wstrops.c IO_wstr_overflow メモリ破損7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.005080.00CVE-2015-8983
19Google Chrome Skia メモリ破損8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000850.04CVE-2024-1283
20TrueConf Server SQLインジェクション8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006560.04CVE-2022-46764

キャンペーン (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
15.199.173.152UAC-00982022年07月21日verified
25.199.174.219UAC-00982022年07月21日verified
364.190.113.51UAC-00982022年07月21日verified
484.32.188.29UAC-0098Cobalt Strike2022年04月29日verified
584.32.190.34UAC-0098Ukraine2022年09月07日verified
687.251.64.5UAC-00982022年07月21日verified
7134.209.144.87UAC-0098IcedID2022年04月29日verified
8XXX.XX.XXX.XXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
9XXX.XX.XXX.XXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
10XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
11XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
12XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
13XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
14XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
15XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
16XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
17XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
18XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
19XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
20XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
21XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
22XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
23XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
24XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
25XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
26XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
27XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx2022年04月29日verified
28XXX.XXX.X.XXXxx-xxxxXxxxxx2022年04月29日verified
29XXX.XXX.XXX.XXXxx-xxxx2022年07月21日verified
30XXX.XXX.XXX.XXXXxx-xxxx2022年07月21日verified
31XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxx-xxxxXxxxxx2022年04月29日verified
32XXX.XXX.XX.XXXxx-xxxx2022年07月21日verified

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument Injectionpredictive
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCAPEC-95CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
15TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/wlogin.cgipredictive
2File/etc/shadowpredictive
3File/goform/net\_Web\_get_valuepredictive
4File/goform/net_WebCSRGenpredictive
5File/goform/WebRSAKEYGenpredictive
6File/lam/tmp/predictive
7File/uncpath/predictive
8File/wp-content/plugins/woocommerce/templates/emails/plain/predictive
9Fileadd-category.phppredictive
10Fileadmin/dashboard.phppredictive
11Filexxxx_xxxxx_xxxx.xxxpredictive
12Filexxxx_xxx_xxxx.xxxpredictive
13Filexxx/xxxxxxx.xpredictive
14Filexxxxxx.xxxpredictive
15Filexxxxxx.xpredictive
16Filexxxxxx.xxxpredictive
17Filexxxxx.xpredictive
18Filexxxxxx.xpredictive
19Filexxx.xpredictive
20Filexxx_xxxxxxx.xpredictive
21Filexxx/xxxxx/xxxxx.xpredictive
22Filexxxxxxx_xxxx.xpredictive
23Filexxxx/xxxxxxx?xxxxx=xpredictive
24Filexxxxxxx.xxxpredictive
25Filexxxx.xpredictive
26Filexxxxxx/xxxxxxxxxxxpredictive
27Filexxxx.xpredictive
28Filexxxxx.xxpredictive
29Filexxxx_xxxx.xxxpredictive
30Filexxxxxx/xxxxxx/xxxx.xpredictive
31Filexxxxx/xxxxxxx.xpredictive
32Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictive
33Filexxxxx.xxxpredictive
34Filexxxxx.xxxpredictive
35Filexxxxx.xxxxpredictive
36Filexxxxxxxx-xxxxx-xxxxx.xxxpredictive
37Filexxxxxxx.xxpredictive
38Filexxx_xxx_xxxxxxx.xxxpredictive
39Filexxxx/xxxxxxxxx.xxxpredictive
40Filexxxxxxxx.xxxpredictive
41Filexxxxxx.xxxpredictive
42Filexxxxxxx/xxxxxxxxxxxpredictive
43Filexxxx-xxxxxx.xpredictive
44Filexxxxxxx.xxxpredictive
45Filexxxxx-xxxx.xxxpredictive
46Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictive
47File\xxxxx\xxxxxx.xxxx.xxxpredictive
48Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxx_xxxxxxxx.xxxpredictive
49Argument$_xxxxxpredictive
50Argumentxx/xxpredictive
51Argumentxxxxxxxxxxxxxx_xxxxpredictive
52Argumentxxpredictive
53Argumentxxxpredictive
54Argumentxxxxxxxx/xxxxxxxxxxxxpredictive
55Argumentxxpredictive
56Argumentxxxx_xxpredictive
57Argumentxxxxxxxxxxxxxxpredictive
58Argumentxxxx_xxxpredictive
59Argumentxxpredictive
60Argumentxxxxxpredictive
61Argumentxx_xxxxxxx_xxxxpredictive
62Argumentxxxxpredictive
63Argumentxxxxxpredictive
64Argumentxxxxpredictive
65Argumentxxxxxxxxxxxxxx_xxxpredictive
66Argumentxxxxxxxxpredictive
67Argumentxxxxxxxxxxpredictive
68Argumentxxxxxxx xxxxxpredictive
69Argumentxxxxxxx[xxxx]predictive
70Argumentxxxxxxxxxxxxxxpredictive
71Argumentxxxxxxxxxxxxxxpredictive
72Argumentxxxxxx\_xxxxpredictive
73Argumentxxxxxxxxpredictive
74Argumentx_xxxx/x_xxxxxxx/x_xxxxxxx/xxxxpredictive
75Argumentxxxxxxxxxxxxxxxpredictive
76Argument\xxxxxx\predictive
77Pattern|xx xx xx xx xx xx xx xx|predictive
78Pattern|xx xx xx|predictive
79Network Portxxx xxxxxx xxxxpredictive

参考 (6)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!