UAC-0099 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (395)

タイムライン

言語

en366
jp12
es6
ru4
it4

国・地域

us34
gb28
jp12
es6
it4

アクター

UAC-00997
Meterpreter2
Patchwork1
Fareit1
Socks5 Systemz1

アクティビティ

関心

タイムライン

タイプ

Not Defined46
Content Management System8
WordPress Plugin6
Web Server4
Web Browser4

ベンダー

Not Defined28
SmarterTools4
Google4
Joomla4
Apple4

製品

SmarterTools SmarterStats4
Joomla CMS4
Advanced Guestbook4
Apache HTTP Server2
BeyondTrust Privilege Management2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Simple Machines Forum Access Restriction PersonalMessage.php MessageSearch2 特権昇格8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.00CVE-2018-10305
2Discuz! admin.php クロスサイトスクリプティング3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
3DM Guestbook ch_lng.php ディレクトリトラバーサル7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.044030.02CVE-2007-5821
4Advanced Guestbook index.php ディレクトリトラバーサル3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.05
5DM Guestbook glob_new.php ディレクトリトラバーサル7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.044030.02CVE-2007-5821
6Advanced Guestbook htaccess ディレクトリトラバーサル5.65.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.041620.08CVE-2007-0609
7212cafe Guestbook show.php クロスサイトスクリプティング6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.004880.00CVE-2007-0542
8Nordex Control 2 SCADA Wind Farm Portal Application クロスサイトスクリプティング4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002770.04CVE-2015-6477
9Upoint @1 File Store signup.php クロスサイトスクリプティング5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006140.00CVE-2006-1277
10Cold BBS 特権昇格5.34.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.007260.00CVE-2008-5597
11MT312 IMG-BBS model.php クロスサイトスクリプティング4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002200.03CVE-2009-1881
12Western Digital WD My Cloud Mirror Login 弱い認証7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
13Let's PHP! p++BBS クロスサイトスクリプティング5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.05CVE-2015-7783
14BlackBoard Learn Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001050.04CVE-2017-18262
15Joomla CMS com_easyblog SQLインジェクション6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.33
16EmbedPress Plugin クロスサイトスクリプティング4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.02CVE-2023-5750
17JFinalCMS file 情報の漏洩5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001340.00CVE-2023-50449
18Google Android U-Boot Shell Privilege Escalation7.67.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000610.00CVE-2023-48424
19Document Foundation LibreOffice GStreamer 特権昇格7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2023-6185
20Hitachi Vantara System Management Unit SMU Configuration Backup 特権昇格6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.007430.05CVE-2023-6538

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-38831

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
12.59.222.98UAC-0099CVE-2023-388312023年12月27日verified
245.148.121.6UAC-00992024年03月20日verified
3XX.XXX.XXX.XXxx-xxx-xxx-xx.xxx.xxxxxxxxxxxx.xxXxx-xxxx2024年03月20日verified
4XXX.XX.XX.XXXxx-xxxxXxx-xxxx-xxxxx2023年12月27日verified
5XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xxxxxxx.xxxxxx.xxxXxx-xxxx2024年03月20日verified
6XXX.XX.XXX.XXXXxx-xxxx2024年03月20日verified
7XXX.XXX.XXX.XXxx-xxxxXxx-xxxx-xxxxx2023年12月27日verified
8XXX.XX.XXX.XXXxxxxx-xxxxxxxxxxxxxx-xxxxxxx.xxxxxx-xx-xxxxx.xxxXxx-xxxx2024年03月20日verified

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-24Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-142CWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx Xxxxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/.ssh/authorized_keyspredictive
2File/anony/mjpg.cgipredictive
3File/common/down/filepredictive
4File/forum/away.phppredictive
5File/psrs/admin/categories/manage_field_order.phppredictive
6File/uncpath/predictive
7Fileadmin.phppredictive
8Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
9Filexxxx/xx_xxx.xxxpredictive
10Filexxxx/xxxx_xxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxx.xpredictive
13Filexxxx.xxpredictive
14Filexxxxxxxxx/xxxxxxxxx.xpredictive
15Filexxxx_xxxx.xpredictive
16Filexxxxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxxxx.xxxxpredictive
19Filexx/xxxx.xpredictive
20Filexxxxx.xxxpredictive
21Filexxx_xxxxx.xpredictive
22Filexxxxxxxxxxxxxxx.xxxpredictive
23Filexxxxxxxxxxx.xxpredictive
24Filexxxxxxxx.xxxpredictive
25Filexxxx.xxxpredictive
26Filexxxx_xxxxxxxx.xxxpredictive
27Filexxxxxx.xxxpredictive
28Filexxxxxxxxxxxx/xxxxxx/xxxxxxx.xxxxpredictive
29Filexxxxxxxxxx.xxxpredictive
30Filexxxxxxx/xx-xxxx-xxxxxxxx-xxxxxxxxxx-xxxxxxx/xxxxxxx/xxxxxxxxxxxxxxx?xxxxxxxxxpredictive
31Argumentxxxxxxpredictive
32Argumentxxxxpredictive
33Argumentxxxxxxxpredictive
34Argumentxxxxxxpredictive
35Argumentxxxx/xxxx/xxxxx/xxxxxpredictive
36Argumentxxxxxxxpredictive
37Argumentxx_xxxpredictive
38Argumentxxpredictive
39Argumentxxxxxxxpredictive
40Argumentxxxxpredictive
41Argumentxxxxxxxxpredictive
42Argumentxxxpredictive
43Argumentxxxxxxxx_xxxxxpredictive
44Argumentxxxxxx_xxxxpredictive
45Argumentxxxxxxpredictive
46Argumentxxxxxxxxpredictive
47Argumentxxxxxxxxpredictive
48Argumentxxxxxxxxxpredictive
49Argumentxxxpredictive
50Argumentxxxxpredictive
51Argumentxxxxxxxx/xxxxxxxpredictive
52Input Value../predictive
53Input Value/%xxpredictive
54Input Value[]-x.xx-xxxxxxxxxxpredictive
55Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!