UNC5174 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

タイムライン

言語

zh8
en8

国・地域

cn16

アクター

UNC51741

アクティビティ

関心

タイムライン

タイプ

Content Management System6
Not Defined4
Bug Tracking Software2
Web Server2
Firewall Software2

ベンダー

Not Defined10
GitLab2
Apache2
Octopus2

製品

WordPress6
h5ai2
GitLab Enterprise Edition2
Apache HTTP Server2
Octopus Server2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1OpenStack Nova noVNC Redirect4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.925960.00CVE-2021-3654
2Grafana GeoMap Plugin クロスサイトスクリプティング5.45.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.03CVE-2023-0507
3Grafana 競合状態7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001920.03CVE-2022-39328
4h5ai 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.033150.00CVE-2015-3203
5Apache Tomcat AJP Connector Ghostcat 特権昇格8.58.4$5k-$25k$0-$5kHighOfficial Fix0.973840.00CVE-2020-1938
6Octopus Server/Server Web Request Proxy 情報の漏洩2.12.1$0-$5k$0-$5kNot DefinedNot Defined0.001520.00CVE-2021-31820
7Apache HTTP Server HTTP/2 Request 特権昇格6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.03CVE-2020-9490
8WordPress FilteredIterator.php 特権昇格7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.007120.02CVE-2020-28032
9WordPress Installation functions.php is_blog_installed 特権昇格8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.024210.04CVE-2020-28037
10WordPress XML-RPC class-wp-xmlrpc-server.php 特権昇格8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.007310.03CVE-2020-28036
11Web2py utils.py secure_load Stored 特権昇格7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020670.02CVE-2016-3957
12GitLab Enterprise Edition Project Import 情報の漏洩5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2020-6832
13Microsoft Internet Explorer Scripting Engine メモリ破損6.76.6$25k-$100k$5k-$25kHighOfficial Fix0.058890.03CVE-2020-0968
14Joomla CMS SQLインジェクション7.37.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001190.00CVE-2014-7981
15Northern.tech CFEngine Enterprise クロスサイトスクリプティング5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2019-19394
16Microsoft Windows Graphics Device Interface GDI32.dll 情報の漏洩5.85.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.071380.00CVE-2016-0008

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-46747

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1172.104.124.74li1734-74.members.linode.comUNC5174CVE-2023-467472024年04月02日verified

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
2T1068CWE-264Execution with Unnecessary Privilegespredictive
3TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
4TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1Filegluon/utils.pypredictive
2Filewp-includes/class-wp-xmlrpc-server.phppredictive
3Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
4Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictive
5Libraryxxxxx.xxxpredictive
6Argumentxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!