UNC5221 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

タイムライン

言語

en58
zh6
fr2

国・地域

us46
cn14
ru2

アクター

Mirai2
Sliver2
Cobalt Strike2
Ave Maria2
UNC52212

アクティビティ

関心

タイムライン

タイプ

Not Defined30
Web Server6
WordPress Plugin4
Programming Language Software2
Router Operating System2

ベンダー

Not Defined20
Adobe4
Apache4
Phplinkdirectory2
D-Link2

製品

Magento6
Adobe Magento4
Apache HTTP Server4
Thruk2
Phplinkdirectory PHP Link Directory2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Magento Search Module SQLインジェクション7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.02CVE-2021-21024
2DZCP deV!L`z Clanportal browser.php 情報の漏洩5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.68CVE-2007-1167
3Magento 特権昇格8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003630.00CVE-2020-9585
4Magento File Upload 特権昇格4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2020-24407
5Magento WebAPI 特権昇格4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.001680.00CVE-2021-21016
6Magento 特権昇格4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.001200.00CVE-2021-21014
7MGB OpenSource Guestbook email.php SQLインジェクション7.37.3$0-$5k$0-$5kHighUnavailable0.013020.63CVE-2007-0354
8Magento 弱い認証5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.002710.00CVE-2021-21032
9D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi 特権昇格7.37.1$5k-$25k$0-$5kHighWorkaround0.833610.43CVE-2024-3273
10F-logic DataCube3 Configuration File 特権昇格5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-25830
11linkding クロスサイトスクリプティング4.14.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000570.04CVE-2023-6646
12Google Android KeyChainActivity App 特権昇格7.57.4$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000610.02CVE-2023-48417
13WP Crowdfunding Plugin Setting クロスサイトスクリプティング3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2023-5757
14Mozilla Firefox Document URI 特権昇格4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000460.06CVE-2024-0748
15Paid Memberships Pro Plugin Level Orders Update 未知の脆弱性4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000650.02CVE-2024-0624
16Log Command Plugin args4j ディレクトリトラバーサル5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.04CVE-2024-23904
17ZTE ZXHN F677/ZXHN F477 FTP ディレクトリトラバーサル6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.02CVE-2022-23135
18Joomla CMS com_easyblog SQLインジェクション6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.26
19Akamai Technologies Download Manager ActiveX Control downloadmanagerv2.ocx getprivateprofilesectionw メモリ破損10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.349050.00CVE-2007-1891
20ProductCart AffiliateLogin.asp クロスサイトスクリプティング4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.002420.03CVE-2010-3421

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-46805 / CVE-2024-21887

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
18.137.112.245UNC5221CVE-2023-46805 / CVE-2024-218872024年02月13日verified
245.61.136.14UNC5221CVE-2023-46805 / CVE-2024-218872024年02月13日verified
3XX.XXX.XX.XXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024年02月13日verified
4XX.XX.XXX.XXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024年02月13日verified
5XXX.X.XXX.XXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024年02月13日verified
6XXX.XX.XXX.XXXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024年02月13日verified
7XXX.XXX.XXX.XXXxxx-xxxxxxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024年02月13日verified
8XXX.XXX.XX.XXXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024年02月13日verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
8TXXXXCAPEC-108CWE-XX, CWE-XXXxx Xxxxxxxxxpredictive
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
10TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictive
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
12TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/cgi-bin/nas_sharing.cgipredictive
2File/jeecg-boot/sys/common/uploadpredictive
3File/thruk/#cgi-bin/extinfo.cgi?type=2predictive
4Fileadmin/conf_users_edit.phppredictive
5Filexxxxxxxxxxxxxx.xxxpredictive
6Filexxxxxxx.xxxxpredictive
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
8Filexxxxxxxxxxxxxxxxx.xxxpredictive
9Filexxxxx.xxxpredictive
10Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxx.xxxpredictive
13Filexxxxxxxx.xxxpredictive
14Filexxxxxxxx.xxxpredictive
15Filexxx/xxxxxxx.xpredictive
16Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictive
17Argumentxxxxxxpredictive
18Argumentxxxxxxxpredictive
19Argumentxxxxxxxxxxpredictive
20Argumentxxxxpredictive
21Argumentxxxx/xxxxxxx/xxxxxxxpredictive
22Argumentxxpredictive
23Argumentxxxxxpredictive
24Argumentxxxxxxxpredictive
25Argumentxxxxxxxx_xxxxxxxpredictive
26Argumentxxxxxxxxxxxpredictive
27Argumentxxxxxxpredictive
28Argumentxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!