UAC-0010 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (316)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en276
zh20
ru6
de4
jp4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us86
cn48
ru6
vn2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

UAC-001016
Cobalt Strike5
IcedID4
Raccoon3
Tofsee2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined88
Content Management System32
Cloud Software18
Groupware Software12
Programming Language Software12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined82
Adobe20
Microsoft18
IBM14
Trend Micro8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Experience Manager14
Microsoft SharePoint Server6
IBM WebSphere Application Server6
ZTE ZXCLOUD GoldenData VAP4
Trend Micro Security 20204

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1OpenResty ngx.req.get_post_args sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.090.00637CVE-2018-9230
2jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00289CVE-2019-7550
3Joomla CMS sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00196CVE-2019-19846
4Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.97330CVE-2021-34473
5PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.700.00334CVE-2007-0529
6Keycloak server-side request forgery7.36.8$0-$5k$0-$5kFunctionalOfficial Fix0.030.43882CVE-2020-10770
7KeyCloak Admin Console privilege defined with unsafe actions5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00088CVE-2019-10170
8WUZHI CMS sms_check.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00212CVE-2018-11528
9Palo Alto PAN-OS GlobalProtect Gateway improper authorization7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00238CVE-2020-2050
10JetBrains IntelliJ IDEA License Server authentication spoofing7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00222CVE-2020-11690
11OpenClinic test_new.php unrestricted upload6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.040.00105CVE-2020-28939
12Adobe Experience Manager server-side request forgery6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00205CVE-2020-9643
13Adobe Experience Manager server-side request forgery6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00205CVE-2020-9645
14Trend Micro Security 2019/Security 2020 input validation6.56.5$5k-$25k$0-$5kNot DefinedNot Defined0.000.00138CVE-2019-20357
15Mortbay Jetty Terminal input validation7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.00768CVE-2009-4611
16Adobe Experience Manager cross-site request forgery5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00081CVE-2019-8234
17Adobe Experience Manager XML Data xml external entity reference6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00256CVE-2019-8087
18Adobe Experience Manager XML Data xml external entity reference6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.14515CVE-2019-8086
19freeciv os command injection9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00412CVE-2010-2445
20MULTIDOTS Add Social Share Messenger Buttons Whatsapp whatsapp_share_setting_add_update cross-site request forgery5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00071CVE-2018-11632

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.61.138.226UAC-001010/10/2022verifiedHigh
245.61.139.22UAC-001010/10/2022verifiedHigh
345.77.196.21145.77.196.211.vultrusercontent.comUAC-001010/10/2022verifiedHigh
445.77.237.25245.77.237.252.vultrusercontent.comUAC-001010/10/2022verifiedHigh
566.42.95.12366.42.95.123.vultrusercontent.comUAC-001007/21/2022verifiedHigh
6XX.XX.XXX.XXxx.xx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxx-xxxx10/10/2022verifiedHigh
7XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xx.xxxxxxxxxxxxxxxxx.xxxXxx-xxxx07/21/2022verifiedHigh
8XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxx-xxxx10/10/2022verifiedHigh
9XX.XX.XXX.XXXxxxxxxxx.xxxxxxx.xxXxx-xxxx07/21/2022verifiedHigh
10XXX.XXX.XXX.XXXXxx-xxxx10/10/2022verifiedHigh
11XXX.XX.XXX.XXXXxx-xxxx10/10/2022verifiedHigh
12XXX.XXX.XX.XXXxxx.xxx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxx-xxxx10/10/2022verifiedHigh
13XXX.XXX.XX.XXxxx.xxx.xx.xx.xxxxxxxxxxxxxxxx.xxxXxx-xxxx07/21/2022verifiedHigh
14XXX.XXX.XX.XXXXxx-xxxx10/10/2022verifiedHigh
15XXX.XXX.XX.XXXxx-xxxx10/10/2022verifiedHigh
16XXX.XXX.XX.XXXXxx-xxxx10/10/2022verifiedHigh
17XXX.XX.XXX.XXXxx-xxxx10/10/2022verifiedHigh
18XXX.XXX.XXX.XXXXxx-xxxx10/10/2022verifiedHigh
19XXX.XX.XXX.XXxxxxxx.xxxxxxxxxxxxxxxxxx.xxxXxx-xxxx07/21/2022verifiedHigh
20XXX.XX.XXX.XXXxxx-xx-xxx-xxx.xxxxxxxx.xxxxxxxxxxxx.xxXxx-xxxx07/21/2022verifiedHigh
21XXX.XXX.XXX.XXxxx-xxx-xxx-xx.xxxxxxxxx.xxxXxx-xxxx10/10/2022verifiedHigh
22XXX.XXX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxx-xxxx07/21/2022verifiedHigh
23XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxx-xxxx07/21/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
14TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXX, CWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
19TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (137)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/databasepredictiveHigh
2File/etc/keystone/user-project-map.jsonpredictiveHigh
3File/forum/away.phppredictiveHigh
4File/goform/formLoginpredictiveHigh
5File/html/portal/flash.jsppredictiveHigh
6File/test/cookie/predictiveHigh
7File/tmp/speedtest_urls.xmlpredictiveHigh
8File/ui/loginpredictiveMedium
9File/web/google_analytics.phppredictiveHigh
10File/wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESCpredictiveHigh
11File/wp-admin/options-general.phppredictiveHigh
12Fileadclick.phppredictiveMedium
13Fileaddentry.phppredictiveMedium
14Fileadd_comment.phppredictiveHigh
15Fileadmin.phppredictiveMedium
16Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
17Filexxx/xxx_xxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxxxxx/xxxx/xxxx/xx.xxxxxxxxxx.xx_xxxx/xxx.xxx.xxx.xxxxxxxxx.xxxxxxx/xxx_xx_xxxx_xxxx_xxx/xxx_xx_xxxx_xxxx_xxx.xxx/xxxxpredictiveHigh
19Filexxxxxx.xxxxxx.xxxpredictiveHigh
20Filexxx.xxxpredictiveLow
21Filexxxxxx.xpredictiveMedium
22Filexxxxxxxx.xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxx-xxx/xxxxxxx.xxpredictiveHigh
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxx-xxx-xxxxxx-xxxxxxxxxx.xxxpredictiveHigh
26Filexxxx/xxx/xxxxxxx/xxxxxxxx/xxxxxx.xxxpredictiveHigh
27Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxx_xxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxx_xxx.xxxpredictiveMedium
31Filexxxx-xxxxx.xxxpredictiveHigh
32Filexx/xxxx/xxxx_xxxxxx.xpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxx.xxxpredictiveMedium
35Filexxxxxxxxxxxxxxx/xxxxx_xxxx_xxxxxxxxxx.xxpredictiveHigh
36Filexxx/xxxxxxxxx-xxxpredictiveHigh
37Filexxx/xxxxxx.xxxpredictiveHigh
38Filexxxxxxxx/xxxxxxxxx_xxxxxxx.xxxpredictiveHigh
39Filexxxxx.xxxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
42Filexxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexxxxxxxxxxx/xxx.xpredictiveHigh
45Filexxxxxxxxxx.xxxpredictiveHigh
46Filexxxxxxx/xxxx_xxx.xxxpredictiveHigh
47Filexxxxxxxxxx-xxxxxxxxxx-xxx-xxx-xxxxxxx-xxxx/xxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
49Filexxx/xxxx/xxxx.xpredictiveHigh
50Filexxxxxxxxxx.xxxpredictiveHigh
51Filexxx_xxxx_xxx_xxxxxxxxxx.xpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx.xxxpredictiveMedium
54Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
55Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
56Filexxxxxx.xxxpredictiveMedium
57Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxxxx_xxxxx.xxxpredictiveHigh
61Filexxxxxx.xpredictiveMedium
62Filexxxxxxx/xxxxxxxx-xxxxpredictiveHigh
63Filexxxxxxxx/xxxxxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
64Filexxxxxxxxxx/xxxxxx_xxxxxxxx_xxxxxxx_xxxxxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
65Filexxxxx-xxxx/xxxxxxx/xxxxxxx/xxxxx/xxxxx/xxxxxx.xxxpredictiveHigh
66Filexxx_xxxxxx.xxxpredictiveHigh
67Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
68Filexxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxxxxxx.xpredictiveHigh
70Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
71Filexxxxxxx.xpredictiveMedium
72Filexxxx_xxx_xxx_xxxx.xxxpredictiveHigh
73Filexx-xxxxx/xxxxx-xxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxxxxpredictiveHigh
74Filexx-xxxxx/xxxxx.xxxpredictiveHigh
75Filexx-xxxxx/xxxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxpredictiveHigh
76Filexx-xxxx/xx_xxxx_xxxx_xxxxxxx/xx/xxxxx_xxxxpredictiveHigh
77Filexxx/xxx/xxxxxxxxx.xxxpredictiveHigh
78File~/xxxxxxxx-xxxxxxxx.xxxpredictiveHigh
79Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
80Libraryxxxxx.xxxpredictiveMedium
81Argument$xxxxxx.xxxxxxxxpredictiveHigh
82ArgumentxxxpredictiveLow
83ArgumentxxxxxxxxxxxxpredictiveMedium
84Argumentxxxxxx_xxxxpredictiveMedium
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxpredictiveLow
87Argumentxxx_xxxpredictiveLow
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxxxxxxxxxpredictiveMedium
90ArgumentxxxxxpredictiveLow
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxpredictiveLow
93Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
94ArgumentxxxxxxxpredictiveLow
95Argumentx_xxpredictiveLow
96Argumentxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxpredictiveHigh
97ArgumentxxxpredictiveLow
98Argumentxxxxxxx_xxxpredictiveMedium
99ArgumentxxxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101Argumentxxxxx xxxx/xxxxxx xxxx/xxxx xxxpredictiveHigh
102Argumentxx_xxxxxxx_xxxxx[xxxxxxx]predictiveHigh
103Argumentxxxxxxx_xxxxxxxpredictiveHigh
104ArgumentxxxxpredictiveLow
105ArgumentxxpredictiveLow
106ArgumentxxpredictiveLow
107ArgumentxxpredictiveLow
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxpredictiveMedium
110ArgumentxxxxpredictiveLow
111Argumentxxxxx xxxxxxx/xxxxxx xxxxxxx/xxxxxxxx xxxxxxxxxxxxpredictiveHigh
112ArgumentxxxxxpredictiveLow
113ArgumentxxxxpredictiveLow
114ArgumentxxxxxpredictiveLow
115ArgumentxxxxxxxxpredictiveMedium
116ArgumentxxxxxxxxxxxxxxpredictiveHigh
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxxxxxx_xxxpredictiveMedium
120ArgumentxxxxxxpredictiveLow
121ArgumentxxxxxxxxxpredictiveMedium
122ArgumentxxxpredictiveLow
123Argumentxxxx_xxpredictiveLow
124ArgumentxxxxxpredictiveLow
125ArgumentxxxxxxpredictiveLow
126ArgumentxxxxpredictiveLow
127Argumentxxx xxx_xx/xxxxxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxpredictiveHigh
128ArgumentxxxxxxxxxxxpredictiveMedium
129Argumentxx_xxxxxpredictiveMedium
130ArgumentxxxpredictiveLow
131ArgumentxxxxxxxxpredictiveMedium
132Argumentxxxx_xxxxpredictiveMedium
133Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
134Input ValuexxxxxxxxpredictiveMedium
135Input Valuexxxxxxxx/xxxxxxxx/xxxxxxxxxpredictiveHigh
136Pattern|xx xx xx|predictiveMedium
137Network Portxxx/xxxpredictiveLow

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!