UAC-0098 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (173)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en154
ru8
de6
zh4
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us112
ru36
cn20
tr4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike9
IcedID6
IcedID Downloader3
RecordBreaker3
Sliver3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined48
Operating System14
Firewall Software10
Router Operating System8
Programming Tool Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Microsoft16
GNU12
D-Link6
Adobe6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows14
GNU binutils8
Moxa EDR-8106
Cisco TelePresence Video Communication Server4
Adobe Creative Cloud Desktop Application4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DGLogik DGLux Server IoT API permission8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01260CVE-2019-1010009
2SolarWinds Serv-U file information disclosure6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.05835CVE-2021-35250
3libxslt EXSLT Math.random Prediction random values5.55.3$0-$5kCalculatingNot DefinedOfficial Fix0.000.00086CVE-2015-9019
4GNU C Library fnmatch_loop.c fnmatch out-of-bounds5.65.4$0-$5kCalculatingNot DefinedOfficial Fix0.000.00546CVE-2015-8984
5GNU C Library strxfrm integer overflow9.18.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00670CVE-2015-8982
6Extreme EXOS memory corruption7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00209CVE-2017-14328
7IBM System Storage TS3100-TS3200 Tape Library access control8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00183CVE-2016-9005
8Deltek Vision RPC over HTTP SQL sql injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00576CVE-2018-18251
9SonicWALL Secure Remote Access cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.03350CVE-2021-20028
10XiongMai uc-httpd memory corruption8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.02201CVE-2018-10088
11Apache Spark UI command injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.97289CVE-2022-33891
12Dropbear TCP Listener double free7.26.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00499CVE-2017-9078
13Telligent Systems Zimbra Collaboration Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00758CVE-2013-7217
14DeDeCMS recommend.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.02324CVE-2017-17731
15libxml2 Recover Mode null pointer dereference4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00378CVE-2017-5969
16elfutils elf_getdata.c _libelf_set_rawdata_wrlock memory corruption5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01258CVE-2016-10255
17elfutils ELF File common.h allocate_elf memory corruption5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00986CVE-2016-10254
18GNU C Library wstrops.c IO_wstr_overflow integer overflow7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00508CVE-2015-8983
19Google Chrome Skia heap-based overflow8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00085CVE-2024-1283
20TrueConf Server sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00656CVE-2022-46764

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.199.173.152UAC-009807/21/2022verifiedHigh
25.199.174.219UAC-009807/21/2022verifiedHigh
364.190.113.51UAC-009807/21/2022verifiedHigh
484.32.188.29UAC-0098Cobalt Strike04/29/2022verifiedHigh
584.32.190.34UAC-0098Ukraine09/07/2022verifiedHigh
687.251.64.5UAC-009807/21/2022verifiedHigh
7134.209.144.87UAC-0098IcedID04/29/2022verifiedHigh
8XXX.XX.XXX.XXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
9XXX.XX.XXX.XXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
10XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
11XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
12XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
13XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
14XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
15XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
16XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
17XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
18XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
19XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
20XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
21XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
22XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
23XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
24XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
25XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
26XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
27XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx04/29/2022verifiedHigh
28XXX.XXX.X.XXXxx-xxxxXxxxxx04/29/2022verifiedHigh
29XXX.XXX.XXX.XXXxx-xxxx07/21/2022verifiedHigh
30XXX.XXX.XXX.XXXXxx-xxxx07/21/2022verifiedHigh
31XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxx-xxxxXxxxxx04/29/2022verifiedHigh
32XXX.XXX.XX.XXXxx-xxxx07/21/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/wlogin.cgipredictiveHigh
2File/etc/shadowpredictiveMedium
3File/goform/net\_Web\_get_valuepredictiveHigh
4File/goform/net_WebCSRGenpredictiveHigh
5File/goform/WebRSAKEYGenpredictiveHigh
6File/lam/tmp/predictiveMedium
7File/uncpath/predictiveMedium
8File/wp-content/plugins/woocommerce/templates/emails/plain/predictiveHigh
9Fileadd-category.phppredictiveHigh
10Fileadmin/dashboard.phppredictiveHigh
11Filexxxx_xxxxx_xxxx.xxxpredictiveHigh
12Filexxxx_xxx_xxxx.xxxpredictiveHigh
13Filexxx/xxxxxxx.xpredictiveHigh
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxx.xpredictiveMedium
16Filexxxxxx.xxxpredictiveMedium
17Filexxxxx.xpredictiveLow
18Filexxxxxx.xpredictiveMedium
19Filexxx.xpredictiveLow
20Filexxx_xxxxxxx.xpredictiveHigh
21Filexxx/xxxxx/xxxxx.xpredictiveHigh
22Filexxxxxxx_xxxx.xpredictiveHigh
23Filexxxx/xxxxxxx?xxxxx=xpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxx.xpredictiveLow
26Filexxxxxx/xxxxxxxxxxxpredictiveHigh
27Filexxxx.xpredictiveLow
28Filexxxxx.xxpredictiveMedium
29Filexxxx_xxxx.xxxpredictiveHigh
30Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
31Filexxxxx/xxxxxxx.xpredictiveHigh
32Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxxxx.xxxxpredictiveMedium
36Filexxxxxxxx-xxxxx-xxxxx.xxxpredictiveHigh
37Filexxxxxxx.xxpredictiveMedium
38Filexxx_xxx_xxxxxxx.xxxpredictiveHigh
39Filexxxx/xxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxx.xxxpredictiveMedium
42Filexxxxxxx/xxxxxxxxxxxpredictiveHigh
43Filexxxx-xxxxxx.xpredictiveHigh
44Filexxxxxxx.xxxpredictiveMedium
45Filexxxxx-xxxx.xxxpredictiveHigh
46Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
47File\xxxxx\xxxxxx.xxxx.xxxpredictiveHigh
48Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
49Argument$_xxxxxpredictiveLow
50Argumentxx/xxpredictiveLow
51Argumentxxxxxxxxxxxxxx_xxxxpredictiveHigh
52ArgumentxxpredictiveLow
53ArgumentxxxpredictiveLow
54Argumentxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
55ArgumentxxpredictiveLow
56Argumentxxxx_xxpredictiveLow
57ArgumentxxxxxxxxxxxxxxpredictiveHigh
58Argumentxxxx_xxxpredictiveMedium
59ArgumentxxpredictiveLow
60ArgumentxxxxxpredictiveLow
61Argumentxx_xxxxxxx_xxxxpredictiveHigh
62ArgumentxxxxpredictiveLow
63ArgumentxxxxxpredictiveLow
64ArgumentxxxxpredictiveLow
65Argumentxxxxxxxxxxxxxx_xxxpredictiveHigh
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxxxxxxxpredictiveMedium
68Argumentxxxxxxx xxxxxpredictiveHigh
69Argumentxxxxxxx[xxxx]predictiveHigh
70ArgumentxxxxxxxxxxxxxxpredictiveHigh
71ArgumentxxxxxxxxxxxxxxpredictiveHigh
72Argumentxxxxxx\_xxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74Argumentx_xxxx/x_xxxxxxx/x_xxxxxxx/xxxxpredictiveHigh
75ArgumentxxxxxxxxxxxxxxxpredictiveHigh
76Argument\xxxxxx\predictiveMedium
77Pattern|xx xx xx xx xx xx xx xx|predictiveHigh
78Pattern|xx xx xx|predictiveMedium
79Network Portxxx xxxxxx xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!