UAC-0098 Analysis

IOB - Indicator of Behavior (113)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en102
ru8
es2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us92
ru14
cn6
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Moxa EDR-8108
GNU binutils8
GNU C Library4
Pre Shopping Mall2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1libxslt EXSLT Math.random Prediction random values5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2015-9019
2GNU C Library fnmatch_loop.c fnmatch out-of-bounds5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01108CVE-2015-8984
3GNU C Library strxfrm integer overflow9.18.6$0-$5kCalculatingNot DefinedOfficial Fix0.000.02714CVE-2015-8982
4Apache Spark UI command injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.59660CVE-2022-33891
5Dropbear TCP Listener double free7.26.8$0-$5k$0-$5kNot DefinedOfficial Fix0.050.04695CVE-2017-9078
6Telligent Systems Zimbra Collaboration Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.01183CVE-2013-7217
7DeDeCMS recommend.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2017-17731
8libxml2 Recover Mode null pointer dereference4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01319CVE-2017-5969
9elfutils elf_getdata.c _libelf_set_rawdata_wrlock memory corruption5.45.3$0-$5kCalculatingNot DefinedOfficial Fix0.080.01319CVE-2016-10255
10elfutils ELF File common.h allocate_elf memory corruption5.45.3$0-$5kCalculatingNot DefinedOfficial Fix0.000.01213CVE-2016-10254
11GNU C Library wstrops.c IO_wstr_overflow integer overflow7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.02464CVE-2015-8983
12TP-LINK TL-WR841N httpd buffer overflow7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.030.04571CVE-2022-30024
13Technicolor TC7337NET Password cleartext transmission7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.070.01055CVE-2020-10376
14Juniper Junos OS Evolved CLI command injection7.97.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01005CVE-2021-31356
15Microsoft ASP.NET Core redirect7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.10457CVE-2017-11879
16beautify-web js-beautify options.js prototype pollution7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.010.00954CVE-2022-37609
17Microsoft Windows NTLM information disclosure5.85.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.050.02251CVE-2022-35770
18Microsoft Windows WLAN Service Privilege Escalation8.17.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.030.01150CVE-2022-37984
19Microsoft Windows Win32k Privilege Escalation7.26.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.090.01405CVE-2022-21882
20CA BrightStor ARCserve Backup stack-based overflow10.09.5$25k-$100kCalculatingHighOfficial Fix0.010.78095CVE-2007-2139

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (33)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.199.173.152UAC-0098verifiedHigh
25.199.174.219UAC-0098verifiedHigh
364.190.113.51UAC-0098verifiedHigh
484.32.188.29UAC-0098Cobalt StrikeverifiedHigh
584.32.190.34UAC-0098UkraineverifiedHigh
687.251.64.5UAC-0098verifiedHigh
7134.209.144.87UAC-0098IcedIDverifiedHigh
8XXX.XX.XXX.XXxx-xxxxXxxxxx XxxxxxverifiedHigh
9XXX.XX.XXX.XXxx-xxxxXxxxxx XxxxxxverifiedHigh
10XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
11XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
12XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
13XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
14XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
15XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
16XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
17XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
18XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
19XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
20XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
21XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
22XXX.XX.XXX.XXXxx-xxxxXxxxxx XxxxxxverifiedHigh
23XXX.XX.XXX.XXXXxx-xxxxXxxxxx XxxxxxverifiedHigh
24XXX.XX.XXX.XXXXxx-xxxxXxxxxx XxxxxxverifiedHigh
25XXX.XX.XXX.XXXXxx-xxxxXxxxxx XxxxxxverifiedHigh
26XXX.XX.XXX.XXXXxx-xxxxXxxxxx XxxxxxverifiedHigh
27XXX.XX.XXX.XXXXxx-xxxxXxxxxx XxxxxxverifiedHigh
28XXX.XXX.X.XXXxx-xxxxXxxxxxverifiedHigh
29XXX.XXX.XXX.XXXxx-xxxxverifiedHigh
30XXX.XXX.XXX.XXXXxx-xxxxverifiedHigh
31XXX.XXX.XXX.XXXXxx-xxxxverifiedHigh
32XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxx-xxxxXxxxxxverifiedHigh
33XXX.XXX.XX.XXXxx-xxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1059CWE-94, CWE-1321Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (69)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/wlogin.cgipredictiveHigh
2File/etc/shadowpredictiveMedium
3File/goform/net\_Web\_get_valuepredictiveHigh
4File/goform/net_WebCSRGenpredictiveHigh
5File/goform/WebRSAKEYGenpredictiveHigh
6File/uncpath/predictiveMedium
7File/wp-content/plugins/woocommerce/templates/emails/plain/predictiveHigh
8Fileadd-category.phppredictiveHigh
9Fileadmin/dashboard.phppredictiveHigh
10Filexxxx_xxxxx_xxxx.xxxpredictiveHigh
11Filexxxx_xxx_xxxx.xxxpredictiveHigh
12Filexxx/xxxxxxx.xpredictiveHigh
13Filexxxxxx.xxxpredictiveMedium
14Filexxxxxx.xpredictiveMedium
15Filexxxxxx.xxxpredictiveMedium
16Filexxxxx.xpredictiveLow
17Filexxxxxx.xpredictiveMedium
18Filexxx.xpredictiveLow
19Filexxx_xxxxxxx.xpredictiveHigh
20Filexxx/xxxxx/xxxxx.xpredictiveHigh
21Filexxxxxxx_xxxx.xpredictiveHigh
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxx.xpredictiveLow
24Filexxxx.xpredictiveLow
25Filexxxx_xxxx.xxxpredictiveHigh
26Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
27Filexxxxx/xxxxxxx.xpredictiveHigh
28Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxx.xxxpredictiveMedium
31Filexxxxx.xxxxpredictiveMedium
32Filexxxxxxxx-xxxxx-xxxxx.xxxpredictiveHigh
33Filexxxxxxx.xxpredictiveMedium
34Filexxx_xxx_xxxxxxx.xxxpredictiveHigh
35Filexxxx/xxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxx.xxxpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxxxxxx/xxxxxxxxxxxpredictiveHigh
39Filexxxx-xxxxxx.xpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexxxxx-xxxx.xxxpredictiveHigh
42Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
43Argument$_xxxxxpredictiveLow
44Argumentxx/xxpredictiveLow
45Argumentxxxxxxxxxxxxxx_xxxxpredictiveHigh
46ArgumentxxxpredictiveLow
47Argumentxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
48ArgumentxxpredictiveLow
49Argumentxxxx_xxpredictiveLow
50ArgumentxxxxxxxxxxxxxxpredictiveHigh
51Argumentxxxx_xxxpredictiveMedium
52ArgumentxxpredictiveLow
53Argumentxx_xxxxxxx_xxxxpredictiveHigh
54ArgumentxxxxpredictiveLow
55ArgumentxxxxxpredictiveLow
56ArgumentxxxxpredictiveLow
57Argumentxxxxxxxxxxxxxx_xxxpredictiveHigh
58ArgumentxxxxxxxxpredictiveMedium
59ArgumentxxxxxxxxxxpredictiveMedium
60Argumentxxxxxxx[xxxx]predictiveHigh
61ArgumentxxxxxxxxxxxxxxpredictiveHigh
62ArgumentxxxxxxxxxxxxxxpredictiveHigh
63Argumentxxxxxx\_xxxxpredictiveMedium
64ArgumentxxxxxxxxpredictiveMedium
65Argumentx_xxxx/x_xxxxxxx/x_xxxxxxx/xxxxpredictiveHigh
66Argument\xxxxxx\predictiveMedium
67Pattern|xx xx xx xx xx xx xx xx|predictiveHigh
68Pattern|xx xx xx|predictiveMedium
69Network Portxxx xxxxxx xxxxpredictiveHigh

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!