UNC1151 Analysis

IOB - Indicator of Behavior (43)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh34
en8
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn42
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome2
xnio2
ESRI ArcGIS for Server2
Apache HttpClient2
Apple QuickTime2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1mongo-java-driver certificate validation4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00885CVE-2021-20328
2LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.610.00000
3Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00000
4Gin-vue-admin Parameter Validation path traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00954CVE-2022-24843
5Apache DolphinScheduler User Registration resource consumption3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00885CVE-2022-25598
6ThinkPHP input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.84749CVE-2019-9082
7Microsoft Windows Runtime Remote Code Execution8.17.4$100k and more$5k-$25kUnprovenOfficial Fix0.000.12761CVE-2022-21971
8Apache APISIX batch-requests Plugin authentication spoofing7.37.3$5k-$25k$5k-$25kNot DefinedNot Defined0.040.71078CVE-2022-24112
9Linux Kernel Timer Tree timerqueue.c timerqueue_add initialization3.13.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.01034CVE-2021-20317
10Oracle VM VirtualBox information disclosure3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2022-21295
11Hashicorp Consul Enterprise HTTP Event unknown vulnerability6.05.8$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2021-28156
12Apache Shiro improper authentication7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.01136CVE-2014-0074
13Cisco HyperFlex Software Graphite Interface data authenticity4.34.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00885CVE-2019-1667
14RabbitMQ Management UI cross site scripting2.42.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.02199CVE-2021-32718
15Google Chrome V8 type confusion6.36.0$25k-$100k$5k-$25kNot DefinedOfficial Fix0.010.01213CVE-2021-4061
16Google Chrome Blink use after free7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.020.01136CVE-2019-5787
17Action Pack Helper polymorphic_url information exposure3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.010.02509CVE-2021-22885
18Eclipse Jetty Default Compliance Mode web.xml information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.46512CVE-2021-28164
19Eclipse Jetty ConcatServlet information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.27302CVE-2021-28169
20Mobile Viewpoint Wireless Multiplex Terminal Playout Server hard-coded credentials6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.010.00885CVE-2020-35338

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059CWE-94Cross Site ScriptingpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (13)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/concat?/%2557EB-INF/web.xmlpredictiveHigh
2File/context/%2e/WEB-INF/web.xmlpredictiveHigh
3File/xxxxx/xxxx.xxxpredictiveHigh
4Filexxxx.xxxpredictiveMedium
5Filexxx/xxxx/xx_xxxx.xpredictiveHigh
6Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
7Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
8Libraryxxxxxxxxxxx.xxxpredictiveHigh
9Libraryxxx/xxxxxxxxxx.xpredictiveHigh
10Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
11ArgumentxxxpredictiveLow
12Input Value-xpredictiveLow
13Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!