UNC1151 Analysis

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh30
en14
ru6
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
Cisco HyperFlex Software2
PHP2
Apple QuickTime2
Google Chrome2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Joseph C Dolson My Tickets Plugin cross-site request forgery5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000630.00CVE-2022-47440
2mongo-java-driver certificate validation4.64.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2021-20328
3Alinto SOGo Attachment Preview cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.05CVE-2024-34462
4xrdp-sesman Service Service Port 3350 stack-based overflow6.45.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000610.04CVE-2020-4044
5BusyBox xfuncs_printf.c xasprintf use after free5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000440.04CVE-2023-42363
6busybox ash.c stack-based overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001340.04CVE-2022-48174
7MikroTik RouterOS Winbox/HTTP Interface privileges management7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2023-30799
8D-Link DIR-635 Wireless.shtml cross site scripting4.64.4$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000000.00
9SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.12CVE-2023-2090
10LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.02
11Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.53
12Gin-vue-admin Parameter Validation path traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001260.05CVE-2022-24843
13Apache DolphinScheduler User Registration resource consumption3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000900.00CVE-2022-25598
14ThinkPHP input validation8.58.4$0-$5k$0-$5kHighOfficial Fix0.974550.00CVE-2019-9082
15Microsoft Windows Runtime uninitialized pointer8.17.7$25k-$100k$5k-$25kHighOfficial Fix0.193100.04CVE-2022-21971
16Apache APISIX batch-requests Plugin authentication spoofing7.37.3$5k-$25k$5k-$25kHighNot Defined0.974110.04CVE-2022-24112
17Linux Kernel Timer Tree timerqueue.c timerqueue_add initialization3.13.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2021-20317
18Oracle VM VirtualBox information disclosure3.83.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2022-21295
19Hashicorp Consul Enterprise HTTP Event unknown vulnerability6.05.8$0-$5k$0-$5kNot DefinedOfficial Fix0.002590.05CVE-2021-28156
20Apache Shiro improper authentication7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.006440.00CVE-2014-0074

Campaigns (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/concat?/%2557EB-INF/web.xmlpredictiveHigh
3File/context/%2e/WEB-INF/web.xmlpredictiveHigh
4File/xxxxx/xxxx.xxxpredictiveHigh
5Filexxx.xpredictiveLow
6Filexxxxx/xxxxxxxx.xxxxxpredictiveHigh
7Filexxxx.xxxpredictiveMedium
8Filexxx/xxxx/xx_xxxx.xpredictiveHigh
9Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
10Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
11Filexxxxxx_xxxxxx.xpredictiveHigh
12Libraryxxxxxxxxxxx.xxxpredictiveHigh
13Libraryxxx/xxxxxxxxxx.xpredictiveHigh
14Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
15Argumentxxxxxxxxxxxxxx[x]xxxx_xxxxxxxx[x]xxxxpredictiveHigh
16ArgumentxxpredictiveLow
17ArgumentxxxpredictiveLow
18Input Value-xpredictiveLow
19Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!