UNC215 Analysis

IOB - Indicator of Behavior (176)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en148
zh20
es4
fr2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
Cacti4
Apache HTTP Server4
Microsoft Office4
RoundCube2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.021470.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.012980.51CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001350.03CVE-2010-4996
4nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.16CVE-2020-12440
5Cacti graph_view.php sql injection8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.012360.03CVE-2016-3659
6Webmin Download Path cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000750.00CVE-2023-38305
7Vmware Workspace ONE Access/Identity Manager Template injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974930.06CVE-2022-22954
8MinIO Admin API authentication bypass9.08.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.03CVE-2020-11012
9Microsoft Windows MSHTML path traversal8.68.2$25k-$100k$5k-$25kHighOfficial Fix0.970970.03CVE-2021-40444
10Fortinet FortiMail/FortiVoiceEntreprise Password Change improper authentication8.58.5$0-$5k$0-$5kHighNot Defined0.028190.03CVE-2020-9294
11Apache Shiro improper authentication7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001750.04CVE-2020-13933
12MyBB Login redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000740.00CVE-2019-20225
13Actiontec C1000A Website Blocking Page advancedsetup_websiteblocking.html Persistent cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001150.00CVE-2018-19922
14Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.014020.00CVE-2018-1312
15Invision Power Services IPS SVG Document Stored access control6.26.2$0-$5kCalculatingNot DefinedNot Defined0.002580.00CVE-2017-8899
16DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.41CVE-2007-1167
17Xuxueli xxl-job Template JdkSerializeTool.java deserialize injection3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-3366
18Zimbra Collaboration Suite Document Endpoint cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2023-45206
19Rocket.Chat SAML Login Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002350.02CVE-2020-29594
20App Rocket.Chat Nested Markdown cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.00CVE-2021-22886

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (58)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/api/baskets/{name}predictiveHigh
3File/cgi-bin/cstecgi.cgipredictiveHigh
4File/config/getuserpredictiveHigh
5File/h/predictiveLow
6File/img/main.cgipredictiveHigh
7File/lan.asppredictiveMedium
8File/xxx/xxxxxx/xxxxx/xxxxxxx/xxxxxx/xxxxxxpredictiveHigh
9File/xxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
10File/xxxxxx/xxxxxxx/predictiveHigh
11File/xxxx/xxxx_xxxpredictiveHigh
12File/xxxx/xxxxxxxxxx.xxxpredictiveHigh
13File/xx-xxxxpredictiveMedium
14Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveHigh
15Filexxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxxpredictiveHigh
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxx/xxxxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxxpredictiveHigh
18Filexxx/xxx/xxx/xxxx/xxxx/xxxxxxxxxxxxxxxx.xxxxpredictiveHigh
19Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
20Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
23Filexxxxx_xxxx.xxxpredictiveHigh
24Filexxx/xxxxxx.xxxpredictiveHigh
25Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHigh
27Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
28Filexxx_xxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxxxx.xxxx_xxxpredictiveHigh
31Filexxx/xxxx.xxxpredictiveMedium
32Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx.xpredictiveMedium
34Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
35Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveHigh
36File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictiveHigh
37Libraryxxxxx.xxxpredictiveMedium
38Libraryxxxxx_xx.xxxpredictiveMedium
39Libraryxxx/xxxxx_xxxxxx.xxxpredictiveHigh
40Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxxpredictiveMedium
43Argumentxxxxxx xxxxpredictiveMedium
44ArgumentxxxxxxxxxpredictiveMedium
45ArgumentxxxxpredictiveLow
46Argumentxxxx_xxxxxxpredictiveMedium
47ArgumentxxxxxpredictiveLow
48Argumentxxxx_xxxxx_xxxxpredictiveHigh
49ArgumentxxxpredictiveLow
50Argumentxxxx_xxxxpredictiveMedium
51ArgumentxxxxxxpredictiveLow
52Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
53ArgumentxxxxxpredictiveLow
54ArgumentxxxxxxxxxpredictiveMedium
55Argumentxxxxxxxx/xxxxpredictiveHigh
56ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
57Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
58Network Portxxx/xx (xxx)predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!