UNC215 Analysis

IOB - Indicator of Behavior (146)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en134
zh8
es2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us90
cn48
af2
gb2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

DZCP deV!L`z Clanportal4
Microsoft Excel4
Invision Power Services IPS2
Microsoft Office2
Jetty2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.040.04187CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.560.04187CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.080.01213CVE-2010-4996
4Vmware Workspace ONE Access/Identity Manager Template injection9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.93243CVE-2022-22954
5MinIO Admin API authentication bypass8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01018CVE-2020-11012
6Microsoft Windows MSHTML Remote Code Execution8.87.9$100k and more$5k-$25kProof-of-ConceptOfficial Fix0.000.90841CVE-2021-40444
7Fortinet FortiMail/FortiVoiceEntreprise Password Change improper authentication8.58.5$0-$5kCalculatingHighNot Defined0.020.33168CVE-2020-9294
8Apache Shiro improper authentication7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.35688CVE-2020-13933
9MyBB Login redirect6.66.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2019-20225
10Actiontec C1000A Website Blocking Page advancedsetup_websiteblocking.html Persistent cross site scripting5.75.7$0-$5kCalculatingNot DefinedNot Defined0.040.01055CVE-2018-19922
11Apache HTTP Server HTTP Digest Authentication Challenge improper authentication8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.240.07767CVE-2018-1312
12Invision Power Services IPS SVG Document Stored access control6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.090.00954CVE-2017-8899
13DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.06790CVE-2007-1167
14Zoom On-Premise Meeting Connector MMR access control7.77.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00885CVE-2022-28758
15Synacor Zimbra Collaboration Suite amavisd public unrestricted upload7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.010.79060CVE-2022-41352
16Kingsoft WPS Presentation PPS File d3dx9_41.dll uncontrolled search path6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-26511
17Microsoft SharePoint Server Privilege Escalation8.88.1$25k-$100k$0-$5kUnprovenOfficial Fix0.080.01967CVE-2022-29108
18Microsoft Excel Remote Code Execution7.36.7$5k-$25k$0-$5kUnprovenOfficial Fix0.020.01528CVE-2022-29109
19Microsoft IIS ASP input validation5.45.1$25k-$100k$5k-$25kProof-of-ConceptUnavailable0.030.16535CVE-2009-4444
20Huawei Smart Phone Video Stream Transmission information disclosure4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.050.00885CVE-2021-22325

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1055CWE-74InjectionpredictiveHigh
3T1059CWE-94Cross Site ScriptingpredictiveHigh
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (45)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/config/getuserpredictiveHigh
3File/img/main.cgipredictiveHigh
4File/lan.asppredictiveMedium
5File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
6File/public/plugins/predictiveHigh
7File/xxxx/xxxx_xxxpredictiveHigh
8File/xx-xxxxpredictiveMedium
9Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveHigh
10Filexxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxxpredictiveHigh
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxx/xxxxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxxpredictiveHigh
13Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
14Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxxxxxxxx.xxxxpredictiveHigh
17Filexxx/xxxxxx.xxxpredictiveHigh
18Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHigh
20Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHigh
21Filexxx_xxxx.xxxpredictiveMedium
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxx.xxxx_xxxpredictiveHigh
24Filexxx/xxxx.xxxpredictiveMedium
25Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx.xpredictiveMedium
27Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
28Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveHigh
29File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictiveHigh
30Libraryxxxxx.xxxpredictiveMedium
31Libraryxxxxx_xx.xxxpredictiveMedium
32ArgumentxxxxxxxxpredictiveMedium
33ArgumentxxxxxxxxpredictiveMedium
34Argumentxxxxxx xxxxpredictiveMedium
35ArgumentxxxxxxxxxpredictiveMedium
36ArgumentxxxxpredictiveLow
37ArgumentxxxxxpredictiveLow
38ArgumentxxxpredictiveLow
39Argumentxxxx_xxxxpredictiveMedium
40ArgumentxxxxxxpredictiveLow
41ArgumentxxxxxxxxxpredictiveMedium
42Argumentxxxxxxxx/xxxxpredictiveHigh
43ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
44Argumentx-xxxxxxxxx-xxxxxxpredictiveHigh
45Network Portxxx/xx (xxx)predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!