UAC-0008 تحليل

IOB - Indicator of Behavior (52)

التسلسل الزمني

اللغة

en44
zh8

البلد

ca24
cn10
us10
tk2

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Cisco IOS8
Cisco IOS XE6
OpenSSH4
Microsoft Windows4
BACnet Protocol Stack2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Beaker Sandbox تجاوز الصلاحيات9.18.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00489CVE-2020-12079
2Microsoft Windows Netlogon Zerologon تجاوز الصلاحيات8.48.0$25k-$100k$0-$5kHighOfficial Fix0.010.37970CVE-2020-1472
3zzcms Cookie search.php حقن إس كيو إل8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00212CVE-2018-18791
4Gila CMS sql حقن إس كيو إل5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.040.01138CVE-2020-5515
5part-db تجاوز الصلاحيات9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.04423CVE-2022-0848
6CMS Made Simple Installation index.php تجاوز الصلاحيات6.96.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.05588CVE-2018-7448
7IBM InfoSphere Information Governance Catalog Redirect6.26.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00094CVE-2018-1875
8zzcms Parameter dl_sendmail.php حقن إس كيو إل6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00088CVE-2021-40280
9Order Listener for WooCommerce Plugin حقن إس كيو إل7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.04131CVE-2022-0948
10VeronaLabs wp-statistics Plugin API Endpoint Blind حقن إس كيو إل8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00250CVE-2019-13275
11Elefant CMS File Upload drop تجاوز الصلاحيات6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00103CVE-2017-20063
12Piwigo حقن إس كيو إل7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.030.01601CVE-2023-26876
13PaperCut MF/NG libsmb2 تجاوز الصلاحيات9.89.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.97197CVE-2023-27350
14IBM WebSphere Application Server Snoop Servlet تجاوز الصلاحيات6.56.2$25k-$100k$0-$5kHighOfficial Fix0.030.00267CVE-2012-2170
15Mamboxchange Extended Registration registration_detailed.inc.php تجاوز الصلاحيات7.36.4$0-$5k$0-$5kUnprovenUnavailable0.040.05054CVE-2006-5254
16MongoDB networkMessageCompressors تلف الذاكرة8.27.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00148CVE-2017-15535
17Oracle Retail Data Extractor for Merchandising Knowledge Module توثيق ضعيف3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00174CVE-2020-9488
18rest-client Gem Backdoor تجاوز الصلاحيات8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00361CVE-2019-15224
19Cisco ASA/Firepower Threat Defense Session Initiation Protocol تلف الذاكرة7.17.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00159CVE-2019-12678
20Opentext Brava! Enterprise/Brava! Server Permission تجاوز الصلاحيات6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00159CVE-2019-12270

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
145.76.85.23245.76.85.232.vultrusercontent.comUAC-000821/07/2022verifiedعالي
2XX.XXX.XXX.XXXxx-xxxx21/07/2022verifiedعالي
3XX.XXX.XX.XXXxxx.xxxx.xxxx.xxXxx-xxxx21/07/2022verifiedعالي
4XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxx-xxxx21/07/2022verifiedعالي
5XXX.XXX.X.XXXxxxxxxxx.xxxxxx-xx.xxxxxxxxxx.xxxxxxXxx-xxxx21/07/2022verifiedعالي

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-22Path Traversalpredictiveعالي
2T1059CWE-94Argument Injectionpredictiveعالي
3T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
7TXXXXCWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
8TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
11TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictiveعالي

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/admin/sqlpredictiveمتوسط
2File/cmsms-2.1.6-install.php/index.phppredictiveعالي
3File/filemanager/upload/droppredictiveعالي
4Fileadmin.php?page=history&filter_image_id=predictiveعالي
5Filexxxxx/xx_xxxxxxxx.xxxpredictiveعالي
6Filexxxxxxxx.xpredictiveمتوسط
7Filexxx.xpredictiveواطئ
8Filexxx/xxxxxx.xxxpredictiveعالي
9Filexxxxx.xxxpredictiveمتوسط
10Filexxx.x/xxxxxx.xpredictiveعالي
11Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveعالي
12Filexxxx-xxxxxx.xpredictiveعالي
13Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveعالي
14Filexx/xxxxxx.xxxpredictiveعالي
15Argumentxxxxxxxxpredictiveمتوسط
16Argumentxxxxxx_xxxx_xxpredictiveعالي
17Argumentxxxxxxxpredictiveواطئ
18Argumentxxpredictiveواطئ
19Argumentxxxpredictiveواطئ
20Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveعالي
21Argumentxxxxxpredictiveواطئ
22Argumentxxxxxxxxpredictiveمتوسط
23Network Portxxx/xx (xxx)predictiveمتوسط
24Network Portxxx/xx (xxxxxx)predictiveعالي
25Network Portxxx/xxxxpredictiveمتوسط

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!