UAC-0008 Analyse

IOB - Indicator of Behavior (52)

Zeitverlauf

Sprache

en36
zh14
es2

Land

ca22
cn14
us8
ru2
es2

Akteure

Aktivitäten

Interesse

Zeitverlauf

Typ

Hersteller

Produkt

Cisco IOS4
Microsoft Windows2
WPA22
Oracle FLEXCUBE Universal Banking2
zzcms2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Beaker Sandbox erweiterte Rechte9.18.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00489CVE-2020-12079
2Microsoft Windows Netlogon Zerologon erweiterte Rechte8.48.0$25k-$100k$0-$5kHighOfficial Fix0.020.35661CVE-2020-1472
3zzcms Cookie search.php SQL Injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00212CVE-2018-18791
4Gila CMS sql SQL Injection5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.020.01183CVE-2020-5515
5part-db erweiterte Rechte9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.020.03930CVE-2022-0848
6CMS Made Simple Installation index.php erweiterte Rechte6.96.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.05588CVE-2018-7448
7IBM InfoSphere Information Governance Catalog Redirect6.26.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00094CVE-2018-1875
8zzcms Parameter dl_sendmail.php SQL Injection6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00088CVE-2021-40280
9Order Listener for WooCommerce Plugin SQL Injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.04131CVE-2022-0948
10VeronaLabs wp-statistics Plugin API Endpoint Blind SQL Injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00250CVE-2019-13275
11Elefant CMS File Upload drop erweiterte Rechte6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00103CVE-2017-20063
12Piwigo SQL Injection7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.030.01601CVE-2023-26876
13PaperCut MF/NG libsmb2 erweiterte Rechte9.89.7$0-$5k$0-$5kNot DefinedOfficial Fix0.030.97227CVE-2023-27350
14IBM WebSphere Application Server Snoop Servlet erweiterte Rechte6.56.2$25k-$100k$0-$5kHighOfficial Fix0.030.00267CVE-2012-2170
15Mamboxchange Extended Registration registration_detailed.inc.php erweiterte Rechte7.36.4$0-$5k$0-$5kUnprovenUnavailable0.020.04757CVE-2006-5254
16MongoDB networkMessageCompressors Pufferüberlauf8.27.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00148CVE-2017-15535
17Oracle Retail Data Extractor for Merchandising Knowledge Module schwache Authentisierung3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00174CVE-2020-9488
18rest-client Gem Backdoor erweiterte Rechte8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.00361CVE-2019-15224
19Cisco ASA/Firepower Threat Defense Session Initiation Protocol Pufferüberlauf7.17.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000.00159CVE-2019-12678
20Opentext Brava! Enterprise/Brava! Server Permission erweiterte Rechte6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.000.00159CVE-2019-12270

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/admin/sqlprädiktivMedium
2File/cmsms-2.1.6-install.php/index.phpprädiktivHigh
3File/filemanager/upload/dropprädiktivHigh
4Fileadmin.php?page=history&filter_image_id=prädiktivHigh
5Filexxxxx/xx_xxxxxxxx.xxxprädiktivHigh
6Filexxxxxxxx.xprädiktivMedium
7Filexxx.xprädiktivLow
8Filexxx/xxxxxx.xxxprädiktivHigh
9Filexxxxx.xxxprädiktivMedium
10Filexxx.x/xxxxxx.xprädiktivHigh
11Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxprädiktivHigh
12Filexxxx-xxxxxx.xprädiktivHigh
13Filexx-xxxxx/xxxxx-xxxx.xxxprädiktivHigh
14Filexx/xxxxxx.xxxprädiktivHigh
15ArgumentxxxxxxxxprädiktivMedium
16Argumentxxxxxx_xxxx_xxprädiktivHigh
17ArgumentxxxxxxxprädiktivLow
18ArgumentxxprädiktivLow
19ArgumentxxxprädiktivLow
20Argumentxxxxxxxxx_xxxxxxxx_xxxxprädiktivHigh
21ArgumentxxxxxprädiktivLow
22ArgumentxxxxxxxxprädiktivMedium
23Network Portxxx/xx (xxx)prädiktivMedium
24Network Portxxx/xx (xxxxxx)prädiktivHigh
25Network Portxxx/xxxxprädiktivMedium

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!