UAC-0006 Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (311)

Idioma

en	262
de	16
ru	12
es	8
pl	6

País

us	152
gb	36
ru	36
ca	20
cn	4

Actores

UAC-0006	14
Cobalt Strike	7
Stealc	3
Raccoon	3
Vidar	3

Interesar

Escribe

Not Defined	86
WordPress Plugin	14
Operating System	8
Content Management System	8
Router Operating System	4

Proveedor

Not Defined	84
Microsoft	14
Cisco	8
HP	4
Oracle	4

Producto

ILIAS	6
Microsoft Windows	6
Cisco IOS	4
Cisco IOS XE	4
Microsoft Excel	4

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.70	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información	5.3	5.2	$5k-$25k	Calculador	High	Workaround	0.02016	0.00	CVE-2007-1192
3	TikiWiki tiki-register.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	7.13	CVE-2006-6168
4	Tiki Admin Password tiki-login.php autenticación débil	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	2.63	CVE-2020-15906
5	Pligg cloud.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.27
6	WoltLab Burning Book addentry.php sql injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.00	CVE-2006-5509
7	jforum User escalada de privilegios	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.06	CVE-2019-7550
8	Faq-O-Matic fom.cgi cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00718	0.04	CVE-2006-0251
9	Foxit Studio Photo PSD File desbordamiento de búfer	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02190	0.05	CVE-2020-8878
10	Apache Superset Dashboard cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00128	0.05	CVE-2021-27907
11	Joomla sql injection	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00142	0.11	CVE-2022-23797
12	DZCP deV!L`z Clanportal browser.php divulgación de información	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.91	CVE-2007-1167
13	Microsoft Office Excel escalada de privilegios	7.3	6.9	$5k-$25k	$0-$5k	High	Official Fix	0.01336	0.00	CVE-2021-42292
14	NetBus Authentication autenticación débil	4.8	4.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00763	0.06	CVE-2003-1475
15	Kinesphere eXchange POP3 Mail From desbordamiento de búfer	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.28323	0.04	CVE-2004-1945
16	PhotoPost PHP showgallery.php escalada de privilegios	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
17	NodeBB XML-RPC Request xmlrpc.php escalada de privilegios	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.25350	0.04	CVE-2023-43187
18	Foxit Reader Javascript exportDataObject API escalada de privilegios	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00154	0.00	CVE-2023-35985
19	OpenVPN 64-bit Block Cipher SWEET32 cifrado débil	5.7	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00518	0.06	CVE-2016-6329
20	Opentext Document Sciences xPression cm_doclist_view_uc.jsp sql injection	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00182	0.00	CVE-2017-14758

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	23.230.13.93		UAC-0006	2024-03-20	verified	Alto
2	45.87.154.158	vm2177324.stark-industries.solutions	UAC-0006	2024-03-20	verified	Alto
3	45.129.14.157		UAC-0006	2024-03-20	verified	Alto
4	45.143.136.123	free.example.com	UAC-0006	2024-03-20	verified	Alto
5	45.144.28.76	vm1856696.stark-industries.solutions	UAC-0006	2024-03-20	verified	Alto
6	77.232.37.148	host-77-232-37-148.macloud.host	UAC-0006	2024-03-20	verified	Alto
7	XX.XX.XXX.XXX	xxxx.xxxx.xxxxxx	Xxx-xxxx	2024-03-20	verified	Alto
8	XX.XXX.XXX.XX	xxxxxxxxxxxxxxxx.xxxxx	Xxx-xxxx	2024-03-20	verified	Alto
9	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxxxxxxxxx.xx	Xxx-xxxx	2024-03-20	verified	Alto
10	XX.XXX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
11	XX.XXX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
12	XX.XXX.XXX.XXX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxx-xxxx	2024-03-20	verified	Alto
13	XXX.XXX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
14	XXX.XXX.XXX.XXX	xxx-xxxxxx.xxxxxxxx.xx	Xxx-xxxx	2024-03-20	verified	Alto
15	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxx-xxxx	2024-03-20	verified	Alto
16	XXX.XXX.XX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
17	XXX.XX.XXX.XX		Xxx-xxxx	2024-03-20	verified	Alto
18	XXX.XXX.XXX.XXX	xxxx.xxxx	Xxx-xxxx	2024-03-20	verified	Alto
19	XXX.XXX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
20	XXX.XXX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
21	XXX.XXX.XXX.XX	xxxx.xxx.xx.xxxxxxx.xxx	Xxx-xxxx	2024-03-20	verified	Alto
22	XXX.XXX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
23	XXX.XXX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
24	XXX.XX.XX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
25	XXX.XX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
26	XXX.XXX.XX.XX	xxx-xxx-xx-xx.xxxxxxxxxxx.xx	Xxx-xxxx	2024-03-20	verified	Alto
27	XXX.XXX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto
28	XXX.XX.XXX.XXX		Xxx-xxxx	2024-03-20	verified	Alto

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Clase	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1040	CAPEC-102	CWE-294	Authentication Bypass by Capture-replay	predictive	Alto
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
4	T1059	CAPEC-137	CWE-88, CWE-94	Argument Injection	predictive	Alto
5	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Alto
8	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
12	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
13	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
14	TXXXX	CAPEC-102	CWE-XXX	Xxx Xx Xxxxxxxxxx Xxxxxxx Xxxxxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
15	TXXXX	CAPEC-50	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
16	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
17	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Alto
18	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
19	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
20	TXXXX.XXX	CAPEC-59	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
21	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto
22	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (89)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/Duty/AjaxHandle/UploadHandler.ashx	predictive	Alto
2	File	/forum/away.php	predictive	Alto
3	File	/goform/setmac	predictive	Alto
4	File	/include/chart_generator.php	predictive	Alto
5	File	/manager?action=getlogcat	predictive	Alto
6	File	/members/profiles.php	predictive	Alto
7	File	/version.js	predictive	Medio
8	File	/xAdmin/html/cm_doclist_view_uc.jsp	predictive	Alto
9	File	/_next	predictive	Bajo
10	File	addentry.php	predictive	Medio
11	File	xxxx_xxxxxxxxxxxxxx.xxx	predictive	Alto
12	File	xxxx/xxx/xxx/xxx/xxx.x	predictive	Alto
13	File	xxxxxxxx.x	predictive	Medio
14	File	xxx.x	predictive	Bajo
15	File	xxxxxxxxxx_xxxxx.xxx	predictive	Alto
16	File	xxxxx.xxx	predictive	Medio
17	File	xxxxxx.xxx	predictive	Medio
18	File	xxxxxx.xxx	predictive	Medio
19	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
20	File	xxxxxxxxxxx.xxx	predictive	Alto
21	File	xx_xxxxxxx	predictive	Medio
22	File	xxx.xxx	predictive	Bajo
23	File	xxxxxxxx.xxx	predictive	Medio
24	File	xxxxxx/xxxxx	predictive	Medio
25	File	xxxxx.xxx	predictive	Medio
26	File	xxx/xxxxxx.xxx	predictive	Alto
27	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
28	File	xxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxx	predictive	Alto
29	File	xxxxxxxxx.xxx	predictive	Alto
30	File	xxxxx-xxx.x	predictive	Medio
31	File	xx/xxxxxxx-xxxxxx-xxxx-xxxxxx-xxxxxxx/xxxxxx/xxx/xxxxx.xxx	predictive	Alto
32	File	xxxxxxxxxx/xxxx.x	predictive	Alto
33	File	xxxxxxxxxx/xxxxxxxx.x	predictive	Alto
34	File	xxxxxxxxxx/xxxx.x	predictive	Alto
35	File	xxxxxxxx.x	predictive	Medio
36	File	xxx.x	predictive	Bajo
37	File	xxx_xxxxxxx.x	predictive	Alto
38	File	xxx_xxxx.xxx	predictive	Medio
39	File	xxxxx_xxxxxx_xxx.xxx	predictive	Alto
40	File	xxxxx.xxx	predictive	Medio
41	File	xxxxxxxxxx.xxx	predictive	Alto
42	File	xxxxxxxx-x.xx	predictive	Alto
43	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
44	File	xxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxx	predictive	Alto
45	File	xxx.x	predictive	Bajo
46	File	xxxxxx.xxx	predictive	Medio
47	File	xxxxxx/	predictive	Bajo
48	File	xxxxxxxx.xxx	predictive	Medio
49	File	xxxxxxxxxxx.xxx	predictive	Alto
50	File	xxx_xxxxx.x	predictive	Medio
51	File	xxxx-xxxxx.xxx	predictive	Alto
52	File	xxxx-xxxxxxxx.xxx	predictive	Alto
53	File	xxx.xxx	predictive	Bajo
54	File	xxxxxxxx.xxx	predictive	Medio
55	File	xxxxxx.xxx	predictive	Medio
56	File	xx-xxxxxxxx/xxxx.xxx	predictive	Alto
57	File	xxxxxx.xxx	predictive	Medio
58	File	~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
59	Library	xxxxxxxx.xxx	predictive	Medio
60	Library	xxxxxxxxxxxxxxxx.xxx	predictive	Alto
61	Library	xxxxxx.xxx	predictive	Medio
62	Library	xxxxx.xxx	predictive	Medio
63	Library	xxx/xxxxxxxxx.xxx	predictive	Alto
64	Argument	xxxxxxxx	predictive	Medio
65	Argument	xxxxxxx/xxxxxxxx	predictive	Alto
66	Argument	xxx	predictive	Bajo
67	Argument	xxxxxxxxxx	predictive	Medio
68	Argument	xxxxxx	predictive	Bajo
69	Argument	xxxxxxxxxxx	predictive	Medio
70	Argument	xxxxxxx	predictive	Bajo
71	Argument	xxxxxxxxxx	predictive	Medio
72	Argument	xxxx	predictive	Bajo
73	Argument	xxxxxxxx	predictive	Medio
74	Argument	xxxxx	predictive	Bajo
75	Argument	xx	predictive	Bajo
76	Argument	xxxxxxxx_xxx	predictive	Medio
77	Argument	xx	predictive	Bajo
78	Argument	xxxx	predictive	Bajo
79	Argument	xxxxxxxx	predictive	Medio
80	Argument	xxxxxxx	predictive	Bajo
81	Argument	xx_xxxx	predictive	Bajo
82	Argument	xxxxxxxx	predictive	Medio
83	Argument	xxxxxxx_xx	predictive	Medio
84	Argument	xxx	predictive	Bajo
85	Argument	xxx	predictive	Bajo
86	Argument	xxx	predictive	Bajo
87	Argument	_xxxxxxxx	predictive	Medio
88	Input Value	xx%xxxxxxx%xxxxxxxx%xxx,x,xxxxxx_xx%xxxxxx,xxxxx_xxxx,xxxxxx_xxxx%xx,x,x%xxxxxx%xxxxxxxxxxxxx_xxxxxx.xxxxxxx--	predictive	Alto
89	Network Port	xxx/xx (xxxxxx)	predictive	Alto

Referencias (7)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!