UNC215 Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (174)

Cronología

Idioma

en154
zh18
es2

País

us116
cn46
gb6
tr2
af2

Actores

UNC2158
HyperBro3
Cobalt Strike3
Emotet1
Brute Ratel C41

Ocupaciones

Interesar

Cronología

Escribe

Not Defined54
Operating System10
Groupware Software8
Content Management System8
Web Server4

Proveedor

Not Defined40
Microsoft12
Apache8
Linux4
MobileIron4

Producto

Microsoft Windows4
Linux Kernel4
MobileIron Core4
MobileIron Connector4
WordPress4

Vulnerabilidad

#VulnerabilidadBaseTemp0dayHoyExpConCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgación de información5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php escalada de privilegios7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.490.00943CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.060.00135CVE-2010-4996
4nginx escalada de privilegios6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.210.00241CVE-2020-12440
5Cacti graph_view.php sql injection8.88.6$0-$5kCalculadorNot DefinedOfficial Fix0.020.01236CVE-2016-3659
6Webmin Download Path cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-38305
7Vmware Workspace ONE Access/Identity Manager Template escalada de privilegios9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97436CVE-2022-22954
8MinIO Admin API autenticación débil8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00116CVE-2020-11012
9Microsoft Windows MSHTML Remote Code Execution8.87.9$100k y más$5k-$25kProof-of-ConceptOfficial Fix0.030.96938CVE-2021-40444
10Fortinet FortiMail/FortiVoiceEntreprise Password Change autenticación débil8.58.5$0-$5k$0-$5kHighNot Defined0.000.02096CVE-2020-9294
11Apache Shiro autenticación débil7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00182CVE-2020-13933
12MyBB Login Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00074CVE-2019-20225
13Actiontec C1000A Website Blocking Page advancedsetup_websiteblocking.html Persistent cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00111CVE-2018-19922
14Apache HTTP Server HTTP Digest Authentication Challenge autenticación débil8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01815CVE-2018-1312
15Invision Power Services IPS SVG Document Stored escalada de privilegios6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00166CVE-2017-8899
16DZCP deV!L`z Clanportal browser.php divulgación de información5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined1.080.02733CVE-2007-1167
17Rocket.Chat SAML Login Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00235CVE-2020-29594
18App Rocket.Chat Nested Markdown cross site scripting4.84.6$0-$5kCalculadorNot DefinedOfficial Fix0.020.00105CVE-2021-22886
19Aruba ArubaOS PAPI escalada de privilegios9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00372CVE-2023-22747
20Roundcube SVG Document rcube_washtml.php cross site scripting5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00680CVE-2023-5631

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDdirección IPHostnameActorCampañasIdentifiedEscribeConfianza
134.65.151.250250.151.65.34.bc.googleusercontent.comUNC2152021-08-10verifiedMedio
246.101.255.16UNC2152021-08-10verifiedAlto
347.75.49.32UNC2152021-08-10verifiedAlto
485.204.74.143UNC2152021-08-10verifiedAlto
5XX.XX.XXX.XXXXxxxxx2021-08-10verifiedAlto
6XXX.XX.XXX.XXXXxxxxx2021-08-10verifiedAlto
7XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxx.xxxxxxxx.xxxXxxxxx2021-08-10verifiedAlto
8XXX.XXX.XX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx2021-08-10verifiedAlto
9XXX.XX.XXX.XXXXxxxxx2021-08-10verifiedAlto
10XXX.XX.XX.XXXXxxxxx2021-08-10verifiedAlto
11XXX.XXX.XX.XXXxxxx.xxxxxxxxxxx.xxxXxxxxx2021-08-10verifiedAlto
12XXX.XX.XX.XXXXxxxxx2021-08-10verifiedAlto
13XXX.XX.XXX.XXxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxx2021-08-10verifiedAlto
14XXX.XX.XXX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2021-08-10verifiedAlto
15XXX.XX.XXX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2021-08-10verifiedAlto
16XXX.XXX.XXX.XXXxxx.xxxxxxx.xxxxXxxxxx2021-08-10verifiedAlto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilidadVector de accesoEscribeConfianza
1T1006CWE-22Path TraversalpredictiveAlto
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxxxxxxxpredictiveAlto
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClaseIndicatorEscribeConfianza
1File/+CSCOE+/logon.htmlpredictiveAlto
2File/api/baskets/{name}predictiveAlto
3File/cgi-bin/cstecgi.cgipredictiveAlto
4File/config/getuserpredictiveAlto
5File/h/predictiveBajo
6File/img/main.cgipredictiveAlto
7File/lan.asppredictiveMedio
8File/xxx/xxxxxx/xxxxx/xxxxxxx/xxxxxx/xxxxxxpredictiveAlto
9File/xxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
10File/xxxxxx/xxxxxxx/predictiveAlto
11File/xxxx/xxxx_xxxpredictiveAlto
12File/xxxx/xxxxxxxxxx.xxxpredictiveAlto
13File/xx-xxxxpredictiveMedio
14Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveAlto
15Filexxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxxpredictiveAlto
16Filexxxxxxxx.xxxpredictiveMedio
17Filexxx/xxxxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxxpredictiveAlto
18Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
20Filexxxxx.xxxpredictiveMedio
21Filexxxxxxxxxxxxxx.xxxxpredictiveAlto
22Filexxxxx_xxxx.xxxpredictiveAlto
23Filexxx/xxxxxx.xxxpredictiveAlto
24Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
25Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveAlto
26Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveAlto
27Filexxx_xxxx.xxxpredictiveMedio
28Filexxxxxxx.xxxpredictiveMedio
29Filexxxxxxx.xxxx_xxxpredictiveAlto
30Filexxx/xxxx.xxxpredictiveMedio
31Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveAlto
32Filexxxxxxx.xpredictiveMedio
33Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
34Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveAlto
35File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictiveAlto
36Libraryxxxxx.xxxpredictiveMedio
37Libraryxxxxx_xx.xxxpredictiveMedio
38Libraryxxx/xxxxx_xxxxxx.xxxpredictiveAlto
39Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveAlto
40ArgumentxxxxxxxxpredictiveMedio
41ArgumentxxxxxxxxpredictiveMedio
42Argumentxxxxxx xxxxpredictiveMedio
43ArgumentxxxxxxxxxpredictiveMedio
44ArgumentxxxxpredictiveBajo
45Argumentxxxx_xxxxxxpredictiveMedio
46ArgumentxxxxxpredictiveBajo
47Argumentxxxx_xxxxx_xxxxpredictiveAlto
48ArgumentxxxpredictiveBajo
49Argumentxxxx_xxxxpredictiveMedio
50ArgumentxxxxxxpredictiveBajo
51Argumentxxxxxx/xxxxxx_xxxxxxpredictiveAlto
52ArgumentxxxxxpredictiveBajo
53ArgumentxxxxxxxxxpredictiveMedio
54Argumentxxxxxxxx/xxxxpredictiveAlto
55ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
56Argumentx-xxxxxxxxx-xxxxxxpredictiveAlto
57Network Portxxx/xx (xxx)predictiveMedio

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

AnteriorVisión De ConjuntoPróximo

Interested in the pricing of exploits?

See the underground prices here!