UAC-0051 Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (165)

Langue

en	100
es	28
zh	18
it	6
de	6

De campagne

es	28
cn	22
it	6
de	6
fr	4

Acteurs

TrickBot	1
UAC-0051	1

Intérêt

Taper

Not Defined	40
Forum Software	10
Content Management System	8
Operating System	2
JavaScript Library	2

Fournisseur

Not Defined	26
Invision Power Services	4
Microsoft	2
Ecomm	2
Apache	2

Produit

SignKorn Guestbook	4
MyBB	4
Invision Power Services IP.Board	4
WordPress	4
Microsoft Windows	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	CTI	EPSS	CVE
1	Softbiz FAQ Script add_comment.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.01302	CVE-2005-3938
2	Joels Bulletin Board newtopic.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00000
3	Michael Barretto Cardboard elévation de privilèges	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00	0.00655	CVE-2001-1584
4	WoltLab Burning Board Lite search.php sql injection	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00264	CVE-2007-6518
5	Forumer / IPB Board Show Topic index.php sql injection	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00000
6	MyBB moderation.php cross site request forgery	6.3	6.1	$5k-$25k	$0-$5k	High	Unavailable	0.00	0.00214	CVE-2008-7082
7	Toms-seiten.at Toms Gästebuch header.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00409	CVE-2007-4896
8	Dreaxteam Xt-News add_comment.php cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.02	0.00599	CVE-2006-6746
9	Cisco Prime Network Registrar cross site scripting	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00135	CVE-2013-3394
10	EMC Document Sciences xPression Dashboard directory traversal	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00155	CVE-2013-6177
11	MyBB reputation.php sql injection	7.3	7.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00	0.00620	CVE-2005-1833
12	WordPress Comment Status options-discussion.php cross site request forgery	4.3	4.1	$5k-$25k	Calculateur	High	Official Fix	0.00	0.00112	CVE-2013-7233
13	WordPress options-discussion.php dénie de service	5.3	5.1	$5k-$25k	$0-$5k	High	Official Fix	0.00	0.00000
14	W2b phpAdBoard File Upload index.php elévation de privilèges	7.3	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.02	0.09236	CVE-2008-6921
15	Flat PHP Board directory traversal	3.3	3.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01	0.00000
16	1Two Livre d Or guestbook.php cross site scripting	6.3	5.7	$0-$5k	Calculateur	Proof-of-Concept	Official Fix	0.00	0.00528	CVE-2005-1644
17	Microsoft Windows Remote Desktop Web Access cross site scripting	5.0	4.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.78438	CVE-2011-1263
18	Tableau Server Log File divulgation de l'information	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00149	CVE-2020-6938
19	ONLYOFFICE Document Server JWT upload directory traversal	8.0	7.2	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.02823	CVE-2021-3199
20	DedeCMS article_coonepage_rule.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00207	CVE-2022-23337

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	185.175.158.27		UAC-0051		21/07/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-21, CWE-22, CWE-23	Path Traversal	predictive	Élevé
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
3	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/cgi-bin/portal	predictive	Élevé
2	File	/index.php	predictive	Moyen
3	File	/iwguestbook/admin/badwords_edit.asp	predictive	Élevé
4	File	/upload	predictive	Faible
5	File	/_next	predictive	Faible
6	File	add.php	predictive	Faible
7	File	add_comment.php	predictive	Élevé
8	File	admin/admin.php	predictive	Élevé
9	File	admin/adminsignin.html	predictive	Élevé
10	File	xxxxx/xxxxxxxx.xxx	predictive	Élevé
11	File	xxxxx/xxxxxx.xxx	predictive	Élevé
12	File	xxxxx/xxxxxx.xxx	predictive	Élevé
13	File	xxxxx/xxxxxxxx.xxxx	predictive	Élevé
14	File	xxxxxxx_xxxxxxxxx_xxxx.xxx	predictive	Élevé
15	File	xxxxxxxxx.xxx	predictive	Élevé
16	File	xxxxxxxxxx/xxx_xxxxx/xxxxxx/xxxxxxxxxxxx.xxx	predictive	Élevé
17	File	xxxxxxx/xxx/xxx_xxxxxxx.x	predictive	Élevé
18	File	xx_xxxxxx.xxx.xxx	predictive	Élevé
19	File	xxxxxxx.xxx	predictive	Moyen
20	File	xxxxxx.xxx	predictive	Moyen
21	File	xxxxxx.xxx	predictive	Moyen
22	File	xxxxxxxxx.xxx	predictive	Élevé
23	File	xxxxxxxxx.xxx	predictive	Élevé
24	File	xxxxx.xxx	predictive	Moyen
25	File	xxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxx	predictive	Élevé
26	File	xxxxxxxxxx.xxx	predictive	Élevé
27	File	xxxxxxxx.xxx	predictive	Moyen
28	File	xxx_xxx_xxxx.xxx	predictive	Élevé
29	File	xxxx.xxx	predictive	Moyen
30	File	xxxxxxxx.xxx	predictive	Moyen
31	File	xxxxxxxxxx.xxx	predictive	Élevé
32	File	xxxxxx.xxx	predictive	Moyen
33	File	xxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxx	predictive	Élevé
34	File	xxxxxx	predictive	Faible
35	File	xxxxxx/xxxxxxxx/xxxxxx.xxx	predictive	Élevé
36	File	xxxxxx/xxxxx.xxx	predictive	Élevé
37	File	xxxxxx.xxx	predictive	Moyen
38	File	xx-xxxxx/xxxxxxx-xxxxxxxxxx.xxx	predictive	Élevé
39	Argument	xxxxxxxx	predictive	Moyen
40	Argument	xxxxxx	predictive	Faible
41	Argument	xxxxxxxx	predictive	Moyen
42	Argument	xxxxxxxx	predictive	Moyen
43	Argument	xxxxxxxxx	predictive	Moyen
44	Argument	xxx_xxxx	predictive	Moyen
45	Argument	xxxxxx	predictive	Faible
46	Argument	xxxxx[xxxxxxxx]	predictive	Élevé
47	Argument	xxxxx	predictive	Faible
48	Argument	xxxxx_xx	predictive	Moyen
49	Argument	xxxxxxxxxxxx	predictive	Moyen
50	Argument	xx	predictive	Faible
51	Argument	xxxxx	predictive	Faible
52	Argument	xxx	predictive	Faible
53	Argument	xx_xxxx	predictive	Faible
54	Argument	xxx_xx	predictive	Faible
55	Argument	xx_xxxx_xxx	predictive	Moyen
56	Argument	xxxx	predictive	Faible
57	Argument	xxxxxxxxxxxxxx	predictive	Élevé
58	Argument	xxxxxx	predictive	Faible
59	Argument	xxx	predictive	Faible
60	Argument	xxxxxxxxx	predictive	Moyen
61	Argument	xxx	predictive	Faible
62	Argument	xxxxxxxxx	predictive	Moyen
63	Argument	xxxx_xxxxxx	predictive	Moyen
64	Argument	xxxxxxx	predictive	Faible
65	Argument	xxxxxxxxx_xxxxxx	predictive	Élevé
66	Argument	xxx_xxx_xxxxxx	predictive	Élevé
67	Argument	xxxxxxxx	predictive	Moyen
68	Input Value	x+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#	predictive	Élevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!