UAC-0008 Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Sequenza temporale

Linguaggio

en32
zh20

Nazione

cn22
ca16
us10
ru2

Attori

UAC-00084
Pikabot1

Attività

Interesse

Sequenza temporale

Genere

Not Defined18
Content Management System6
WordPress Plugin4
Database Software2
Router Operating System2

Fornitore

Not Defined14
Cisco4
Microsoft4
Oracle4
JetBrains2

Prodotto

WPA24
JetBrains IntelliJ IDEA2
MongoDB2
Cisco IOS2
Cisco IOS XE2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Beaker Sandbox escalazione di privilegi9.18.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004890.00CVE-2020-12079
2Microsoft Windows Netlogon Zerologon escalazione di privilegi8.48.0$25k-$100k$0-$5kHighOfficial Fix0.450820.04CVE-2020-1472
3zzcms Cookie search.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002120.03CVE-2018-18791
4Gila CMS sql sql injection5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.011380.00CVE-2020-5515
5part-db escalazione di privilegi9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.084270.02CVE-2022-0848
6CMS Made Simple Installation index.php escalazione di privilegi6.96.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.095440.00CVE-2018-7448
7IBM InfoSphere Information Governance Catalog Redirect6.26.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000940.00CVE-2018-1875
8zzcms Parameter dl_sendmail.php sql injection6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.000880.00CVE-2021-40280
9Order Listener for WooCommerce Plugin sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.041310.00CVE-2022-0948
10VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
11Elefant CMS File Upload drop escalazione di privilegi6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001030.06CVE-2017-20063
12Piwigo sql injection7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.018470.00CVE-2023-26876
13PaperCut MF/NG libsmb2 escalazione di privilegi9.89.7$0-$5k$0-$5kNot DefinedOfficial Fix0.972040.00CVE-2023-27350
14IBM WebSphere Application Server Snoop Servlet escalazione di privilegi6.56.2$25k-$100k$0-$5kHighOfficial Fix0.002670.02CVE-2012-2170
15Mamboxchange Extended Registration registration_detailed.inc.php escalazione di privilegi7.36.4$0-$5k$0-$5kUnprovenUnavailable0.050540.04CVE-2006-5254
16MongoDB networkMessageCompressors buffer overflow8.27.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.03CVE-2017-15535
17Oracle Retail Data Extractor for Merchandising Knowledge Module autenticazione debole3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001910.00CVE-2020-9488
18rest-client Gem Backdoor escalazione di privilegi8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003610.07CVE-2019-15224
19Cisco ASA/Firepower Threat Defense Session Initiation Protocol buffer overflow7.17.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.001590.00CVE-2019-12678
20Opentext Brava! Enterprise/Brava! Server Permission escalazione di privilegi6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001590.00CVE-2019-12270

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
145.76.85.23245.76.85.232.vultrusercontent.comUAC-000821/07/2022verifiedAlto
2XX.XXX.XXX.XXXxx-xxxx21/07/2022verifiedAlto
3XX.XXX.XX.XXXxxx.xxxx.xxxx.xxXxx-xxxx21/07/2022verifiedAlto
4XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxx-xxxx21/07/2022verifiedAlto
5XXX.XXX.X.XXXxxxxxxxx.xxxxxx-xx.xxxxxxxxxx.xxxxxxXxx-xxxx21/07/2022verifiedAlto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CWE-22Path TraversalpredictiveAlto
2T1059CWE-94Argument InjectionpredictiveAlto
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveAlto
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
11TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveAlto

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File/admin/sqlpredictiveMedia
2File/cmsms-2.1.6-install.php/index.phppredictiveAlto
3File/filemanager/upload/droppredictiveAlto
4Fileadmin.php?page=history&filter_image_id=predictiveAlto
5Filexxxxx/xx_xxxxxxxx.xxxpredictiveAlto
6Filexxxxxxxx.xpredictiveMedia
7Filexxx.xpredictiveBasso
8Filexxx/xxxxxx.xxxpredictiveAlto
9Filexxxxx.xxxpredictiveMedia
10Filexxx.x/xxxxxx.xpredictiveAlto
11Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveAlto
12Filexxxx-xxxxxx.xpredictiveAlto
13Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveAlto
14Filexx/xxxxxx.xxxpredictiveAlto
15ArgumentxxxxxxxxpredictiveMedia
16Argumentxxxxxx_xxxx_xxpredictiveAlto
17ArgumentxxxxxxxpredictiveBasso
18ArgumentxxpredictiveBasso
19ArgumentxxxpredictiveBasso
20Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveAlto
21ArgumentxxxxxpredictiveBasso
22ArgumentxxxxxxxxpredictiveMedia
23Network Portxxx/xx (xxx)predictiveMedia
24Network Portxxx/xx (xxxxxx)predictiveAlto
25Network Portxxx/xxxxpredictiveMedia

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Interested in the pricing of exploits?

See the underground prices here!