UAC-0035 Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (8)

Linguaggio

en	8

Nazione

us	8

Attori

RecordBreaker	1
BazarLoader	1
UAC-0035	1
Vidar	1
Cobalt Strike	1

Interesse

Genere

Database Administration Software	2
SCADA Software	2
Operating System	2

Fornitore

Not Defined	2
Siemens	2
Microsoft	2

Prodotto

phpMyAdmin	2
Siemens SIMATIC Drive Controller	2
Siemens SIMATIC ET 200SP Open Controller CPU 1515S ...	2
Siemens SIMATIC S7-1200 CPU	2
Siemens SIMATIC S7-1500 CPU	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Monstaftp File escalazione di privilegi	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00343	0.00	CVE-2022-27468
2	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	1.23	CVE-2007-0354
3	Siemens SIMATIC Drive Controller Service Port 102 escalazione di privilegi	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00095	0.03	CVE-2021-37185
4	phpMyAdmin Git Information GitRevision.php Remote Code Execution	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00190	0.04	CVE-2019-19617
5	Microsoft Windows Fast FAT File System Driver rivelazione di un 'informazione	4.9	4.3	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.04	CVE-2021-41343

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Campagne	Identified	Genere	Fiducia
1	45.95.11.34		UAC-0035		21/07/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1505	CAPEC-108	CWE-89	SQL Injection	predictive	Alto
2	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
3	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	email.php	predictive	Media
2	File	xxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxxxxxxx.xxx	predictive	Alto
3	Argument	xx	predictive	Basso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you know our Splunk app?

Download it now for free!