UAC-0057 Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (49)

Sequenza temporale

Linguaggio

en26
ru12
zh10
it2

Nazione

us16
cn8
ru8
sg4
it2

Attori

UAC-00572
Mars Stealer1

Attività

Interesse

Sequenza temporale

Genere

Not Defined14
Financial Software4
Cloud Software2
Network Management Software2
Backup Software2

Fornitore

Not Defined16
SourceCodester4
VMware2
Vinchin2
Microsoft2

Prodotto

SourceCodester Microfinance Management System4
VMware Spring Cloud Function2
Zabbix2
Adminer2
Vinchin Backup and Recovery2

Vulnerabilità

#VulnerabilitàBaseTemp0dayOggiSfrConEPSSCTICVE
1Adminer adminer.php escalazione di privilegi7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020920.05CVE-2021-21311
2School Club Application System escalazione di privilegi6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.002010.14CVE-2022-1287
3phpMyAdmin autenticazione debole7.57.4$5k-$25k$0-$5kHighOfficial Fix0.973690.02CVE-2018-12613
4VMware Spring Cloud Function SpEL Expression escalazione di privilegi9.89.6$5k-$25k$0-$5kHighOfficial Fix0.975330.04CVE-2022-22963
5SAP Information System POST Request add_admin.php autenticazione debole7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.18CVE-2022-1248
6Dromara HuTool Aviator Template Engine sql injection7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.003070.05CVE-2023-24163
7Synology CardDAV Server WebAPI sql injection7.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.05CVE-2022-27613
8SEMCMS Ant_Suxin.php sql injection7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000680.00CVE-2023-37647
9SEMCMS Ant_Rponse.php sql injection7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000890.00CVE-2023-31707
10TSplus Remote Access rivelazione di un 'informazione5.95.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.007990.04CVE-2023-31069
11TSplus Remote Access www. escalazione di privilegi7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.015850.00CVE-2023-31067
12Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.515980.05CVE-2023-21707
13Microsoft Exchange Server Privilege Escalation7.26.6$5k-$25k$5k-$25kUnprovenOfficial Fix0.016410.04CVE-2023-21710
14Microsoft Exchange Server rivelazione di un 'informazione9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.003330.00CVE-2023-21709
15Grafana Snapshot denial of service6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.024150.05CVE-2021-27358
16click5 Sitemap Plugin REST Endpoint escalazione di privilegi4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.457510.00CVE-2022-0952
17Primetek Primefaces crittografia debole8.58.3$0-$5k$0-$5kHighNot Defined0.970130.00CVE-2017-1000486
18Plesk Obsidian Login Page escalazione di privilegi5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001740.05CVE-2023-24044
19PHP cgi_main.c escalazione di privilegi7.37.0$25k-$100k$0-$5kHighOfficial Fix0.973630.05CVE-2012-1823
20WP Statistics Plugin esc_sql sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.016060.04CVE-2021-24340

Campagne (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-38831

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDindirizzo IPHostnameAttoreCampagneIdentifiedGenereFiducia
131.192.234.194cdn.exiro.siteUAC-0057CVE-2023-3883120/03/2024verifiedAlto
2XX.X.XX.XXXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxx-xxxxXxx-xxxx-xxxxx20/03/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnerabilitàAccesso al vettoreGenereFiducia
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCAPEC-189CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorGenereFiducia
1File%PROGRAMFILES(X86)%\TSplus\Clients\www.predictiveAlto
2File/Ant_Suxin.phppredictiveAlto
3File/aqpg/users/login.phppredictiveAlto
4File/cwms/classes/Master.php?f=save_contactpredictiveAlto
5File/xxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
6File/xxxx/xxxxx.xxxpredictiveAlto
7File/xxx_xxxxxx/xxxxxxxxxxxx.xxxpredictiveAlto
8File/xxx_xxxxxxxxxxx_xxxxxx/xxxxxxxxxxx/xxx_xxxxx.xxxpredictiveAlto
9File/xxxx/xxxxxxx/xxxxx.xxx?x=xxxx_xxxxpredictiveAlto
10File/xxxxxxxxpredictiveMedia
11Filexxxxx.xxxpredictiveMedia
12Filexxxxxxx.xxxpredictiveMedia
13Filexxx_xxxxxx.xxxpredictiveAlto
14Filexxxx/xxx/xxx/xxxxxxx.xpredictiveAlto
15Filexxxxxxxxxx.xxxpredictiveAlto
16Filexxxx/xxx/xxx_xxxx.xpredictiveAlto
17Filexxxxx.xxxpredictiveMedia
18Argument$_xxxxxx['xxxxx_xxxxxx']predictiveAlto
19Argumentxxxxx xxxx/xxxxxx xxxx/xxxx xxxxpredictiveAlto
20Argumentxxxxx_xxxxpredictiveMedia
21Argumentxxxxx_xxxx/xxxxxx_xxxx/xxxxxxxpredictiveAlto
22Argumentxxxxx_xxpredictiveMedia
23ArgumentxxxxpredictiveBasso
24ArgumentxxpredictiveBasso
25ArgumentxxxxxxxpredictiveBasso
26Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
27Input Value'||x=x#predictiveBasso
28Input Value-xpredictiveBasso
29Network Portxxx/xx (xxx xxxxxxxx)predictiveAlto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

PrecedenteVisione D'insiemeIl prossimo

Do you want to use VulDB in your project?

Use the official API to access entries easily!