UNC215 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (174)

タイムライン

言語

en148
zh20
es2
de2
ko2

国・地域

us124
cn38
gb4
af4
tr2

アクター

UNC2158
HyperBro3
Cobalt Strike3
Donot1
Azorult1

アクティビティ

関心

タイムライン

タイプ

Not Defined46
Groupware Software10
Operating System8
Office Suite Software4
Smartphone Operating System4

ベンダー

Not Defined34
Microsoft14
Apache8
Synacor6
Linux4

製品

Linux Kernel4
Microsoft Office4
DZCP deV!L`z Clanportal4
Microsoft Windows4
Synacor Zimbra Collaboration2

脆弱性

#脆弱性BaseTemp0day本日修復CTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php 特権昇格7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.570.00943CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.050.00135CVE-2010-4996
4nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.100.00241CVE-2020-12440
5Cacti graph_view.php SQLインジェクション8.88.6$0-$5k計算中Not DefinedOfficial Fix0.020.01236CVE-2016-3659
6Webmin Download Path クロスサイトスクリプティング4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.030.00046CVE-2023-38305
7Vmware Workspace ONE Access/Identity Manager Template 特権昇格9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.97436CVE-2022-22954
8MinIO Admin API 弱い認証8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00116CVE-2020-11012
9Microsoft Windows MSHTML Remote Code Execution8.87.9$100k 以上$5k-$25kProof-of-ConceptOfficial Fix0.030.96938CVE-2021-40444
10Fortinet FortiMail/FortiVoiceEntreprise Password Change 弱い認証8.58.5$0-$5k$0-$5kHighNot Defined0.000.02096CVE-2020-9294
11Apache Shiro 弱い認証7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00182CVE-2020-13933
12MyBB Login Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00074CVE-2019-20225
13Actiontec C1000A Website Blocking Page advancedsetup_websiteblocking.html Persistent クロスサイトスクリプティング5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00111CVE-2018-19922
14Apache HTTP Server HTTP Digest Authentication Challenge 弱い認証8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01815CVE-2018-1312
15Invision Power Services IPS SVG Document Stored 特権昇格6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00166CVE-2017-8899
16DZCP deV!L`z Clanportal browser.php 情報の漏洩5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined1.170.02733CVE-2007-1167
17Rocket.Chat SAML Login Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00235CVE-2020-29594
18App Rocket.Chat Nested Markdown クロスサイトスクリプティング4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00105CVE-2021-22886
19Aruba ArubaOS PAPI 特権昇格9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00372CVE-2023-22747
20Roundcube SVG Document rcube_washtml.php クロスサイトスクリプティング5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00680CVE-2023-5631

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
134.65.151.250250.151.65.34.bc.googleusercontent.comUNC2152021年08月10日verified
246.101.255.16UNC2152021年08月10日verified
347.75.49.32UNC2152021年08月10日verified
485.204.74.143UNC2152021年08月10日verified
5XX.XX.XXX.XXXXxxxxx2021年08月10日verified
6XXX.XX.XXX.XXXXxxxxx2021年08月10日verified
7XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxx.xxxxxxxx.xxxXxxxxx2021年08月10日verified
8XXX.XXX.XX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx2021年08月10日verified
9XXX.XX.XXX.XXXXxxxxx2021年08月10日verified
10XXX.XX.XX.XXXXxxxxx2021年08月10日verified
11XXX.XXX.XX.XXXxxxx.xxxxxxxxxxx.xxxXxxxxx2021年08月10日verified
12XXX.XX.XX.XXXXxxxxx2021年08月10日verified
13XXX.XX.XXX.XXxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxx2021年08月10日verified
14XXX.XX.XXX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2021年08月10日verified
15XXX.XX.XXX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx2021年08月10日verified
16XXX.XXX.XXX.XXXxxx.xxxxxxx.xxxxXxxxxx2021年08月10日verified

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-22Path Traversalpredictive
2T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CWE-94Argument Injectionpredictive
4TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
11TXXXX.XXXCWE-XXXXxxxxxxxpredictive
12TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
14TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/+CSCOE+/logon.htmlpredictive
2File/api/baskets/{name}predictive
3File/cgi-bin/cstecgi.cgipredictive
4File/config/getuserpredictive
5File/h/predictive
6File/img/main.cgipredictive
7File/lan.asppredictive
8File/xxx/xxxxxx/xxxxx/xxxxxxx/xxxxxx/xxxxxxpredictive
9File/xxxxxx/xxxxxxxxxxxxxxx.xxxpredictive
10File/xxxxxx/xxxxxxx/predictive
11File/xxxx/xxxx_xxxpredictive
12File/xxxx/xxxxxxxxxx.xxxpredictive
13File/xx-xxxxpredictive
14Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictive
15Filexxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxxpredictive
16Filexxxxxxxx.xxxpredictive
17Filexxx/xxxxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxxpredictive
18Filexxxxxxxxxxxxxxxxxxx.xxxxpredictive
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
20Filexxxxx.xxxpredictive
21Filexxxxxxxxxxxxxx.xxxxpredictive
22Filexxxxx_xxxx.xxxpredictive
23Filexxx/xxxxxx.xxxpredictive
24Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
25Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictive
26Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictive
27Filexxx_xxxx.xxxpredictive
28Filexxxxxxx.xxxpredictive
29Filexxxxxxx.xxxx_xxxpredictive
30Filexxx/xxxx.xxxpredictive
31Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictive
32Filexxxxxxx.xpredictive
33Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictive
34Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictive
35File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictive
36Libraryxxxxx.xxxpredictive
37Libraryxxxxx_xx.xxxpredictive
38Libraryxxx/xxxxx_xxxxxx.xxxpredictive
39Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictive
40Argumentxxxxxxxxpredictive
41Argumentxxxxxxxxpredictive
42Argumentxxxxxx xxxxpredictive
43Argumentxxxxxxxxxpredictive
44Argumentxxxxpredictive
45Argumentxxxx_xxxxxxpredictive
46Argumentxxxxxpredictive
47Argumentxxxx_xxxxx_xxxxpredictive
48Argumentxxxpredictive
49Argumentxxxx_xxxxpredictive
50Argumentxxxxxxpredictive
51Argumentxxxxxx/xxxxxx_xxxxxxpredictive
52Argumentxxxxxpredictive
53Argumentxxxxxxxxxpredictive
54Argumentxxxxxxxx/xxxxpredictive
55Argumentxxxxxxxxxxxxxxxxxpredictive
56Argumentx-xxxxxxxxx-xxxxxxpredictive
57Network Portxxx/xx (xxx)predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you need the next level of professionalism?

Upgrade your account now!