UAC-0008 Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Język

en	38
zh	14

Kraj

ca	18
cn	14
us	12

Aktorzy

UAC-0008	4
Pikabot	1

Wysiłek

Rodzaj

Not Defined	20
Content Management System	6
Router Operating System	4
Web Browser	2
Connectivity Software	2

Sprzedawca

Not Defined	16
Cisco	8
Microsoft	4
DZCP	2
Php4script	2

Produkt

Cisco IOS	4
zzcms	4
DZCP deV!L`z Clanportal	2
Microsoft Internet Explorer	2
Php4script AZ Photo Album Script Pro	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Beaker Sandbox privilege escalation	9.1	8.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00489	0.00	CVE-2020-12079
2	Microsoft Windows Netlogon Zerologon privilege escalation	8.4	8.0	$25k-$100k	$0-$5k	High	Official Fix	0.45082	0.04	CVE-2020-1472
3	zzcms Cookie search.php sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00212	0.03	CVE-2018-18791
4	Gila CMS sql sql injection	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01138	0.04	CVE-2020-5515
5	part-db privilege escalation	9.9	9.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08427	0.02	CVE-2022-0848
6	CMS Made Simple Installation index.php privilege escalation	6.9	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.09544	0.00	CVE-2018-7448
7	IBM InfoSphere Information Governance Catalog Redirect	6.2	6.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00094	0.00	CVE-2018-1875
8	zzcms Parameter dl_sendmail.php sql injection	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.00	CVE-2021-40280
9	Order Listener for WooCommerce Plugin sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04131	0.00	CVE-2022-0948
10	VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00250	0.00	CVE-2019-13275
11	Elefant CMS File Upload drop privilege escalation	6.3	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.04	CVE-2017-20063
12	Piwigo sql injection	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01847	0.00	CVE-2023-26876
13	PaperCut MF/NG libsmb2 privilege escalation	9.8	9.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.97204	0.00	CVE-2023-27350
14	IBM WebSphere Application Server Snoop Servlet privilege escalation	6.5	6.2	$25k-$100k	$0-$5k	High	Official Fix	0.00267	0.02	CVE-2012-2170
15	Mamboxchange Extended Registration registration_detailed.inc.php privilege escalation	7.3	6.4	$0-$5k	$0-$5k	Unproven	Unavailable	0.05054	0.04	CVE-2006-5254
16	MongoDB networkMessageCompressors memory corruption	8.2	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00148	0.03	CVE-2017-15535
17	Oracle Retail Data Extractor for Merchandising Knowledge Module weak authentication	3.7	3.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00191	0.00	CVE-2020-9488
18	rest-client Gem Backdoor privilege escalation	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00361	0.07	CVE-2019-15224
19	Cisco ASA/Firepower Threat Defense Session Initiation Protocol memory corruption	7.1	7.1	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00159	0.00	CVE-2019-12678
20	Opentext Brava! Enterprise/Brava! Server Permission privilege escalation	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00159	0.00	CVE-2019-12270

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	45.76.85.232	45.76.85.232.vultrusercontent.com	UAC-0008	2022-07-21	verified	Wysoki
2	XX.XXX.XXX.XX		Xxx-xxxx	2022-07-21	verified	Wysoki
3	XX.XXX.XX.XXX	xxx.xxxx.xxxx.xx	Xxx-xxxx	2022-07-21	verified	Wysoki
4	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxx-xxxx	2022-07-21	verified	Wysoki
5	XXX.XXX.X.XXX	xxxxxxxx.xxxxxx-xx.xxxxxxxxxx.xxxxxx	Xxx-xxxx	2022-07-21	verified	Wysoki

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1006	CWE-22	Path Traversal	predictive	Wysoki
2	T1059	CWE-94	Argument Injection	predictive	Wysoki
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Wysoki
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Wysoki
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
9	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
10	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki
11	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Wysoki

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/admin/sql	predictive	Medium
2	File	/cmsms-2.1.6-install.php/index.php	predictive	Wysoki
3	File	/filemanager/upload/drop	predictive	Wysoki
4	File	admin.php?page=history&filter_image_id=	predictive	Wysoki
5	File	xxxxx/xx_xxxxxxxx.xxx	predictive	Wysoki
6	File	xxxxxxxx.x	predictive	Medium
7	File	xxx.x	predictive	Niski
8	File	xxx/xxxxxx.xxx	predictive	Wysoki
9	File	xxxxx.xxx	predictive	Medium
10	File	xxx.x/xxxxxx.x	predictive	Wysoki
11	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	predictive	Wysoki
12	File	xxxx-xxxxxx.x	predictive	Wysoki
13	File	xx-xxxxx/xxxxx-xxxx.xxx	predictive	Wysoki
14	File	xx/xxxxxx.xxx	predictive	Wysoki
15	Argument	xxxxxxxx	predictive	Medium
16	Argument	xxxxxx_xxxx_xx	predictive	Wysoki
17	Argument	xxxxxxx	predictive	Niski
18	Argument	xx	predictive	Niski
19	Argument	xxx	predictive	Niski
20	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Wysoki
21	Argument	xxxxx	predictive	Niski
22	Argument	xxxxxxxx	predictive	Medium
23	Network Port	xxx/xx (xxx)	predictive	Medium
24	Network Port	xxx/xx (xxxxxx)	predictive	Wysoki
25	Network Port	xxx/xxxx	predictive	Medium

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Interested in the pricing of exploits?

See the underground prices here!