UAC-0006 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (274)

Idioma

en	216
de	24
ru	18
es	8
zh	4

País

us	148
ru	44
ca	22
gb	22
cn	6

Actores

UAC-0006	16
Cobalt Strike	8
Vidar	5
RecordBreaker	3
RedLine Stealer	3

Interesse

Tipo

Not Defined	64
Operating System	10
WordPress Plugin	10
Groupware Software	6
Forum Software	6

Fabricante

Not Defined	50
Microsoft	14
Cisco	6
Oracle	6
Foxit	4

Produto

Microsoft Windows	8
FFmpeg	4
DZCP deV!L`z Clanportal	2
Foxit Reader	2
Parallels Desktop	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.74	CVE-2010-0966
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
3	TikiWiki tiki-register.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	0.80	CVE-2006-6168
4	Tiki Admin Password tiki-login.php Fraca autenticação	8.0	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00936	1.67	CVE-2020-15906
5	Pligg cloud.php Injecção SQL	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.27
6	WoltLab Burning Book addentry.php Injecção SQL	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.02	CVE-2006-5509
7	jforum User direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00289	0.04	CVE-2019-7550
8	Foxit Studio Photo PSD File Excesso de tampão	7.0	7.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02190	0.00	CVE-2020-8878
9	Apache Superset Dashboard Roteiro Cruzado de Sítios	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00128	0.03	CVE-2021-27907
10	Joomla Injecção SQL	6.3	6.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00142	0.02	CVE-2022-23797
11	DZCP deV!L`z Clanportal browser.php Divulgação de Informação	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.45	CVE-2007-1167
12	Microsoft Office Excel direitos alargados	7.3	6.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.01336	0.00	CVE-2021-42292
13	NodeBB XML-RPC Request xmlrpc.php direitos alargados	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.11383	0.02	CVE-2023-43187
14	Foxit Reader Javascript exportDataObject API direitos alargados	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00154	0.00	CVE-2023-35985
15	OpenVPN 64-bit Block Cipher SWEET32 Encriptação fraca	5.7	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00518	0.00	CVE-2016-6329
16	Opentext Document Sciences xPression cm_doclist_view_uc.jsp Injecção SQL	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00182	0.00	CVE-2017-14758
17	FormCraft Plugin formcraft3_get direitos alargados	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03494	0.02	CVE-2022-0591
18	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00122	0.18	CVE-2018-6200
19	Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System Duty Module UploadHandler.ashx direitos alargados	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00063	0.18	CVE-2023-3623
20	Smartisoft phpListPro magic_quotes_gpc config.php direitos alargados	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.06574	0.00	CVE-2006-2523

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	23.230.13.93		UAC-0006	20/03/2024	verified	Alto
2	45.87.154.158	vm2177324.stark-industries.solutions	UAC-0006	20/03/2024	verified	Alto
3	45.129.14.157		UAC-0006	20/03/2024	verified	Alto
4	45.143.136.123	free.example.com	UAC-0006	20/03/2024	verified	Alto
5	45.144.28.76	vm1856696.stark-industries.solutions	UAC-0006	20/03/2024	verified	Alto
6	77.232.37.148	host-77-232-37-148.macloud.host	UAC-0006	20/03/2024	verified	Alto
7	XX.XX.XXX.XXX	xxxx.xxxx.xxxxxx	Xxx-xxxx	20/03/2024	verified	Alto
8	XX.XXX.XXX.XX	xxxxxxxxxxxxxxxx.xxxxx	Xxx-xxxx	20/03/2024	verified	Alto
9	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxxxxxxxxx.xx	Xxx-xxxx	20/03/2024	verified	Alto
10	XX.XXX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
11	XX.XXX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
12	XX.XXX.XXX.XXX	xxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxx	Xxx-xxxx	20/03/2024	verified	Alto
13	XXX.XXX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
14	XXX.XXX.XXX.XXX	xxx-xxxxxx.xxxxxxxx.xx	Xxx-xxxx	20/03/2024	verified	Alto
15	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xx	Xxx-xxxx	20/03/2024	verified	Alto
16	XXX.XXX.XX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
17	XXX.XX.XXX.XX		Xxx-xxxx	20/03/2024	verified	Alto
18	XXX.XXX.XXX.XXX	xxxx.xxxx	Xxx-xxxx	20/03/2024	verified	Alto
19	XXX.XXX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
20	XXX.XXX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
21	XXX.XXX.XXX.XX	xxxx.xxx.xx.xxxxxxx.xxx	Xxx-xxxx	20/03/2024	verified	Alto
22	XXX.XXX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
23	XXX.XXX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
24	XXX.XX.XX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
25	XXX.XX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
26	XXX.XXX.XX.XX	xxx-xxx-xx-xx.xxxxxxxxxxx.xx	Xxx-xxxx	20/03/2024	verified	Alto
27	XXX.XXX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto
28	XXX.XX.XXX.XXX		Xxx-xxxx	20/03/2024	verified	Alto

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1040	CWE-294	Authentication Bypass by Capture-replay	predictive	Alto
3	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
4	T1059	CWE-88, CWE-94	Argument Injection	predictive	Alto
5	TXXXX.XXX	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxx Xx Xxxx-xxxxx Xxxxxxxx	predictive	Alto
8	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Alto
9	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
11	TXXXX	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
12	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
13	TXXXX	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Alto
14	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Alto
15	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
16	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto
17	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
18	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/Duty/AjaxHandle/UploadHandler.ashx	predictive	Alto
2	File	/forum/away.php	predictive	Alto
3	File	/goform/setmac	predictive	Alto
4	File	/include/chart_generator.php	predictive	Alto
5	File	/manager?action=getlogcat	predictive	Alto
6	File	/members/profiles.php	predictive	Alto
7	File	/xAdmin/html/cm_doclist_view_uc.jsp	predictive	Alto
8	File	addentry.php	predictive	Médio
9	File	arch/x86/kvm/svm/sev.c	predictive	Alto
10	File	xxxxxxxx.x	predictive	Médio
11	File	xxx.x	predictive	Baixo
12	File	xxxxxxxxxx_xxxxx.xxx	predictive	Alto
13	File	xxxxx.xxx	predictive	Médio
14	File	xxxxxx.xxx	predictive	Médio
15	File	xxxxxx.xxx	predictive	Médio
16	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
17	File	xxxxxxxxxxx.xxx	predictive	Alto
18	File	xx_xxxxxxx	predictive	Médio
19	File	xxxxxxxx.xxx	predictive	Médio
20	File	xxxxxx/xxxxx	predictive	Médio
21	File	xxx/xxxxxx.xxx	predictive	Alto
22	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
23	File	xxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxx	predictive	Alto
24	File	xxxxxxxxx.xxx	predictive	Alto
25	File	xxxxx-xxx.x	predictive	Médio
26	File	xx/xxxxxxx-xxxxxx-xxxx-xxxxxx-xxxxxxx/xxxxxx/xxx/xxxxx.xxx	predictive	Alto
27	File	xxxxxxxxxx/xxxx.x	predictive	Alto
28	File	xxxxxxxxxx/xxxxxxxx.x	predictive	Alto
29	File	xxxxxxxxxx/xxxx.x	predictive	Alto
30	File	xxx.x	predictive	Baixo
31	File	xxx_xxxxxxx.x	predictive	Alto
32	File	xxx_xxxx.xxx	predictive	Médio
33	File	xxxxx_xxxxxx_xxx.xxx	predictive	Alto
34	File	xxxxx.xxx	predictive	Médio
35	File	xxxxxxxxxx.xxx	predictive	Alto
36	File	xxxxxxxx-x.xx	predictive	Alto
37	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
38	File	xxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxx	predictive	Alto
39	File	xxx.x	predictive	Baixo
40	File	xxxxxx.xxx	predictive	Médio
41	File	xxxxxx/	predictive	Baixo
42	File	xxxxxxxx.xxx	predictive	Médio
43	File	xxx_xxxxx.x	predictive	Médio
44	File	xxxx-xxxxx.xxx	predictive	Alto
45	File	xxxx-xxxxxxxx.xxx	predictive	Alto
46	File	xxx.xxx	predictive	Baixo
47	File	xxxxxxxx.xxx	predictive	Médio
48	File	xxxxxx.xxx	predictive	Médio
49	File	xx-xxxxxxxx/xxxx.xxx	predictive	Alto
50	File	xxxxxx.xxx	predictive	Médio
51	File	~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
52	Library	xxxxxxxx.xxx	predictive	Médio
53	Library	xxxxxxxxxxxxxxxx.xxx	predictive	Alto
54	Library	xxxxxx.xxx	predictive	Médio
55	Library	xxxxx.xxx	predictive	Médio
56	Argument	xxxxxxxx	predictive	Médio
57	Argument	xxxxxxx/xxxxxxxx	predictive	Alto
58	Argument	xxx	predictive	Baixo
59	Argument	xxxxxxxxxx	predictive	Médio
60	Argument	xxxxxx	predictive	Baixo
61	Argument	xxxxxxxxxxx	predictive	Médio
62	Argument	xxxxxxx	predictive	Baixo
63	Argument	xxxxxxxxxx	predictive	Médio
64	Argument	xxxx	predictive	Baixo
65	Argument	xxxxxxxx	predictive	Médio
66	Argument	xxxxx	predictive	Baixo
67	Argument	xx	predictive	Baixo
68	Argument	xxxxxxxx_xxx	predictive	Médio
69	Argument	xx	predictive	Baixo
70	Argument	xxxx	predictive	Baixo
71	Argument	xxxxxxxx	predictive	Médio
72	Argument	xxxxxxx	predictive	Baixo
73	Argument	xxxxxxxx	predictive	Médio
74	Argument	xxxxxxx_xx	predictive	Médio
75	Argument	xxx	predictive	Baixo
76	Argument	xxx	predictive	Baixo
77	Argument	xxx	predictive	Baixo
78	Input Value	xx%xxxxxxx%xxxxxxxx%xxx,x,xxxxxx_xx%xxxxxx,xxxxx_xxxx,xxxxxx_xxxx%xx,x,x%xxxxxx%xxxxxxxxxxxxx_xxxxxx.xxxxxxx--	predictive	Alto
79	Network Port	xxx/xx (xxxxxx)	predictive	Alto

Referências (7)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you know our Splunk app?

Download it now for free!