UAC-0008 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Idioma

en	38
zh	14

País

ca	18
cn	14
us	8
tk	2
ru	2

Actores

UAC-0008	4
Pikabot	1

Interesse

Tipo

Not Defined	14
Content Management System	6
Operating System	4
Router Operating System	4
WordPress Plugin	4

Fabricante

Not Defined	8
Microsoft	6
Cisco	6
Oracle	4
Goahead	2

Produto

Microsoft Windows	4
Cisco IOS	4
Cisco IOS XE	4
Microsoft Office	2
OpenSSH	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Beaker Sandbox direitos alargados	9.1	8.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00489	0.00	CVE-2020-12079
2	Microsoft Windows Netlogon Zerologon direitos alargados	8.4	8.3	$25k-$100k	$0-$5k	High	Official Fix	0.45082	0.04	CVE-2020-1472
3	zzcms Cookie search.php Injecção SQL	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00212	0.03	CVE-2018-18791
4	Gila CMS sql Injecção SQL	5.9	5.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01138	0.04	CVE-2020-5515
5	part-db direitos alargados	9.9	9.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08427	0.02	CVE-2022-0848
6	CMS Made Simple Installation index.php direitos alargados	6.9	6.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.08285	0.00	CVE-2018-7448
7	IBM InfoSphere Information Governance Catalog Redirect	6.2	6.2	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00094	0.00	CVE-2018-1875
8	zzcms Parameter dl_sendmail.php Injecção SQL	6.7	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.00	CVE-2021-40280
9	Order Listener for WooCommerce Plugin Injecção SQL	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04131	0.04	CVE-2022-0948
10	VeronaLabs wp-statistics Plugin API Endpoint Blind Injecção SQL	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00250	0.00	CVE-2019-13275
11	Elefant CMS File Upload drop direitos alargados	6.3	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00103	0.04	CVE-2017-20063
12	Piwigo Injecção SQL	7.5	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01847	0.00	CVE-2023-26876
13	PaperCut MF/NG libsmb2 direitos alargados	9.8	9.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.97204	0.03	CVE-2023-27350
14	IBM WebSphere Application Server Snoop Servlet direitos alargados	6.5	6.2	$25k-$100k	$0-$5k	High	Official Fix	0.00267	0.02	CVE-2012-2170
15	Mamboxchange Extended Registration registration_detailed.inc.php direitos alargados	7.3	6.4	$0-$5k	$0-$5k	Unproven	Unavailable	0.05054	0.04	CVE-2006-5254
16	MongoDB networkMessageCompressors Excesso de tampão	8.2	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00148	0.03	CVE-2017-15535
17	Oracle Retail Data Extractor for Merchandising Knowledge Module Fraca autenticação	3.7	3.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00191	0.00	CVE-2020-9488
18	rest-client Gem Backdoor direitos alargados	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00361	0.07	CVE-2019-15224
19	Cisco ASA/Firepower Threat Defense Session Initiation Protocol Excesso de tampão	7.1	7.1	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00159	0.00	CVE-2019-12678
20	Opentext Brava! Enterprise/Brava! Server Permission direitos alargados	6.8	6.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00159	0.00	CVE-2019-12270

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Identified	Tipo	Aceitação
1	45.76.85.232	45.76.85.232.vultrusercontent.com	UAC-0008	21/07/2022	verified	Alto
2	XX.XXX.XXX.XX		Xxx-xxxx	21/07/2022	verified	Alto
3	XX.XXX.XX.XXX	xxx.xxxx.xxxx.xx	Xxx-xxxx	21/07/2022	verified	Alto
4	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxx	Xxx-xxxx	21/07/2022	verified	Alto
5	XXX.XXX.X.XXX	xxxxxxxx.xxxxxx-xx.xxxxxxxxxx.xxxxxx	Xxx-xxxx	21/07/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
4	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
6	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
9	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
11	TXXXX.XXX	CAPEC-	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/admin/sql	predictive	Médio
2	File	/cmsms-2.1.6-install.php/index.php	predictive	Alto
3	File	/filemanager/upload/drop	predictive	Alto
4	File	admin.php?page=history&filter_image_id=	predictive	Alto
5	File	xxxxx/xx_xxxxxxxx.xxx	predictive	Alto
6	File	xxxxxxxx.x	predictive	Médio
7	File	xxx.x	predictive	Baixo
8	File	xxx/xxxxxx.xxx	predictive	Alto
9	File	xxxxx.xxx	predictive	Médio
10	File	xxx.x/xxxxxx.x	predictive	Alto
11	File	xxxxxxxxxxxx_xxxxxxxx.xxx.xxx	predictive	Alto
12	File	xxxx-xxxxxx.x	predictive	Alto
13	File	xx-xxxxx/xxxxx-xxxx.xxx	predictive	Alto
14	File	xx/xxxxxx.xxx	predictive	Alto
15	Argument	xxxxxxxx	predictive	Médio
16	Argument	xxxxxx_xxxx_xx	predictive	Alto
17	Argument	xxxxxxx	predictive	Baixo
18	Argument	xx	predictive	Baixo
19	Argument	xxx	predictive	Baixo
20	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Alto
21	Argument	xxxxx	predictive	Baixo
22	Argument	xxxxxxxx	predictive	Médio
23	Network Port	xxx/xx (xxx)	predictive	Médio
24	Network Port	xxx/xx (xxxxxx)	predictive	Alto
25	Network Port	xxx/xxxx	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!