UAC-0057 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (49)

Curso de tempo

Idioma

en26
zh16
ru8

País

cn18
us12
sg2

Actores

UAC-00572
Mars Stealer1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined14
Smartphone Operating System2
Remote Access Software2
Programming Language Software2
Content Management System2

Fabricante

Not Defined14
Microsoft4
SourceCodester4
Apple2
TSplus2

Produto

SEMCMS4
Apple iOS2
Apple iPadOS2
School Club Application System2
TSplus Remote Access2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Adminer adminer.php direitos alargados7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.020920.05CVE-2021-21311
2School Club Application System direitos alargados6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.002010.08CVE-2022-1287
3phpMyAdmin Fraca autenticação7.57.4$5k-$25k$0-$5kHighOfficial Fix0.973690.02CVE-2018-12613
4VMware Spring Cloud Function SpEL Expression direitos alargados9.89.6$5k-$25k$0-$5kHighOfficial Fix0.975330.04CVE-2022-22963
5SAP Information System POST Request add_admin.php Fraca autenticação7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001480.04CVE-2022-1248
6Dromara HuTool Aviator Template Engine Injecção SQL7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.003070.04CVE-2023-24163
7Synology CardDAV Server WebAPI Injecção SQL7.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.00CVE-2022-27613
8SEMCMS Ant_Suxin.php Injecção SQL7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.000680.00CVE-2023-37647
9SEMCMS Ant_Rponse.php Injecção SQL7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000890.00CVE-2023-31707
10TSplus Remote Access Divulgação de Informação5.95.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.007990.09CVE-2023-31069
11TSplus Remote Access www. direitos alargados7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.015850.04CVE-2023-31067
12Microsoft Exchange Server Privilege Escalation8.88.1$25k-$100k$5k-$25kUnprovenOfficial Fix0.515980.05CVE-2023-21707
13Microsoft Exchange Server Privilege Escalation7.26.6$5k-$25k$5k-$25kUnprovenOfficial Fix0.016410.04CVE-2023-21710
14Microsoft Exchange Server Divulgação de Informação9.88.9$25k-$100k$5k-$25kUnprovenOfficial Fix0.003330.00CVE-2023-21709
15Grafana Snapshot Negação de Serviço6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.024150.05CVE-2021-27358
16click5 Sitemap Plugin REST Endpoint direitos alargados4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.457510.00CVE-2022-0952
17Primetek Primefaces Encriptação fraca8.58.3$0-$5k$0-$5kHighNot Defined0.970130.00CVE-2017-1000486
18Plesk Obsidian Login Page direitos alargados5.85.7$0-$5k$0-$5kNot DefinedNot Defined0.001740.08CVE-2023-24044
19PHP cgi_main.c direitos alargados7.37.0$25k-$100k$0-$5kHighOfficial Fix0.973630.00CVE-2012-1823
20WP Statistics Plugin esc_sql Injecção SQL6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.016060.04CVE-2021-24340

Campanhas (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-38831

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
131.192.234.194cdn.exiro.siteUAC-0057CVE-2023-3883120/03/2024verifiedAlto
2XX.X.XX.XXXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxx-xxxxXxx-xxxx-xxxxx20/03/2024verifiedAlto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveAlto
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
9TXXXXCAPEC-189CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
10TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File%PROGRAMFILES(X86)%\TSplus\Clients\www.predictiveAlto
2File/Ant_Suxin.phppredictiveAlto
3File/aqpg/users/login.phppredictiveAlto
4File/cwms/classes/Master.php?f=save_contactpredictiveAlto
5File/xxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveAlto
6File/xxxx/xxxxx.xxxpredictiveAlto
7File/xxx_xxxxxx/xxxxxxxxxxxx.xxxpredictiveAlto
8File/xxx_xxxxxxxxxxx_xxxxxx/xxxxxxxxxxx/xxx_xxxxx.xxxpredictiveAlto
9File/xxxx/xxxxxxx/xxxxx.xxx?x=xxxx_xxxxpredictiveAlto
10File/xxxxxxxxpredictiveMédio
11Filexxxxx.xxxpredictiveMédio
12Filexxxxxxx.xxxpredictiveMédio
13Filexxx_xxxxxx.xxxpredictiveAlto
14Filexxxx/xxx/xxx/xxxxxxx.xpredictiveAlto
15Filexxxxxxxxxx.xxxpredictiveAlto
16Filexxxx/xxx/xxx_xxxx.xpredictiveAlto
17Filexxxxx.xxxpredictiveMédio
18Argument$_xxxxxx['xxxxx_xxxxxx']predictiveAlto
19Argumentxxxxx xxxx/xxxxxx xxxx/xxxx xxxxpredictiveAlto
20Argumentxxxxx_xxxxpredictiveMédio
21Argumentxxxxx_xxxx/xxxxxx_xxxx/xxxxxxxpredictiveAlto
22Argumentxxxxx_xxpredictiveMédio
23ArgumentxxxxpredictiveBaixo
24ArgumentxxpredictiveBaixo
25ArgumentxxxxxxxpredictiveBaixo
26Argumentxxxxxxxx/xxxxxxxxpredictiveAlto
27Input Value'||x=x#predictiveBaixo
28Input Value-xpredictiveBaixo
29Network Portxxx/xx (xxx xxxxxxxx)predictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!