UNC215 Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (175)

Curso de tempo

Idioma

en154
zh16
es4
fr2

País

us116
cn52
gb2
af2
fr2

Actores

UNC2157
Cobalt Strike3
HyperBro3
Emotet1
Donot1

Actividades

Interesse

Curso de tempo

Tipo

Not Defined50
Groupware Software10
Web Server8
Operating System4
Content Management System4

Fabricante

Not Defined28
Microsoft14
Apache12
Synacor6
Lenovo4

Produto

Apache Shiro4
Apache HTTP Server4
Microsoft Office4
Lenovo ThinkPad4
FasterXML jackson-databind2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25kCalculadoHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.46CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php Injecção SQL7.37.1$0-$5k$0-$5kHighUnavailable0.001350.00CVE-2010-4996
4nginx direitos alargados6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.71CVE-2020-12440
5Cacti graph_view.php Injecção SQL8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.012360.02CVE-2016-3659
6Webmin Download Path Roteiro Cruzado de Sítios4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-38305
7Vmware Workspace ONE Access/Identity Manager Template direitos alargados9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974600.00CVE-2022-22954
8MinIO Admin API Fraca autenticação8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.03CVE-2020-11012
9Microsoft Windows MSHTML Remote Code Execution8.88.2$25k-$100k$5k-$25kHighOfficial Fix0.968210.00CVE-2021-40444
10Fortinet FortiMail/FortiVoiceEntreprise Password Change Fraca autenticação8.58.5$0-$5k$0-$5kHighNot Defined0.020960.03CVE-2020-9294
11Apache Shiro Fraca autenticação7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001820.05CVE-2020-13933
12MyBB Login Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000740.04CVE-2019-20225
13Actiontec C1000A Website Blocking Page advancedsetup_websiteblocking.html Persistent Roteiro Cruzado de Sítios5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001150.03CVE-2018-19922
14Apache HTTP Server HTTP Digest Authentication Challenge Fraca autenticação8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.018150.08CVE-2018-1312
15Invision Power Services IPS SVG Document Stored direitos alargados6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.002260.00CVE-2017-8899
16DZCP deV!L`z Clanportal browser.php Divulgação de Informação5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.34CVE-2007-1167
17Zimbra Collaboration Suite Document Endpoint Roteiro Cruzado de Sítios3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2023-45206
18Rocket.Chat SAML Login Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002350.05CVE-2020-29594
19App Rocket.Chat Nested Markdown Roteiro Cruzado de Sítios4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.02CVE-2021-22886
20Aruba ArubaOS PAPI direitos alargados9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.02CVE-2023-22747

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
134.65.151.250250.151.65.34.bc.googleusercontent.comUNC21510/08/2021verifiedMédio
246.101.255.16UNC21510/08/2021verifiedAlto
347.75.49.32UNC21510/08/2021verifiedAlto
485.204.74.143UNC21510/08/2021verifiedAlto
5XX.XX.XXX.XXXXxxxxx10/08/2021verifiedAlto
6XXX.XX.XXX.XXXXxxxxx10/08/2021verifiedAlto
7XXX.XX.XX.XXxxx.xx.xx.xx.xxxxxx.xxxxxxxx.xxxXxxxxx10/08/2021verifiedAlto
8XXX.XXX.XX.XXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx10/08/2021verifiedAlto
9XXX.XX.XXX.XXXXxxxxx10/08/2021verifiedAlto
10XXX.XX.XX.XXXXxxxxx10/08/2021verifiedAlto
11XXX.XXX.XX.XXXxxxx.xxxxxxxxxxx.xxxXxxxxx10/08/2021verifiedAlto
12XXX.XX.XX.XXXXxxxxx10/08/2021verifiedAlto
13XXX.XX.XXX.XXxxxx.xxxxxxxxxxxxxxxxxxxx.xxxXxxxxx10/08/2021verifiedAlto
14XXX.XX.XXX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx10/08/2021verifiedAlto
15XXX.XX.XXX.XXxxxxx-xx.xxxxxxx.xxxxxx.xxxXxxxxx10/08/2021verifiedAlto
16XXX.XXX.XXX.XXXxxx.xxxxxxx.xxxxXxxxxx10/08/2021verifiedAlto

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1006CAPEC-126CWE-22Path TraversalpredictiveAlto
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveAlto
3T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveAlto
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveAlto
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
10TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveAlto
11TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveAlto
12TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveAlto
14TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/+CSCOE+/logon.htmlpredictiveAlto
2File/api/baskets/{name}predictiveAlto
3File/cgi-bin/cstecgi.cgipredictiveAlto
4File/config/getuserpredictiveAlto
5File/h/predictiveBaixo
6File/img/main.cgipredictiveAlto
7File/lan.asppredictiveMédio
8File/xxx/xxxxxx/xxxxx/xxxxxxx/xxxxxx/xxxxxxpredictiveAlto
9File/xxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
10File/xxxxxx/xxxxxxx/predictiveAlto
11File/xxxx/xxxx_xxxpredictiveAlto
12File/xxxx/xxxxxxxxxx.xxxpredictiveAlto
13File/xx-xxxxpredictiveMédio
14Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveAlto
15Filexxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxxpredictiveAlto
16Filexxxxxxxx.xxxpredictiveMédio
17Filexxx/xxxxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxxpredictiveAlto
18Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveAlto
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveAlto
20Filexxxxx.xxxpredictiveMédio
21Filexxxxxxxxxxxxxx.xxxxpredictiveAlto
22Filexxxxx_xxxx.xxxpredictiveAlto
23Filexxx/xxxxxx.xxxpredictiveAlto
24Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveAlto
25Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveAlto
26Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveAlto
27Filexxx_xxxx.xxxpredictiveMédio
28Filexxxxxxx.xxxpredictiveMédio
29Filexxxxxxx.xxxx_xxxpredictiveAlto
30Filexxx/xxxx.xxxpredictiveMédio
31Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveAlto
32Filexxxxxxx.xpredictiveMédio
33Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveAlto
34Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveAlto
35File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictiveAlto
36Libraryxxxxx.xxxpredictiveMédio
37Libraryxxxxx_xx.xxxpredictiveMédio
38Libraryxxx/xxxxx_xxxxxx.xxxpredictiveAlto
39Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveAlto
40ArgumentxxxxxxxxpredictiveMédio
41ArgumentxxxxxxxxpredictiveMédio
42Argumentxxxxxx xxxxpredictiveMédio
43ArgumentxxxxxxxxxpredictiveMédio
44ArgumentxxxxpredictiveBaixo
45Argumentxxxx_xxxxxxpredictiveMédio
46ArgumentxxxxxpredictiveBaixo
47Argumentxxxx_xxxxx_xxxxpredictiveAlto
48ArgumentxxxpredictiveBaixo
49Argumentxxxx_xxxxpredictiveMédio
50ArgumentxxxxxxpredictiveBaixo
51Argumentxxxxxx/xxxxxx_xxxxxxpredictiveAlto
52ArgumentxxxxxpredictiveBaixo
53ArgumentxxxxxxxxxpredictiveMédio
54Argumentxxxxxxxx/xxxxpredictiveAlto
55ArgumentxxxxxxxxxxxxxxxxxpredictiveAlto
56Argumentx-xxxxxxxxx-xxxxxxpredictiveAlto
57Network Portxxx/xx (xxx)predictiveMédio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!