UNC1151 Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Язык

zh	30
en	12
de	4
ru	2
es	2

Страна

cn	36
us	6
de	4
ru	2
es	2

Акторы

UNC1151	4
Meterpreter	1
Hydra	1
RedLine Stealer	1

Интерес

Тип

Not Defined	26
Operating System	8
Web Browser	4
Multimedia Player Software	2
Programming Language Software	2

Поставщик

Not Defined	12
Apache	8
Microsoft	4
Linux	4
ESRI	2

Продукт

Microsoft Windows	4
Linux Kernel	4
ESRI ArcGIS for Server	2
Eclipse Jetty	2
Apache Commons Configuration	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	Joseph C Dolson My Tickets Plugin неизвестная уязвимость	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00062	CVE-2022-47440
2	mongo-java-driver слабая аутентификация	4.6	4.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00046	CVE-2021-20328
3	BusyBox xfuncs_printf.c xasprintf повреждение памяти	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00044	CVE-2023-42363
4	busybox ash.c повреждение памяти	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.07	0.00134	CVE-2022-48174
5	MikroTik RouterOS Winbox/HTTP Interface эскалация привилегий	7.8	7.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.05	0.00055	CVE-2023-30799
6	D-Link DIR-635 Wireless.shtml межсайтовый скриптинг	4.6	4.4	$5k-$25k	Расчет	Proof-of-Concept	Not Defined	0.00	0.00000
7	SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql-инъекция	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.04	0.00135	CVE-2023-2090
8	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	4.33	0.00000
9	Serendipity exit.php эскалация привилегий	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00000
10	Gin-vue-admin Parameter Validation обход каталога	6.4	6.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00126	CVE-2022-24843
11	Apache DolphinScheduler User Registration отказ в обслуживании	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00090	CVE-2022-25598
12	ThinkPHP эскалация привилегий	8.5	8.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.97456	CVE-2019-9082
13	Microsoft Windows Runtime Remote Code Execution	8.1	7.4	$100k и многое другое	$5k-$25k	Unproven	Official Fix	0.00	0.40206	CVE-2022-21971
14	Apache APISIX batch-requests Plugin слабая аутентификация	7.3	7.3	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.02	0.97420	CVE-2022-24112
15	Linux Kernel Timer Tree timerqueue.c timerqueue_add отказ в обслуживании	3.1	3.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2021-20317
16	Oracle VM VirtualBox раскрытие информации	3.8	3.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00045	CVE-2022-21295
17	Hashicorp Consul Enterprise HTTP Event неизвестная уязвимость	6.0	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00259	CVE-2021-28156
18	Apache Shiro слабая аутентификация	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01	0.00644	CVE-2014-0074
19	Cisco HyperFlex Software Graphite Interface слабая аутентификация	4.2	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00042	CVE-2019-1667
20	RabbitMQ Management UI межсайтовый скриптинг	2.4	2.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05	0.00096	CVE-2021-32718

Кампании (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	88.99.104.179	static.179.104.99.88.clients.your-server.de	UNC1151	Ghostwriter	01.06.2021	verified	Высокий
2	XX.XXX.XXX.XXX	xxxxxxxxxx.xxxxxxx.xxxxx	Xxxxxxx	Xxxxxxx	13.07.2023	verified	Высокий
3	XXX.XXX.XX.XX	xxxx.xxxxxxxxxxxx.xx	Xxxxxxx	Xxxxxxxx Xxxxxxxxx Xxxxxxxx	01.03.2022	verified	Высокий
4	XXX.XXX.XXX.XX	xxxx-xxx-xxx-xxx-xx.xxxxxxx.xxxx	Xxxxxxx	Xxxxxxxx Xxxxxxxxx Xxxxxxxx	01.03.2022	verified	Высокий
5	XXX.XXX.XXX.XX	xxxxxxxxx.xxxxxx.xxxxx	Xxxxxxx	Xxxxxxxx Xxxxxxxxx Xxxxxxxx	01.03.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CWE-22	Path Traversal	predictive	Высокий
2	T1059	CWE-94	Argument Injection	predictive	Высокий
3	TXXXX.XXX	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
5	TXXXX.XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
8	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
10	TXXXX.XXX	CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Высокий

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/admin/maintenance/view_designation.php	predictive	Высокий
2	File	/concat?/%2557EB-INF/web.xml	predictive	Высокий
3	File	/context/%2e/WEB-INF/web.xml	predictive	Высокий
4	File	/xxxxx/xxxx.xxx	predictive	Высокий
5	File	xxx.x	predictive	Низкий
6	File	xxxxx/xxxxxxxx.xxxxx	predictive	Высокий
7	File	xxxx.xxx	predictive	Средний
8	File	xxx/xxxx/xx_xxxx.x	predictive	Высокий
9	File	xxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]	predictive	Высокий
10	File	xxxx/xxx/xxx_xxxx.x	predictive	Высокий
11	File	xxxxxx_xxxxxx.x	predictive	Высокий
12	Library	xxxxxxxxxxx.xxx	predictive	Высокий
13	Library	xxx/xxxxxxxxxx.x	predictive	Высокий
14	Argument	$_xxxxxx['xxxxx_xxxxxx']	predictive	Высокий
15	Argument	xxxxxxxxxxxxxx[x]xxxx_xxxxxxxx[x]xxxx	predictive	Высокий
16	Argument	xx	predictive	Низкий
17	Argument	xxx	predictive	Низкий
18	Input Value	-x	predictive	Низкий
19	Network Port	xxx/xx (xxx xxxxxxxx)	predictive	Высокий

Ссылки (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Might our Artificial Intelligence support you?

Check our Alexa App!