UAC-0098 Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (173)

Tidslinje

Lang

en144
ru14
de8
zh4
fr2

Land

us108
ru46
cn16
de2
tr2

Skådespelare

Cobalt Strike8
IcedID5
RedLine Stealer3
IcedID Downloader3
RecordBreaker3

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined36
Operating System12
Software Library12
Firewall Software10
Content Management System10

Säljare

Not Defined44
GNU16
Microsoft8
Adobe6
Esri6

Produkt

GNU C Library12
Microsoft Windows6
Adobe Creative Cloud Desktop Application4
Cisco TelePresence Video Communication Server4
Esri ArcGIS Server4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1DGLogik DGLux Server IoT API privilegier eskalering8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01260CVE-2019-1010009
2SolarWinds Serv-U informationsgivning6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.05835CVE-2021-35250
3libxslt EXSLT Math.random Prediction svag kryptering5.55.3$0-$5kBeräknandeNot DefinedOfficial Fix0.000.00086CVE-2015-9019
4GNU C Library fnmatch_loop.c fnmatch informationsgivning5.65.4$0-$5kBeräknandeNot DefinedOfficial Fix0.000.00546CVE-2015-8984
5GNU C Library strxfrm minneskorruption9.18.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00670CVE-2015-8982
6Extreme EXOS minneskorruption7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00209CVE-2017-14328
7IBM System Storage TS3100-TS3200 Tape Library privilegier eskalering8.08.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000.00183CVE-2016-9005
8Deltek Vision RPC over HTTP SQL sql injektion8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00576CVE-2018-18251
9SonicWALL Secure Remote Access cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.020.03350CVE-2021-20028
10XiongMai uc-httpd minneskorruption8.58.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.02201CVE-2018-10088
11Apache Spark UI privilegier eskalering7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.97289CVE-2022-33891
12Dropbear TCP Listener minneskorruption7.26.8$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00499CVE-2017-9078
13Telligent Systems Zimbra Collaboration Remote Code Execution9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.020.00758CVE-2013-7217
14DeDeCMS recommend.php sql injektion8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.02129CVE-2017-17731
15libxml2 Recover Mode förnekande av tjänsten4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00378CVE-2017-5969
16elfutils elf_getdata.c _libelf_set_rawdata_wrlock minneskorruption5.45.3$0-$5kBeräknandeNot DefinedOfficial Fix0.000.01258CVE-2016-10255
17elfutils ELF File common.h allocate_elf minneskorruption5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00986CVE-2016-10254
18GNU C Library wstrops.c IO_wstr_overflow minneskorruption7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00508CVE-2015-8983
19Google Chrome Skia minneskorruption8.07.9$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00085CVE-2024-1283
20TrueConf Server sql injektion8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00656CVE-2022-46764

Kampanjer (3)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
15.199.173.152UAC-009821/07/2022verifiedHög
25.199.174.219UAC-009821/07/2022verifiedHög
364.190.113.51UAC-009821/07/2022verifiedHög
484.32.188.29UAC-0098Cobalt Strike29/04/2022verifiedHög
584.32.190.34UAC-0098Ukraine07/09/2022verifiedHög
687.251.64.5UAC-009821/07/2022verifiedHög
7134.209.144.87UAC-0098IcedID29/04/2022verifiedHög
8XXX.XX.XXX.XXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
9XXX.XX.XXX.XXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
10XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
11XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
12XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
13XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
14XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
15XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
16XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
17XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
18XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
19XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
20XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
21XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
22XXX.XX.XXX.XXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
23XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
24XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
25XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
26XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
27XXX.XX.XXX.XXXXxx-xxxxXxxxxx Xxxxxx29/04/2022verifiedHög
28XXX.XXX.X.XXXxx-xxxxXxxxxx29/04/2022verifiedHög
29XXX.XXX.XXX.XXXxx-xxxx21/07/2022verifiedHög
30XXX.XXX.XXX.XXXXxx-xxxx21/07/2022verifiedHög
31XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxx-xxxxXxxxxx29/04/2022verifiedHög
32XXX.XXX.XX.XXXxx-xxxx21/07/2022verifiedHög

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1006CWE-21, CWE-22Path TraversalpredictiveHög
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHög
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
4T1059CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHög
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHög
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHög
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHög
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHög
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
12TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
13TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
14TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
16TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (79)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/cgi-bin/wlogin.cgipredictiveHög
2File/etc/shadowpredictiveMedium
3File/goform/net\_Web\_get_valuepredictiveHög
4File/goform/net_WebCSRGenpredictiveHög
5File/goform/WebRSAKEYGenpredictiveHög
6File/lam/tmp/predictiveMedium
7File/uncpath/predictiveMedium
8File/wp-content/plugins/woocommerce/templates/emails/plain/predictiveHög
9Fileadd-category.phppredictiveHög
10Fileadmin/dashboard.phppredictiveHög
11Filexxxx_xxxxx_xxxx.xxxpredictiveHög
12Filexxxx_xxx_xxxx.xxxpredictiveHög
13Filexxx/xxxxxxx.xpredictiveHög
14Filexxxxxx.xxxpredictiveMedium
15Filexxxxxx.xpredictiveMedium
16Filexxxxxx.xxxpredictiveMedium
17Filexxxxx.xpredictiveLåg
18Filexxxxxx.xpredictiveMedium
19Filexxx.xpredictiveLåg
20Filexxx_xxxxxxx.xpredictiveHög
21Filexxx/xxxxx/xxxxx.xpredictiveHög
22Filexxxxxxx_xxxx.xpredictiveHög
23Filexxxx/xxxxxxx?xxxxx=xpredictiveHög
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxx.xpredictiveLåg
26Filexxxxxx/xxxxxxxxxxxpredictiveHög
27Filexxxx.xpredictiveLåg
28Filexxxxx.xxpredictiveMedium
29Filexxxx_xxxx.xxxpredictiveHög
30Filexxxxxx/xxxxxx/xxxx.xpredictiveHög
31Filexxxxx/xxxxxxx.xpredictiveHög
32Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHög
33Filexxxxx.xxxpredictiveMedium
34Filexxxxx.xxxpredictiveMedium
35Filexxxxx.xxxxpredictiveMedium
36Filexxxxxxxx-xxxxx-xxxxx.xxxpredictiveHög
37Filexxxxxxx.xxpredictiveMedium
38Filexxx_xxx_xxxxxxx.xxxpredictiveHög
39Filexxxx/xxxxxxxxx.xxxpredictiveHög
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxxx.xxxpredictiveMedium
42Filexxxxxxx/xxxxxxxxxxxpredictiveHög
43Filexxxx-xxxxxx.xpredictiveHög
44Filexxxxxxx.xxxpredictiveMedium
45Filexxxxx-xxxx.xxxpredictiveHög
46Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHög
47File\xxxxx\xxxxxx.xxxx.xxxpredictiveHög
48Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHög
49Argument$_xxxxxpredictiveLåg
50Argumentxx/xxpredictiveLåg
51Argumentxxxxxxxxxxxxxx_xxxxpredictiveHög
52ArgumentxxpredictiveLåg
53ArgumentxxxpredictiveLåg
54Argumentxxxxxxxx/xxxxxxxxxxxxpredictiveHög
55ArgumentxxpredictiveLåg
56Argumentxxxx_xxpredictiveLåg
57ArgumentxxxxxxxxxxxxxxpredictiveHög
58Argumentxxxx_xxxpredictiveMedium
59ArgumentxxpredictiveLåg
60ArgumentxxxxxpredictiveLåg
61Argumentxx_xxxxxxx_xxxxpredictiveHög
62ArgumentxxxxpredictiveLåg
63ArgumentxxxxxpredictiveLåg
64ArgumentxxxxpredictiveLåg
65Argumentxxxxxxxxxxxxxx_xxxpredictiveHög
66ArgumentxxxxxxxxpredictiveMedium
67ArgumentxxxxxxxxxxpredictiveMedium
68Argumentxxxxxxx xxxxxpredictiveHög
69Argumentxxxxxxx[xxxx]predictiveHög
70ArgumentxxxxxxxxxxxxxxpredictiveHög
71ArgumentxxxxxxxxxxxxxxpredictiveHög
72Argumentxxxxxx\_xxxxpredictiveMedium
73ArgumentxxxxxxxxpredictiveMedium
74Argumentx_xxxx/x_xxxxxxx/x_xxxxxxx/xxxxpredictiveHög
75ArgumentxxxxxxxxxxxxxxxpredictiveHög
76Argument\xxxxxx\predictiveMedium
77Pattern|xx xx xx xx xx xx xx xx|predictiveHög
78Pattern|xx xx xx|predictiveMedium
79Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (6)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you know our Splunk app?

Download it now for free!