UNC215 Analys

IOB - Indicator of Behavior (174)

Tidslinje

Lang

en144
zh22
es4
ko2
fr2

Land

us120
cn48
ir2
tr2
fr2

Skådespelare

Aktiviteter

Intressera

Tidslinje

Typ

Säljare

Produkt

Microsoft Windows6
Apache HTTP Server6
Linux Kernel4
Cacti4
DZCP deV!L`z Clanportal4

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.300.00943CVE-2010-0966
3esoftpro Online Guestbook Pro ogp_show.php sql injektion7.37.1$0-$5k$0-$5kHighUnavailable0.050.00135CVE-2010-4996
4nginx privilegier eskalering6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.110.00241CVE-2020-12440
5Cacti graph_view.php sql injektion8.88.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01236CVE-2016-3659
6Webmin Download Path cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.020.00046CVE-2023-38305
7Vmware Workspace ONE Access/Identity Manager Template privilegier eskalering9.88.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.97436CVE-2022-22954
8MinIO Admin API svag autentisering8.87.7$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00116CVE-2020-11012
9Microsoft Windows MSHTML Remote Code Execution8.87.9$100k och mer$5k-$25kProof-of-ConceptOfficial Fix0.030.96938CVE-2021-40444
10Fortinet FortiMail/FortiVoiceEntreprise Password Change svag autentisering8.58.5$0-$5k$0-$5kHighNot Defined0.000.02096CVE-2020-9294
11Apache Shiro svag autentisering7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00182CVE-2020-13933
12MyBB Login Redirect6.66.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00074CVE-2019-20225
13Actiontec C1000A Website Blocking Page advancedsetup_websiteblocking.html Persistent cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000.00111CVE-2018-19922
14Apache HTTP Server HTTP Digest Authentication Challenge svag autentisering8.58.4$5k-$25kBeräknandeNot DefinedOfficial Fix0.040.01815CVE-2018-1312
15Invision Power Services IPS SVG Document Stored privilegier eskalering6.26.2$0-$5k$0-$5kNot DefinedNot Defined0.000.00166CVE-2017-8899
16DZCP deV!L`z Clanportal browser.php informationsgivning5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined1.020.02733CVE-2007-1167
17Rocket.Chat SAML Login Privilege Escalation5.55.5$0-$5k$0-$5kNot DefinedOfficial Fix0.080.00235CVE-2020-29594
18App Rocket.Chat Nested Markdown cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00105CVE-2021-22886
19Aruba ArubaOS PAPI privilegier eskalering9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00372CVE-2023-22747
20Roundcube SVG Document rcube_washtml.php cross site scripting5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00680CVE-2023-5631

IOC - Indicator of Compromise (16)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/+CSCOE+/logon.htmlpredictiveHög
2File/api/baskets/{name}predictiveHög
3File/cgi-bin/cstecgi.cgipredictiveHög
4File/config/getuserpredictiveHög
5File/h/predictiveLåg
6File/img/main.cgipredictiveHög
7File/lan.asppredictiveMedium
8File/xxx/xxxxxx/xxxxx/xxxxxxx/xxxxxx/xxxxxxpredictiveHög
9File/xxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
10File/xxxxxx/xxxxxxx/predictiveHög
11File/xxxx/xxxx_xxxpredictiveHög
12File/xxxx/xxxxxxxxxx.xxxpredictiveHög
13File/xx-xxxxpredictiveMedium
14Filexxxxx/xxxxxxx/xxxxxx_xxxx/xxx_xxx.xxx?xxxxxxxxpredictiveHög
15Filexxxxxxxxxxxxx_xxxxxxxxxxxxxxx.xxxxpredictiveHög
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxx/xxxxxxxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxxpredictiveHög
18Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHög
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
20Filexxxxx.xxxpredictiveMedium
21Filexxxxxxxxxxxxxx.xxxxpredictiveHög
22Filexxxxx_xxxx.xxxpredictiveHög
23Filexxx/xxxxxx.xxxpredictiveHög
24Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHög
25Filexxxxx.xxx/xxxx/xxxxx/xxxx/xxxx.xxxpredictiveHög
26Filexxxxxxxxxx/xxx/xxxxxx_xxxx.xxxpredictiveHög
27Filexxx_xxxx.xxxpredictiveMedium
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxxx.xxxx_xxxpredictiveHög
30Filexxx/xxxx.xxxpredictiveMedium
31Filexxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHög
32Filexxxxxxx.xpredictiveMedium
33Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHög
34Filexx-xxxxxxxx/xx/xxxxxxxxxxxxpredictiveHög
35File_xxxxxxxxx_xxxxxx_xxxxx___.xxxpredictiveHög
36Libraryxxxxx.xxxpredictiveMedium
37Libraryxxxxx_xx.xxxpredictiveMedium
38Libraryxxx/xxxxx_xxxxxx.xxxpredictiveHög
39Libraryxxxxxxx/xxx/xxxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveHög
40ArgumentxxxxxxxxpredictiveMedium
41ArgumentxxxxxxxxpredictiveMedium
42Argumentxxxxxx xxxxpredictiveMedium
43ArgumentxxxxxxxxxpredictiveMedium
44ArgumentxxxxpredictiveLåg
45Argumentxxxx_xxxxxxpredictiveMedium
46ArgumentxxxxxpredictiveLåg
47Argumentxxxx_xxxxx_xxxxpredictiveHög
48ArgumentxxxpredictiveLåg
49Argumentxxxx_xxxxpredictiveMedium
50ArgumentxxxxxxpredictiveLåg
51Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHög
52ArgumentxxxxxpredictiveLåg
53ArgumentxxxxxxxxxpredictiveMedium
54Argumentxxxxxxxx/xxxxpredictiveHög
55ArgumentxxxxxxxxxxxxxxxxxpredictiveHög
56Argumentx-xxxxxxxxx-xxxxxxpredictiveHög
57Network Portxxx/xx (xxx)predictiveMedium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!