UNC5174 Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Tidslinje

Lang

en10
zh6

Land

cn14

Skådespelare

UNC51741

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined4
Content Management System2
Web Server2
Cloud Software2
Application Server Software2

Säljare

Apache4
Not Defined4
Joomla2
OpenStack2
Octopus2

Produkt

Joomla CMS2
Apache HTTP Server2
h5ai2
Web2py2
OpenStack Nova2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1OpenStack Nova noVNC Redirect4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.925960.00CVE-2021-3654
2Grafana GeoMap Plugin cross site scripting5.45.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.03CVE-2023-0507
3Grafana tävlingsvillkor7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001920.03CVE-2022-39328
4h5ai privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.033150.00CVE-2015-3203
5Apache Tomcat AJP Connector Ghostcat privilegier eskalering8.58.4$5k-$25k$0-$5kHighOfficial Fix0.973840.00CVE-2020-1938
6Octopus Server/Server Web Request Proxy informationsgivning2.12.1$0-$5k$0-$5kNot DefinedNot Defined0.001680.00CVE-2021-31820
7Apache HTTP Server HTTP/2 Request privilegier eskalering6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.04CVE-2020-9490
8WordPress FilteredIterator.php privilegier eskalering7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.007120.04CVE-2020-28032
9WordPress Installation functions.php is_blog_installed privilegier eskalering8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.024210.04CVE-2020-28037
10WordPress XML-RPC class-wp-xmlrpc-server.php privilegier eskalering8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.007310.03CVE-2020-28036
11Web2py utils.py secure_load Stored privilegier eskalering7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020670.02CVE-2016-3957
12GitLab Enterprise Edition Project Import informationsgivning5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2020-6832
13Microsoft Internet Explorer Scripting Engine minneskorruption6.76.6$25k-$100k$5k-$25kHighOfficial Fix0.058890.03CVE-2020-0968
14Joomla CMS sql injektion7.37.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001190.00CVE-2014-7981
15Northern.tech CFEngine Enterprise cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2019-19394
16Microsoft Windows Graphics Device Interface GDI32.dll informationsgivning5.85.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.071380.00CVE-2016-0008

Kampanjer (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-46747

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
1172.104.124.74li1734-74.members.linode.comUNC5174CVE-2023-4674702/04/2024verifiedHög

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHög
2T1068CWE-264Execution with Unnecessary PrivilegespredictiveHög
3TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHög
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1Filegluon/utils.pypredictiveHög
2Filewp-includes/class-wp-xmlrpc-server.phppredictiveHög
3Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHög
4Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHög
5Libraryxxxxx.xxxpredictiveMedium
6ArgumentxxxxpredictiveLåg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!