UAC-0099 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (395)

时间轴

语言

en362
jp14
es8
ru6
zh4

国家/地区

us28
gb28
jp14
ru4
es4

演员

UAC-00997
Meterpreter2
Fareit1
Socks5 Systemz1
CopyKittens1

活动

利益

时间轴

类型

Not Defined40
Content Management System8
Web Server6
Operating System6
WordPress Plugin6

供应商

Not Defined32
Microsoft6
Google4
Apple4
D-Link2

产品

Microsoft Windows6
lighttpd4
Google Android2
Advanced Guestbook2
DM Guestbook2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Simple Machines Forum Access Restriction PersonalMessage.php MessageSearch2 权限升级8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.00CVE-2018-10305
2Discuz! admin.php 跨网站脚本3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
3DM Guestbook ch_lng.php 目录遍历7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.044030.02CVE-2007-5821
4Advanced Guestbook index.php 目录遍历3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.05
5DM Guestbook glob_new.php 目录遍历7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.044030.02CVE-2007-5821
6Advanced Guestbook htaccess 目录遍历5.65.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.041620.08CVE-2007-0609
7212cafe Guestbook show.php 跨网站脚本6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.004880.00CVE-2007-0542
8Nordex Control 2 SCADA Wind Farm Portal Application 跨网站脚本4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002770.04CVE-2015-6477
9Upoint @1 File Store signup.php 跨网站脚本5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006140.00CVE-2006-1277
10Cold BBS 权限升级5.34.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.007260.00CVE-2008-5597
11MT312 IMG-BBS model.php 跨网站脚本4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002200.03CVE-2009-1881
12Western Digital WD My Cloud Mirror Login 弱身份验证7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
13Let's PHP! p++BBS 跨网站脚本5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.05CVE-2015-7783
14BlackBoard Learn Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001050.04CVE-2017-18262
15Joomla CMS com_easyblog SQL注入6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.21
16EmbedPress Plugin 跨网站脚本4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.02CVE-2023-5750
17JFinalCMS file 信息公开5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001340.00CVE-2023-50449
18Google Android U-Boot Shell Privilege Escalation7.67.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000610.00CVE-2023-48424
19Document Foundation LibreOffice GStreamer 权限升级7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2023-6185
20Hitachi Vantara System Management Unit SMU Configuration Backup 权限升级6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.007430.05CVE-2023-6538

活动 (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-38831

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
12.59.222.98UAC-0099CVE-2023-388312023-12-27verified
245.148.121.6UAC-00992024-03-20verified
3XX.XXX.XXX.XXxx-xxx-xxx-xx.xxx.xxxxxxxxxxxx.xxXxx-xxxx2024-03-20verified
4XXX.XX.XX.XXXxx-xxxxXxx-xxxx-xxxxx2023-12-27verified
5XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xxxxxxx.xxxxxx.xxxXxx-xxxx2024-03-20verified
6XXX.XX.XXX.XXXXxx-xxxx2024-03-20verified
7XXX.XXX.XXX.XXxx-xxxxXxx-xxxx-xxxxx2023-12-27verified
8XXX.XX.XXX.XXXxxxxx-xxxxxxxxxxxxxx-xxxxxxx.xxxxxx-xx-xxxxx.xxxXxx-xxxx2024-03-20verified

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1006CAPEC-126CWE-22, CWE-24Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx Xxxxxxpredictive
11TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
13TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXX.XXXCAPEC-142CWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx Xxxxxxxxpredictive
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/.ssh/authorized_keyspredictive
2File/anony/mjpg.cgipredictive
3File/common/down/filepredictive
4File/forum/away.phppredictive
5File/psrs/admin/categories/manage_field_order.phppredictive
6File/uncpath/predictive
7Fileadmin.phppredictive
8Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
9Filexxxx/xx_xxx.xxxpredictive
10Filexxxx/xxxx_xxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxxx.xpredictive
13Filexxxx.xxpredictive
14Filexxxxxxxxx/xxxxxxxxx.xpredictive
15Filexxxx_xxxx.xpredictive
16Filexxxxx.xxxpredictive
17Filexxxxx.xxxpredictive
18Filexxxxx.xxxxpredictive
19Filexx/xxxx.xpredictive
20Filexxxxx.xxxpredictive
21Filexxx_xxxxx.xpredictive
22Filexxxxxxxxxxxxxxx.xxxpredictive
23Filexxxxxxxxxxx.xxpredictive
24Filexxxxxxxx.xxxpredictive
25Filexxxx.xxxpredictive
26Filexxxx_xxxxxxxx.xxxpredictive
27Filexxxxxx.xxxpredictive
28Filexxxxxxxxxxxx/xxxxxx/xxxxxxx.xxxxpredictive
29Filexxxxxxxxxx.xxxpredictive
30Filexxxxxxx/xx-xxxx-xxxxxxxx-xxxxxxxxxx-xxxxxxx/xxxxxxx/xxxxxxxxxxxxxxx?xxxxxxxxxpredictive
31Argumentxxxxxxpredictive
32Argumentxxxxpredictive
33Argumentxxxxxxxpredictive
34Argumentxxxxxxpredictive
35Argumentxxxx/xxxx/xxxxx/xxxxxpredictive
36Argumentxxxxxxxpredictive
37Argumentxx_xxxpredictive
38Argumentxxpredictive
39Argumentxxxxxxxpredictive
40Argumentxxxxpredictive
41Argumentxxxxxxxxpredictive
42Argumentxxxpredictive
43Argumentxxxxxxxx_xxxxxpredictive
44Argumentxxxxxx_xxxxpredictive
45Argumentxxxxxxpredictive
46Argumentxxxxxxxxpredictive
47Argumentxxxxxxxxpredictive
48Argumentxxxxxxxxxpredictive
49Argumentxxxpredictive
50Argumentxxxxpredictive
51Argumentxxxxxxxx/xxxxxxxpredictive
52Input Value../predictive
53Input Value/%xxpredictive
54Input Value[]-x.xx-xxxxxxxxxxpredictive
55Network Portxxx xxxxxx xxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!