UNC5221 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (66)

时间轴

语言

en56
zh6
jp2
de2

国家/地区

us48
cn10
jp2
ru2

演员

Mirai2
Sliver2
Cobalt Strike2
Ave Maria2
UNC52212

活动

利益

时间轴

类型

Not Defined32
Content Management System6
WordPress Plugin2
Programming Language Software2
Web Server2

供应商

Not Defined20
Magento4
Adobe4
Joomla4
Thomas R. Pasawicz2

产品

Magento10
Magento LTS4
Adobe Magento4
Joomla CMS4
WP Crowdfunding Plugin2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Magento Search Module SQL注入7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000700.02CVE-2021-21024
2DZCP deV!L`z Clanportal browser.php 信息公开5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027332.03CVE-2007-1167
3Magento 权限升级8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003630.00CVE-2020-9585
4Magento File Upload 权限升级4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2020-24407
5Magento WebAPI 权限升级4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.001680.00CVE-2021-21016
6Magento 权限升级4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.001200.00CVE-2021-21014
7MGB OpenSource Guestbook email.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.013021.73CVE-2007-0354
8Magento 弱身份验证5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.002710.00CVE-2021-21032
9D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi 权限升级7.36.7$5k-$25k$0-$5kProof-of-ConceptWorkaround0.833610.40CVE-2024-3273
10F-logic DataCube3 Configuration File 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-25830
11linkding 跨网站脚本4.14.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000570.09CVE-2023-6646
12Google Android KeyChainActivity App 权限升级7.57.4$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000610.02CVE-2023-48417
13WP Crowdfunding Plugin Setting 跨网站脚本3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.00CVE-2023-5757
14Mozilla Firefox Document URI 权限升级4.34.2$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000460.06CVE-2024-0748
15Paid Memberships Pro Plugin Level Orders Update 跨网站请求伪造4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000650.02CVE-2024-0624
16Log Command Plugin args4j 目录遍历5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000930.04CVE-2024-23904
17ZTE ZXHN F677/ZXHN F477 FTP 目录遍历6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000890.02CVE-2022-23135
18Joomla CMS com_easyblog SQL注入6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.35
19Akamai Technologies Download Manager ActiveX Control downloadmanagerv2.ocx getprivateprofilesectionw 内存损坏10.09.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.349050.00CVE-2007-1891
20ProductCart AffiliateLogin.asp 跨网站脚本4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.002420.03CVE-2010-3421

活动 (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-46805 / CVE-2024-21887

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
18.137.112.245UNC5221CVE-2023-46805 / CVE-2024-218872024-02-13verified
245.61.136.14UNC5221CVE-2023-46805 / CVE-2024-218872024-02-13verified
3XX.XXX.XX.XXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024-02-13verified
4XX.XX.XXX.XXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024-02-13verified
5XXX.X.XXX.XXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024-02-13verified
6XXX.XX.XXX.XXXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024-02-13verified
7XXX.XXX.XXX.XXXxxx-xxxxxxxx.xxxxxx.xxxxxxxxx.xxxXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024-02-13verified
8XXX.XXX.XX.XXXXxxxxxxXxx-xxxx-xxxxx / Xxx-xxxx-xxxxx2024-02-13verified

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1CAPEC-10CWE-20, CWE-119, CWE-121, CWE-122, CWE-287, CWE-352, CWE-399, CWE-404, CWE-502, CWE-613, CWE-617, CWE-862, CWE-863, CWE-918Unknown Vulnerabilitypredictive
2T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
3T1055CAPEC-10CWE-74, CWE-707Improper Neutralization of Data within XPath Expressionspredictive
4TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxxx Xxxxxxxxxpredictive
5TXXXX.XXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XX, CWE-XXXXxx Xxxxxxxxxpredictive
10TXXXX.XXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
11TXXXX.XXXCAPEC-154CWE-XXXXxxxxxxxxxxxpredictive
12TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
13TXXXX.XXXCAPEC-0CWE-XXXxxxxxxxxxxxxpredictive
14TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
15TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (28)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/cgi-bin/nas_sharing.cgipredictive
2File/jeecg-boot/sys/common/uploadpredictive
3File/thruk/#cgi-bin/extinfo.cgi?type=2predictive
4Fileadmin/conf_users_edit.phppredictive
5Filexxxxxxxxxxxxxx.xxxpredictive
6Filexxxxxxx.xxxxpredictive
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
8Filexxxxxxxxxxxxxxxxx.xxxpredictive
9Filexxxxx.xxxpredictive
10Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictive
11Filexxxxx.xxxpredictive
12Filexxx.xxxpredictive
13Filexxxxxxxx.xxxpredictive
14Filexxxxxxxx.xxxpredictive
15Filexxx/xxxxxxx.xpredictive
16Filexxxxx/xxxxxxx/xxxxxxxx/xxxxx.xxx.xxxxpredictive
17Argumentxxxxxxpredictive
18Argumentxxxxxxxpredictive
19Argumentxxxxxxxxxxpredictive
20Argumentxxxxpredictive
21Argumentxxxx/xxxxxxx/xxxxxxxpredictive
22Argumentxxpredictive
23Argumentxxxxxpredictive
24Argumentxxxxxxxpredictive
25Argumentxxxxxxxx_xxxxxxxpredictive
26Argumentxxxxxxxxxxxpredictive
27Argumentxxxxxxpredictive
28Argumentxxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!