UAC-0006 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (289)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en230
de24
ru14
es8
pl6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us140
ru34
ca24
gb24
cn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

UAC-000615
Cobalt Strike10
Stealc4
RecordBreaker3
Vidar3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined68
Operating System10
Content Management System10
WordPress Plugin6
Programming Language Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined66
Microsoft20
IBM8
Foxit4
Cisco4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
IBM Platform Symphony4
IBM Spectrum Symphony4
Joomla4
FFmpeg4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.60CVE-2010-0966
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.21CVE-2006-6168
4Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009363.20CVE-2020-15906
5Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000002.04
6WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
8Foxit Studio Photo PSD File out-of-bounds write7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.021900.05CVE-2020-8878
9Apache Superset Dashboard cross site scripting4.44.4$0-$5k$5k-$25kNot DefinedNot Defined0.001280.00CVE-2021-27907
10Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.00CVE-2022-23797
11DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.80CVE-2007-1167
12Microsoft Office Excel authorization7.36.9$5k-$25k$0-$5kHighOfficial Fix0.013360.00CVE-2021-42292
13Kinesphere eXchange POP3 Mail From memory corruption7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.283230.04CVE-2004-1945
14PhotoPost PHP showgallery.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
15NodeBB XML-RPC Request xmlrpc.php xml injection8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.161080.04CVE-2023-43187
16Foxit Reader Javascript exportDataObject API file inclusion7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2023-35985
17OpenVPN 64-bit Block Cipher SWEET32 cryptographic issues5.75.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.005180.00CVE-2016-6329
18Opentext Document Sciences xPression cm_doclist_view_uc.jsp sql injection7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001820.00CVE-2017-14758
19FormCraft Plugin formcraft3_get server-side request forgery6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.034940.02CVE-2022-0591
20vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.05CVE-2018-6200

IOC - Indicator of Compromise (28)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.230.13.93UAC-000603/20/2024verifiedHigh
245.87.154.158vm2177324.stark-industries.solutionsUAC-000603/20/2024verifiedHigh
345.129.14.157UAC-000603/20/2024verifiedHigh
445.143.136.123free.example.comUAC-000603/20/2024verifiedHigh
545.144.28.76vm1856696.stark-industries.solutionsUAC-000603/20/2024verifiedHigh
677.232.37.148host-77-232-37-148.macloud.hostUAC-000603/20/2024verifiedHigh
7XX.XX.XXX.XXXxxxx.xxxx.xxxxxxXxx-xxxx03/20/2024verifiedHigh
8XX.XXX.XXX.XXxxxxxxxxxxxxxxxx.xxxxxXxx-xxxx03/20/2024verifiedHigh
9XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxxx.xxXxx-xxxx03/20/2024verifiedHigh
10XX.XXX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
11XX.XXX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
12XX.XXX.XXX.XXXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxx-xxxx03/20/2024verifiedHigh
13XXX.XXX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
14XXX.XXX.XXX.XXXxxx-xxxxxx.xxxxxxxx.xxXxx-xxxx03/20/2024verifiedHigh
15XXX.XXX.XXX.XXXxxxxxx.xxx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxx-xxxx03/20/2024verifiedHigh
16XXX.XXX.XX.XXXXxx-xxxx03/20/2024verifiedHigh
17XXX.XX.XXX.XXXxx-xxxx03/20/2024verifiedHigh
18XXX.XXX.XXX.XXXxxxx.xxxxXxx-xxxx03/20/2024verifiedHigh
19XXX.XXX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
20XXX.XXX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
21XXX.XXX.XXX.XXxxxx.xxx.xx.xxxxxxx.xxxXxx-xxxx03/20/2024verifiedHigh
22XXX.XXX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
23XXX.XXX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
24XXX.XX.XX.XXXXxx-xxxx03/20/2024verifiedHigh
25XXX.XX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
26XXX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxxxxxx.xxXxx-xxxx03/20/2024verifiedHigh
27XXX.XXX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
28XXX.XX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-59CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
19TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (88)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Duty/AjaxHandle/UploadHandler.ashxpredictiveHigh
2File/forum/away.phppredictiveHigh
3File/goform/setmacpredictiveHigh
4File/include/chart_generator.phppredictiveHigh
5File/manager?action=getlogcatpredictiveHigh
6File/members/profiles.phppredictiveHigh
7File/version.jspredictiveMedium
8File/xAdmin/html/cm_doclist_view_uc.jsppredictiveHigh
9File/_nextpredictiveLow
10Fileaddentry.phppredictiveMedium
11Filexxxx_xxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxx/xxx/xxx/xxx/xxx.xpredictiveHigh
13Filexxxxxxxx.xpredictiveMedium
14Filexxx.xpredictiveLow
15Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
16Filexxxxx.xxxpredictiveMedium
17Filexxxxxx.xxxpredictiveMedium
18Filexxxxxx.xxxpredictiveMedium
19Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxxxxxxx.xxxpredictiveHigh
21Filexx_xxxxxxxpredictiveMedium
22Filexxx.xxxpredictiveLow
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxxx/xxxxxpredictiveMedium
25Filexxx/xxxxxx.xxxpredictiveHigh
26Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
27Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
28Filexxxxxxxxx.xxxpredictiveHigh
29Filexxxxx-xxx.xpredictiveMedium
30Filexx/xxxxxxx-xxxxxx-xxxx-xxxxxx-xxxxxxx/xxxxxx/xxx/xxxxx.xxxpredictiveHigh
31Filexxxxxxxxxx/xxxx.xpredictiveHigh
32Filexxxxxxxxxx/xxxxxxxx.xpredictiveHigh
33Filexxxxxxxxxx/xxxx.xpredictiveHigh
34Filexxxxxxxx.xpredictiveMedium
35Filexxx.xpredictiveLow
36Filexxx_xxxxxxx.xpredictiveHigh
37Filexxx_xxxx.xxxpredictiveMedium
38Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
39Filexxxxx.xxxpredictiveMedium
40Filexxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxx-x.xxpredictiveHigh
42Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
43Filexxxxxxxxxx/xxxxxxxxxx_xxxx.xxx?xxxxxx=xxxxxxpredictiveHigh
44Filexxx.xpredictiveLow
45Filexxxxxx.xxxpredictiveMedium
46Filexxxxxx/predictiveLow
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxxxxxxxx.xxxpredictiveHigh
49Filexxx_xxxxx.xpredictiveMedium
50Filexxxx-xxxxx.xxxpredictiveHigh
51Filexxxx-xxxxxxxx.xxxpredictiveHigh
52Filexxx.xxxpredictiveLow
53Filexxxxxxxx.xxxpredictiveMedium
54Filexxxxxx.xxxpredictiveMedium
55Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
56Filexxxxxx.xxxpredictiveMedium
57File~/xxxxxxxx/xxxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
58Libraryxxxxxxxx.xxxpredictiveMedium
59Libraryxxxxxxxxxxxxxxxx.xxxpredictiveHigh
60Libraryxxxxxx.xxxpredictiveMedium
61Libraryxxxxx.xxxpredictiveMedium
62Libraryxxx/xxxxxxxxx.xxxpredictiveHigh
63ArgumentxxxxxxxxpredictiveMedium
64Argumentxxxxxxx/xxxxxxxxpredictiveHigh
65ArgumentxxxpredictiveLow
66ArgumentxxxxxxxxxxpredictiveMedium
67ArgumentxxxxxxpredictiveLow
68ArgumentxxxxxxxxxxxpredictiveMedium
69ArgumentxxxxxxxpredictiveLow
70ArgumentxxxxxxxxxxpredictiveMedium
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxxpredictiveLow
74ArgumentxxpredictiveLow
75Argumentxxxxxxxx_xxxpredictiveMedium
76ArgumentxxpredictiveLow
77ArgumentxxxxpredictiveLow
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxpredictiveLow
80Argumentxx_xxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82Argumentxxxxxxx_xxpredictiveMedium
83ArgumentxxxpredictiveLow
84ArgumentxxxpredictiveLow
85ArgumentxxxpredictiveLow
86Argument_xxxxxxxxpredictiveMedium
87Input Valuexx%xxxxxxx%xxxxxxxx%xxx,x,xxxxxx_xx%xxxxxx,xxxxx_xxxx,xxxxxx_xxxx%xx,x,x%xxxxxx%xxxxxxxxxxxxx_xxxxxx.xxxxxxx--predictiveHigh
88Network Portxxx/xx (xxxxxx)predictiveHigh

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!