UAC-0008 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (52)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en36
zh14
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ca22
cn16
es2
us2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

UAC-00084
Pikabot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Content Management System8
Router Operating System4
Operating System4
WordPress Plugin4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Cisco6
Microsoft6
JetBrains2
Opentext2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WPA24
zzcms4
Cisco IOS4
Cisco IOS XE4
Microsoft Windows4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Beaker Sandbox input validation9.18.7$0-$5k$0-$5kNot DefinedOfficial Fix0.004890.00CVE-2020-12079
2Microsoft Windows Netlogon Zerologon privileges management8.48.3$25k-$100k$0-$5kHighOfficial Fix0.450820.09CVE-2020-1472
3zzcms Cookie search.php sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002120.05CVE-2018-18791
4Gila CMS sql sql injection5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.011380.04CVE-2020-5515
5part-db os command injection9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.084270.02CVE-2022-0848
6CMS Made Simple Installation index.php os command injection6.96.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.082850.03CVE-2018-7448
7IBM InfoSphere Information Governance Catalog redirect6.26.2$5k-$25k$5k-$25kNot DefinedNot Defined0.000940.00CVE-2018-1875
8zzcms Parameter dl_sendmail.php sql injection6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.000880.00CVE-2021-40280
9Order Listener for WooCommerce Plugin sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.041310.04CVE-2022-0948
10VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002500.00CVE-2019-13275
11Elefant CMS File Upload drop privileges management6.35.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001030.08CVE-2017-20063
12Piwigo sql injection7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.020010.00CVE-2023-26876
13PaperCut MF/NG libsmb2 access control9.89.7$0-$5k$0-$5kHighOfficial Fix0.970720.03CVE-2023-27350
14IBM WebSphere Application Server Snoop Servlet access control6.56.2$25k-$100k$0-$5kHighOfficial Fix0.002670.02CVE-2012-2170
15Mamboxchange Extended Registration registration_detailed.inc.php file inclusion7.36.4$0-$5k$0-$5kUnprovenUnavailable0.050540.04CVE-2006-5254
16MongoDB networkMessageCompressors memory corruption8.27.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001480.03CVE-2017-15535
17Oracle Retail Data Extractor for Merchandising Knowledge Module certificate validation3.73.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.001910.00CVE-2020-9488
18rest-client Gem Backdoor code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003610.07CVE-2019-15224
19Cisco ASA/Firepower Threat Defense Session Initiation Protocol integer underflow7.17.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001590.00CVE-2019-12678
20Opentext Brava! Enterprise/Brava! Server Permission permission6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001590.00CVE-2019-12270

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.76.85.23245.76.85.232.vultrusercontent.comUAC-000807/21/2022verifiedHigh
2XX.XXX.XXX.XXXxx-xxxx07/21/2022verifiedHigh
3XX.XXX.XX.XXXxxx.xxxx.xxxx.xxXxx-xxxx07/21/2022verifiedHigh
4XX.XXX.XXX.XXxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxx-xxxx07/21/2022verifiedHigh
5XXX.XXX.X.XXXxxxxxxxx.xxxxxx-xx.xxxxxxxxxx.xxxxxxXxx-xxxx07/21/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/sqlpredictiveMedium
2File/cmsms-2.1.6-install.php/index.phppredictiveHigh
3File/filemanager/upload/droppredictiveHigh
4Fileadmin.php?page=history&filter_image_id=predictiveHigh
5Filexxxxx/xx_xxxxxxxx.xxxpredictiveHigh
6Filexxxxxxxx.xpredictiveMedium
7Filexxx.xpredictiveLow
8Filexxx/xxxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxx.x/xxxxxx.xpredictiveHigh
11Filexxxxxxxxxxxx_xxxxxxxx.xxx.xxxpredictiveHigh
12Filexxxx-xxxxxx.xpredictiveHigh
13Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
14Filexx/xxxxxx.xxxpredictiveHigh
15ArgumentxxxxxxxxpredictiveMedium
16Argumentxxxxxx_xxxx_xxpredictiveHigh
17ArgumentxxxxxxxpredictiveLow
18ArgumentxxpredictiveLow
19ArgumentxxxpredictiveLow
20Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
21ArgumentxxxxxpredictiveLow
22ArgumentxxxxxxxxpredictiveMedium
23Network Portxxx/xx (xxx)predictiveMedium
24Network Portxxx/xx (xxxxxx)predictiveHigh
25Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!