UAC-0063 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (65)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en52
zh8
ru6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us20
cn18
ru12
id2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

UAC-00635
RecordBreaker2
IcedID2
Raccoon2
PhotoLoader2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined32
Programming Language Software4
Web Server4
Router Operating System4
Log Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
Apache8
Modpagespeed2
Microstrategy2
Lenovo2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache Shiro4
Modpagespeed Mod Pagespeed2
Cacti2
PHP Pro Publish2
Microstrategy Web2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.04CVE-2021-29099
2FusionPBX fax_send.php command injection7.67.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001210.02CVE-2022-35153
3Dropbear TCP Listener double free7.26.8$0-$5k$0-$5kNot DefinedOfficial Fix0.004990.03CVE-2017-9078
4VideoWhisper Live Streaming Integration plugin htmlchat.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2014-2297
5Sinapsitech Esolar Duo Photovoltaic System Monitor Firmware ping.php access control9.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.269970.00CVE-2012-5863
6Shenzhen Reachfar information disclosure6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001030.02CVE-2023-5499
7gatsby-plugin-sharp path traversal4.34.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000750.00CVE-2023-30548
8YFCMF Ajax.php path traversal6.16.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-3057
9Adobe ColdFusion access control8.68.5$0-$5k$0-$5kNot DefinedOfficial Fix0.963530.04CVE-2023-26360
10CloudPanel 2 File Manager improper authentication8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.509140.02CVE-2023-35885
11Chamilo LMS wsConvertPpt command injection7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.938540.03CVE-2023-34960
12PHP File Upload form-data Remote Code Execution8.87.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.937530.02CVE-2005-3390
13VMware vCenter Server/Cloud Foundation DCERPC Protocol uninitialized pointer8.78.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.001100.06CVE-2023-20892
14Apache Shiro API path traversal8.07.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000710.05CVE-2023-34478
15Huawei E5186 4G LTE Router DNS Query Packet input validation7.06.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.003250.04CVE-2015-8265
16PHP mysqli_real_escape_string integer overflow8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.009320.04CVE-2017-9120
17Juniper Web Device Manager Authentication hard-coded credentials9.89.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.04
18FusionPBX login.php cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001470.00CVE-2021-37524
19Apache Dubbo deserialization7.67.6$5k-$25k$5k-$25kNot DefinedNot Defined0.011340.00CVE-2022-39198
20PowerEasy SiteWeaver User_ChkLogin.asp cross site scripting4.34.1$0-$5kCalculatingProof-of-ConceptNot Defined0.002030.00CVE-2010-1655

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
179.124.60.180ip-60-180.4vendeta.comUAC-006303/20/2024verifiedHigh
2XX.XX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
3XXX.XXX.XX.XXxxx-xxx-xx-xx.xx.xxxxxxxxxxxxxxxxx.xxxXxx-xxxx03/20/2024verifiedHigh
4XXX.XXX.XXX.XXxx-xxxx03/20/2024verifiedHigh
5XXX.XXX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1CAPEC-10CWE-20, CWE-119, CWE-120, CWE-189, CWE-190, CWE-287, CWE-305, CWE-362, CWE-367, CWE-400, CWE-404, CWE-415, CWE-476, CWE-502, CWE-787, CWE-824, CWE-843, CWE-908, CWE-918Unknown VulnerabilitypredictiveHigh
2T1006CAPEC-126CWE-22, CWE-23, CWE-24Path TraversalpredictiveHigh
3T1059.007CAPEC-10CWE-74, CWE-79, CWE-80, CWE-707Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXX, CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-0CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-10CWE-XX, CWE-XX, CWE-XXXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-114CWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-0CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
12TXXXX.XXXCAPEC-19CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (35)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/dbhcms/ext/news/ext.news.be.phppredictiveHigh
2File/fax/fax_send.phppredictiveHigh
3File/iftype/predictiveMedium
4File/tmp/csman/0predictiveMedium
5File/uapi/docpredictiveMedium
6File/xxxxxxxx/xxxxxxx/xxxxxxxpredictiveHigh
7Filexxx/xxxxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
8Filexxx.xxxpredictiveLow
9Filex_xxxxxxxx_xxxxxpredictiveHigh
10Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
11Filexxxx/predictiveLow
12Filexx/xxxxxxxx.xxxpredictiveHigh
13Filexxxxxxxxx/xxxx-xxxxpredictiveHigh
14Filexxxxxxxx.xxxx/xxxx.xxxxpredictiveHigh
15Filexxxxxxx/xxxxx.xxxpredictiveHigh
16Filexxxx.xxxpredictiveMedium
17Filexxxxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxx/xxxxx.xxxpredictiveHigh
19Filexxxxxx.xxxpredictiveMedium
20Filexxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
21ArgumentxxxxxxxpredictiveLow
22ArgumentxxxxxxxpredictiveLow
23ArgumentxxxxxxxxxxxxxxpredictiveHigh
24ArgumentxxxxpredictiveLow
25Argumentxxxx_xxxpredictiveMedium
26Argumentxx_xxxxxxxpredictiveMedium
27Argumentx_xxxxxxxxpredictiveMedium
28ArgumentxxxxpredictiveLow
29ArgumentxxxxpredictiveLow
30Argumentxxxxxxx[xxxx]predictiveHigh
31ArgumentxxxxxxxpredictiveLow
32ArgumentxxxxpredictiveLow
33Input Value../..predictiveLow
34Pattern|xx xx xx xx xx xx xx xx|predictiveHigh
35Pattern|xx xx xx|predictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!