UAC-0099 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (395)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en362
jp12
es10
it4
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

gb30
us20
jp12
es6
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

UAC-00996
Fareit1
Socks5 Systemz1
Meterpreter1
Bashlite1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined48
Operating System8
Web Server8
Smartphone Operating System6
Content Management System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Microsoft8
Apple4
Apache4
Joomla4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
Advanced Guestbook6
Apache HTTP Server4
Joomla CMS4
Emerson DeltaV Distributed Control System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Simple Machines Forum Access Restriction PersonalMessage.php MessageSearch2 access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.00CVE-2018-10305
2Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
3DM Guestbook ch_lng.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.044030.02CVE-2007-5821
4Advanced Guestbook index.php path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.05
5DM Guestbook glob_new.php path traversal7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.044030.02CVE-2007-5821
6Advanced Guestbook htaccess path traversal5.65.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.041620.08CVE-2007-0609
7212cafe Guestbook show.php cross site scripting6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.004880.00CVE-2007-0542
8Nordex Control 2 SCADA Wind Farm Portal Application cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002770.04CVE-2015-6477
9Upoint @1 File Store signup.php cross site scripting5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.006140.00CVE-2006-1277
10Cold BBS access control5.34.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.007260.00CVE-2008-5597
11MT312 IMG-BBS model.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.002200.03CVE-2009-1881
12Western Digital WD My Cloud Mirror Login improper authentication7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
13Let's PHP! p++BBS cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.05CVE-2015-7783
14BlackBoard Learn redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001050.04CVE-2017-18262
15Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.26
16EmbedPress Plugin cross site scripting4.24.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.02CVE-2023-5750
17JFinalCMS file path traversal5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001340.00CVE-2023-50449
18Google Android U-Boot Shell Privilege Escalation7.67.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000610.05CVE-2023-48424
19Document Foundation LibreOffice GStreamer input validation7.47.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2023-6185
20Hitachi Vantara System Management Unit SMU Configuration Backup improper authorization6.86.7$0-$5k$0-$5kNot DefinedOfficial Fix0.007430.05CVE-2023-6538

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-38831

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.59.222.98UAC-0099CVE-2023-3883112/27/2023verifiedHigh
245.148.121.6UAC-009903/20/2024verifiedHigh
3XX.XXX.XXX.XXxx-xxx-xxx-xx.xxx.xxxxxxxxxxxx.xxXxx-xxxx03/20/2024verifiedHigh
4XXX.XX.XX.XXXxx-xxxxXxx-xxxx-xxxxx12/27/2023verifiedHigh
5XXX.XX.XXX.XXXxxx.xxx.xx.xxx.xxxxxxx.xxxxxx.xxxXxx-xxxx03/20/2024verifiedHigh
6XXX.XX.XXX.XXXXxx-xxxx03/20/2024verifiedHigh
7XXX.XXX.XXX.XXxx-xxxxXxx-xxxx-xxxxx12/27/2023verifiedHigh
8XXX.XX.XXX.XXXxxxxx-xxxxxxxxxxxxxx-xxxxxxx.xxxxxx-xx-xxxxx.xxxXxx-xxxx03/20/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-102CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-142CWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh

IOA - Indicator of Attack (55)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.ssh/authorized_keyspredictiveHigh
2File/anony/mjpg.cgipredictiveHigh
3File/common/down/filepredictiveHigh
4File/forum/away.phppredictiveHigh
5File/psrs/admin/categories/manage_field_order.phppredictiveHigh
6File/uncpath/predictiveMedium
7Fileadmin.phppredictiveMedium
8Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
9Filexxxx/xx_xxx.xxxpredictiveHigh
10Filexxxx/xxxx_xxx.xxxpredictiveHigh
11Filexxxxx.xxxpredictiveMedium
12Filexxxx.xpredictiveLow
13Filexxxx.xxpredictiveLow
14Filexxxxxxxxx/xxxxxxxxx.xpredictiveHigh
15Filexxxx_xxxx.xpredictiveMedium
16Filexxxxx.xxxpredictiveMedium
17Filexxxxx.xxxpredictiveMedium
18Filexxxxx.xxxxpredictiveMedium
19Filexx/xxxx.xpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxx_xxxxx.xpredictiveMedium
22Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxxxx.xxpredictiveHigh
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxx_xxxxxxxx.xxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxxxxxxxx/xxxxxx/xxxxxxx.xxxxpredictiveHigh
29Filexxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxx/xx-xxxx-xxxxxxxx-xxxxxxxxxx-xxxxxxx/xxxxxxx/xxxxxxxxxxxxxxx?xxxxxxxxxpredictiveHigh
31ArgumentxxxxxxpredictiveLow
32ArgumentxxxxpredictiveLow
33ArgumentxxxxxxxpredictiveLow
34ArgumentxxxxxxpredictiveLow
35Argumentxxxx/xxxx/xxxxx/xxxxxpredictiveHigh
36ArgumentxxxxxxxpredictiveLow
37Argumentxx_xxxpredictiveLow
38ArgumentxxpredictiveLow
39ArgumentxxxxxxxpredictiveLow
40ArgumentxxxxpredictiveLow
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxpredictiveLow
43Argumentxxxxxxxx_xxxxxpredictiveHigh
44Argumentxxxxxx_xxxxpredictiveMedium
45ArgumentxxxxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxxxxxpredictiveMedium
48ArgumentxxxxxxxxxpredictiveMedium
49ArgumentxxxpredictiveLow
50ArgumentxxxxpredictiveLow
51Argumentxxxxxxxx/xxxxxxxpredictiveHigh
52Input Value../predictiveLow
53Input Value/%xxpredictiveLow
54Input Value[]-x.xx-xxxxxxxxxxpredictiveHigh
55Network Portxxx xxxxxx xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!