UAC-0165 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (68)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en52
de6
fr6
it2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us34
ua30
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

UAC-01651
BlackEnergy1
Locky1
Sandworm1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
Forum Software10
Web Server6
Content Management System6
Programming Language Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined18
Olaf Noehring4
Cisco4
Itech2
CWP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpBB4
Itech Movie Portal Script2
CWP CentOS Web Panel2
lighttpd2
Ades Design AdesGuestbook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Simple Machines Forum Subs-Package.php server-side request forgery8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002440.04CVE-2019-11574
2Cisco Adaptive Security Device Manager Signature Verification code injection7.57.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.066720.02CVE-2021-1585
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.51CVE-2010-0966
4Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.05CVE-2022-27228
5Simple Machines Forum code injection6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.003960.03CVE-2013-7468
6Simple Machines Forum LogInOut.php code injection8.08.0$0-$5k$0-$5kNot DefinedOfficial Fix0.004890.00CVE-2016-5727
7Simple Machines Forum Packages.php code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002530.03CVE-2016-5726
8Simplemachines SMF SSI.php access control9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004300.00CVE-2011-1127
9KAPhotoservice albums.asp cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10KAPhotoservice edtalbum.asp cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.004990.00CVE-2006-2955
11Best Student Result Management System notice-details.php sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.001720.04CVE-2022-42021
12AGH HTMLsearch search.cgi privileges management7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.021480.00CVE-2002-2113
13vova07 Yii2 FileAPI Widget UploadAction.php run cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.08CVE-2017-20158
14Microsoft SQL Server Privilege Escalation7.56.8$25k-$100k$0-$5kUnprovenOfficial Fix0.012570.00CVE-2022-29143
15Zoho ManageEngine Desktop Central HTTP Redirect information disclosure3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006360.04CVE-2022-23779
16Coppermine Photo Gallery yabbse.inc.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.100260.00CVE-2007-4283
17PHPOpenChat php file inclusion7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.013350.00CVE-2006-4677
18IdeaBox generformlib_date.php privileges management7.36.1$0-$5k$0-$5kUnprovenOfficial Fix0.000000.00
19Olaf Noehring The Search Engine Project pagenavigation.php file inclusion7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007340.00CVE-2006-4085
20Olaf Noehring TSEP Search Engine copyright.php file inclusion5.65.1$0-$5k$0-$5kProof-of-ConceptUnavailable0.190420.00CVE-2006-3993

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1188.72.101.3ns395.dnspure.comUAC-016503/20/2024verifiedHigh
2XXX.XX.XXX.XXxx-xxxx03/20/2024verifiedHigh
3XXX.XX.XXX.XXxxxxx.xx.xxxxxxxxxxx.xxXxx-xxxx03/20/2024verifiedHigh
4XXX.XX.XXX.XXXxxx.xxx.xxXxx-xxxx03/20/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (72)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/mcpredictiveLow
2File/movie.phppredictiveMedium
3File/upresult/upresult/notice-details.phppredictiveHigh
4File/webapps/blogs-journals/execute/editBlogEntrypredictiveHigh
5File/wordpress/wp-admin/admin.phppredictiveHigh
6Fileactions/UploadAction.phppredictiveHigh
7Fileadclick.phppredictiveMedium
8Fileadmin.panoramic.phppredictiveHigh
9Fileadmin/adminsignin.htmlpredictiveHigh
10Filexxxxx/xxxxxx.xxxpredictiveHigh
11Filexxxxx/xxxxx.xxx?xxxxxx=xxxxxxxpredictiveHigh
12Filexxxxx/xxxxxxxx.xxxxpredictiveHigh
13Filexxxxxx.xxxpredictiveMedium
14Filexxxx.xxxpredictiveMedium
15Filexxxxxx/xxxxxx.xxx.xxxpredictiveHigh
16Filexxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxxx.xxxpredictiveMedium
18Filexxxxx.xxxpredictiveMedium
19Filexxxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxxx.xxxpredictiveMedium
21Filexx.xxxpredictiveLow
22Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
23Filexxx/xxxxxx.xxxpredictiveHigh
24Filexxxxx.xxx?xxxxxx=xxxxx;xxxx=xxxxxxxxx;xx=xxxxxxxxpredictiveHigh
25Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
26Filexxxxxx_xxxxxx.xxxpredictiveHigh
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxx.xpredictiveMedium
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxxxxx.xxxpredictiveMedium
36Filexxxxxx.xxxpredictiveMedium
37Filexxx.xxxpredictiveLow
38Filexxx.xxxxxx-xxxxxxpredictiveHigh
39Filexxxx-xxxxxxx.xxxpredictiveHigh
40Filexxxxxx/xxxxxxxx/xxxx.xxxpredictiveHigh
41Filexxxxx.xxxxpredictiveMedium
42Filexxxxxxxxx.xxxpredictiveHigh
43Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveHigh
44Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
45ArgumentxxxxxxxpredictiveLow
46ArgumentxxxxxxxxpredictiveMedium
47Argumentxxxxxx_xxxxpredictiveMedium
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxxxpredictiveLow
51ArgumentxxxxxxxxxxpredictiveMedium
52ArgumentxxxxpredictiveLow
53ArgumentxxxxxxxxpredictiveMedium
54Argumentxxxx_xxxxxpredictiveMedium
55ArgumentxxpredictiveLow
56Argumentxx_xxxxxxxxxxxxxxxpredictiveHigh
57Argumentxxx_xxpredictiveLow
58Argumentxxxxxxxxx_xxxx_xxxxpredictiveHigh
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxxxxxxxxpredictiveHigh
61ArgumentxxxxxxpredictiveLow
62Argumentxxxxxxx_xxpredictiveMedium
63Argumentxxxx_xxxxxxpredictiveMedium
64ArgumentxxxxxxxxxpredictiveMedium
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxxxxxxpredictiveMedium
67ArgumentxxxxxpredictiveLow
68Argumentxxxxx_xxpredictiveMedium
69Argumentxxxxxxxxx_xxxxxxpredictiveHigh
70Argumentxxxx_xxxxxx[xxxxxxx]predictiveHigh
71Input Valuex%xxxxxxx%xxxxx%xxxxxxxx%xxxxxxxx_xx%xxxxxx%xxxx,xx,xx%xx,xxxx%xx%xx,xxxxxxxx%xx%xx,xxxxxxx%xx%xx,%xx@@xxxxxxx%xx,x,x,x--predictiveHigh
72Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!