UNC4736 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (20)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	20

Country

us	20

Actors

Sofacy	1
APT28	1
Grizzly Steppe	1
UNC4736	1

Activities

Interest

Timeline

Type

Smartphone Operating System	6
Content Management System	6
Not Defined	4
Policy Management Software	2
Groupware Software	2

Vendor

Not Defined	8
LG	6
IBM	2
Martin Diphoorn	2
VMware	2

Product

LG Mobile Devices	6
Drupal	4
IBM Security Guardium Insights	2
Martin Diphoorn Com Ds-syndicate	2
WordPress	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	WordPress class-wp-customize-widgets.php privileges management	7.3	6.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.07158	0.03	CVE-2014-5203
2	LG Mobile Devices input validation	6.4	6.4	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00082	0.00	CVE-2020-25063
3	LG Mobile Devices VZW Network privileges management	8.5	8.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00106	0.00	CVE-2020-25061
4	LG Mobile Devices Automated Testing unknown vulnerability	7.5	7.5	$25k-$100k	$5k-$25k	Not Defined	Not Defined	0.00066	0.00	CVE-2020-25064
5	LG Mobile Devices Privileges privileges management	6.5	6.5	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00042	0.00	CVE-2020-25060
6	IBM Security Guardium Insights risky encryption	6.4	6.4	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.00107	0.00	CVE-2020-4169
7	Projects World Travel Management System Pic Upload updatesubcategory.php unrestricted upload	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00940	0.00	CVE-2020-24203
8	WordPress pluggable.php cross-site request forgery	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00154	0.00	CVE-2014-5204
9	Boa Terminal input validation	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02395	0.05	CVE-2009-4496
10	tibbr Community/tibbr Enterprise SAML access control	7.2	7.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00065	0.00	CVE-2017-5530
11	VMware Zimbra Collaboration Suite Ajx%20TemplateMsg.js.zgz path traversal	5.3	5.3	$5k-$25k	$0-$5k	High	Not Defined	0.97337	0.05	CVE-2013-7091
12	TP-Link TL-WR840N Administration Console cross-site request forgery	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00166	0.00	CVE-2014-9510
13	AnyMacro AnyMacro Mail System path traversal	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00248	0.02	CVE-2011-2468
14	Com Yvcomment index.php sql injection	7.3	7.0	$0-$5k	$0-$5k	High	Official Fix	0.00107	0.00	CVE-2008-2692
15	WPML Comment feed sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01262	0.05	CVE-2015-2314
16	WordPress ZipArchive/PclZip path traversal	7.0	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00474	0.03	CVE-2017-14719
17	Drupal System Module Reflected 7pk security	6.4	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00263	0.03	CVE-2016-3168
18	Drupal File Module access control	8.1	7.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00180	0.00	CVE-2016-3162
19	Martin Diphoorn Com Ds-syndicate index2.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00212	0.00	CVE-2008-4623

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	89.45.67.160		UNC4736		12/27/2023	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1068	CAPEC-122	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	predictive	High
3	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	High
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-20	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (11)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	comments/feed	predictive	High
2	File	index.php	predictive	Medium
3	File	xxxxxx.xxx	predictive	Medium
4	File	xxx/xxxxxxx/xxxxxx/xxxx/xxxxx/xxxxxxx/xxxxxx/xxxxx/xxx%xxxxxxxxxxxxx.xx.xxx	predictive	High
5	File	xxxxxxxxxxxxxxxxx.xxx	predictive	High
6	File	xx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxx	predictive	High
7	File	xx-xxxxxxxx/xxxxxxxxx.xxx	predictive	High
8	Argument	xxxxxxxxx	predictive	Medium
9	Argument	xxxx_xx	predictive	Low
10	Argument	xxxx	predictive	Low
11	Argument	xxxx	predictive	Low

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!