UAC-0184 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (38)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
zh14
ru2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn16
us16
gb2
ru2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Meterpreter3
UAC-01843
RecordBreaker2
Meduza Stealer2
Darktrack RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Database Administration Software4
Content Management System4
WordPress Plugin2
Groupware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Apache4
Microsoft2
Huawei2
Citrix2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

phpMyAdmin4
WordPress4
WP-ViperGB Plugin2
Microsoft Exchange Server2
Huawei EMUI2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.535130.04CVE-2019-11248
2Jamf Pro Access Control doc improper authentication7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2018-10465
3GNU Mailman Alias path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030560.03CVE-2015-2775
4ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.08CVE-2021-29099
5Matomo Plugin cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2023-6923
6Asus RT-AC56U out-of-bounds write8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.000730.07CVE-2022-25596
7Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.968690.04CVE-2023-4966
8phpMyAdmin cross-site request forgery5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.02CVE-2019-12616
9Gitea session expiration5.65.6$0-$5k$0-$5kNot DefinedNot Defined0.001680.00CVE-2021-45330
10phpMyAdmin Privileges.php sql injection7.17.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001450.09CVE-2020-10804
11GLPI Telemetry Endpoint telemetry.php information disclosure5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001450.02CVE-2021-39211
12Check Point Mobile Access/SSL VPN Portal Agent os command injection5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001180.02CVE-2021-30358
13Array Networks ArrayOS command injection9.39.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.04CVE-2022-42897
14Huawei EMUI/Magic UI WMS API denial of service5.55.5$5k-$25k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-37241
15WordPress Update URI Plugin Header Remote Code Execution7.87.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.006830.09CVE-2021-44223
16EMQ X Dashboard auth information disclosure3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000950.04CVE-2021-46434
17ThinkPHP Language Pack pearcmd.php file inclusion8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.041530.04CVE-2022-47945
18DNN path traversal4.24.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.03CVE-2022-2922
19Telegram Web cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000750.04CVE-2022-43363
20VMware Tools improper authentication3.93.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001590.00CVE-2023-20867

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.120.177.220UAC-018403/20/2024verifiedHigh
2XX.XXX.XX.XXXXxx-xxxx03/20/2024verifiedHigh
3XX.XXX.XX.XXxxxxx.xx.xxxxxxxxxxxxxxxxx.xxxxXxx-xxxx03/20/2024verifiedHigh
4XXX.XX.XX.XXXXxx-xxxx03/20/2024verifiedHigh
5XXX.XX.XX.XXXXxx-xxxx03/20/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api /v3/authpredictiveHigh
2File/debug/pprofpredictiveMedium
3File/oauth/idp/.well-known/openid-configurationpredictiveHigh
4File/xxxx/xxxpredictiveMedium
5Filexxxx/xxxxxxxxx.xxxpredictiveHigh
6FilexxxxpredictiveLow
7Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxx/xxx/xxx_xxx/xxxxxx/xxx_xxxxxx_xxxxx.xpredictiveHigh
10Argumentxxxxxxx-xxxxxxpredictiveHigh
11ArgumentxxxxxxxxpredictiveMedium
12ArgumentxxxxxxpredictiveLow
13ArgumentxxxxpredictiveLow
14ArgumentxxxxxpredictiveLow
15Input Valuexxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!