UNC5174 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh10
en6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

UNC51741

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined6
Content Management System4
Operating System2
Web Browser2
Firewall Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Microsoft4
Joomla2
Octopus2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows2
h5ai2
Joomla CMS2
Web2py2
Grafana2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1OpenStack Nova noVNC redirect4.94.7$0-$5k$0-$5kNot DefinedOfficial Fix0.925960.04CVE-2021-3654
2Grafana GeoMap Plugin cross site scripting5.45.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000670.03CVE-2023-0507
3Grafana race condition7.87.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001920.03CVE-2022-39328
4h5ai unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.033150.04CVE-2015-3203
5Apache Tomcat AJP Connector Ghostcat input validation8.58.4$5k-$25k$0-$5kHighOfficial Fix0.973840.00CVE-2020-1938
6Octopus Server/Server Web Request Proxy information disclosure2.12.1$0-$5k$0-$5kNot DefinedNot Defined0.001680.00CVE-2021-31820
7Apache HTTP Server HTTP/2 Request request smuggling6.46.4$5k-$25k$5k-$25kNot DefinedNot Defined0.006060.00CVE-2020-9490
8WordPress FilteredIterator.php deserialization7.67.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.007120.04CVE-2020-28032
9WordPress Installation functions.php is_blog_installed access control8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.024210.04CVE-2020-28037
10WordPress XML-RPC class-wp-xmlrpc-server.php access control8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.007310.03CVE-2020-28036
11Web2py utils.py secure_load Stored deserialization7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020670.04CVE-2016-3957
12GitLab Enterprise Edition Project Import information disclosure5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000850.00CVE-2020-6832
13Microsoft Internet Explorer Scripting Engine memory corruption6.76.6$25k-$100k$5k-$25kHighOfficial Fix0.058890.03CVE-2020-0968
14Joomla CMS sql injection7.37.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001190.00CVE-2014-7981
15Northern.tech CFEngine Enterprise cross site scripting5.24.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.00CVE-2019-19394
16Microsoft Windows Graphics Device Interface GDI32.dll information disclosure5.85.7$25k-$100k$0-$5kNot DefinedOfficial Fix0.071380.00CVE-2016-0008

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2023-46747

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1172.104.124.74li1734-74.members.linode.comUNC5174CVE-2023-4674704/02/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2T1068CWE-264Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (6)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filegluon/utils.pypredictiveHigh
2Filewp-includes/class-wp-xmlrpc-server.phppredictiveHigh
3Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
4Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
5Libraryxxxxx.xxxpredictiveMedium
6ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!