UNC5274 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (244)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en186
de24
zh10
pl8
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us232
cn10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

UNC52743

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
Forum Software10
Content Management System10
Programming Language Software6
Chat Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined42
Apple2
DZCP2
SloughFlash2
Steve Korbett2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Phorum4
phpMyAdmin2
Apple tvOS2
OpenBB2
DZCP deV!L`z Clanportal2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.65CVE-2010-0966
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
4TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.31CVE-2006-6168
5PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.03CVE-2007-1287
6Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.65
7Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.08CVE-2020-15906
8Apple Mac OS X Server Wiki Server sql injection5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.003391.53CVE-2015-5911
9Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.21
10PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.35CVE-2007-0529
11WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
12EFS Easy Chat Server HTML Source Code register.php Password information disclosure6.45.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.006010.00CVE-2017-9557
13Phorum register.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.005090.00CVE-2004-0035
14Rocket.Chat Server NoSQL sql injection8.58.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003690.04CVE-2017-1000493
15phpMyAdmin phpinfo.php information disclosure5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.05CVE-2016-9848
16YaBB yabb.pl cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.012400.04CVE-2004-2402
17baserCMS Management System unrestricted upload8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.05CVE-2023-25654
18Sitecore Experience Manager Privilege Escalation8.07.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.892270.07CVE-2023-35813
19Themefic Ultimate Addons for Contact Form 7 Plugin sql injection8.18.0$0-$5k$0-$5kNot DefinedNot Defined0.000760.00CVE-2022-47586
20Redirection for Contact Form 7 Plugin authorization6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.04CVE-2023-39920

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • CVE-2024-1709 / CVE-2023-46747

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
161.239.68.73061239068073.ctinets.comUNC5274CVE-2024-1709 / CVE-2023-4674704/02/2024verifiedHigh
2XXX.XXX.XXX.XXXXxxxxxxXxx-xxxx-xxxx / Xxx-xxxx-xxxxx04/02/2024verifiedHigh
3XXX.XXX.XX.XXXxxxx.xxxxxx.xxXxxxxxxXxx-xxxx-xxxx / Xxx-xxxx-xxxxx04/02/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (71)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/portal/user-register.phppredictiveHigh
2Fileadd.php/del.phppredictiveHigh
3Fileaddentry.phppredictiveMedium
4Fileadmin/conf_users_edit.phppredictiveHigh
5Fileadmin/page-login.phppredictiveHigh
6Filebase_maintenance.phppredictiveHigh
7Fileclassified_right.phppredictiveHigh
8Filecloud.phppredictiveMedium
9Filedata/gbconfiguration.datpredictiveHigh
10Fileemail.phppredictiveMedium
11Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
12Filexxxx.xxxpredictiveMedium
13Filexxxx.xxxpredictiveMedium
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxx/xxxxxx.xxxpredictiveHigh
16Filexxxxx.xxxxpredictiveMedium
17Filexxxx.xxx.xxxpredictiveMedium
18Filexxxxxxxxx/xxxxxxx.xpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxx.xxxpredictiveMedium
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxxx.xxpredictiveMedium
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxxxxxxx.xxxpredictiveMedium
25Filexxxxxxxx.xxxpredictiveMedium
26Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
27Filexxxxxxxx_xxxx.xxxpredictiveHigh
28Filexxxxxx_xxxxxx.xxxpredictiveHigh
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxxxxx.xxx/xxxxxxx.xxxpredictiveHigh
31Filexxxxxxxx.xxxxx.xxxpredictiveHigh
32Filexxxx-xxxxx.xxxpredictiveHigh
33Filexxxx-xxxxxxxx.xxxpredictiveHigh
34Filexxxx/xxxxxxxx.xxxpredictiveHigh
35Filexxxx.xxxpredictiveMedium
36Filexxxx/xxxxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
39Filexx-xxxxxxxx.xxxpredictiveHigh
40Filexxxx.xxpredictiveLow
41Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
42Argumentx_xxxxxxpredictiveMedium
43ArgumentxxxxxxxxpredictiveMedium
44ArgumentxxxxxpredictiveLow
45ArgumentxxxxxxxxxxpredictiveMedium
46Argumentxxxxxxxxx[x]predictiveMedium
47ArgumentxxxxxxxpredictiveLow
48Argumentxxx_x_xxxpredictiveMedium
49Argumentx_xxxxxxx_xxxpredictiveHigh
50ArgumentxxxxxpredictiveLow
51ArgumentxxxxxpredictiveLow
52Argumentxxxx_xxxxxpredictiveMedium
53ArgumentxxpredictiveLow
54Argumentxxxxxxxxx-xxxxxxx/xxxxxxxxx/xxxxxxxxxxpredictiveHigh
55Argumentxxxxxxxx_xxxpredictiveMedium
56ArgumentxxxxpredictiveLow
57Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
58ArgumentxxxxxxpredictiveLow
59ArgumentxxpredictiveLow
60ArgumentxxxxpredictiveLow
61ArgumentxxxxxxxxxxpredictiveMedium
62ArgumentxxxpredictiveLow
63ArgumentxxxxxxxxxxpredictiveMedium
64ArgumentxxxpredictiveLow
65ArgumentxxxxxxxxxpredictiveMedium
66ArgumentxxxxxpredictiveLow
67ArgumentxxxpredictiveLow
68Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
69Argumentxxxx_xxxxxpredictiveMedium
70Argumentxxxx_xxpredictiveLow
71Argument_xxxxxx[xxxx_xxxx]predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!