UAC-0051 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (165)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en98
es34
zh10
it6
sv4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

es34
cn14
it6
sv4
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TrickBot1
UAC-00511

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined40
Content Management System10
Forum Software8
Messaging Software2
Project Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
Apache6
Invisionpower2
Cisco2
Ecomm2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

MyBB6
SignKorn Guestbook4
Apache Ambari4
Invisionpower IP.Board2
Cisco Prime Security Manager2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Softbiz FAQ Script add_comment.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.013020.02CVE-2005-3938
2Joels Bulletin Board newtopic.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.06
3Michael Barretto Cardboard input validation7.37.1$0-$5k$0-$5kNot DefinedUnavailable0.008890.00CVE-2001-1584
4WoltLab Burning Board Lite search.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002640.00CVE-2007-6518
5Forumer / IPB Board Show Topic index.php sql injection7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
6MyBB moderation.php cross-site request forgery6.36.1$5k-$25k$0-$5kHighUnavailable0.002140.00CVE-2008-7082
7Toms-seiten.at Toms Gästebuch header.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.004090.00CVE-2007-4896
8Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.005990.07CVE-2006-6746
9Cisco Prime Network Registrar cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.001350.00CVE-2013-3394
10EMC Document Sciences xPression Dashboard path traversal4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001550.00CVE-2013-6177
11MyBB reputation.php sql injection7.37.3$5k-$25k$0-$5kNot DefinedNot Defined0.006200.00CVE-2005-1833
12WordPress Comment Status options-discussion.php cross-site request forgery4.34.1$5k-$25k$0-$5kHighOfficial Fix0.001120.00CVE-2013-7233
13WordPress options-discussion.php denial of service5.35.1$5k-$25k$0-$5kHighOfficial Fix0.000000.00
14W2b phpAdBoard File Upload index.php access control7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.092360.00CVE-2008-6921
15Flat PHP Board path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.01
161Two Livre d Or guestbook.php cross site scripting6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.004570.00CVE-2005-1644
17Microsoft Windows Remote Desktop Web Access cross site scripting5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.841120.00CVE-2011-1263
18Tableau Server Log File log file6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001490.00CVE-2020-6938
19ONLYOFFICE Document Server JWT upload pathname traversal8.07.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028230.02CVE-2021-3199
20DedeCMS article_coonepage_rule.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.002070.04CVE-2022-23337

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.175.158.27UAC-005107/21/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/portalpredictiveHigh
2File/index.phppredictiveMedium
3File/iwguestbook/admin/badwords_edit.asppredictiveHigh
4File/uploadpredictiveLow
5File/_nextpredictiveLow
6Fileadd.phppredictiveLow
7Fileadd_comment.phppredictiveHigh
8Fileadmin/admin.phppredictiveHigh
9Fileadmin/adminsignin.htmlpredictiveHigh
10Filexxxxx/xxxxxxxx.xxxpredictiveHigh
11Filexxxxx/xxxxxx.xxxpredictiveHigh
12Filexxxxx/xxxxxx.xxxpredictiveHigh
13Filexxxxx/xxxxxxxx.xxxxpredictiveHigh
14Filexxxxxxx_xxxxxxxxx_xxxx.xxxpredictiveHigh
15Filexxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxx/xxx_xxxxx/xxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx/xxx/xxx_xxxxxxx.xpredictiveHigh
18Filexx_xxxxxx.xxx.xxxpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxxx.xxxpredictiveMedium
21Filexxxxxx.xxxpredictiveMedium
22Filexxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxx.xxx/xxxxxx.xxx/xxxxxxxxxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxx_xxx_xxxx.xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxx.xxxpredictiveMedium
33Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
34FilexxxxxxpredictiveLow
35Filexxxxxx/xxxxxxxx/xxxxxx.xxxpredictiveHigh
36Filexxxxxx/xxxxx.xxxpredictiveHigh
37Filexxxxxx.xxxpredictiveMedium
38Filexx-xxxxx/xxxxxxx-xxxxxxxxxx.xxxpredictiveHigh
39ArgumentxxxxxxxxpredictiveMedium
40ArgumentxxxxxxpredictiveLow
41ArgumentxxxxxxxxpredictiveMedium
42ArgumentxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxxpredictiveMedium
44Argumentxxx_xxxxpredictiveMedium
45ArgumentxxxxxxpredictiveLow
46Argumentxxxxx[xxxxxxxx]predictiveHigh
47ArgumentxxxxxpredictiveLow
48Argumentxxxxx_xxpredictiveMedium
49ArgumentxxxxxxxxxxxxpredictiveMedium
50ArgumentxxpredictiveLow
51ArgumentxxxxxpredictiveLow
52ArgumentxxxpredictiveLow
53Argumentxx_xxxxpredictiveLow
54Argumentxxx_xxpredictiveLow
55Argumentxx_xxxx_xxxpredictiveMedium
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxxxxxxxpredictiveHigh
58ArgumentxxxxxxpredictiveLow
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxxxpredictiveMedium
61ArgumentxxxpredictiveLow
62ArgumentxxxxxxxxxpredictiveMedium
63Argumentxxxx_xxxxxxpredictiveMedium
64ArgumentxxxxxxxpredictiveLow
65Argumentxxxxxxxxx_xxxxxxpredictiveHigh
66Argumentxxx_xxx_xxxxxxpredictiveHigh
67ArgumentxxxxxxxxpredictiveMedium
68Input Valuex+xxxxx+xxxxxx+x,xxxxxxx,xxxxxxxxxxx+xxxx+xxxxx#predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!