UAC-0184 Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (51)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

zh26
en24
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn26
us24
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Meterpreter3
UAC-01843
RecordBreaker2
Meduza Stealer2
Darktrack RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined26
WordPress Plugin6
Automation Software2
Content Management System2
Programming Language Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
Microsoft4
Array Networks2
MZ Automation2
Telegram2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WallacePOS2
Jamf Pro2
Array Networks ArrayOS2
automad2
MZ Automation libiec618502

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.556250.03CVE-2019-11248
2Contact Form 7 Plugin unrestricted upload6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.001610.03CVE-2023-6449
3Jamf Pro Access Control doc improper authentication7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2018-10465
4ESRI Portal for ArcGIS path traversal7.17.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001950.14CVE-2022-38205
5CodeIgniter code injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001610.11CVE-2023-32692
6Plone privileges management8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003710.00CVE-2020-7941
7Google Chrome V8 out-of-bounds write6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.034850.29CVE-2024-4761
8Jamf Pro Deserialization deserialization8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.012020.00CVE-2019-17076
9WallacePOS File Upload unrestricted upload6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003910.00CVE-2019-3960
10Progress Sitefinity Password Recovery password recovery9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.002220.05CVE-2019-17392
11Progress Telerik UI for ASP.NET AJAX/Sitefinity Telerik.Web.UI.dll cryptographic issues8.07.9$0-$5k$0-$5kHighOfficial Fix0.178940.03CVE-2017-9248
12WordPress wp_crop_image path traversal5.95.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.955640.05CVE-2019-8943
13Yoast SEO Plugin cross site scripting4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2023-40680
14Magento Layout Update access control7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001180.00CVE-2021-41144
15GNU Mailman Alias path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030560.03CVE-2015-2775
16ArcGIS Server sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000730.05CVE-2021-29099
17Matomo Plugin cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2023-6923
18Asus RT-AC56U out-of-bounds write8.88.6$0-$5k$0-$5kNot DefinedNot Defined0.000730.04CVE-2022-25596
19Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.967100.03CVE-2023-4966
20phpMyAdmin cross-site request forgery5.45.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.016960.04CVE-2019-12616

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.120.177.220UAC-018403/20/2024verifiedHigh
2XX.XXX.XX.XXXXxx-xxxx03/20/2024verifiedHigh
3XX.XXX.XX.XXxxxxx.xx.xxxxxxxxxxxxxxxxx.xxxxXxx-xxxx03/20/2024verifiedHigh
4XXX.XX.XX.XXXXxx-xxxx03/20/2024verifiedHigh
5XXX.XX.XX.XXXXxx-xxxx03/20/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api /v3/authpredictiveHigh
2File/debug/pprofpredictiveMedium
3File/oauth/idp/.well-known/openid-configurationpredictiveHigh
4File/xxxx/xxxpredictiveMedium
5Filexxxx/xxxxxxxxx.xxxpredictiveHigh
6FilexxxxpredictiveLow
7Filexxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxx/xxx/xxx_xxx/xxxxxx/xxx_xxxxxx_xxxxx.xpredictiveHigh
10Libraryxxxxxxx.xxx.xx.xxxpredictiveHigh
11Argumentxxxxxxx-xxxxxxpredictiveHigh
12ArgumentxxxxxxxxpredictiveMedium
13ArgumentxxxxxxpredictiveLow
14ArgumentxxxxpredictiveLow
15ArgumentxxxxxpredictiveLow
16Input Value.xxx?/../../xxxx.xxxpredictiveHigh
17Input Valuexxxx</xxxxx><xxxxxx>xxxxx("xxxx")</xxxxxx><xxxxx>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!