Koobface Analysis

IOB - Indicator of Behavior (157)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en138
es10
sv4
it2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apache HTTP Server6
OpenSSH6
Microsoft Windows6
Linux Kernel4
nginx4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.30
2Microsoft IIS uncpath cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003410.00CVE-2017-0055
3OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.30CVE-2005-1612
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.012980.42CVE-2010-0966
5SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.25CVE-2022-28959
6TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.78CVE-2006-6168
7Francisco Burzi PHP-Nuke File case.filemanager.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.005750.00CVE-2001-0854
8lighttpd Log File http_auth.c injection7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007740.03CVE-2015-3200
9OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.25CVE-2016-6210
10Signal App RTLO injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003950.00CVE-2022-28345
11Cryptshare Server Delete Personal Data Page cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2021-3150
12Dell EMC iDRAC7/iDRAC8 injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.018750.03CVE-2018-1207
13Linux Kernel do_open_permission access control5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2009-3286
14nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000920.04CVE-2016-1247
15Apache Xerces-C XMLReader.cpp memory corruption9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.023960.00CVE-2016-0729
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.021470.00CVE-2007-1192
17Site Editor Plugin path traversal6.45.8$0-$5k$0-$5kProof-of-ConceptUnavailable0.947110.04CVE-2018-7422
18Fortinet FortiOS/FortiProxy FortiGate SSL-VPN heap-based overflow9.89.7$25k-$100k$25k-$100kHighOfficial Fix0.133260.03CVE-2023-27997
19ZIPFoundation ZIP File path traversal7.06.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000510.04CVE-2023-39138
20pkp ojs cross site scripting2.92.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000450.08CVE-2023-5894

IOC - Indicator of Compromise (86)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
141.214.183.130Koobface07/09/2022verifiedMedium
258.241.255.37Koobface07/09/2022verifiedMedium
362.0.134.79HFA62-0-134-79.bb.netvision.net.ilKoobface07/09/2022verifiedMedium
467.225.102.10567-225-102-105.prna.hsdb.sasknet.sk.caKoobface07/09/2022verifiedMedium
577.70.108.163Koobface07/09/2022verifiedMedium
677.78.197.176cable-77-78-197-176.static.telemach.baKoobface07/09/2022verifiedMedium
777.127.81.103Koobface07/09/2022verifiedMedium
877.239.21.34cable-77-239-0-34.dynamic.telemach.baKoobface07/09/2022verifiedLow
978.1.251.2678-1-251-26.adsl.net.t-com.hrKoobface07/09/2022verifiedLow
1078.3.42.9978-3-42-99.adsl.net.t-com.hrKoobface07/09/2022verifiedLow
1178.90.85.7Koobface07/09/2022verifiedMedium
1278.183.143.18878.183.143.188.dynamic.ttnet.com.trKoobface07/09/2022verifiedLow
1379.113.8.10779-113-8-107.rdsnet.roKoobface07/09/2022verifiedMedium
1479.130.252.204athedsl-4426972.home.otenet.grKoobface07/09/2022verifiedLow
1579.131.26.192athedsl-377538.home.otenet.grKoobface07/09/2022verifiedLow
1679.138.184.25379.138.184.253.bredband.tre.seKoobface07/09/2022verifiedMedium
1779.173.242.22479.173.x.224.go.com.joKoobface07/09/2022verifiedMedium
1879.175.101.2879-175-101-28.adsl-a-1.sezampro.rsKoobface07/09/2022verifiedLow
19XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
20XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
21XX.XXX.XXX.XXXxxx-xxx-xxx-xx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedLow
22XX.XX.XX.Xxxx-xx-x.xxxx.xxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
23XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
24XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
25XX.XX.XX.XXXxxxx-xxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxxxxxx-xx.xxXxxxxxxx07/09/2022verifiedLow
26XX.XXX.X.XXxxx-xx-xxx-x-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
27XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedLow
28XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
29XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedLow
30XX.XXX.XX.XXXxxxx-xxx.xx.xxx.xx.xxxxxx.xxXxxxxxxx07/09/2022verifiedLow
31XX.XX.XXX.XXXxxxx-xxxx-xxxxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedLow
32XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedLow
33XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedLow
34XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxx.xxxxxx.xxXxxxxxxx07/09/2022verifiedMedium
35XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
36XX.XX.XX.XXxx.xx.xx.xx.xxxxx.xxx.xxx.xxXxxxxxxx07/09/2022verifiedLow
37XX.XXX.XXX.XXxxxxxxx-xxxxx.xxxx.xxxxxx.xxXxxxxxxx07/09/2022verifiedLow
38XX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedMedium
39XX.XXX.XX.XXXxx-xxx-xx-xxx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
40XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
41XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
42XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
43XX.XXX.XX.XXxx-xxx-xx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
44XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedLow
45XX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedLow
46XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedLow
47XX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedMedium
48XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxx.xxxx.xxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
49XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxx.xxXxxxxxxx07/09/2022verifiedMedium
50XX.XX.XXX.XXXxxxxxxx07/09/2022verifiedMedium
51XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxx.xx.xxXxxxxxxx07/09/2022verifiedMedium
52XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedLow
53XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedLow
54XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxx.xxx.x-xxx.xxXxxxxxxx07/09/2022verifiedLow
55XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxxx.xxxxxx.xxXxxxxxxx07/09/2022verifiedLow
56XX.XX.X.XXXxxxxxx-xx.xx.x.xxx.xxxx.xxXxxxxxxx07/09/2022verifiedMedium
57XX.XXX.XXX.XXXxxxxx-xx-xxx-xxx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedLow
58XX.XXX.XXX.XXxxxxx-xx-xxx-xxx-xx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedLow
59XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
60XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxxXxxxxxxx07/09/2022verifiedLow
61XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedMedium
62XXX.XXX.X.XXXXxxxxxxx07/09/2022verifiedMedium
63XXX.XXX.XX.XXXxxxxxxxxx-xxxxxxx-xxx-xxx-xx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
64XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedMedium
65XXX.XXX.XXX.XXxxxx-xxxxx-xxxxxxx-xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxx.xxXxxxxxxx07/09/2022verifiedLow
66XXX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedMedium
67XXX.XXX.XX.XXXxxxxxxx07/09/2022verifiedMedium
68XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxx.xxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
69XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxx.xxXxxxxxxx07/09/2022verifiedMedium
70XXX.XX.XX.XXXxx-xxx-xx-xx-xxx.xx.xxx.xxxXxxxxxxx07/09/2022verifiedMedium
71XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
72XXX.XXX.X.XXXxxxxxxx07/09/2022verifiedMedium
73XXX.XXX.XX.XXXxxx.xxx-xxx-xx.xxx.xxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
74XXX.XXX.XXX.XXXxxxxxxx-xx-xxxxxxxxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedLow
75XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxXxxxxxxx07/09/2022verifiedLow
76XXX.XXX.XXX.XXxxxxxx.xxx-xxx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
77XXX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedMedium
78XXX.XX.XX.XXxxxxxxx-xxxxxxx-xx.xxx-xx-xx.xxxxxxx.xxXxxxxxxx07/09/2022verifiedLow
79XXX.XXX.XX.XXXxxxx-xxx-xxx-xx-xxx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
80XXX.XX.XX.XXXxxxxxxxx-xxxx-xx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
81XXX.XXX.XXX.XXxxx-xxx-xxx-xxxxxxxx-xxxxxxx.xxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
82XXX.XXX.XX.XXxxxxxx-xxx-xxx-xx-xx.xxxxxx.xxx.xxx.xxXxxxxxxx07/09/2022verifiedMedium
83XXX.X.XXX.XXXxxx.xxx.x.xxx.-xxx.xxxxxxxxxxx.xxxXxxxxxxx07/09/2022verifiedMedium
84XXX.XXX.XX.XXXxxxxxxx07/09/2022verifiedMedium
85XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxxxxxxx.xxXxxxxxxx07/09/2022verifiedMedium
86XXX.XX.XXX.Xxxx-xxx-x.xx.xxx.xxXxxxxxxx07/09/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/baskets/{name}predictiveHigh
3File/spip.phppredictiveMedium
4File/tmppredictiveLow
5File/uncpath/predictiveMedium
6File/var/log/nginxpredictiveHigh
7Fileauth-gss2.cpredictiveMedium
8Filecase.filemanager.phppredictiveHigh
9Filexxxxx.xx_xxxxxxxxx.xxxpredictiveHigh
10Filexxxxxx/xxx.xpredictiveMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxx_xxx.xxxpredictiveMedium
13Filexxxxxxx/xxxx/xxxxxxx/xxxxx.xpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
16Filexxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxx/xxxxxxxxx?xx=xxx_xxx.xxxpredictiveHigh
19Filexxxx_xxxx.xpredictiveMedium
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxxxxxxxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxx/xxxx/xxxxx-xxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
26Filexxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
28Filexxx_xxxxx_xxxxx.xpredictiveHigh
29Filexxx_xxx_xxx.xxpredictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxx.xxxpredictiveLow
32Filexxx.xpredictiveLow
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxx_xxxx.xxpredictiveMedium
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxxx-xxxxxxxx.xxxpredictiveHigh
37Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
38Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
39Filexxxxxxxx.xxxpredictiveMedium
40Filexx-xxxxxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
41Filexxx/xxxxxx.xxxpredictiveHigh
42Library/xxxxx/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
43Libraryxxxxxxxx.xxxpredictiveMedium
44Libraryxxxxxx_xxx.xxx.xxxpredictiveHigh
45Libraryxxxxxxxxxx.xxxpredictiveHigh
46Argument$xxx_xxxxpredictiveMedium
47ArgumentxxxxxxxxxxxxxxpredictiveHigh
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxxxxpredictiveMedium
50Argumentxxxxxxx_xxxpredictiveMedium
51ArgumentxxxxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxpredictiveLow
54ArgumentxxpredictiveLow
55Argumentxxxxxxx_xxxpredictiveMedium
56Argumentxxxxxx_xxxxpredictiveMedium
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxxxpredictiveMedium
59ArgumentxxxxpredictiveLow
60Argumentxxxxxx_xxxxpredictiveMedium
61Argumentxxx_xxpredictiveLow
62ArgumentxxxpredictiveLow
63ArgumentxxxpredictiveLow
64ArgumentxxxxxxxxpredictiveMedium
65Input Valuexxxxx.xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!