Koobface Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (155)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en148
es4
sv2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us68
il36
gr10
se8
jo8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Koobface28
Shadowcrew1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined46
Web Server14
Content Management System10
Database Software8
Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined54
Microsoft14
Apache8
Oracle4
DZCP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

OpenSSH6
Microsoft IIS6
Microsoft Windows6
Apache HTTP Server4
ImageMagick4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.220.00000
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.00548CVE-2017-0055
3OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00250CVE-2005-1612
4DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.270.00943CVE-2010-0966
5SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.360.00132CVE-2022-28959
6TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix3.400.01009CVE-2006-6168
7Francisco Burzi PHP-Nuke File case.filemanager.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00575CVE-2001-0854
8lighttpd Log File http_auth.c injection7.57.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.01123CVE-2015-3200
9OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.040.10737CVE-2016-6210
10Signal App RTLO injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00306CVE-2022-28345
11Cryptshare Server Delete Personal Data Page cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00084CVE-2021-3150
12Dell EMC iDRAC7/iDRAC8 injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01875CVE-2018-1207
13Linux Kernel do_open_permission access control5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2009-3286
14nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.00092CVE-2016-1247
15Apache Xerces-C XMLReader.cpp memory corruption9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.000.03064CVE-2016-0729
16Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
17ZIPFoundation ZIP File path traversal7.06.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00051CVE-2023-39138
18pkp ojs cross site scripting2.92.9$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00045CVE-2023-5894
19Fortinet FortiVoice HTTP Request path traversal5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00068CVE-2023-37932
20PHP http_fopen_wrapper.c php_stream_url_wrap_http_ex memory corruption8.07.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.79889CVE-2018-7584

IOC - Indicator of Compromise (86)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
141.214.183.130Koobface07/09/2022verifiedHigh
258.241.255.37Koobface07/09/2022verifiedHigh
362.0.134.79HFA62-0-134-79.bb.netvision.net.ilKoobface07/09/2022verifiedHigh
467.225.102.10567-225-102-105.prna.hsdb.sasknet.sk.caKoobface07/09/2022verifiedHigh
577.70.108.163Koobface07/09/2022verifiedHigh
677.78.197.176cable-77-78-197-176.static.telemach.baKoobface07/09/2022verifiedHigh
777.127.81.103Koobface07/09/2022verifiedHigh
877.239.21.34cable-77-239-0-34.dynamic.telemach.baKoobface07/09/2022verifiedHigh
978.1.251.2678-1-251-26.adsl.net.t-com.hrKoobface07/09/2022verifiedHigh
1078.3.42.9978-3-42-99.adsl.net.t-com.hrKoobface07/09/2022verifiedHigh
1178.90.85.7Koobface07/09/2022verifiedHigh
1278.183.143.18878.183.143.188.dynamic.ttnet.com.trKoobface07/09/2022verifiedHigh
1379.113.8.10779-113-8-107.rdsnet.roKoobface07/09/2022verifiedHigh
1479.130.252.204athedsl-4426972.home.otenet.grKoobface07/09/2022verifiedHigh
1579.131.26.192athedsl-377538.home.otenet.grKoobface07/09/2022verifiedHigh
1679.138.184.25379.138.184.253.bredband.tre.seKoobface07/09/2022verifiedHigh
1779.173.242.22479.173.x.224.go.com.joKoobface07/09/2022verifiedHigh
1879.175.101.2879-175-101-28.adsl-a-1.sezampro.rsKoobface07/09/2022verifiedHigh
19XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
20XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
21XX.XXX.XXX.XXXxxx-xxx-xxx-xx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
22XX.XX.XX.Xxxx-xx-x.xxxx.xxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
23XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
24XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
25XX.XX.XX.XXXxxxx-xxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxxxxxx-xx.xxXxxxxxxx07/09/2022verifiedHigh
26XX.XXX.X.XXxxx-xx-xxx-x-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
27XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
28XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
29XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
30XX.XXX.XX.XXXxxxx-xxx.xx.xxx.xx.xxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
31XX.XX.XXX.XXXxxxx-xxxx-xxxxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
32XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
33XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
34XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxx.xxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
35XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
36XX.XX.XX.XXxx.xx.xx.xx.xxxxx.xxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
37XX.XXX.XXX.XXxxxxxxx-xxxxx.xxxx.xxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
38XX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedHigh
39XX.XXX.XX.XXXxx-xxx-xx-xxx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
40XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
41XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
42XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
43XX.XXX.XX.XXxx-xxx-xx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
44XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
45XX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
46XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
47XX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedHigh
48XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxx.xxxx.xxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
49XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
50XX.XX.XXX.XXXxxxxxxx07/09/2022verifiedHigh
51XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxx.xx.xxXxxxxxxx07/09/2022verifiedHigh
52XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
53XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
54XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxx.xxx.x-xxx.xxXxxxxxxx07/09/2022verifiedHigh
55XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxxx.xxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
56XX.XX.X.XXXxxxxxx-xx.xx.x.xxx.xxxx.xxXxxxxxxx07/09/2022verifiedHigh
57XX.XXX.XXX.XXXxxxxx-xx-xxx-xxx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
58XX.XXX.XXX.XXxxxxx-xx-xxx-xxx-xx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
59XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
60XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
61XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
62XXX.XXX.X.XXXXxxxxxxx07/09/2022verifiedHigh
63XXX.XXX.XX.XXXxxxxxxxxx-xxxxxxx-xxx-xxx-xx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
64XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
65XXX.XXX.XXX.XXxxxx-xxxxx-xxxxxxx-xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
66XXX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedHigh
67XXX.XXX.XX.XXXxxxxxxx07/09/2022verifiedHigh
68XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxx.xxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
69XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
70XXX.XX.XX.XXXxx-xxx-xx-xx-xxx.xx.xxx.xxxXxxxxxxx07/09/2022verifiedHigh
71XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
72XXX.XXX.X.XXXxxxxxxx07/09/2022verifiedHigh
73XXX.XXX.XX.XXXxxx.xxx-xxx-xx.xxx.xxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
74XXX.XXX.XXX.XXXxxxxxxx-xx-xxxxxxxxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
75XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
76XXX.XXX.XXX.XXxxxxxx.xxx-xxx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
77XXX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedHigh
78XXX.XX.XX.XXxxxxxxx-xxxxxxx-xx.xxx-xx-xx.xxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
79XXX.XXX.XX.XXXxxxx-xxx-xxx-xx-xxx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
80XXX.XX.XX.XXXxxxxxxxx-xxxx-xx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
81XXX.XXX.XXX.XXxxx-xxx-xxx-xxxxxxxx-xxxxxxx.xxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
82XXX.XXX.XX.XXxxxxxx-xxx-xxx-xx-xx.xxxxxx.xxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
83XXX.X.XXX.XXXxxx.xxx.x.xxx.-xxx.xxxxxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
84XXX.XXX.XX.XXXxxxxxxx07/09/2022verifiedHigh
85XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
86XXX.XX.XXX.Xxxx-xxx-x.xx.xxx.xxXxxxxxxx07/09/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx XxxxxxxxpredictiveHigh
12TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/baskets/{name}predictiveHigh
3File/spip.phppredictiveMedium
4File/tmppredictiveLow
5File/uncpath/predictiveMedium
6File/var/log/nginxpredictiveHigh
7Fileauth-gss2.cpredictiveMedium
8Filecase.filemanager.phppredictiveHigh
9Filexxxxx.xx_xxxxxxxxx.xxxpredictiveHigh
10Filexxxxxx/xxx.xpredictiveMedium
11Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxx_xxx.xxxpredictiveMedium
13Filexxxxxxx/xxxx/xxxxxxx/xxxxx.xpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.xpredictiveHigh
16Filexxxxxxxxxxxx.xxxpredictiveHigh
17Filexxxxxxx.xxxpredictiveMedium
18Filexxxxxx/xxxxxxxxx?xx=xxx_xxx.xxxpredictiveHigh
19Filexxxx_xxxx.xpredictiveMedium
20Filexxx/xxxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxxxxxxxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxx/xxxx/xxxxx-xxxxxxxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
26Filexxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
27Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
28Filexxx_xxxxx_xxxxx.xpredictiveHigh
29Filexxx_xxx_xxx.xxpredictiveHigh
30Filexxxx.xxxpredictiveMedium
31Filexxx.xxxpredictiveLow
32Filexxx.xpredictiveLow
33Filexxxxxxxx.xxxpredictiveMedium
34Filexxx_xxxx.xxpredictiveMedium
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxxx-xxxxxxxx.xxxpredictiveHigh
37Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
38Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
39Filexxxxxxxx.xxxpredictiveMedium
40Filexx-xxxxxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
41Filexxx/xxxxxx.xxxpredictiveHigh
42Library/xxxxx/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
43Libraryxxxxxxxx.xxxpredictiveMedium
44Libraryxxxxxx_xxx.xxx.xxxpredictiveHigh
45Libraryxxxxxxxxxx.xxxpredictiveHigh
46Argument$xxx_xxxxpredictiveMedium
47ArgumentxxxxxxxxxxxxxxpredictiveHigh
48ArgumentxxxxxxxxpredictiveMedium
49ArgumentxxxxxxxxxxpredictiveMedium
50Argumentxxxxxxx_xxxpredictiveMedium
51ArgumentxxxxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxpredictiveMedium
53ArgumentxxxxxpredictiveLow
54ArgumentxxpredictiveLow
55Argumentxxxxxxx_xxxpredictiveMedium
56Argumentxxxxxx_xxxxpredictiveMedium
57ArgumentxxxxpredictiveLow
58ArgumentxxxxxxxxpredictiveMedium
59ArgumentxxxxpredictiveLow
60Argumentxxxxxx_xxxxpredictiveMedium
61Argumentxxx_xxpredictiveLow
62ArgumentxxxpredictiveLow
63ArgumentxxxpredictiveLow
64ArgumentxxxxxxxxpredictiveMedium
65Input Valuexxxxx.xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!