Koobface Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (132)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en118
es6
fr2
de2
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us52
il34
gr20
se6
jo6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Koobface21
Shadowcrew1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined44
Operating System16
Database Software8
Connectivity Software8
Web Server8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
Apache12
Microsoft10
Oracle8
Google6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Oracle Database8
OpenSSH6
Apache HTTP Server6
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.440.00400CVE-2017-0055
2OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.410.00250CVE-2005-1612
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix1.730.00954CVE-2010-0966
4OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.660.10737CVE-2016-6210
5Signal App RTLO injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00239CVE-2022-28345
6Cryptshare Server Delete Personal Data Page cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00078CVE-2021-3150
7Dell EMC iDRAC7/iDRAC8 injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.01778CVE-2018-1207
8Linux Kernel do_open_permission access control5.95.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00044CVE-2009-3286
9nginx Log File link following7.87.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.00054CVE-2016-1247
10Apache Xerces-C XMLReader.cpp memory corruption9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.050.03064CVE-2016-0729
11Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.01847CVE-2007-1192
12Huawei EMUI/Magic UI Communication Framework denial of service5.55.5$5k-$25k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-34164
13request-baskets API Request {name} server-side request forgery6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.280.04409CVE-2023-27163
14Secutech RiS-11/RiS-22/RiS-33 Admin Cookie data authenticity8.47.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.10645CVE-2018-10080
15MikroTik RouterOS RADVD out-of-bounds write7.57.2$0-$5k$0-$5kNot DefinedNot Defined0.030.00000CVE-2023-32154
16Spring Framework STOMP security check8.58.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.040.91774CVE-2018-1270
17Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00064CVE-2022-3966
18Apache Velocity Engine Template command injection7.17.1$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00117CVE-2020-13936
19Apple iOS/iPadOS ImageIO memory corruption4.34.1$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.00063CVE-2023-23519
20Apple macOS ImageIO memory corruption4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.070.00063CVE-2023-23519

IOC - Indicator of Compromise (86)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
141.214.183.130Koobface07/09/2022verifiedHigh
258.241.255.37Koobface07/09/2022verifiedHigh
362.0.134.79HFA62-0-134-79.bb.netvision.net.ilKoobface07/09/2022verifiedHigh
467.225.102.10567-225-102-105.prna.hsdb.sasknet.sk.caKoobface07/09/2022verifiedHigh
577.70.108.163Koobface07/09/2022verifiedHigh
677.78.197.176cable-77-78-197-176.static.telemach.baKoobface07/09/2022verifiedHigh
777.127.81.103Koobface07/09/2022verifiedHigh
877.239.21.34cable-77-239-0-34.dynamic.telemach.baKoobface07/09/2022verifiedHigh
978.1.251.2678-1-251-26.adsl.net.t-com.hrKoobface07/09/2022verifiedHigh
1078.3.42.9978-3-42-99.adsl.net.t-com.hrKoobface07/09/2022verifiedHigh
1178.90.85.7Koobface07/09/2022verifiedHigh
1278.183.143.18878.183.143.188.dynamic.ttnet.com.trKoobface07/09/2022verifiedHigh
1379.113.8.10779-113-8-107.rdsnet.roKoobface07/09/2022verifiedHigh
1479.130.252.204athedsl-4426972.home.otenet.grKoobface07/09/2022verifiedHigh
1579.131.26.192athedsl-377538.home.otenet.grKoobface07/09/2022verifiedHigh
1679.138.184.25379.138.184.253.bredband.tre.seKoobface07/09/2022verifiedHigh
1779.173.242.22479.173.x.224.go.com.joKoobface07/09/2022verifiedHigh
1879.175.101.2879-175-101-28.adsl-a-1.sezampro.rsKoobface07/09/2022verifiedHigh
19XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
20XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
21XX.XXX.XXX.XXXxxx-xxx-xxx-xx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
22XX.XX.XX.Xxxx-xx-x.xxxx.xxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
23XX.XX.XX.XXXxxx-xx-xx-xx-xxx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
24XX.XX.XXX.XXxxx-xx-xx-xxx-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
25XX.XX.XX.XXXxxxx-xxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxxxxxx-xx.xxXxxxxxxx07/09/2022verifiedHigh
26XX.XXX.X.XXxxx-xx-xxx-x-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
27XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
28XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
29XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
30XX.XXX.XX.XXXxxxx-xxx.xx.xxx.xx.xxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
31XX.XX.XXX.XXXxxxx-xxxx-xxxxx.xxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
32XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
33XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
34XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxx.xxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
35XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
36XX.XX.XX.XXxx.xx.xx.xx.xxxxx.xxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
37XX.XXX.XXX.XXxxxxxxx-xxxxx.xxxx.xxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
38XX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedHigh
39XX.XXX.XX.XXXxx-xxx-xx-xxx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
40XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
41XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
42XX.XXX.XXX.XXxx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
43XX.XXX.XX.XXxx-xxx-xx-xx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
44XX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
45XX.XXX.XX.XXxxx-xxx-xx-xx.xxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
46XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
47XX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedHigh
48XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxx.xxxx.xxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
49XX.XXX.XX.XXXxxx-xxx-xx-xxx.xxxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
50XX.XX.XXX.XXXxxxxxxx07/09/2022verifiedHigh
51XX.XX.XX.XXXxx.xx.xx.xxx.xxxxxxxx.xx.xxXxxxxxxx07/09/2022verifiedHigh
52XX.XXX.XXX.XXxx-xxx-xxx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
53XX.XXX.XXX.XXXxxx-xxx-xxx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
54XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxx.xxx.x-xxx.xxXxxxxxxx07/09/2022verifiedHigh
55XX.XX.XXX.XXXxxx-xx-xx-xxx-xxx.xxxx.xxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
56XX.XX.X.XXXxxxxxx-xx.xx.x.xxx.xxxx.xxXxxxxxxx07/09/2022verifiedHigh
57XX.XXX.XXX.XXXxxxxx-xx-xxx-xxx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
58XX.XXX.XXX.XXxxxxx-xx-xxx-xxx-xx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
59XX.XXX.XXX.XXXxx.xxx.xxx.xxx.xxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
60XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
61XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
62XXX.XXX.X.XXXXxxxxxxx07/09/2022verifiedHigh
63XXX.XXX.XX.XXXxxxxxxxxx-xxxxxxx-xxx-xxx-xx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
64XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxxx.xxxXxxxxxxx07/09/2022verifiedHigh
65XXX.XXX.XXX.XXxxxx-xxxxx-xxxxxxx-xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
66XXX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedHigh
67XXX.XXX.XX.XXXxxxxxxx07/09/2022verifiedHigh
68XXX.XX.XX.XXxxx-xx-xx-xx.xxxxxx.xxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
69XXX.XX.XX.XXXxxx-xx-xx-xxx.xxx.xxxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
70XXX.XX.XX.XXXxx-xxx-xx-xx-xxx.xx.xxx.xxxXxxxxxxx07/09/2022verifiedHigh
71XXX.XXX.XXX.XXXxxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
72XXX.XXX.X.XXXxxxxxxx07/09/2022verifiedHigh
73XXX.XXX.XX.XXXxxx.xxx-xxx-xx.xxx.xxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
74XXX.XXX.XXX.XXXxxxxxxx-xx-xxxxxxxxxxxx.xxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
75XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
76XXX.XXX.XXX.XXxxxxxx.xxx-xxx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
77XXX.XXX.XXX.XXXXxxxxxxx07/09/2022verifiedHigh
78XXX.XX.XX.XXxxxxxxx-xxxxxxx-xx.xxx-xx-xx.xxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
79XXX.XXX.XX.XXXxxxx-xxx-xxx-xx-xxx.xx.xxxxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
80XXX.XX.XX.XXXxxxxxxxx-xxxx-xx-xxx.xxxxxxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
81XXX.XXX.XXX.XXxxx-xxx-xxx-xxxxxxxx-xxxxxxx.xxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
82XXX.XXX.XX.XXxxxxxx-xxx-xxx-xx-xx.xxxxxx.xxx.xxx.xxXxxxxxxx07/09/2022verifiedHigh
83XXX.X.XXX.XXXxxx.xxx.x.xxx.-xxx.xxxxxxxxxxx.xxxXxxxxxxx07/09/2022verifiedHigh
84XXX.XXX.XX.XXXxxxxxxx07/09/2022verifiedHigh
85XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxxxxxxx.xxXxxxxxxx07/09/2022verifiedHigh
86XXX.XX.XXX.Xxxx-xxx-x.xx.xxx.xxXxxxxxxx07/09/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4TXXXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxx Xxxxxxxxxxx Xxx Xxx XxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (57)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/api/baskets/{name}predictiveHigh
3File/tmppredictiveLow
4File/uncpath/predictiveMedium
5File/var/log/nginxpredictiveHigh
6Fileauth-gss2.cpredictiveMedium
7Fileclass.cs_phpmailer.phppredictiveHigh
8Filexxxxxx/xxx.xpredictiveMedium
9Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxx_xxx.xxxpredictiveMedium
11Filexxxxxxx/xxxx/xxxxxxx/xxxxx.xpredictiveHigh
12Filexxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxxxx/xxxxxxxxx?xx=xxx_xxx.xxxpredictiveHigh
15Filexxxx_xxxx.xpredictiveMedium
16Filexxx/xxxxxx.xxxpredictiveHigh
17Filexxxxxxx/xxxxxxxxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxx/xxxx/xxxxx-xxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxxxx.xxxpredictiveMedium
21Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
22Filexxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
23Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
24Filexxx_xxxxx_xxxxx.xpredictiveHigh
25Filexxx_xxx_xxx.xxpredictiveHigh
26Filexxxx.xxxpredictiveMedium
27Filexxx.xxxpredictiveLow
28Filexxx.xpredictiveLow
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxx_xxxx.xxpredictiveMedium
31Filexxxxxxxxx.xxxpredictiveHigh
32Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
33Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
34Filexxxxxxxx.xxxpredictiveMedium
35Filexx-xxxxxxxx/xxxxxx-xxxxxx.xxxpredictiveHigh
36Filexxx/xxxxxx.xxxpredictiveHigh
37Library/xxxxx/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
38Libraryxxxxxxxx.xxxpredictiveMedium
39Libraryxxxxxx_xxx.xxx.xxxpredictiveHigh
40Libraryxxxxxxxxxx.xxxpredictiveHigh
41ArgumentxxxxxxxxxxxxxxpredictiveHigh
42ArgumentxxxxxxxxpredictiveMedium
43ArgumentxxxxxxxxxxpredictiveMedium
44Argumentxxxxxxx_xxxpredictiveMedium
45ArgumentxxxxxxxxxxxpredictiveMedium
46ArgumentxxxxxxxxpredictiveMedium
47ArgumentxxxxxpredictiveLow
48Argumentxxxxxxx_xxxpredictiveMedium
49Argumentxxxxxx_xxxxpredictiveMedium
50ArgumentxxxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxxpredictiveLow
53Argumentxxxxxx_xxxxpredictiveMedium
54Argumentxxx_xxpredictiveLow
55ArgumentxxxpredictiveLow
56ArgumentxxxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!