Subaat Analysis

IOB - Indicator of Behavior (23)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en24

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft IIS4
Foxit PDF Reader2
nginx2
portable SDK for UPnP2
Foxit Reader2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.71CVE-2010-0966
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.05CVE-2017-0055
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.27CVE-2020-12440
4SAP BusinessObjects BI Platform Central Management Console/BI LaunchPad deserialization9.39.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001020.04CVE-2022-41203
5Microsoft Systems Management Server Configuration Manager Reflected cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.944040.04CVE-2012-2536
6Microsoft Azure IoT Edge/Hub Device Client SDK for Azure IoT MQTT Object memory corruption6.96.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.061350.05CVE-2018-8531
7PHP GD Extension imagewebp input validation5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005440.00CVE-2014-5120
8Microsoft Windows Phone SMS Service cryptographic issues5.34.9$5k-$25k$5k-$25kUnprovenUnavailable0.070370.00CVE-2012-2993
9Apache HTTP Server ap_some_auth_required access control3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.003680.04CVE-2015-3185
10MailCleaner Community Edition Logs.php os command injection7.57.5$0-$5k$0-$5kHighNot Defined0.247590.00CVE-2018-20323
11ROCBOSS POST Request PostController.php doReward sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002120.00CVE-2019-11362
12portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.974180.05CVE-2012-5958
13Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.10CVE-2014-4078
14Microsoft IIS File Name Tilde privileges management6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.968170.00CVE-2005-4360
15FiberHome VDSL2 Modem HG 150-UB improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003690.04CVE-2018-9249
16Foxit Reader Javascript Engine use after free8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.083590.00CVE-2018-3850
17Foxit Reader Javascript Engine use after free8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004430.05CVE-2017-14458
18Foxit PDF Reader Javascript Engine uninitialized pointer8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.007310.00CVE-2018-3842

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.189.157.215vmi407723.contaboserver.netSubaat08/29/2021verifiedMedium
2XX.XX.XXX.XXXxxxxx.xxx-xx.xxxXxxxxx08/29/2021verifiedMedium
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxXxxxxx08/29/2021verifiedMedium

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileapp/controllers/frontend/PostController.phppredictiveHigh
3Filexxx/xxxxxx.xxxpredictiveHigh
4Filexxx/xxxx/xxxxxxxxxxx/xxxxxx/xxxx.xxxpredictiveHigh
5ArgumentxxxxxxxxpredictiveMedium
6ArgumentxxxxxpredictiveLow
7Input Value%xxpredictiveLow
8Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
9Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!