Subaat Analysis

IOB - Indicator of Behavior (22)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

pk10
us6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

ROCBOSS2
portable SDK for UPnP2
DZCP deV!L`z Clanportal2
FiberHome VDSL2 Modem HG 150-UB2
Foxit PDF Reader2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.410.04187CVE-2010-0966
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.510.25090CVE-2017-0055
3SAP BusinessObjects BI Platform Central Management Console/BI LaunchPad deserialization9.39.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.040.00885CVE-2022-41203
4Microsoft Systems Management Server Configuration Manager Reflected cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.020.27846CVE-2012-2536
5Microsoft Azure IoT Edge/Hub Device Client SDK for Azure IoT MQTT Object memory corruption6.96.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.030.13370CVE-2018-8531
6PHP GD Extension imagewebp input validation5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.01974CVE-2014-5120
7Microsoft Windows Phone SMS Service cryptographic issues5.34.9$5k-$25k$5k-$25kUnprovenUnavailable0.020.13638CVE-2012-2993
8Apache HTTP Server ap_some_auth_required access control3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.040.07344CVE-2015-3185
9MailCleaner Community Edition Logs.php os command injection7.57.5$0-$5k$0-$5kHighNot Defined0.030.14925CVE-2018-20323
10ROCBOSS POST Request PostController.php doReward sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00885CVE-2019-11362
11portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.060.91250CVE-2012-5958
12Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.110.29797CVE-2014-4078
13Microsoft IIS File Name Tilde privileges management6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.090.58548CVE-2005-4360
14FiberHome VDSL2 Modem HG 150-UB improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.00885CVE-2018-9249
15Foxit Reader Javascript Engine use after free7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.02578CVE-2018-3850
16Foxit Reader Javascript Engine use after free7.57.2$0-$5kCalculatingNot DefinedOfficial Fix0.040.02578CVE-2017-14458
17Foxit PDF Reader Javascript Engine uninitialized pointer7.57.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.02578CVE-2018-3842

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
15.189.157.215vmi407723.contaboserver.netSubaatverifiedHigh
2XX.XX.XXX.XXXxxxxx.xxx-xx.xxxXxxxxxverifiedHigh
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059CWE-94Cross Site ScriptingpredictiveHigh
2T1059.007CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/uncpath/predictiveMedium
2Fileapp/controllers/frontend/PostController.phppredictiveHigh
3Filexxx/xxxxxx.xxxpredictiveHigh
4Filexxx/xxxx/xxxxxxxxxxx/xxxxxx/xxxx.xxxpredictiveHigh
5ArgumentxxxxxxxxpredictiveMedium
6ArgumentxxxxxpredictiveLow
7Input Value%xxpredictiveLow
8Input Value::$xxxxx_xxxxxxxxxxpredictiveHigh
9Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!