Subaat Análisis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Idioma

en	22

País

pk	12
us	4

Actores

Subaat	2
NjRAT	1
Kwampirs	1
Nanocore RAT	1

Interesar

Escribe

Not Defined	10
Document Reader Software	4
Programming Language Software	2
Web Server	2

Proveedor

Not Defined	4
Microsoft	4
Foxit	4
DZCP	2
MailCleaner	2

Producto

Foxit Reader	4
DZCP deV!L`z Clanportal	2
portable SDK for UPnP	2
MailCleaner Community Edition	2
Microsoft Systems Management Server	2

Vulnerabilidad

#	Vulnerabilidad	Base	Temp	0day	Hoy	Exp	Con	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php escalada de privilegios	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	1.07	CVE-2010-0966
2	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.09	CVE-2017-0055
3	SAP BusinessObjects BI Platform Central Management Console/BI LaunchPad escalada de privilegios	9.3	9.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00091	0.03	CVE-2022-41203
4	Microsoft Systems Management Server Configuration Manager Reflected cross site scripting	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.95431	0.02	CVE-2012-2536
5	Microsoft Azure IoT Edge/Hub Device Client SDK for Azure IoT MQTT Object desbordamiento de búfer	6.9	6.8	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.04729	0.00	CVE-2018-8531
6	PHP GD Extension imagewebp escalada de privilegios	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00544	0.02	CVE-2014-5120
7	Microsoft Windows Phone SMS Service cifrado débil	5.3	4.9	$5k-$25k	$5k-$25k	Unproven	Unavailable	0.05804	0.00	CVE-2012-2993
8	Apache HTTP Server ap_some_auth_required escalada de privilegios	3.7	3.2	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00522	0.04	CVE-2015-3185
9	MailCleaner Community Edition Logs.php escalada de privilegios	7.5	7.5	$0-$5k	$0-$5k	High	Not Defined	0.38848	0.00	CVE-2018-20323
10	ROCBOSS POST Request PostController.php doReward sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00212	0.03	CVE-2019-11362
11	portable SDK for UPnP unique_service_name desbordamiento de búfer	10.0	9.5	$0-$5k	$0-$5k	High	Official Fix	0.97445	0.00	CVE-2012-5958
12	Microsoft IIS IP/Domain Restriction escalada de privilegios	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.03	CVE-2014-4078
13	Microsoft IIS File Name Tilde escalada de privilegios	6.5	5.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.96817	0.04	CVE-2005-4360
14	FiberHome VDSL2 Modem HG 150-UB autenticación débil	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00369	0.03	CVE-2018-9249
15	Foxit Reader Javascript Engine desbordamiento de búfer	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08359	0.04	CVE-2018-3850
16	Foxit Reader Javascript Engine desbordamiento de búfer	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00443	0.00	CVE-2017-14458
17	Foxit PDF Reader Javascript Engine Remote Code Execution	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00731	0.00	CVE-2018-3842

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	dirección IP	Hostname	Actor	Identified	Escribe	Confianza
1	5.189.157.215	vmi407723.contaboserver.net	Subaat	2021-08-29	verified	Alto
2	XX.XX.XXX.XXX	xxxxx.xxx-xx.xxx	Xxxxxx	2021-08-29	verified	Alto
3	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx.xx	Xxxxxx	2021-08-29	verified	Alto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilidad	Vector de acceso	Escribe	Confianza
1	T1059	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CWE-79	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Alto

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Clase	Indicator	Escribe	Confianza
1	File	/uncpath/	predictive	Medio
2	File	app/controllers/frontend/PostController.php	predictive	Alto
3	File	xxx/xxxxxx.xxx	predictive	Alto
4	File	xxx/xxxx/xxxxxxxxxxx/xxxxxx/xxxx.xxx	predictive	Alto
5	Argument	xxxxxxxx	predictive	Medio
6	Argument	xxxxx	predictive	Bajo
7	Input Value	%xx	predictive	Bajo
8	Input Value	::$xxxxx_xxxxxxxxxx	predictive	Alto
9	Network Port	xxx xxxxxx xxxx	predictive	Alto

Referencias (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ AnteriorVisión De ConjuntoPróximo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!