Subaat Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Oś czasu

Język

en22

Kraj

pk14
us4

Aktorzy

Subaat2
NjRAT1
Kwampirs1
Nanocore RAT1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined6
Document Reader Software4
Programming Language Software2
Operating System2
Web Server2

Sprzedawca

Microsoft8
Not Defined6
Foxit4

Produkt

Foxit Reader4
PHP2
Microsoft Windows Phone2
Microsoft IIS2
Microsoft Azure IoT Edge2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1DZCP deV!L`z Clanportal config.php privilege escalation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.51CVE-2010-0966
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.33CVE-2017-0055
3SAP BusinessObjects BI Platform Central Management Console/BI LaunchPad privilege escalation9.39.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000910.03CVE-2022-41203
4Microsoft Systems Management Server Configuration Manager Reflected cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.954310.02CVE-2012-2536
5Microsoft Azure IoT Edge/Hub Device Client SDK for Azure IoT MQTT Object memory corruption6.96.8$25k-$100k$5k-$25kNot DefinedOfficial Fix0.047290.00CVE-2018-8531
6PHP GD Extension imagewebp privilege escalation5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005440.02CVE-2014-5120
7Microsoft Windows Phone SMS Service weak encryption5.34.9$5k-$25k$5k-$25kUnprovenUnavailable0.058040.00CVE-2012-2993
8Apache HTTP Server ap_some_auth_required privilege escalation3.73.2$25k-$100k$0-$5kUnprovenOfficial Fix0.005220.04CVE-2015-3185
9MailCleaner Community Edition Logs.php privilege escalation7.57.5$0-$5k$0-$5kHighNot Defined0.388480.00CVE-2018-20323
10ROCBOSS POST Request PostController.php doReward sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002120.03CVE-2019-11362
11portable SDK for UPnP unique_service_name memory corruption10.09.5$0-$5k$0-$5kHighOfficial Fix0.974450.00CVE-2012-5958
12Microsoft IIS IP/Domain Restriction privilege escalation6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.40CVE-2014-4078
13Microsoft IIS File Name Tilde privilege escalation6.55.9$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.968170.04CVE-2005-4360
14FiberHome VDSL2 Modem HG 150-UB weak authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.003690.03CVE-2018-9249
15Foxit Reader Javascript Engine memory corruption8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.083590.04CVE-2018-3850
16Foxit Reader Javascript Engine memory corruption8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.004430.00CVE-2017-14458
17Foxit PDF Reader Javascript Engine Remote Code Execution8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.007310.00CVE-2018-3842

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
15.189.157.215vmi407723.contaboserver.netSubaat2021-08-29verifiedWysoki
2XX.XX.XXX.XXXxxxxx.xxx-xx.xxxXxxxxx2021-08-29verifiedWysoki
3XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxx.xxXxxxxx2021-08-29verifiedWysoki

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveWysoki
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
4TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
6TXXXXCAPEC-0CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/uncpath/predictiveMedium
2Fileapp/controllers/frontend/PostController.phppredictiveWysoki
3Filexxx/xxxxxx.xxxpredictiveWysoki
4Filexxx/xxxx/xxxxxxxxxxx/xxxxxx/xxxx.xxxpredictiveWysoki
5ArgumentxxxxxxxxpredictiveMedium
6ArgumentxxxxxpredictiveNiski
7Input Value%xxpredictiveNiski
8Input Value::$xxxxx_xxxxxxxxxxpredictiveWysoki
9Network Portxxx xxxxxx xxxxpredictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you want to use VulDB in your project?

Use the official API to access entries easily!