Asacub Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (495)

Tidslinje

Lang

en446
de16
pl10
es10
sv6

Land

us32
es10
de10
pl8
sv6

Skådespelare

Asacub4
Conficker1
NetSupportManager RAT1
PLEASE_READ_ME_VVV1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined42
Content Management System26
Forum Software10
WordPress Plugin8
Operating System6

Säljare

Not Defined58
D-Link4
Intel4
Microsoft4
NetSupport4

Produkt

WordPress20
Intel Server Board BMC4
Microsoft Windows4
OpenSSH4
Access Demo Importer Plugin2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1Flat PHP Board kataloggenomgång3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.01
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash informationsgivning5.35.2$5k-$25kBeräknandeHighWorkaround0.020160.02CVE-2007-1192
3daloRADIUS config-maint-disconnect-user.php privilegier eskalering6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.02
4magmi magmi.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001460.02CVE-2015-2068
5TikiWiki tiki-register.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
6JContentSubscription register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.06
7Teradata Virtual Machine Community Edition pkgmgr privilegier eskalering7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2016-7488
8Ultimate PHP Board UPB Error Message add.php Path informationsgivning5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003880.00CVE-2002-2276
9D-Link DIR-2150 anweb websocket_data_handler minneskorruption8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2022-40718
10Zenas Pao-bacheca Guestbook login.php privilegier eskalering7.37.3$0-$5k$0-$5kHighUnavailable0.016630.00CVE-2009-3421
11Article Dashboard signup.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002400.00CVE-2007-4333
12Wireshark ZigBee ZCL Dissector packet-zbee-zcl-lighting.c förnekande av tjänsten6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002470.00CVE-2018-19628
13DZCP deV!L`z Clanportal config.php privilegier eskalering7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.97CVE-2010-0966
14IBM WebSphere Service Registry/Repository Access Restriction privilegier eskalering4.34.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001620.00CVE-2014-6160
15Open Networking Foundation ONOS API Documentation Dashboard cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000710.02CVE-2023-24279
16Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
17Sourcecodester Engineers Online Portal in PHP Quiz add_quiz.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.00CVE-2021-42664
18Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.005990.07CVE-2006-6746
19Enigma2 Coppermine Bridge e2_header.inc.php privilegier eskalering9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.100260.00CVE-2006-6864
20Apple watchOS Kernel förnekande av tjänsten6.26.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2016-1865

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
15.45.73.24Asacub29/08/2018verifiedHög
25.45.74.130Asacub29/08/2018verifiedHög
3155.133.82.181Asacub29/08/2018verifiedHög
4XXX.XXX.XX.XXXXxxxxx29/08/2018verifiedHög
5XXX.XXX.XX.XXXXxxxxx29/08/2018verifiedHög
6XXX.XXX.XXX.XXxxxx.xxxxxxxxx.xxxxXxxxxx29/08/2018verifiedHög
7XXX.XXX.XXX.XXXxxxxx29/08/2018verifiedHög
8XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx29/08/2018verifiedHög
9XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxx.xxXxxxxx29/08/2018verifiedHög
10XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxx.xxXxxxxx29/08/2018verifiedHög
11XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxx.xxXxxxxx29/08/2018verifiedHög
12XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxx.xxXxxxxx29/08/2018verifiedHög
13XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxx.xxx.xxXxxxxx29/08/2018verifiedHög
14XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxx.xxx.xxXxxxxx29/08/2018verifiedHög

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlassSårbarheterÅtkomstvektorTypFörtroende
1T1006CAPEC-126CWE-22Path TraversalpredictiveHög
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHög
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHög
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHög
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHög
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHög
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHög
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHög
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHög
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHög
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHög
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög
14TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHög
15TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHög
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHög

IOA - Indicator of Attack (98)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File.DS_StorepredictiveMedium
2File/.vnc/sesman_${username}_passwdpredictiveHög
3File/ajax-files/postComment.phppredictiveHög
4File/cgi-bin/editBookmarkpredictiveHög
5File/etc/luminex/pkgmgrpredictiveHög
6File/goform/langSwitchpredictiveHög
7File/rom-0predictiveLåg
8File/settings/accountpredictiveHög
9File/tmp/tardiff-$predictiveHög
10Fileadd.phppredictiveLåg
11Fileadd_comment.phppredictiveHög
12Filexxx_xxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxxx/xxxxxxxxxxx.xxxxpredictiveHög
15Filexxxxx/xxxxx.xxxpredictiveHög
16Filexxxxx/xxxxxxx/xxxxxxxxxxxx/xxx.xxxpredictiveHög
17Filexxxxx/xxxxxxxx.xxxxpredictiveHög
18Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHög
19Filexxxxx\xxxxx\xxxx_xxxx.xxxpredictiveHög
20Filexxxxxxxxxx/xxx_xxxxx/xxxxxx/xxxxxxxxxxxx.xxxpredictiveHög
21Filexxxxxx-xxxxx-xxxxxxxxxx-xxxx.xxxpredictiveHög
22Filexxxxxx.xxxpredictiveMedium
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHög
24Filexxxxxxx/xxxx/xxxxxxx/xxx_xxxx.xpredictiveHög
25Filexx_xxxxxx.xxx.xxxpredictiveHög
26Filexxxx/xxxxxxxxxx/xxxxxx-xxxx-xxx-xxxxxxxx.xpredictiveHög
27Filexxxxxxxxxxxxxxx.xxxpredictiveHög
28Filexxxxxxx.xxx/xxxxx.xxx/xxxxxxx.xxxpredictiveHög
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxx.xxxpredictiveHög
33Filexxx/xxxxxx.xxxpredictiveHög
34Filexxxxx.xxxpredictiveMedium
35Filexx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHög
36Filexxxxx.xxx.xxxpredictiveHög
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxx.xxxpredictiveMedium
39Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxpredictiveHög
40Filexxxxxxx.xxxpredictiveMedium
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxx-xxxxxxxx.xxxpredictiveHög
45Filexxxx/xxxxxxxx.xxxpredictiveHög
46Filexxx/xxxxx.xxxpredictiveHög
47Filexx-xxx.xxxpredictiveMedium
48Filexx-xxxxxxxx/xxxx.xxxpredictiveHög
49Filexx-xxxxx.xxxpredictiveMedium
50Filexxxxxx.xxxpredictiveMedium
51File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHög
52Libraryxxxxxxx.xxxpredictiveMedium
53Libraryxxx/xxxx.xpredictiveMedium
54Libraryxxxxxxxx.xxxpredictiveMedium
55Argument$xxx_xxxx)predictiveMedium
56Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveHög
57Argument/xxx/xxxxxxx-$predictiveHög
58ArgumentxxxxxxxpredictiveLåg
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxx_xxpredictiveLåg
62ArgumentxxxxxxxxxpredictiveMedium
63ArgumentxxxxxxpredictiveLåg
64Argumentxxxxx_xxxxxxxxpredictiveHög
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxpredictiveLåg
67Argumentxx_xxxxpredictiveLåg
68Argumentxxxxxxxxx_xxxxpredictiveHög
69ArgumentxxxpredictiveLåg
70ArgumentxxxxxpredictiveLåg
71ArgumentxxxxpredictiveLåg
72ArgumentxxxxxxxxxxxxxxxxxpredictiveHög
73Argumentxxxxx_xxpredictiveMedium
74ArgumentxxxxxxxpredictiveLåg
75Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHög
76ArgumentxxxxxxxxxxxxxxpredictiveHög
77ArgumentxxxxxxpredictiveLåg
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxpredictiveLåg
81ArgumentxxxxxxxpredictiveLåg
82ArgumentxxxxxxxpredictiveLåg
83Argumentxxxxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveHög
84ArgumentxxxxpredictiveLåg
85Argumentxxxx_xxxxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87Argumentxxxxx/xxxxxxxxxxxpredictiveHög
88ArgumentxxxxxxxxxxpredictiveMedium
89ArgumentxxxpredictiveLåg
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxx->xxxxxxxpredictiveHög
92Input Value"; xx; xxxx "predictiveHög
93Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHög
94Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHög
95Input ValuexxxxpredictiveLåg
96Network PortxxxxpredictiveLåg
97Network Portxxx/xxxxxpredictiveMedium
98Network Portxxx xxxxxx xxxxpredictiveHög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Might our Artificial Intelligence support you?

Check our Alexa App!