Koobface 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (156)

语言

en	138
es	4
it	4
sv	4
pl	2

国家/地区

us	58
il	48
se	12
gr	8
jo	6

演员

Koobface	25
Shadowcrew	1

利益

类型

Not Defined	46
Web Server	16
Content Management System	12
Operating System	10
Smartphone Operating System	8

供应商

Not Defined	52
Microsoft	14
Apache	12
Apple	8
Google	4

产品

Microsoft Windows	6
OpenSSH	6
Apache HTTP Server	6
Microsoft IIS	4
Apple iOS	4

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	Joomla CMS com_easyblog SQL注入	6.3	6.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00000	0.32
2	Microsoft IIS 跨网站脚本	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.16	CVE-2017-0055
3	OpenBB read.php SQL注入	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00248	0.04	CVE-2005-1612
4	DZCP deV!L`z Clanportal config.php 权限升级	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.51	CVE-2010-0966
5	SPIP spip.php 跨网站脚本	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.64	CVE-2022-28959
6	TikiWiki tiki-register.php 权限升级	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01009	1.44	CVE-2006-6168
7	Francisco Burzi PHP-Nuke File case.filemanager.php 权限升级	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00575	0.00	CVE-2001-0854
8	lighttpd Log File http_auth.c 权限升级	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01123	0.03	CVE-2015-3200
9	OpenSSH Authentication Username 信息公开	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.26	CVE-2016-6210
10	Signal App RTLO 权限升级	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00306	0.03	CVE-2022-28345
11	Cryptshare Server Delete Personal Data Page 跨网站脚本	4.8	4.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00084	0.00	CVE-2021-3150
12	Dell EMC iDRAC7/iDRAC8 权限升级	8.5	8.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01875	0.04	CVE-2018-1207
13	Linux Kernel do_open_permission 权限升级	5.9	5.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2009-3286
14	nginx Log File 权限升级	7.8	7.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00092	0.04	CVE-2016-1247
15	Apache Xerces-C XMLReader.cpp 内存损坏	9.8	9.6	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.03064	0.00	CVE-2016-0729
16	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
17	Fortinet FortiOS/FortiProxy FortiGate SSL-VPN 内存损坏	9.8	9.6	$25k-$100k	$25k-$100k	Not Defined	Official Fix	0.15407	0.03	CVE-2023-27997
18	ZIPFoundation ZIP File 目录遍历	7.0	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00051	0.00	CVE-2023-39138
19	pkp ojs 跨网站脚本	2.9	2.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.06	CVE-2023-5894
20	Fortinet FortiVoice HTTP Request 目录遍历	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.04	CVE-2023-37932

IOC - Indicator of Compromise (86)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	Identified	类型	可信度
1	41.214.183.130		Koobface	2022-07-09	verified	高
2	58.241.255.37		Koobface	2022-07-09	verified	高
3	62.0.134.79	HFA62-0-134-79.bb.netvision.net.il	Koobface	2022-07-09	verified	高
4	67.225.102.105	67-225-102-105.prna.hsdb.sasknet.sk.ca	Koobface	2022-07-09	verified	高
5	77.70.108.163		Koobface	2022-07-09	verified	高
6	77.78.197.176	cable-77-78-197-176.static.telemach.ba	Koobface	2022-07-09	verified	高
7	77.127.81.103		Koobface	2022-07-09	verified	高
8	77.239.21.34	cable-77-239-0-34.dynamic.telemach.ba	Koobface	2022-07-09	verified	高
9	78.1.251.26	78-1-251-26.adsl.net.t-com.hr	Koobface	2022-07-09	verified	高
10	78.3.42.99	78-3-42-99.adsl.net.t-com.hr	Koobface	2022-07-09	verified	高
11	78.90.85.7		Koobface	2022-07-09	verified	高
12	78.183.143.188	78.183.143.188.dynamic.ttnet.com.tr	Koobface	2022-07-09	verified	高
13	79.113.8.107	79-113-8-107.rdsnet.ro	Koobface	2022-07-09	verified	高
14	79.130.252.204	athedsl-4426972.home.otenet.gr	Koobface	2022-07-09	verified	高
15	79.131.26.192	athedsl-377538.home.otenet.gr	Koobface	2022-07-09	verified	高
16	79.138.184.253	79.138.184.253.bredband.tre.se	Koobface	2022-07-09	verified	高
17	79.173.242.224	79.173.x.224.go.com.jo	Koobface	2022-07-09	verified	高
18	79.175.101.28	79-175-101-28.adsl-a-1.sezampro.rs	Koobface	2022-07-09	verified	高
19	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxx.xxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
20	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxx.xxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
21	XX.XXX.XXX.XXX	xxx-xxx-xxx-xx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
22	XX.XX.XX.X	xxx-xx-x.xxxx.xxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
23	XX.XX.XX.XXX	xxx-xx-xx-xx-xxx.xxx.xxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
24	XX.XX.XXX.XX	xxx-xx-xx-xxx-xx.xxx.xxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
25	XX.XX.XX.XXX	xxxx-xxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxxxxxxx-xx.xx	Xxxxxxxx	2022-07-09	verified	高
26	XX.XXX.X.XX	xxx-xx-xxx-x-xx.xxx.xxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
27	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
28	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxx.xxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
29	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxx.xxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
30	XX.XXX.XX.XXX	xxxx-xxx.xx.xxx.xx.xxxxxx.xx	Xxxxxxxx	2022-07-09	verified	高
31	XX.XX.XXX.XXX	xxxx-xxxx-xxxxx.xxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
32	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
33	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxxxxx.xxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
34	XX.XXX.XXX.XXX	xxxxxxxxxxxxxxxxxx.xxxxxx.xx	Xxxxxxxx	2022-07-09	verified	高
35	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
36	XX.XX.XX.XX	xx.xx.xx.xx.xxxxx.xxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
37	XX.XXX.XXX.XX	xxxxxxx-xxxxx.xxxx.xxxxxx.xx	Xxxxxxxx	2022-07-09	verified	高
38	XX.XXX.XXX.XXX		Xxxxxxxx	2022-07-09	verified	高
39	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xx.xxxxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
40	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xx.xxxxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
41	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
42	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xx.xxxxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
43	XX.XXX.XX.XX	xx-xxx-xx-xx.xx.xxxxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
44	XX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx.xxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
45	XX.XXX.XX.XX	xxx-xxx-xx-xx.xxxxxxx.xxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
46	XX.XXX.XXX.XXX	xxx-xx-xxx-xxx-xxx.xxxxxxx.xxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
47	XX.XXX.XXX.XXX		Xxxxxxxx	2022-07-09	verified	高
48	XX.XXX.XXX.XXX	xx-xxx-xxx-xxx.xxxx.xxxx.xxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
49	XX.XXX.XX.XXX	xxx-xxx-xx-xxx.xxxxxxxx.xx	Xxxxxxxx	2022-07-09	verified	高
50	XX.XX.XXX.XX		Xxxxxxxx	2022-07-09	verified	高
51	XX.XX.XX.XXX	xx.xx.xx.xxx.xxxxxxxx.xx.xx	Xxxxxxxx	2022-07-09	verified	高
52	XX.XXX.XXX.XX	xx-xxx-xxx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
53	XX.XXX.XXX.XXX	xxx-xxx-xxx-xx.xxxxx.xxx.xxxxxxxxx.xxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
54	XX.XXX.XX.XXX	xx-xxx-xx-xxx.xxxx.xxx.x-xxx.xx	Xxxxxxxx	2022-07-09	verified	高
55	XX.XX.XXX.XXX	xxx-xx-xx-xxx-xxx.xxxx.xxxxxx.xx	Xxxxxxxx	2022-07-09	verified	高
56	XX.XX.X.XXX	xxxxxx-xx.xx.x.xxx.xxxx.xx	Xxxxxxxx	2022-07-09	verified	高
57	XX.XXX.XXX.XXX	xxxxx-xx-xxx-xxx-xxx.xxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
58	XX.XXX.XXX.XX	xxxxx-xx-xxx-xxx-xx.xxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
59	XX.XXX.XXX.XXX	xx.xxx.xxx.xxx.xxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
60	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx-xx.xxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
61	XXX.XX.XXX.XXX	xxx.xx.xxx.xxx.xxxxxx.xxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
62	XXX.XXX.X.XXX		Xxxxxxxx	2022-07-09	verified	高
63	XXX.XXX.XX.XXX	xxxxxxxxx-xxxxxxx-xxx-xxx-xx-xxx.xxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
64	XXX.XX.XXX.XX	xxx.xx.xxx.xx.xxxxxx.xxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
65	XXX.XXX.XXX.XX	xxxx-xxxxx-xxxxxxx-xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxx.xx	Xxxxxxxx	2022-07-09	verified	高
66	XXX.XXX.XXX.XXX		Xxxxxxxx	2022-07-09	verified	高
67	XXX.XXX.XX.XX		Xxxxxxxx	2022-07-09	verified	高
68	XXX.XX.XX.XX	xxx-xx-xx-xx.xxxxxx.xxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
69	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxx.xxxxxxxx.xx	Xxxxxxxx	2022-07-09	verified	高
70	XXX.XX.XX.XXX	xx-xxx-xx-xx-xxx.xx.xxx.xxx	Xxxxxxxx	2022-07-09	verified	高
71	XXX.XXX.XXX.XXX	xxxx-xxx-xxx-xxx.xxxxxxxx.xxxxxx.xxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
72	XXX.XXX.X.XX		Xxxxxxxx	2022-07-09	verified	高
73	XXX.XXX.XX.XXX	xxx.xxx-xxx-xx.xxx.xxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
74	XXX.XXX.XXX.XXX	xxxxxxx-xx-xxxxxxxxxxxx.xxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
75	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxx.xxx.xxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
76	XXX.XXX.XXX.XX	xxxxxx.xxx-xxx-xxx.xxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
77	XXX.XXX.XXX.XXX		Xxxxxxxx	2022-07-09	verified	高
78	XXX.XX.XX.XX	xxxxxxx-xxxxxxx-xx.xxx-xx-xx.xxxxxxx.xx	Xxxxxxxx	2022-07-09	verified	高
79	XXX.XXX.XX.XXX	xxxx-xxx-xxx-xx-xxx.xx.xxxxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
80	XXX.XX.XX.XXX	xxxxxxxx-xxxx-xx-xxx.xxxxxxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
81	XXX.XXX.XXX.XX	xxx-xxx-xxx-xxxxxxxx-xxxxxxx.xxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
82	XXX.XXX.XX.XX	xxxxxx-xxx-xxx-xx-xx.xxxxxx.xxx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高
83	XXX.X.XXX.XXX	xxx.xxx.x.xxx.-xxx.xxxxxxxxxxx.xxx	Xxxxxxxx	2022-07-09	verified	高
84	XXX.XXX.XX.XX		Xxxxxxxx	2022-07-09	verified	高
85	XXX.XXX.XXX.XX	xx-xxx-xxx-xxx-xx.xxxxxxxx.xx	Xxxxxxxx	2022-07-09	verified	高
86	XXX.XX.XXX.X	xxx-xxx-x.xx.xxx.xx	Xxxxxxxx	2022-07-09	verified	高

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	分类	漏洞	访问向量	类型	可信度
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	高
2	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	高
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	高
4	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	高
5	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
7	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	高
8	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
9	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
10	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
11	TXXXX.XXX	CAPEC-120	CWE-XXX	Xxxxxxx Xxxxxxxxxx Xxx Xxxxxxxx Xxxxxxx Xx Xx-xxxx Xxxxxx Xxxxxxxx	predictive	高
12	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
13	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高
14	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	高
15	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	高

IOA - Indicator of Attack (65)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	.htaccess	predictive	中
2	File	/api/baskets/{name}	predictive	高
3	File	/spip.php	predictive	中
4	File	/tmp	predictive	低
5	File	/uncpath/	predictive	中
6	File	/var/log/nginx	predictive	高
7	File	auth-gss2.c	predictive	中
8	File	case.filemanager.php	predictive	高
9	File	xxxxx.xx_xxxxxxxxx.xxx	predictive	高
10	File	xxxxxx/xxx.x	predictive	中
11	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
12	File	xxxx_xxx.xxx	predictive	中
13	File	xxxxxxx/xxxx/xxxxxxx/xxxxx.x	predictive	高
14	File	xxxxx.xxx	predictive	中
15	File	xxx/xxxxxxxx/xxxx_xxxxx_xxxxxxx.x	predictive	高
16	File	xxxxxxxxxxxx.xxx	predictive	高
17	File	xxxxxxx.xxx	predictive	中
18	File	xxxxxx/xxxxxxxxx?xx=xxx_xxx.xxx	predictive	高
19	File	xxxx_xxxx.x	predictive	中
20	File	xxx/xxxxxx.xxx	predictive	高
21	File	xxxxxxx/xxxxxxxxxx/xxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxxxxx.xxx	predictive	高
22	File	xxxxxxxx/xxxx/xxxxx-xxxxxxxxxx.xxx	predictive	高
23	File	xxxxx.xxx	predictive	中
24	File	xxxxxxx.xxx	predictive	中
25	File	xxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxx	predictive	高
26	File	xxxxxxxx/xxxxxxxxx.xxx	predictive	高
27	File	xxxxxxxxxx/xxxxxxx.x	predictive	高
28	File	xxx_xxxxx_xxxxx.x	predictive	高
29	File	xxx_xxx_xxx.xx	predictive	高
30	File	xxxx.xxx	predictive	中
31	File	xxx.xxx	predictive	低
32	File	xxx.x	predictive	低
33	File	xxxxxxxx.xxx	predictive	中
34	File	xxx_xxxx.xx	predictive	中
35	File	xxxxxxxxx.xxx	predictive	高
36	File	xxxx-xxxxxxxx.xxx	predictive	高
37	File	xxxx/xxxxxxxx/xxxxxxxx.xxxx	predictive	高
38	File	xxx/xxx/xxx-xxx/xxxx.xxx	predictive	高
39	File	xxxxxxxx.xxx	predictive	中
40	File	xx-xxxxxxxx/xxxxxx-xxxxxx.xxx	predictive	高
41	File	xxx/xxxxxx.xxx	predictive	高
42	Library	/xxxxx/xxxxxxxx/xxxxxxx.xxx	predictive	高
43	Library	xxxxxxxx.xxx	predictive	中
44	Library	xxxxxx_xxx.xxx.xxx	predictive	高
45	Library	xxxxxxxxxx.xxx	predictive	高
46	Argument	$xxx_xxxx	predictive	中
47	Argument	xxxxxxxxxxxxxx	predictive	高
48	Argument	xxxxxxxx	predictive	中
49	Argument	xxxxxxxxxx	predictive	中
50	Argument	xxxxxxx_xxx	predictive	中
51	Argument	xxxxxxxxxxx	predictive	中
52	Argument	xxxxxxxx	predictive	中
53	Argument	xxxxx	predictive	低
54	Argument	xx	predictive	低
55	Argument	xxxxxxx_xxx	predictive	中
56	Argument	xxxxxx_xxxx	predictive	中
57	Argument	xxxx	predictive	低
58	Argument	xxxxxxxx	predictive	中
59	Argument	xxxx	predictive	低
60	Argument	xxxxxx_xxxx	predictive	中
61	Argument	xxx_xx	predictive	低
62	Argument	xxx	predictive	低
63	Argument	xxx	predictive	低
64	Argument	xxxxxxxx	predictive	中
65	Input Value	xxxxx.xxx	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Do you need the next level of professionalism?

Upgrade your account now!