AdKoob Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en44
de2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us36
es4
cn4
br2
ua2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AdKoob2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined18
Operating System6
Hosting Control Software4
SCADA Software4
Forum Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
Microsoft4
Plesk4
Apache4
BitDefender4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows4
Bolt2
Plesk Obsidian2
Plesk Onyx2
Check Point SmartConsole2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.95
2Linux Kernel ksmbd smb2pdu.c smb2_tree_disconnect use after free8.98.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.007320.03CVE-2022-47939
3Bolt Filemanager FilesystemManager.php unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.005900.02CVE-2019-9185
4Schneider Electric Conext Gateway/ InsightHome/InsightFacility HTTP input validation7.77.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.08CVE-2023-29410
5Gravy-media Media Photo Host forcedownload.php path traversal5.34.9$0-$5k$0-$5kProof-of-ConceptUnavailable0.020070.00CVE-2009-2184
6Ben3w 2bgal disp_album.php sql injection5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002680.00CVE-2004-1415
7Microsoft Windows SMB input validation7.77.5$25k-$100k$0-$5kHighOfficial Fix0.973360.09CVE-2017-0143
8Nordex Control 2 SCADA Wind Farm Portal Application cross site scripting4.34.3$5k-$25k$0-$5kNot DefinedNot Defined0.002770.04CVE-2015-6477
9Dell SupportAssist Client Consumer Advanced Driver Restore Component unnecessary privileges8.38.3$5k-$25k$5k-$25kNot DefinedNot Defined0.000420.03CVE-2022-34384
10phpMyDirectory index.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.005720.00CVE-2006-3138
11SmartSiteCMS index.php privileges management5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.015730.00CVE-2006-3162
12Pie Cart Pro index.php privileges management7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.373980.00CVE-2006-4969
13Apache HTTP Server Proxy null pointer dereference6.76.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.307490.04CVE-2021-44224
14Apache HTTP Server mod_proxy_wstunnel improper authentication7.37.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002800.00CVE-2019-17567
15ProtonMail Web Client Regular Expression resource consumption3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001170.00CVE-2021-32816
16Zoho ManageEngine ServiceDesk Plus MSP improper authentication7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003430.00CVE-2021-44675
17Zoho ManageEngine ServiceDesk Plus Secondary Email cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.005020.00CVE-2021-46065
18Microsoft .NET Framework WinForms access control5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.265980.02CVE-2015-1673
19Microsoft Windows IIS memory corruption7.97.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001820.03CVE-2019-1365
20Apache Tomcat HTTP/2 Client information disclosure4.34.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001020.03CVE-2020-13943

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.32.91.12845.32.91.128.vultrusercontent.comAdKoob08/10/2018verifiedHigh
2XXX.XXX.XXX.XXXXxxxxx08/10/2018verifiedHigh
3XXX.XXX.XXX.XXXxxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxxx08/10/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-104CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-112CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/rapi/read_urlpredictiveHigh
3Fileadmin/index.phppredictiveHigh
4Fileairhost.exepredictiveMedium
5Filexxxxxxxxxx/xxxxx/xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
6Filexx/xxxxx.xxxpredictiveMedium
7Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxx_xxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10Filexxxxxxxxxxxxx.xxxpredictiveHigh
11Filexx/xxxxx/xxxxxxx.xpredictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filex_xxxxxxxx_xxxxxpredictiveHigh
14Filexxxxxxxx.xxx/xxxxx.xxxpredictiveHigh
15Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
16Filexxxxxx.xxxxpredictiveMedium
17Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
18ArgumentxxxxpredictiveLow
19ArgumentxxxxpredictiveLow
20ArgumentxxpredictiveLow
21Argumentxx_xxxxxpredictiveMedium
22Argumentxxx_xxxpredictiveLow
23ArgumentxxxxxpredictiveLow
24Argumentx_xxxxxxxxpredictiveMedium
25ArgumentxxxxpredictiveLow
26Argumentxxxxxxxx-xxxxxxxxpredictiveHigh
27Input ValuexxxxxxxxxxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!