Asacub Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (495)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en432
it16
de12
pl12
fr10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us34
it12
de10
pl10
es8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Asacub4
Conficker1
NetSupportManager RAT1
PLEASE_READ_ME_VVV1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined40
Content Management System26
Forum Software16
Project Management Software8
Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
NetSupport6
Microsoft4
Apple4
Asus4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress18
Asus RT-AC534
Joomla CMS4
Discuz!2
Product Addons & Fields for WooCommerce Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Flat PHP Board path traversal3.33.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.01
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3daloRADIUS config-maint-disconnect-user.php os command injection6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000000.02
4magmi magmi.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001460.02CVE-2015-2068
5TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
6JContentSubscription register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
7Teradata Virtual Machine Community Edition pkgmgr access control7.87.8$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2016-7488
8Ultimate PHP Board UPB Error Message add.php Path information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.004040.00CVE-2002-2276
9D-Link DIR-2150 anweb websocket_data_handler stack-based overflow8.88.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.000890.00CVE-2022-40718
10Zenas Pao-bacheca Guestbook login.php access control7.37.3$0-$5k$0-$5kHighUnavailable0.020500.00CVE-2009-3421
11Article Dashboard signup.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002400.00CVE-2007-4333
12Wireshark ZigBee ZCL Dissector packet-zbee-zcl-lighting.c divide by zero6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002470.00CVE-2018-19628
13DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.50CVE-2010-0966
14IBM WebSphere Service Registry/Repository Access Restriction access control4.34.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.001620.04CVE-2014-6160
15Open Networking Foundation ONOS API Documentation Dashboard cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000710.02CVE-2023-24279
16Discuz! admin.php cross site scripting3.63.6$0-$5k$0-$5kNot DefinedNot Defined0.000540.06CVE-2018-19464
17Sourcecodester Engineers Online Portal in PHP Quiz add_quiz.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.001720.00CVE-2021-42664
18Dreaxteam Xt-News add_comment.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.005990.07CVE-2006-6746
19Enigma2 Coppermine Bridge e2_header.inc.php file inclusion9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.100260.00CVE-2006-6864
20Apple watchOS Kernel null pointer dereference6.26.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2016-1865

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.73.24Asacub08/29/2018verifiedHigh
25.45.74.130Asacub08/29/2018verifiedHigh
3155.133.82.181Asacub08/29/2018verifiedHigh
4XXX.XXX.XX.XXXXxxxxx08/29/2018verifiedHigh
5XXX.XXX.XX.XXXXxxxxx08/29/2018verifiedHigh
6XXX.XXX.XXX.XXxxxx.xxxxxxxxx.xxxxXxxxxx08/29/2018verifiedHigh
7XXX.XXX.XXX.XXXxxxxx08/29/2018verifiedHigh
8XXX.XXX.XXX.XXXxxxxxx.xxxxxxxxxxxxx.xxxXxxxxx08/29/2018verifiedHigh
9XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxx.xxXxxxxx08/29/2018verifiedHigh
10XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxx.xxXxxxxx08/29/2018verifiedHigh
11XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxx.xxXxxxxx08/29/2018verifiedHigh
12XXX.XX.XXX.XXxxx.xx.xxx.xx.xxxxxx.xxx.xxXxxxxx08/29/2018verifiedHigh
13XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxx.xxx.xxXxxxxx08/29/2018verifiedHigh
14XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxx.xxx.xxXxxxxx08/29/2018verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (98)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.DS_StorepredictiveMedium
2File/.vnc/sesman_${username}_passwdpredictiveHigh
3File/ajax-files/postComment.phppredictiveHigh
4File/cgi-bin/editBookmarkpredictiveHigh
5File/etc/luminex/pkgmgrpredictiveHigh
6File/goform/langSwitchpredictiveHigh
7File/rom-0predictiveLow
8File/settings/accountpredictiveHigh
9File/tmp/tardiff-$predictiveHigh
10Fileadd.phppredictiveLow
11Fileadd_comment.phppredictiveHigh
12Filexxx_xxxx.xxxpredictiveMedium
13Filexxxxx.xxxpredictiveMedium
14Filexxxxx/xxxxxxxxxxx.xxxxpredictiveHigh
15Filexxxxx/xxxxx.xxxpredictiveHigh
16Filexxxxx/xxxxxxx/xxxxxxxxxxxx/xxx.xxxpredictiveHigh
17Filexxxxx/xxxxxxxx.xxxxpredictiveHigh
18Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
19Filexxxxx\xxxxx\xxxx_xxxx.xxxpredictiveHigh
20Filexxxxxxxxxx/xxx_xxxxx/xxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
21Filexxxxxx-xxxxx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
22Filexxxxxx.xxxpredictiveMedium
23Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx/xxxx/xxxxxxx/xxx_xxxx.xpredictiveHigh
25Filexx_xxxxxx.xxx.xxxpredictiveHigh
26Filexxxx/xxxxxxxxxx/xxxxxx-xxxx-xxx-xxxxxxxx.xpredictiveHigh
27Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxx.xxx/xxxxx.xxx/xxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxxxx.xxxpredictiveMedium
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexxx/xxxxxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxx.xxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxx.xxxpredictiveMedium
39Filexxx-xxxxxxxx/xxx-xxxxxxxx.xxxpredictiveHigh
40Filexxxxxxx.xxxpredictiveMedium
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxx-xxxxxxxx.xxxpredictiveHigh
45Filexxxx/xxxxxxxx.xxxpredictiveHigh
46Filexxx/xxxxx.xxxpredictiveHigh
47Filexx-xxx.xxxpredictiveMedium
48Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
49Filexx-xxxxx.xxxpredictiveMedium
50Filexxxxxx.xxxpredictiveMedium
51File~/xxx/xxxx-xxxxxxxxx.xxxpredictiveHigh
52Libraryxxxxxxx.xxxpredictiveMedium
53Libraryxxx/xxxx.xpredictiveMedium
54Libraryxxxxxxxx.xxxpredictiveMedium
55Argument$xxx_xxxx)predictiveMedium
56Argument/.xxx/xxxxxx_${xxxxxxxx}_xxxxxxpredictiveHigh
57Argument/xxx/xxxxxxx-$predictiveHigh
58ArgumentxxxxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxx_xxpredictiveLow
62ArgumentxxxxxxxxxpredictiveMedium
63ArgumentxxxxxxpredictiveLow
64Argumentxxxxx_xxxxxxxxpredictiveHigh
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxpredictiveLow
67Argumentxx_xxxxpredictiveLow
68Argumentxxxxxxxxx_xxxxpredictiveHigh
69ArgumentxxxpredictiveLow
70ArgumentxxxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
73Argumentxxxxx_xxpredictiveMedium
74ArgumentxxxxxxxpredictiveLow
75Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
76ArgumentxxxxxxxxxxxxxxpredictiveHigh
77ArgumentxxxxxxpredictiveLow
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxxxpredictiveLow
82ArgumentxxxxxxxpredictiveLow
83Argumentxxxxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxxxxpredictiveHigh
84ArgumentxxxxpredictiveLow
85Argumentxxxx_xxxxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87Argumentxxxxx/xxxxxxxxxxxpredictiveHigh
88ArgumentxxxxxxxxxxpredictiveMedium
89ArgumentxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxx->xxxxxxxpredictiveHigh
92Input Value"; xx; xxxx "predictiveHigh
93Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
94Input Valuex" xxxxxxxxxxx=xxxxxx(xxxxxx) xxx="predictiveHigh
95Input ValuexxxxpredictiveLow
96Network PortxxxxpredictiveLow
97Network Portxxx/xxxxxpredictiveMedium
98Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!