Subaat Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (22)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	22

Country

pk	10
us	6

Actors

Subaat	2
Kwampirs	1
Nanocore RAT	1
NjRAT	1

Activities

Interest

Timeline

Type

Web Server	8
Not Defined	6
Document Reader Software	2
Operating System	2

Vendor

Microsoft	10
Foxit	2
Apache	2
Not Defined	2
MailCleaner	2

Product

Microsoft IIS	6
Foxit Reader	2
Microsoft Windows Phone	2
Apache HTTP Server	2
Microsoft Systems Management Server	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.74	CVE-2010-0966
2	Microsoft IIS cross site scripting	5.2	4.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00548	0.18	CVE-2017-0055
3	SAP BusinessObjects BI Platform Central Management Console/BI LaunchPad deserialization	9.3	9.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00091	0.03	CVE-2022-41203
4	Microsoft Systems Management Server Configuration Manager Reflected cross site scripting	4.3	4.3	$5k-$25k	$0-$5k	Not Defined	Not Defined	0.95431	0.00	CVE-2012-2536
5	Microsoft Azure IoT Edge/Hub Device Client SDK for Azure IoT MQTT Object memory corruption	6.9	6.8	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.04729	0.00	CVE-2018-8531
6	PHP GD Extension imagewebp input validation	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00544	0.02	CVE-2014-5120
7	Microsoft Windows Phone SMS Service cryptographic issues	5.3	4.9	$5k-$25k	$5k-$25k	Unproven	Unavailable	0.05804	0.00	CVE-2012-2993
8	Apache HTTP Server ap_some_auth_required access control	3.7	3.2	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00522	0.00	CVE-2015-3185
9	MailCleaner Community Edition Logs.php os command injection	7.5	7.5	$0-$5k	$0-$5k	High	Not Defined	0.38848	0.00	CVE-2018-20323
10	ROCBOSS POST Request PostController.php doReward sql injection	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00212	0.03	CVE-2019-11362
11	portable SDK for UPnP unique_service_name memory corruption	10.0	9.5	$0-$5k	$0-$5k	High	Official Fix	0.97414	0.05	CVE-2012-5958
12	Microsoft IIS IP/Domain Restriction access control	6.5	5.7	$25k-$100k	$0-$5k	Unproven	Official Fix	0.00817	0.15	CVE-2014-4078
13	Microsoft IIS File Name Tilde privileges management	6.5	5.9	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.96817	0.04	CVE-2005-4360
14	FiberHome VDSL2 Modem HG 150-UB improper authentication	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00369	0.03	CVE-2018-9249
15	Foxit Reader Javascript Engine use after free	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.08359	0.04	CVE-2018-3850
16	Foxit Reader Javascript Engine use after free	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00443	0.00	CVE-2017-14458
17	Foxit PDF Reader Javascript Engine uninitialized pointer	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00731	0.00	CVE-2018-3842

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	5.189.157.215	vmi407723.contaboserver.net	Subaat	08/29/2021	verified	High
2	XX.XX.XXX.XXX	xxxxx.xxx-xx.xxx	Xxxxxx	08/29/2021	verified	High
3	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxx.xx	Xxxxxx	08/29/2021	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	High
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
4	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/uncpath/	predictive	Medium
2	File	app/controllers/frontend/PostController.php	predictive	High
3	File	xxx/xxxxxx.xxx	predictive	High
4	File	xxx/xxxx/xxxxxxxxxxx/xxxxxx/xxxx.xxx	predictive	High
5	Argument	xxxxxxxx	predictive	Medium
6	Argument	xxxxx	predictive	Low
7	Input Value	%xx	predictive	Low
8	Input Value	::$xxxxx_xxxxxxxxxx	predictive	High
9	Network Port	xxx xxxxxx xxxx	predictive	High

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Might our Artificial Intelligence support you?

Check our Alexa App!