asterzeu Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (45)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en32
zh12
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us26
cn14
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

asterzeu1
Pikabot1
Tsunami1
Cobalt Strike1
Silence1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined20
Operating System6
Programming Language Software6
Router Operating System2
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Linux4
Oracle4
D-Link2
Smartisoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
Oracle Java4
D-Link DIR-6452
Smartisoft phpBazar2
Duo Authentication for Windows Logon2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1CloudPanel unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.00CVE-2023-36630
2phpMyAdmin Setup cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.010390.04CVE-2022-23808
3Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.04CVE-2008-2052
4LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000003.83
5Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
6Microsoft Windows Netlogon input validation7.57.4$25k-$100k$0-$5kNot DefinedOfficial Fix0.013170.03CVE-2016-3228
7Microsoft Windows RDP authorization8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.001210.00CVE-2021-1669
8Duo Authentication for Windows Logon/RDP improper authentication6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000420.00CVE-2020-3427
9Archery instance.py sql injection6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000760.02CVE-2023-30552
10Ransom.Win64.AtomSilo EXE File denial of service4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
11KeyCloak Admin REST API injection3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.04CVE-2022-1274
12OpenSSL x86_64 Montgomery Squaring bn_sqrx8x_internal information disclosure6.05.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001710.00CVE-2017-3736
13Boa backup.html information disclosure4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002920.00CVE-2021-33558
14Linux Kernel KVM emulate.c x86_decode_insn access control5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2016-8630
15Linux Kernel lapic.c apic_get_tmcct numeric error6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.002770.00CVE-2013-6367
16QEMU ahci.c ahci_commit_buf denial of service3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000450.00CVE-2019-12067
17Linux Kernel watch_queue Subsystem out-of-bounds write7.67.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000530.06CVE-2022-0995
18Microsoft Windows Remote Desktop Client Remote Code Execution8.88.2$100k and more$5k-$25kProof-of-ConceptOfficial Fix0.023870.05CVE-2022-21990
19Matt Smith Remository For Mambo admin.remository.php code injection8.17.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.064190.00CVE-2006-4130
20Smartisoft phpBazar classified_right.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptUnavailable0.009330.09CVE-2006-2528

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • OpenSSH

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
170.34.220.10070.34.220.100.vultrusercontent.comasterzeuOpenSSH06/23/2023verifiedHigh
2139.180.185.24singapore.sg.socialfreedom.partyasterzeuOpenSSH06/23/2023verifiedHigh
3XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxXxxxxxx06/23/2023verifiedHigh
4XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxx-xxxXxxxxxxxXxxxxxx06/23/2023verifiedHigh
5XXX.XXX.XX.XXXxxxxxxxxx.xx.xxxxxxxxxxxxx.xxxxxXxxxxxxxXxxxxxx06/23/2023verifiedHigh
6XXX.XXX.XXX.XXxxx.xxx.xxx.xx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxXxxxxxx06/23/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (31)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/forum/away.phppredictiveHigh
2File/getcfg.phppredictiveMedium
3File/modules/profile/index.phppredictiveHigh
4Fileadclick.phppredictiveMedium
5Filexxxxx.xxxpredictiveMedium
6Filexxxxx.xxxxxxxxxx.xxxpredictiveHigh
7Filexxxx/xxx/xxx/xxxxxxx.xpredictiveHigh
8Filexxxxxx.xxxxpredictiveMedium
9Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
10Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxx/xxxx.xpredictiveMedium
13Filexxx/xxxxx.xpredictiveMedium
14Filexxxxx.xxxpredictiveMedium
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxx.xxxpredictiveMedium
17Filexxx/xxxxxxxx.xxpredictiveHigh
18Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
19ArgumentxxxpredictiveLow
20Argumentxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxpredictiveHigh
21ArgumentxxxxpredictiveLow
22ArgumentxxxxpredictiveLow
23Argumentxxxxxxxx_xxxpredictiveMedium
24Argumentxxxxx_xxxxx.xxxxxxpredictiveHigh
25Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
26ArgumentxxxxxxxxpredictiveMedium
27ArgumentxxxxxxxxpredictiveMedium
28ArgumentxxxpredictiveLow
29Argumentxxxx_xxpredictiveLow
30Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
31Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!