ChaChi Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en699
fr91
de83
zh16
es16

Country

us425
fr66
cn62
gb14
ru13

Actors

Lazarus373
Bouncing Golf278
ChaChi173
Zusy40
Donot19

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Product

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.80CVE-2010-0966
3jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-7550
4MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.15CVE-2007-0354
5Devilz Clanportal index.php sql injection7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.03CVE-2006-3347
6DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.03CVE-2007-1167
7Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2006-6338
8Lars Ellingsen Guestserver guestserver.cgi privileges management9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2001-0180
9Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.55CVE-2017-0055
10YaBB yabb.pl cross site scriting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.18CVE-2004-2402
11jforum cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2012-5337
12DrayTek Vigor2960 mainfunction.cgi toLogin2FA os command injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2020-19664
13OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.22CVE-2016-6210
14Lars Ellingsen Guestserver guestbook.cgi cross site scriting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2005-4222
15FreeBSD rmuser Utility master.passwd privileges management8.47.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.04CVE-2001-1017
16Cisco Linksys Router tmUnblock.cgi privileges management9.89.2$25k-$100k$0-$5kHighWorkaround0.00
17Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.18CVE-2020-15906
18medoo columnQuote sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-10762
19Microsoft Windows MSHTML Remote Code Execution8.87.9$100k and more$25k-$100kProof-of-ConceptOfficial Fix0.04CVE-2021-40444
20UAEPD Shopping Cart Script products.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.05CVE-2014-1618

IOC - Indicator of Compromise (32)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.83.133.136ChaChiverifiedHigh
237.120.140.184ChaChiverifiedHigh
337.120.140.247ChaChiverifiedHigh
437.120.145.208amirah.thatisthebest.clubChaChiverifiedHigh
537.221.113.66ChaChiverifiedHigh
645.147.228.49ChaChiverifiedHigh
745.147.229.29ChaChiverifiedHigh
8XX.XXX.XXX.XXXXxxxxxverifiedHigh
9XX.XXX.XXX.XXXXxxxxxverifiedHigh
10XX.XXX.XX.XXXxxxxxx.xxxxxxxxxxxxxxx.xxXxxxxxverifiedHigh
11XX.XX.XXX.XXXXxxxxxverifiedHigh
12XX.XX.XX.XXXXxxxxxverifiedHigh
13XXX.XX.XXX.XXXXxxxxxverifiedHigh
14XXX.XX.XXX.XXxxx.xx.xxx.xx-xxxxxx.xxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
15XXX.XX.XXX.XXXxxx.xx.xxx.xxx-xxxxxx.xxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
16XXX.XX.XXX.XXXxxx.xx.xxx.xxx-xxxxxx.xxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxverifiedHigh
17XXX.XXX.XX.XXXXxxxxxverifiedHigh
18XXX.XXX.XX.Xxxx.xxx.xx.x.xxxxxx.xxxxxxxx.xxxXxxxxxverifiedHigh
19XXX.XXX.XXX.XXxxxxxxxxxxxx.xxxxxxx.xxXxxxxxverifiedHigh
20XXX.XXX.XX.XXXXxxxxxverifiedHigh
21XXX.XXX.XX.XXXxxxxxverifiedHigh
22XXX.X.XXX.XXXxxxxxverifiedHigh
23XXX.X.XXX.XXXXxxxxxverifiedHigh
24XXX.X.XXX.XXXXxxxxxverifiedHigh
25XXX.X.XXX.XXXXxxxxxverifiedHigh
26XXX.X.XXX.[]XXXXxxxxxverifiedHigh
27XXX.X.XXX.XXXXxxxxxverifiedHigh
28XXX.X.XXX.XXXXxxxxxverifiedHigh
29XXX.X.XXX.XXXXxxxxxverifiedHigh
30XXX.XXX.XXX.XXXXxxxxxverifiedHigh
31XXX.XXX.XXX.XXXXxxxxxverifiedHigh
32XXX.XXX.XXX.XXxxx.xxx.xxx.xx-xxxxxx.xxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxx Xx Xxxx Xxxxxxx Xxxxxxxxx XxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxx Xx XxxxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (244)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/.envpredictiveLow
3File//etc/RT2870STA.datpredictiveHigh
4File/cgi-bin/activate.cgipredictiveHigh
5File/cgi-bin/koha/acqui/supplier.pl?op=enterpredictiveHigh
6File/cgi-bin/nobodypredictiveHigh
7File/cgi-bin/nobody/Search.cgipredictiveHigh
8File/exportpredictiveLow
9File/forum/away.phppredictiveHigh
10File/get_getnetworkconf.cgipredictiveHigh
11File/horde/util/go.phppredictiveHigh
12File/nova/bin/detnetpredictiveHigh
13File/opensis/modules/users/Staff.phppredictiveHigh
14File/plugins/servlet/gadgets/makeRequestpredictiveHigh
15File/req_password_user.phppredictiveHigh
16File/show_news.phppredictiveHigh
17File/tmppredictiveLow
18File/uncpath/predictiveMedium
19File/UploadspredictiveMedium
20File/userRpm/MediaServerFoldersCfgRpm.htmpredictiveHigh
21File/WEB-INF/web.xmlpredictiveHigh
22File/webconsole/APIControllerpredictiveHigh
23FileAccountStatus.jsppredictiveHigh
24Fileadd.phppredictiveLow
25Fileaddentry.phppredictiveMedium
26Fileadmin.htmpredictiveMedium
27Fileadmin.phppredictiveMedium
28Fileadmin/article_category.php?rec=updatepredictiveHigh
29Fileadmin/config/confmgr.phppredictiveHigh
30Filexxxxx/xxxxxxx_xxxxxxxx.xxx?xxx=xxxxxxpredictiveHigh
31Filexxxxx/xxxxxxxxxxxxxxx.xxpredictiveHigh
32Filexxxxx/xxxxxx_xxxxxx/xxxx_xxxxxx_xxx.xxxxpredictiveHigh
33Filexxxxx_xxx.xxxpredictiveHigh
34Filexxx/xxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxx\xxxx\xxxxxxxxxx\xxxxxxxx.xxxpredictiveHigh
36Filexxxxxx/xxx/xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
37Filexxxx-xxxx.xpredictiveMedium
38Filexxxx_xxxxxxxxxxx.xxxpredictiveHigh
39Filexx_xxxxx_xxxxx.xxxpredictiveHigh
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxx.xxxpredictiveLow
42Filexxxxxx.xxx/xxxxxx.xxxpredictiveHigh
43Filexxx.xxxpredictiveLow
44Filexxx-xxx/xxxx-xxxpredictiveHigh
45Filexxx-xxx/xxxxxxx_xxx.xxxpredictiveHigh
46Filexxxx.xxxpredictiveMedium
47Filexxxxx.xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveHigh
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxxxxxxx/xxxxxx/xxx.xxxpredictiveHigh
51Filexxxx_xxxx_x_xxxxxx.xxxpredictiveHigh
52Filexxxxxxxxxx.xxxpredictiveHigh
53Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxx.xxxpredictiveHigh
56Filexxxxxx.xxxpredictiveMedium
57Filexxxxxx.xxxpredictiveMedium
58Filexxxxx.xpredictiveLow
59Filexxxxx.xxxpredictiveMedium
60Filexxx_xx/xxx/xxx/xxxxxx_xxxxxxx.xxxpredictiveHigh
61Filexxx_xx/xxx/xxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxx.xxxpredictiveMedium
63Filexxxx.xxxpredictiveMedium
64Filexxx/xxxx/xxx/xxxxx_xxxx.xpredictiveHigh
65Filexxxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxxxxxx.xxxpredictiveHigh
67Filexxxxxxx.xxxpredictiveMedium
68Filexx_xxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxxxx/xxxx_xxxxpredictiveHigh
70Filexxxxxxxxx.xxxpredictiveHigh
71Filexxxxxxxxxxx.xxxpredictiveHigh
72Filexxxxxx_xxx.xpredictiveMedium
73Filexxx/xxxxxx.xxxpredictiveHigh
74Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
75Filexxxxxxxx/xxxxxxx/xxxxx-xxx.xxxpredictiveHigh
76Filexxxxx.xxxpredictiveMedium
77Filexxxxx.xxxpredictiveMedium
78Filexxxxx.xxpredictiveMedium
79Filexxxxxxxxxxxxx.xxxpredictiveHigh
80Filexxxxxxxxx/xxx/xxx_xxx.xpredictiveHigh
81Filexxx_xxxxxxx.xpredictiveHigh
82Filexxxxxxxxxxxx.xxxpredictiveHigh
83Filexxxxxx.xxxxxxpredictiveHigh
84Filexxxxxx/xxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
86Filexxxxxxx.xxxpredictiveMedium
87Filexxxxxxx/xxxx_xxx_xxxxx.xxxpredictiveHigh
88Filexxxxxx.xxpredictiveMedium
89Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
90Filexxx_xxxx.xxxpredictiveMedium
91Filexxxxx.xxxpredictiveMedium
92Filexxxxxxxx_xxxxxx.xxxpredictiveHigh
93Filexxxxxxxxx.xxxpredictiveHigh
94Filexxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
95Filexxxxxxx/xxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
96Filexxxxx.xxxpredictiveMedium
97Filexxxx.xxxpredictiveMedium
98Filexxxxxxx-xxxx.xxxpredictiveHigh
99Filexxxxxxx.xxxpredictiveMedium
100Filexxxxxxxx.xxxpredictiveMedium
101Filexxxxx_xxxxxx_xxx.xxxpredictiveHigh
102Filexxxxxxx.xpredictiveMedium
103Filexxxx.xxxpredictiveMedium
104Filexxxxxxxxxx.xxxpredictiveHigh
105Filexxxxxxx.xxpredictiveMedium
106Filexxxxxxxx.xxxpredictiveMedium
107Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
108Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
109Filexxx/xxx_xxxpredictiveMedium
110Filexxxxx.xxxpredictiveMedium
111Filexxxx.xxxpredictiveMedium
112Filexxxx.xxpredictiveLow
113Filexxxxxxxxxxxxx.xxxpredictiveHigh
114Filexxxxxxxx.xxxpredictiveMedium
115Filexxxxxx.xxxpredictiveMedium
116Filexxxxx.xxxpredictiveMedium
117Filexxxxxxxx-xxxxxxxxxxx.xxxpredictiveHigh
118Filexxxxxxx/xxxxx/xxxx/xxxxpredictiveHigh
119Filexxxx-xxxpredictiveMedium
120Filexxxx-xxxxx.xxxpredictiveHigh
121Filexxxx_xxx_xxxx.xxxpredictiveHigh
122Filexxxxxxxxx.xxxpredictiveHigh
123Filexxxxx/_xxxxxxxx.xxxpredictiveHigh
124Filexxxxxxx.xxxpredictiveMedium
125Filexx/xxxxxxxx/xxxxxxpredictiveHigh
126Filexxxxxxxxxx.xxxpredictiveHigh
127Filexxx.xxxpredictiveLow
128Filexxxx/xxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
129Filexx/xxxxxx/xxxxxpredictiveHigh
130Filexxxxxxx.xxxpredictiveMedium
131Filexxxxx.xxxpredictiveMedium
132Filexxxxxx/xxxxx/xxxx_xxx.xxxpredictiveHigh
133Filexxxxxxxxxx.xxxpredictiveHigh
134Filexxxxxxxxx.xxxpredictiveHigh
135Filexx-xxxxx/xxxxxxxx/xxxxx-xxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
136Filexx-xxxxx/xxxx.xxxpredictiveHigh
137Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
138Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
139Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
140Filexxxxxxx.xxxxpredictiveMedium
141Filexxxx.xxpredictiveLow
142Filexx/xxx.xxxpredictiveMedium
143File_xxxxxxxx/xxxxxxxx.xxpredictiveHigh
144Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
145Libraryxxxxx.xxxpredictiveMedium
146Libraryxxxx_xx.xxxpredictiveMedium
147Libraryxxxxxxxxx/xxx-xxxxxx/xxxxxxxx.xxxpredictiveHigh
148Libraryxxx_xxxxxxx.xxxpredictiveHigh
149Libraryxxxxxxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
150Libraryxxxxx.xxxpredictiveMedium
151Libraryxxxxxx.xxxpredictiveMedium
152Argument-xpredictiveLow
153Argumentxx_xxxxx_xxx_xxxxpredictiveHigh
154Argumentxxxxx_xxxxxxxxpredictiveHigh
155ArgumentxxxxxxpredictiveLow
156ArgumentxxxxxxxxpredictiveMedium
157ArgumentxxxxxpredictiveLow
158ArgumentxxxxxxxpredictiveLow
159ArgumentxxxxxxpredictiveLow
160ArgumentxxxpredictiveLow
161ArgumentxxxxxpredictiveLow
162Argumentxxx_xxxxpredictiveMedium
163Argumentxx_xxxxxxxxxxx[]predictiveHigh
164ArgumentxxxpredictiveLow
165ArgumentxxxxxxxxxxxxpredictiveMedium
166ArgumentxxxxxxxxxxxpredictiveMedium
167Argumentxxxx/xxxxpredictiveMedium
168Argumentxxx_xxxx_xxxxpredictiveHigh
169ArgumentxxxxpredictiveLow
170ArgumentxxxxxxpredictiveLow
171Argumentxxxx_xxxxxx=xxxxpredictiveHigh
172ArgumentxxxxpredictiveLow
173ArgumentxxxxxxxpredictiveLow
174ArgumentxxxxxpredictiveLow
175ArgumentxxxxpredictiveLow
176ArgumentxxxxxxxxpredictiveMedium
177ArgumentxxxxpredictiveLow
178ArgumentxxxxxxxxpredictiveMedium
179Argumentxxxx_xxpredictiveLow
180ArgumentxxxxxpredictiveLow
181ArgumentxxpredictiveLow
182Argumentxx=xxxxxx)predictiveMedium
183ArgumentxxxxxxxxxxxxpredictiveMedium
184ArgumentxxxxxxxxpredictiveMedium
185ArgumentxxpredictiveLow
186Argumentxx/xxxxpredictiveLow
187ArgumentxxxpredictiveLow
188ArgumentxxxxxpredictiveLow
189ArgumentxxxxxxxxxpredictiveMedium
190Argumentxxxx_xxpredictiveLow
191ArgumentxxxxpredictiveLow
192Argumentxxxxxxxxxxxx/xxxxx/xxxxxx/xxx/xxx/xxxxxxxx/xxxxxxxxxpredictiveHigh
193ArgumentxxxxxxpredictiveLow
194ArgumentxxxpredictiveLow
195ArgumentxxxxxxpredictiveLow
196ArgumentxxxxpredictiveLow
197Argumentxxxxxx/xxxxxxx/xxxx_xxxx/xxxxxxx/xxxxpredictiveHigh
198ArgumentxxxpredictiveLow
199ArgumentxxxxxxxpredictiveLow
200ArgumentxxxxpredictiveLow
201ArgumentxxxxxxxxpredictiveMedium
202Argumentxxxxx_xxxx_xxxxpredictiveHigh
203ArgumentxxxxxxxxxpredictiveMedium
204ArgumentxxxxxxxxpredictiveMedium
205ArgumentxxxxxxxpredictiveLow
206Argumentxxxxxx_xxxxpredictiveMedium
207ArgumentxxxxpredictiveLow
208ArgumentxxxxxxpredictiveLow
209Argumentxxxxxx xxxxxxxxxpredictiveHigh
210ArgumentxxxpredictiveLow
211ArgumentxxpredictiveLow
212ArgumentxxxxxxxxxxpredictiveMedium
213ArgumentxxxxxxxxpredictiveMedium
214ArgumentxxxxxxxxxxxxpredictiveMedium
215Argumentxxxxxxxx_xxxxxpredictiveHigh
216ArgumentxxxxxpredictiveLow
217ArgumentxxxpredictiveLow
218ArgumentxxxxxpredictiveLow
219Argumentxxxxx_xxxxpredictiveMedium
220Argumentxxxx_xxpredictiveLow
221ArgumentxxxpredictiveLow
222ArgumentxxxpredictiveLow
223ArgumentxxxxxxxxxpredictiveMedium
224ArgumentxxxxxxxxpredictiveMedium
225Argumentxxxxxxxx/xxxxxxxx xx/xxxxxpredictiveHigh
226Argumentxxxx_xxxxxxxxx/xxxx_xxxxxxxxpredictiveHigh
227Argumentxxxx_xxpredictiveLow
228Argumentx-xxxxxxxxx-xxxpredictiveHigh
229Argumentx-xxxxxx-xxxxxxpredictiveHigh
230Argument\xxxxxx\predictiveMedium
231Argument__xxx__predictiveLow
232Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
233Input Value..predictiveLow
234Input Value../predictiveLow
235Input Value..\..predictiveLow
236Input Value/..predictiveLow
237Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveHigh
238Input Value|<xxxxxxx>predictiveMedium
239Patternxxx xxxx|xx xx|xxxxx xxxxpredictiveHigh
240Network Portxxx/xxx (xxx)predictiveHigh
241Network Portxx xxxxxxx xxx.xx.xx.xxpredictiveHigh
242Network Portxxx/xxxxpredictiveMedium
243Network Portxxx/xxx (xxxx)predictiveHigh
244Network Portxxx xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!