Chaes Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en68
it2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA50
MO: Macau8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike2
Chaes2
Havoc1
RedLine Stealer1
Stealc1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Chip Software4
E-Commerce Management Software2
Social Network Software2
Forum Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Qualcomm4
PHPOutsourcing2
Bitrix2
kurniaramadhan2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Qualcomm Snapdragon Auto4
Qualcomm Snapdragon Compute4
Qualcomm Snapdragon Consumer IOT4
Qualcomm Snapdragon Industrial IOT4
Qualcomm Snapdragon Mobile4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Foxit PDF Reader Annotation out-of-bounds write7.37.2$0-$5k$0-$5kNot definedOfficial fix 0.001200.21CVE-2024-9247
2kurniaramadhan E-Commerce-PHP Create Product Page create_product.php cross site scripting2.42.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000510.00CVE-2024-13205
3MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.016860.06CVE-2007-0354
4BDCOM Behavior Management and Auditing System operate.mds log_operate_clear os command injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.071220.00CVE-2025-1546
5SourceCodester Best Employee Management System Administrative Endpoint View_user.php access control7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000440.08CVE-2025-0802
6WooSidebars Sidebar Manager Converter Plugin class-woosidebars-sbm-converter.php process_request redirect4.94.8$0-$5k$0-$5kNot definedOfficial fix 0.000700.08CVE-2015-10115
7UCMS top.php adminchannelscache information exposure3.53.5$0-$5k$0-$5kNot definedNot defined 0.002090.00CVE-2021-25809
8Bomgar Remote Support Portal JavaStart.jar Applet path traversal9.19.1$0-$5k$0-$5kNot definedNot defined 0.005200.00CVE-2017-12815
9vBulletin redirector.php6.66.6$0-$5k$0-$5kNot definedNot defined 0.055600.06CVE-2018-6200
10Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable 0.002460.00CVE-2008-2052
11Tiki TikiWiki tiki-editpage.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.012000.28CVE-2004-1386
12confucious Package set Prototype privileges management8.58.5$0-$5k$0-$5kNot definedNot defined 0.004100.00CVE-2020-7714
13Ozeki NG SMS Gateway ASP.NET SMS Module privileges management4.84.8$0-$5k$0-$5kNot definedNot defined 0.004010.00CVE-2020-14021
14Microsoft IIS File Name privileges management5.35.1$5k-$25k$0-$5kNot definedOfficial fix 0.004470.00CVE-1999-0012
15KDE .kss.pid race condition4.03.8$0-$5k$0-$5kNot definedOfficial fix 0.001120.00CVE-1999-1269
16Microsoft Windows IP Fragmentation Bonk denial of service5.35.1$25k-$100k$0-$5kHighOfficial fixpossible0.048750.00CVE-1999-0258
17Microsoft Windows SMB Logon denial of service5.35.1$25k-$100k$0-$5kNot definedOfficial fix 0.161210.05CVE-1999-0225
18Qualcomm Snapdragon Auto Client Map Table use after free6.56.3$5k-$25k$0-$5kNot definedOfficial fix 0.000370.02CVE-2020-11124
19Qualcomm Snapdragon Auto WPA buffer overflow8.58.2$5k-$25k$0-$5kNot definedOfficial fix 0.002680.00CVE-2020-3667
20GNOME libxml2 entities.c xmlEncodeEntitiesInternal buffer overflow8.58.2$5k-$25k$0-$5kNot definedOfficial fix 0.004810.00CVE-2020-24977

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1108.166.219.4343-219-166-108-dedicated.multacom.comChaes03/19/2024verifiedHigh
2176.123.3.100Chaes03/19/2024verifiedHigh
3XXX.XXX.X.XXXXxxxx03/19/2024verifiedHigh
4XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxx03/19/2024verifiedLow
5XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxx03/19/2024verifiedLow
6XXX.XX.XXX.XXXxxx-xx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx03/19/2024verifiedHigh
7XXX.XXX.XXX.XXxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.xxXxxxx03/19/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.kss.pidpredictiveMedium
2File/+CSCOE+/logon.htmlpredictiveHigh
3File/admin/create_product.phppredictiveHigh
4File/admin/View_user.phppredictiveHigh
5File/xxxxx/xxxxxxx/xxx/xxxxxxx.xxxpredictiveHigh
6Filexxxxxxx/xxxxx-xxxxxxxxxxx-xxx-xxxxxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxxxxx/xxxxxxxx.xpredictiveHigh
11Filexxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxxxxxx.xxxpredictiveMedium
13Filexxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxx-xxxxxxxx.xxxpredictiveHigh
16Filexxx.xxxpredictiveLow
17ArgumentxxxxxxxxpredictiveMedium
18ArgumentxxxxpredictiveLow
19ArgumentxxpredictiveLow
20ArgumentxxxxpredictiveLow
21Argumentxxxxx_xxxxpredictiveMedium
22ArgumentxxxpredictiveLow
23ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!