Chafer Analysis

IOB - Indicator of Behavior (329)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en292
es14
pt6
it4
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us188
ru28
es20
cn14
ir12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows12
WordPress10
Apache Tomcat6
Google Chrome6
nginx6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
2nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.43CVE-2020-12440
3Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.09CVE-2017-0055
4VMware vRealize Orchestrator Path redirect3.02.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2021-22036
5vm2 injection9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.005370.00CVE-2023-32314
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.23CVE-2016-6210
7PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
8jQuery Property extend Pollution cross site scripting6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.09CVE-2019-11358
9Rust Programming Language Standard Library type_id memory corruption7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003010.04CVE-2019-12083
10WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.04CVE-2022-21664
11Apple iOS WebKit buffer overflow6.36.0$25k-$100k$5k-$25kHighOfficial Fix0.004240.00CVE-2021-30666
12WordPress path traversal5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.05CVE-2023-2745
13Canon IJ Network Tool Wi-Fi Connection Setup missing password field masking5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2023-1763
14ciubotaru share-on-diaspora new_window.php cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.00CVE-2017-20176
15Postfix Admin functions.inc.php sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.002530.03CVE-2014-2655
16D-Link DCS-2530L/DCS-2670L ddns_enc.cgi command injection7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001350.02CVE-2020-25079
17Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.17CVE-2014-4078
18SourceCodester Library Management System bookdetails.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003220.14CVE-2022-2214
19Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.03CVE-2011-0643
20Lotus Domino Request information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.008770.00CVE-2002-0245

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (138)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//etc/RT2870STA.datpredictiveHigh
2File/admin/index.php?id=themes&action=edit_template&filename=blogpredictiveHigh
3File/api/loginpredictiveMedium
4File/appConfig/userDB.jsonpredictiveHigh
5File/bin/boapredictiveMedium
6File/cgi-bin/wapopenpredictiveHigh
7File/CPEpredictiveLow
8File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictiveHigh
9File/jquery_file_upload/server/php/index.phppredictiveHigh
10File/librarian/bookdetails.phppredictiveHigh
11File/magnoliaPublic/travel/members/login.htmlpredictiveHigh
12File/Main_AdmStatus_Content.asppredictiveHigh
13File/public/login.htmpredictiveHigh
14File/requests.phppredictiveHigh
15File/self.keypredictiveMedium
16File/xxxxxxx/predictiveMedium
17File/xxx/xxx/xxxxxpredictiveHigh
18File/xxxxxxxx/xxxx_xxxxx.xxxpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxx.xxxpredictiveMedium
21Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
22Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
23Filexxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxxxxxx.xxxpredictiveHigh
25Filexx_xxxxxxxxxx.xxxpredictiveHigh
26Filexxx:.xxxpredictiveMedium
27Filexxx/xxx.xxxpredictiveMedium
28Filexxxxxxx.xxxpredictiveMedium
29Filexxxxxx_xxxxxx.xxxpredictiveHigh
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxx-xxx/xxxx_xxx.xxxpredictiveHigh
32Filexxxxxx.xxxpredictiveMedium
33Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxx.xxxpredictiveMedium
35Filexxx.xxxpredictiveLow
36Filexxxxx.xxxpredictiveMedium
37Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveHigh
38Filexxxxxxxxx.xxx.xxxpredictiveHigh
39Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
40Filexxx_xxxxxx.xxxpredictiveHigh
41Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
42Filexxxx_xxxx.xpredictiveMedium
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxx.xpredictiveMedium
47Filexxxx/xxx_xxx.xpredictiveHigh
48Filexxxxxxxx.xxxpredictiveMedium
49Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
50Filexxx_xxxxxx.xxpredictiveHigh
51Filexxxx/xxxx/xxxxx.xxxpredictiveHigh
52Filexxx_xxxxxx.xxxpredictiveHigh
53Filexxxxxx.xxxpredictiveMedium
54Filexxxxxxxxxxxxxx.xxxpredictiveHigh
55Filexxxxxxx.xxxpredictiveMedium
56Filexxxxx.xxxxx.xxxpredictiveHigh
57Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
58Filexxxx/xxxxxpredictiveMedium
59Filexxxxx.xxxpredictiveMedium
60Filexxxxxxxx.xxxpredictiveMedium
61Filexxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxxxx_xxxx.xxxpredictiveHigh
63Filexxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictiveHigh
64Filexxxxxxx.xpredictiveMedium
65Filexxxxxx.xxxpredictiveMedium
66Filexxxx.xxxpredictiveMedium
67Filexxxxx/xxx/xxxx.xpredictiveHigh
68Filexxxxxx_xxx_xxxxx_xxx.xxxpredictiveHigh
69Filexxx_xxx_xxxxx.xxxpredictiveHigh
70Filexxxx/xxxxxxxxxxxxxxx.xxxxxxpredictiveHigh
71Filexxxxxxx_xxxxx.xxxpredictiveHigh
72Filexxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
73Filexxx.xxxpredictiveLow
74Filexxxxxx.xxxpredictiveMedium
75Filexxxxxx.xxxpredictiveMedium
76Filexxxxxxxxxxxxxx.xxxpredictiveHigh
77Filexxxxxxx.xxxpredictiveMedium
78Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
79Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/predictiveHigh
80Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
81Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveHigh
82Filexx-xxxxxxxxxxx.xxxpredictiveHigh
83Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveHigh
84Libraryxxxxxx.xxxpredictiveMedium
85Argument$xxxxx_xxxxxxxxxxpredictiveHigh
86ArgumentxxxxxxxpredictiveLow
87ArgumentxxxxxpredictiveLow
88ArgumentxxxxxxpredictiveLow
89ArgumentxxxpredictiveLow
90ArgumentxxxxxpredictiveLow
91ArgumentxxxxxxxxxxxxxxxpredictiveHigh
92Argumentxxxx/xxxxpredictiveMedium
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxxpredictiveLow
95ArgumentxxxxxxxxxxpredictiveMedium
96ArgumentxxxxpredictiveLow
97ArgumentxxxxxxxxxxpredictiveMedium
98Argumentxxxx_xxxxxxxxpredictiveHigh
99Argumentxx_xxpredictiveLow
100Argumentxxxx[xxx]predictiveMedium
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxpredictiveLow
103ArgumentxxxxxpredictiveLow
104Argumentxxxxx_xxpredictiveMedium
105Argumentxxxx_xxxxxxxpredictiveMedium
106ArgumentxxpredictiveLow
107ArgumentxxxxpredictiveLow
108Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
109Argumentx/xx/xxxpredictiveMedium
110Argumentxxxx_xxxxpredictiveMedium
111Argumentxx_xxxxxxxpredictiveMedium
112ArgumentxxxpredictiveLow
113Argumentxxxxxxxxx/xxxxxx/xxxxxxxxxpredictiveHigh
114ArgumentxxxxxxxxxxpredictiveMedium
115ArgumentxxxxxxxxxxxxxpredictiveHigh
116Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
117ArgumentxxxxxxpredictiveLow
118Argumentxxxxx_xxxxpredictiveMedium
119ArgumentxxxxxxxxpredictiveMedium
120ArgumentxxxxxxxxpredictiveMedium
121ArgumentxxxxxxxpredictiveLow
122Argumentxxxx xxxxxpredictiveMedium
123Argumentxxxx_xxxxxpredictiveMedium
124ArgumentxxxxpredictiveLow
125ArgumentxxxxxxpredictiveLow
126ArgumentxxxxxxxxxxpredictiveMedium
127Argumentx/xxxxxxxxxxxxpredictiveHigh
128ArgumentxxxxpredictiveLow
129ArgumentxxxxxxxxpredictiveMedium
130Argumentxxxxx/xxxpredictiveMedium
131ArgumentxxxpredictiveLow
132ArgumentxxxxxxpredictiveLow
133ArgumentxxxxxxxxpredictiveMedium
134Argumentxxxxxxxxx_xxxxxx_xx_[xxxx]predictiveHigh
135Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
136Input Value../..predictiveLow
137Network Portxxx/xxxxpredictiveMedium
138Network Portxxx/xxx (xxx)predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!