Chafer Analysis

IOB - Indicator of Behavior (234)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en198
ru10
es8
zh4
pl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us120
ru28
cn14
ir12
gb12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome6
Microsoft IIS6
Microsoft Windows6
Apache Tomcat6
WordPress6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.080.25090CVE-2017-0055
3nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined1.460.00000CVE-2020-12440
4Rust Programming Language Standard Library type_id memory corruption7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01108CVE-2019-12083
5Postfix Admin functions.inc.php sql injection7.37.0$5k-$25k$0-$5kHighOfficial Fix0.040.01232CVE-2014-2655
6jQuery Property extend Pollution cross site scripting6.66.0$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.040.58527CVE-2019-11358
7D-Link DCS-2530L/DCS-2670L ddns_enc.cgi command injection7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.020.02055CVE-2020-25079
8PHPMailer Phar Deserialization addAttachment deserialization5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00954CVE-2020-36326
9Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.060.29797CVE-2014-4078
10SourceCodester Library Management System bookdetails.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.00890CVE-2022-2214
11Phplinkdirectory PHP Link Directory conf_users_edit.php cross-site request forgery6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.04187CVE-2011-0643
12Lotus Domino Request information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01213CVE-2002-0245
13PHP socket_connect memory corruption7.36.9$5k-$25k$0-$5kProof-of-ConceptNot Defined0.030.27992CVE-2011-1938
14Magento path traversal5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2020-3717
15WoWonder Group requests.php access control5.45.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.00890CVE-2022-1753
16WoWonder sql injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.020.00885CVE-2022-42984
17Wowonder Group Name access control6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.00885CVE-2022-26254
18Microsoft Windows Remote Desktop Protocol information disclosure5.85.3$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.01150CVE-2022-22015
19ZTE MF286R Wifi Interface buffer overflow6.06.0$0-$5k$0-$5kNot DefinedNot Defined0.040.00885CVE-2022-39067
20Joomla CMS User Registration input validation7.77.5$5k-$25k$0-$5kHighOfficial Fix0.040.63109CVE-2016-8870

Campaigns (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21, CWE-22Pathname TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74InjectionpredictiveHigh
4T1059CWE-94Cross Site ScriptingpredictiveHigh
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
14TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXX2xx Xxxxxxxxxxxxxxxx: Xxxx Xxxxxxxxxxxx Xxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (98)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File//etc/RT2870STA.datpredictiveHigh
2File/admin/index.php?id=themes&action=edit_template&filename=blogpredictiveHigh
3File/bin/boapredictiveMedium
4File/cgi-bin/wapopenpredictiveHigh
5File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictiveHigh
6File/jquery_file_upload/server/php/index.phppredictiveHigh
7File/librarian/bookdetails.phppredictiveHigh
8File/magnoliaPublic/travel/members/login.htmlpredictiveHigh
9File/Main_AdmStatus_Content.asppredictiveHigh
10File/requests.phppredictiveHigh
11File/uncpath/predictiveMedium
12File/xxx/xxx/xxxxxpredictiveHigh
13File/xxxxxxxx/xxxx_xxxxx.xxxpredictiveHigh
14Filexxxxxxx.xxxpredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
17Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
18Filexxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxxx.xxxpredictiveHigh
20Filexx_xxxxxxxxxx.xxxpredictiveHigh
21Filexxx:.xxxpredictiveMedium
22Filexxxxxxx.xxxpredictiveMedium
23Filexxxxxxxx.xxxpredictiveMedium
24Filexxx-xxx/xxxx_xxx.xxxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxx.xxxpredictiveLow
29Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveHigh
30Filexxxxxxxxx.xxx.xxxpredictiveHigh
31Filexxx_xxxxxx.xxxpredictiveHigh
32Filexxxx_xxxx.xpredictiveMedium
33Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxx.xpredictiveMedium
36Filexxxx/xxx_xxx.xpredictiveHigh
37Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
38Filexxxx/xxxx/xxxxx.xxxpredictiveHigh
39Filexxxxxx.xxxpredictiveMedium
40Filexxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
42Filexxxxxxxx_xxxx.xxxpredictiveHigh
43Filexxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictiveHigh
44Filexxxxxx.xxxpredictiveMedium
45Filexxxxx/xxx/xxxx.xpredictiveHigh
46Filexxxxxx_xxx_xxxxx_xxx.xxxpredictiveHigh
47Filexxx_xxx_xxxxx.xxxpredictiveHigh
48Filexxxx/xxxxxxxxxxxxxxx.xxxxxxpredictiveHigh
49Filexxx.xxxpredictiveLow
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxxx.xxxpredictiveMedium
52Filexxxxxxxxxxxxxx.xxxpredictiveHigh
53Filexxxxxxx.xxxpredictiveMedium
54Filexx-xxxxx/xxxx-xxx.xxxpredictiveHigh
55Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/predictiveHigh
56Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
57Filexx-xxxxxxxxxxx.xxxpredictiveHigh
58Libraryxxxxxx.xxxpredictiveMedium
59Argument$xxxxx_xxxxxxxxxxpredictiveHigh
60ArgumentxxxxxxxpredictiveLow
61ArgumentxxxxxpredictiveLow
62ArgumentxxxxxxpredictiveLow
63ArgumentxxxpredictiveLow
64ArgumentxxxxxpredictiveLow
65ArgumentxxxxxxxxxxxxxxxpredictiveHigh
66Argumentxxxx/xxxxpredictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxxxpredictiveLow
69ArgumentxxxxxxxxxxpredictiveMedium
70ArgumentxxxxpredictiveLow
71ArgumentxxxxxxxxxxpredictiveMedium
72Argumentxxxx_xxxxxxxxpredictiveHigh
73Argumentxxxx[xxx]predictiveMedium
74ArgumentxxxxxpredictiveLow
75Argumentxxxxx_xxpredictiveMedium
76Argumentxxxx_xxxxxxxpredictiveMedium
77ArgumentxxpredictiveLow
78ArgumentxxxxpredictiveLow
79Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
80ArgumentxxxpredictiveLow
81ArgumentxxxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxxxxxxpredictiveHigh
83Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
84ArgumentxxxxxxpredictiveLow
85Argumentxxxxx_xxxxpredictiveMedium
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxpredictiveLow
88Argumentxxxx xxxxxpredictiveMedium
89Argumentxxxx_xxxxxpredictiveMedium
90ArgumentxxxxxxpredictiveLow
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxxxpredictiveMedium
93ArgumentxxxpredictiveLow
94ArgumentxxxxxxxxpredictiveMedium
95Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
96Input Value../..predictiveLow
97Network Portxxx/xxxxpredictiveMedium
98Network Portxxx/xxx (xxx)predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!