Chalubo Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (56)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en38
zh14
ru2
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China26
US: USA22
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Chalubo4
Cobalt Strike2
pupy1
Sliver1
APT101

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Firewall Software4
Anti-Malware Software4
Mail Server Software4
Unified Communication Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined12
Cisco6
Forcepoint6
Apache6
SonicWALL2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Forcepoint Email Security4
Cisco IOS2
Bitrix242
SonicWALL SonicOS2
Open Webmail2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Cisco Unified Communications Manager TLS Certificate cryptographic issues5.34.6$5k-$25k$0-$5kUnprovenOfficial fix 0.002920.00CVE-2014-7991
2Mobile Device Monitoring Service API access control5.55.5$0-$5k$0-$5kNot definedNot defined 0.007820.00CVE-2022-0732
3Deltek Vision RPC over HTTP SQL sql injection8.08.0$0-$5k$0-$5kNot definedNot defined 0.007940.01CVE-2018-18251
4Joomla CMS Media Manager unrestricted upload4.74.7$5k-$25k$5k-$25kNot definedNot defined 0.000530.05CVE-2025-22213
5Joomla CMS cross site scripting5.05.0$0-$5k$0-$5kNot definedNot defined 0.002240.03CVE-2024-21726
6nginx request smuggling6.96.9$0-$5k$0-$5kNot definedNot defined 0.000000.09CVE-2020-12440
7LiteSpeed Cache Plugin Log File information disclosure8.07.9$0-$5k$0-$5kHighNot definedexpected0.920120.09CVE-2024-44000
8LiteSpeed Cache Plugin privileges assignment8.58.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.322770.06CVE-2024-28000
9Microsoft IIS FTP Command information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.196450.00CVE-2012-2532
10Bitrix24 Apache HTTP Server instagram.php unrestricted upload7.57.5$0-$5k$0-$5kNot definedNot defined 0.038510.08CVE-2023-1713
11AA-Team WZone Plugin sql injection8.38.2$0-$5k$0-$5kNot definedNot defined 0.001130.00CVE-2024-33544
12Alt-N MDaemon Worldclient cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.003080.04CVE-2021-27180
13Vera VeraEdge/Veralite Web User Interface RunLua improper authentication7.57.5$0-$5k$0-$5kNot definedNot defined 0.005310.05CVE-2017-9389
14Dolibarr ERP CRM SQL File unrestricted upload6.36.3$0-$5k$0-$5kNot definedNot defined 0.001290.03CVE-2024-37821
15Kerio Connect/Connect Client Desktop Application E-Mail Preview input validation6.46.4$0-$5k$0-$5kNot definedNot defined 0.002340.07CVE-2017-7440
16Google Chrome V8 type confusion7.57.4$25k-$100k$5k-$25kNot definedOfficial fix 0.002630.09CVE-2024-0518
17Google Chrome V8 out-of-bounds8.07.9$25k-$100k$5k-$25kAttackedOfficial fixverified0.002110.00CVE-2024-0519
18Fortinet FortiWeb Authorization Header sql injection7.77.6$0-$5k$0-$5kNot definedOfficial fix 0.015050.07CVE-2020-29015
19Ignition Automation Ignition JavaSerializationCodec deserialization9.89.8$0-$5k$0-$5kNot definedNot defined 0.017350.07CVE-2023-39476
20QNAP QTS Photo Station privileges management8.58.4$0-$5k$0-$5kAttackedOfficial fixverified0.942980.08CVE-2019-7192

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
138.54.27.204Chalubo12/02/2024verifiedVery High
2103.27.185.139Chalubo01/24/2022verifiedLow
3XXX.XX.XXX.XXXxxxxxx01/24/2022verifiedLow
4XXX.XXX.XXX.XXXXxxxxxx05/30/2024verifiedHigh
5XXX.XXX.XXX.XXXXxxxxxx12/02/2024verifiedVery High
6XXX.XXX.XXX.XXXXxxxxxx05/30/2024verifiedHigh
7XXX.XXX.XX.XXXXxxxxxx12/02/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (16)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.kdbgrcpredictiveLow
2File/resources//../predictiveHigh
3File/uncpath/predictiveMedium
4Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
5Filexxxxx.xxxpredictiveMedium
6Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
7Filexxxx.xx.xxpredictiveMedium
8Libraryxxxxxx/xxxxxxx/xxx/xxx/xxxxx/xxxxxx/xxxxxxxxx.xxxpredictiveHigh
9ArgumentxxxxpredictiveLow
10Argumentxxxxxx_xxxxx_xxxpredictiveHigh
11ArgumentxxxpredictiveLow
12Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
13Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxpredictiveHigh
14Input Value\xpredictiveLow
15Network PortxxxxxpredictiveLow
16Network Portxxx/xx (xxx)predictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!