ChamelGang Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (17)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike1
PhotoLoader1
NetSupport1
NetSupportManager RAT1
Raccoon Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined4
Programming Language Software4
Anti-Malware Software2
Spreadsheet Software2
Groupware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Microsoft4
Scripthead2
Phpsugar2
Thomas R. Pasawicz2
Maran2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Scripthead Webmail Plus2
Phpsugar PHP Melody2
Thomas R. Pasawicz HyperBook Guestbook2
Maran PHP Shop2
Cisco Email Security Appliance2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Samurai Build File util.c canonpath out-of-bounds write6.56.5$0-$1k$0-$1kNot definedNot defined 0.003120.06CVE-2019-19795
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$10k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
3Phpsugar PHP Melody page_manager.php cross site scripting5.24.9$0-$1k$0-$1kNot definedOfficial fix 0.003010.00CVE-2017-15648
4OpenProject Activities API sql injection7.77.5$1k-$2k$0-$1kNot definedOfficial fixexpected0.806740.00CVE-2019-11600
5WordPress WP_Query sql injection6.36.1$5k-$10k$0-$1kProof-of-ConceptOfficial fixexpected0.905930.03CVE-2022-21661
6Microsoft Exchange Server privilege escalation9.08.2$10k-$25k$2k-$5kUnprovenOfficial fix 0.018310.03CVE-2022-21855
7Microsoft Exchange Server ProxyShell server-side request forgery9.59.1$25k-$50k$5k-$10kAttackedOfficial fixverified0.943020.04CVE-2021-34473
8Smartstore WebApi Authentication improper authentication8.58.5$1k-$2k$0-$1kNot definedNot defined 0.002770.00CVE-2020-15243
9Microsoft Excel memory corruption7.36.4$10k-$25k$0-$1kUnprovenOfficial fix 0.051300.00CVE-2020-17019
10Maran PHP Shop prod.php sql injection7.37.3$2k-$5k$0-$1kHighUnavailablepossible0.001670.06CVE-2008-4879
11Adobe Acrobat Reader authorization5.95.7$25k-$50k$2k-$5kNot definedOfficial fix 0.004910.00CVE-2020-9712
12Scripthead Webmail Plus sql injection7.37.3$2k-$5k$0-$1kNot definedNot defined 0.003800.05CVE-2012-5590
13Cisco Email Security Appliance/Web Security Appliance Multipurpose Internet Mail Extensions Scanner 7pk error7.47.2$25k-$50k$0-$1kNot definedOfficial fix 0.002720.00CVE-2016-1480
14Digitaljunkies dompdf dompdf.php code injection7.36.6$2k-$5k$0-$1kProof-of-ConceptNot defined 0.032070.07CVE-2010-4879

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1185.225.19.61185-225-19-61.mivocloud.comChamelGang07/02/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filedata/gbconfiguration.datpredictiveHigh
2Filedompdf.phppredictiveMedium
3Filexxxx_xxxxxxx.xxxpredictiveHigh
4Filexxxx.xxxpredictiveMedium
5Filexxxx.xpredictiveLow
6ArgumentxxxpredictiveLow
7ArgumentxxpredictiveLow
8Argumentxxxxx_xxxxpredictiveMedium
9Argumentxxxx_xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!