PakistanChatMessenger Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (341)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en308
es14
ru8
de4
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA232
NL: Netherland6
DE: Germany4
GB: Great Britain2
RU: Russia2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

PakistanChatMessenger3
Lazarus2
Cobalt Strike2
Conti2
Silence1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined138
Content Management System26
Smartphone Operating System26
Multimedia Player Software22
Operating System20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined108
Apple40
Adobe26
SourceCodester14
IBM12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple iOS26
Adobe Flash Player20
Apple Mac OS X14
WordPress12
PHP8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Foxit PDF Reader exportXFAData Local Privilege Escalation5.35.1$0-$5kCalculatingNot DefinedOfficial Fix0.001980.05CVE-2023-27363
2php-revista articulo.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.019000.03CVE-2006-4608
3SourceCodester Facebook News Feed Like Post unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000910.04CVE-2024-1027
4Tongda OA 2017 delete.php sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.00CVE-2023-6885
5D-Link DAR-7000 workidajax.php sql injection6.96.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-6581
6Totolink X5000R cstecgi.cgi setWizardCfg os command injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000740.08CVE-2023-6612
7SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001640.08CVE-2023-2642
8Simple File List Plugin ee-downloader.php path traversal6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.379390.05CVE-2022-1119
9Quirm SAXON Error Message news.php information disclosure5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.008380.00CVE-2007-4861
10DouPHP article.php cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000470.00CVE-2023-30205
11Solidweb Novus notas.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001470.00CVE-2007-5123
12Synacor Zimbra Webmail Subsystem upload unrestricted upload6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004660.07CVE-2020-12846
13IBM HTTP Server memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003590.00CVE-2015-4947
14WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.06CVE-2017-5611
15GPAC MP4Box isoffin_read.c isoffin_process infinite loop3.33.1$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000440.04CVE-2024-6061
16Emerson Dixell XWEB-500 logo_extra_upload.cgi access control6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.073340.06CVE-2021-45420
17Filseclab Twister Antivirus IoControlCode ffsmon.sys 0x220017 denial of service4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.08CVE-2023-0907
18Campcodes Complete Web-Based School Management System show_student1.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.09CVE-2024-4906
19Campcodes Online Laundry Management System manage_laundry.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.26CVE-2024-4793
20Campcodes Legal Case Management System expense-type cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.22CVE-2024-4729

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.78.240PakistanChatMessenger05/31/2021verifiedLow
2XX.XXX.XXX.XXXxx-xxx-xxx.xxxxxxxx.xxxxXxxxxxxxxxxxxxxxxxxxx05/31/2021verifiedLow
3XXX.XXX.XX.XXXxxxxxxxxxxxxxxxxxxxx05/31/2021verifiedLow
4XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxxxxxx05/31/2021verifiedLow

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (197)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/?g=log_import_savepredictiveHigh
2File/admin/about-us.phppredictiveHigh
3File/admin/article.phppredictiveHigh
4File/admin/countrymanagement.phppredictiveHigh
5File/admin/expense-typepredictiveHigh
6File/admin/transactions/track_shipment.phppredictiveHigh
7File/admin/user/manage_user.phppredictiveHigh
8File/administration/settings_registration.phppredictiveHigh
9File/ajax-files/postComment.phppredictiveHigh
10File/application/index/controller/File.phppredictiveHigh
11File/application/index/controller/Screen.phppredictiveHigh
12File/application/websocket/controller/Setting.phppredictiveHigh
13File/auth/auth.php?user=1predictiveHigh
14File/blogpredictiveLow
15File/categorypage.phppredictiveHigh
16File/cgi-bin/cstecgi.cgipredictiveHigh
17File/cgi-bin/cstecgi.cgi?action=loginpredictiveHigh
18File/cgi-bin/logo_extra_upload.cgipredictiveHigh
19File/classes/Master.phppredictiveHigh
20File/collection/allpredictiveHigh
21File/general/email/outbox/delete.phppredictiveHigh
22File/home.phppredictiveMedium
23File/list_temp_photo_pin_upload.phppredictiveHigh
24File/loginpredictiveLow
25File/manage_laundry.phppredictiveHigh
26File/manage_receiving.phppredictiveHigh
27File/xxxx/xxx/xxxxxxpredictiveHigh
28File/xxxxx.xxxpredictiveMedium
29File/xxxxxxxxx.xxxpredictiveHigh
30File/xxxxxxx/xxxxxxpredictiveHigh
31File/xxxxxxxx/xxxx/xxxxxxxxpredictiveHigh
32File/xxxx_xxxxx_xxxxxxx.xxxpredictiveHigh
33File/xxxx/xxx/xxxxpredictiveHigh
34File/xxxx/xxx/xxxxxxxxxx.xxxpredictiveHigh
35File/xxxx/xxxxxxxpredictiveHigh
36File/xxxx/xxxxxx/xxxxxxpredictiveHigh
37File/xxxx/xxxxx_xxxxx_xxxx.xxxpredictiveHigh
38File/xxxx/xxxx_xxxxxxxx.xxxpredictiveHigh
39File/xxxx/?xxxx=xxxxxx_xxxxxxxpredictiveHigh
40Filexxxxx/xxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxx_xxxxxxx.xxxpredictiveHigh
46Filexxxxxxx.xxxpredictiveMedium
47Filexxxxx.xxxpredictiveMedium
48Filexxxx/xxx_xxxxxx.xpredictiveHigh
49Filexxxx-xxx.xxxpredictiveMedium
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveHigh
53Filexxxxxx/xxxx.xpredictiveHigh
54Filexxxxxx/xxx.xpredictiveMedium
55Filexxx.xxx.xxxxpredictiveMedium
56Filexxxxxxx.xxxpredictiveMedium
57Filexxxxxx/xxxxx/xxxxxxx.xpredictiveHigh
58Filexxxxxxx.xxxpredictiveMedium
59Filexxxxxx.xxxpredictiveMedium
60Filexxxx_xxx.xxxpredictiveMedium
61Filexxxxxxxxxx_xxxxxx.xxxpredictiveHigh
62Filexxxx.xxxpredictiveMedium
63Filexxxxx_xxxxx.xxxpredictiveHigh
64Filexxxx_xxxxxxxx_xxxxxxxxx.xpredictiveHigh
65Filexxxxxxxxx.xxxpredictiveHigh
66Filexxxxxxx.xxxpredictiveMedium
67Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
68Filexxx_xxxx.xxxpredictiveMedium
69Filexxxxxx/xxxxx_xxxx_xxxxxxxpredictiveHigh
70Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
71Filexxxx.xxxx.xxxpredictiveHigh
72Filexxxxxxxxxxx.xpredictiveHigh
73Filexxxxxx_xxxxxxx.xxxxpredictiveHigh
74Filexxxxxxxxxxxx.xxxpredictiveHigh
75Filexxx/xxxxx/xxxxx.xxxx.xxxpredictiveHigh
76Filexxxxxxxx/xxxxx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
77Filexxxxx.xxxpredictiveMedium
78Filexxxxx.xxx?xxxxxx=xxx&xxxxxx=xxxx&x=xxxxxxpredictiveHigh
79Filexxxxx/xxxxx.xxxpredictiveHigh
80Filex_xxxxxxxx_xxxxxpredictiveHigh
81Filexxxxxxxxxx/xxxx.xpredictiveHigh
82Filexxxxxxx/xxxxxxx.xpredictiveHigh
83Filexxxxx.xxxpredictiveMedium
84Filexxxxxxxxxx.xxxpredictiveHigh
85Filexxxxxxxxxxxxxx.xxxpredictiveHigh
86Filexxxx/xxx_xxxxxxxxx.xpredictiveHigh
87Filexxxxxx_xxxxxx.xxxpredictiveHigh
88Filexxxxxxxx_xxxx.xxxpredictiveHigh
89Filexxxxxxxxxxx/xxxxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
90Filexx.xxxxxxxxxx.xxxxpredictiveHigh
91Filexxx/xxxx/xxx_xxxxxxxxx.xpredictiveHigh
92Filexxxx.xxxpredictiveMedium
93Filexxxxx.xxxpredictiveMedium
94Filexxxxxxxx-xxxxxxxx.xxxpredictiveHigh
95Filexxxxxx_xxxxxxxxxx_xxxxx.xxxpredictiveHigh
96Filexxxxx.xxxpredictiveMedium
97Filexxxx.xxxpredictiveMedium
98Filexxxxxx.xxxpredictiveMedium
99Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
100Filexxxxxxxx.xpredictiveMedium
101Filexxxx_xxxxxxx_xxxxxxx.xxxpredictiveHigh
102Filexxx/xxxxxxx/xxxxxxx_xxxx.xpredictiveHigh
103Filexxx/xxx.xxxxxxx/xxxxxxxx.xxxpredictiveHigh
104Filexxx/xxxx/xxxx/xxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
105Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictiveHigh
106Filexxxxx.xpredictiveLow
107Filexx_xxxxxx.xxxpredictiveHigh
108Filexxxx.xxxpredictiveMedium
109Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxxpredictiveHigh
110Filexx-xxxxx/xxxxxx-xxxx.xxxpredictiveHigh
111Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
112Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
113Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
114Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
115Filexx-xxxx.xxxpredictiveMedium
116Filexxxx/xxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
117File~/xxxxxxxx/xx-xxxxxxxxxx.xxxpredictiveHigh
118Libraryxxxxxxxx/xxxxxxx/xxx.xxxpredictiveHigh
119Libraryxxxxxx.xxxpredictiveMedium
120Libraryxxxxxxxxxx.xxxpredictiveHigh
121Libraryxxx/xxxxx.xxxpredictiveHigh
122Libraryxxx/xxxxxx.xxxpredictiveHigh
123Libraryxxx/xxxxxxxx.xxpredictiveHigh
124Libraryxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
125Libraryxxxx/xxxxxxxxxxxx/xxxxx/xxxxx.xxpredictiveHigh
126ArgumentxxxxxxxpredictiveLow
127ArgumentxxxxxxxxpredictiveMedium
128ArgumentxxxxxpredictiveLow
129ArgumentxxxpredictiveLow
130ArgumentxxxxxxxxpredictiveMedium
131ArgumentxxxpredictiveLow
132ArgumentxxxxxpredictiveLow
133Argumentxxxx_xxpredictiveLow
134ArgumentxxxxxxxpredictiveLow
135Argumentxxxxxxx/xxxxxxpredictiveHigh
136Argumentxxxxxxx/xxxxxxxxxxxpredictiveHigh
137Argumentxxxxxxxxx=xxxxpredictiveHigh
138ArgumentxxxxxpredictiveLow
139Argumentxxxxxx_xxxpredictiveMedium
140ArgumentxxxpredictiveLow
141Argumentx_xxxpredictiveLow
142ArgumentxxxxxxpredictiveLow
143ArgumentxxxxxxpredictiveLow
144ArgumentxxxxxpredictiveLow
145ArgumentxxxxpredictiveLow
146ArgumentxxxxxxxxpredictiveMedium
147Argumentxxxxx_xxxxpredictiveMedium
148ArgumentxxxxpredictiveLow
149Argumentxx_xxxxxxxxpredictiveMedium
150ArgumentxxxpredictiveLow
151ArgumentxxxxxpredictiveLow
152Argumentxxxx_xxxxpredictiveMedium
153ArgumentxxpredictiveLow
154ArgumentxxxxxpredictiveLow
155Argumentxx_xxxxxxxxpredictiveMedium
156Argumentxx_xxxxxpredictiveMedium
157ArgumentxxxxxxxxxxpredictiveMedium
158Argumentx_xxxxxxxxpredictiveMedium
159ArgumentxxxxxxxxpredictiveMedium
160Argumentxxxx x xxxxpredictiveMedium
161ArgumentxxxxxxxpredictiveLow
162ArgumentxxxxpredictiveLow
163Argumentxxxx/xxxxxxxpredictiveMedium
164Argumentxxx_xxxxxxxxpredictiveMedium
165ArgumentxxxxxxpredictiveLow
166Argumentxxxx_xxpredictiveLow
167ArgumentxxxxpredictiveLow
168ArgumentxxxxxxxpredictiveLow
169Argumentxxxxxxxx/xxxx/xxxxx/xxxx/xxxxxxxxx/xxxxxxxxxxxx/xxpredictiveHigh
170ArgumentxxxxxxxpredictiveLow
171ArgumentxxxpredictiveLow
172Argumentxxxxxxx_xxxxxxxpredictiveHigh
173ArgumentxxxxxxxxxxxxpredictiveMedium
174ArgumentxxxxxxxpredictiveLow
175Argumentxxxxxxx_xxxpredictiveMedium
176ArgumentxxxxxxpredictiveLow
177ArgumentxxxpredictiveLow
178Argumentxxx_xxxxpredictiveMedium
179ArgumentxxxxxpredictiveLow
180ArgumentxxxxxpredictiveLow
181ArgumentxxxpredictiveLow
182Argumentxxxxxxx_xxpredictiveMedium
183ArgumentxxxxpredictiveLow
184ArgumentxxxxxpredictiveLow
185ArgumentxxxxxpredictiveLow
186Argumentxxxxxx_xxpredictiveMedium
187ArgumentxxxpredictiveLow
188ArgumentxxxxxxxxpredictiveMedium
189Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
190Input Value'"--></xxxxx></xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
191Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
192Input Value' xx 'x'='xpredictiveMedium
193Input Value../predictiveLow
194Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
195Input ValuexxxpredictiveLow
196Network Portxxx/xxxxxpredictiveMedium
197Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!