PakistanChatMessenger Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (322)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en270
es26
ru10
ja10
de4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us222
de4
cn2
ru2
nl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

PakistanChatMessenger3
Lazarus2
Cobalt Strike2
Conti2
Silence1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined124
Content Management System34
Operating System24
Multimedia Player Software18
Programming Language Software18

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined96
Apple34
Adobe24
SourceCodester18
IBM12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Flash Player18
Apple iOS16
Apple Mac OS X14
WordPress14
PHP8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Foxit PDF Reader exportXFAData Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000CVE-2023-27363
2php-revista articulo.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.01900CVE-2006-4608
3SourceCodester Facebook News Feed Like Post unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00091CVE-2024-1027
4Tongda OA 2017 delete.php sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.080.00063CVE-2023-6885
5D-Link DAR-7000 workidajax.php sql injection6.96.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000.00063CVE-2023-6581
6Totolink X5000R cstecgi.cgi setWizardCfg os command injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00138CVE-2023-6612
7SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00063CVE-2023-2642
8Simple File List Plugin ee-downloader.php path traversal6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.020.42222CVE-2022-1119
9Quirm SAXON Error Message news.php information disclosure5.34.6$0-$5kCalculatingUnprovenOfficial Fix0.000.00796CVE-2007-4861
10DouPHP article.php cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000.00046CVE-2023-30205
11Solidweb Novus notas.asp sql injection7.37.1$0-$5kCalculatingHighUnavailable0.030.00079CVE-2007-5123
12Synacor Zimbra Webmail Subsystem upload unrestricted upload6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00466CVE-2020-12846
13IBM HTTP Server memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00359CVE-2015-4947
14WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00318CVE-2017-5611
15Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow9.89.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00045CVE-2024-1783
16Tongda OA 2017 delete.php sql injection5.55.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00063CVE-2024-1251
17openBI Icon Screen.php uploadIcon unrestricted upload8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00253CVE-2024-1036
18openBI File.php uploadFile unrestricted upload8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00063CVE-2024-1034
19openBI Setting.php dlfile os command injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00055CVE-2024-1115
20Totolink LR1200GB cstecgi.cgi setParentalRules stack-based overflow9.18.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00084CVE-2024-0574

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.78.240PakistanChatMessenger05/31/2021verifiedHigh
2XX.XXX.XXX.XXXxx-xxx-xxx.xxxxxxxx.xxxxXxxxxxxxxxxxxxxxxxxxx05/31/2021verifiedHigh
3XXX.XXX.XX.XXXxxxxxxxxxxxxxxxxxxxx05/31/2021verifiedHigh
4XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxxxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CWE-94Argument InjectionpredictiveHigh
4T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (182)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/about-us.phppredictiveHigh
2File/admin/article.phppredictiveHigh
3File/admin/countrymanagement.phppredictiveHigh
4File/admin/transactions/track_shipment.phppredictiveHigh
5File/admin/user/manage_user.phppredictiveHigh
6File/administration/settings_registration.phppredictiveHigh
7File/ajax-files/postComment.phppredictiveHigh
8File/application/index/controller/File.phppredictiveHigh
9File/application/index/controller/Screen.phppredictiveHigh
10File/application/websocket/controller/Setting.phppredictiveHigh
11File/auth/auth.php?user=1predictiveHigh
12File/blogpredictiveLow
13File/categorypage.phppredictiveHigh
14File/cgi-bin/cstecgi.cgipredictiveHigh
15File/cgi-bin/cstecgi.cgi?action=loginpredictiveHigh
16File/classes/Master.phppredictiveHigh
17File/collection/allpredictiveHigh
18File/general/email/outbox/delete.phppredictiveHigh
19File/home.phppredictiveMedium
20File/list_temp_photo_pin_upload.phppredictiveHigh
21File/loginpredictiveLow
22File/nova/bin/detnetpredictiveHigh
23File/print.phppredictiveMedium
24File/searchpin.phppredictiveHigh
25File/xxxxxxx/xxxxxxpredictiveHigh
26File/xxxxxxxx/xxxx/xxxxxxxxpredictiveHigh
27File/xxxx_xxxxx_xxxxxxx.xxxpredictiveHigh
28File/xxxx/xxx/xxxxpredictiveHigh
29File/xxxx/xxx/xxxxxxxxxx.xxxpredictiveHigh
30File/xxxx/xxxxxxxpredictiveHigh
31File/xxxx/xxxxxx/xxxxxxpredictiveHigh
32File/xxxx/?xxxx=xxxxxx_xxxxxxxpredictiveHigh
33Filexxxxx/xxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxx_xxxxxxx.xxxpredictiveHigh
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxx/xxx_xxxxxx.xpredictiveHigh
42Filexxxx-xxx.xxxpredictiveMedium
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveHigh
46Filexxxxxx/xxxx.xpredictiveHigh
47Filexxxxxx/xxx.xpredictiveMedium
48Filexxx.xxx.xxxxpredictiveMedium
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxx/xxxxx/xxxxxxx.xpredictiveHigh
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxxx.xxxpredictiveMedium
53Filexxxx_xxx.xxxpredictiveMedium
54Filexxxxxxxxxx_xxxxxx.xxxpredictiveHigh
55Filexxxx.xxxpredictiveMedium
56Filexxxxx_xxxxx.xxxpredictiveHigh
57Filexxxx_xxxxxxxx_xxxxxxxxx.xpredictiveHigh
58Filexxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
61Filexxx_xxxx.xxxpredictiveMedium
62Filexxxxxx/xxxxx_xxxx_xxxxxxxpredictiveHigh
63Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
64Filexxxx.xxxx.xxxpredictiveHigh
65Filexxxxxxxxxxx.xpredictiveHigh
66Filexxxxxx_xxxxxxx.xxxxpredictiveHigh
67Filexxxxxxxxxxxx.xxxpredictiveHigh
68Filexxx/xxxxx/xxxxx.xxxx.xxxpredictiveHigh
69Filexxxxxxxx/xxxxx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
70Filexxxxx.xxxpredictiveMedium
71Filexxxxx.xxx?xxxxxx=xxx&xxxxxx=xxxx&x=xxxxxxpredictiveHigh
72Filexxxxx/xxxxx.xxxpredictiveHigh
73Filex_xxxxxxxx_xxxxxpredictiveHigh
74Filexxxxxxxxxx/xxxx.xpredictiveHigh
75Filexxxxxxx/xxxxxxx.xpredictiveHigh
76Filexxxxx.xxxpredictiveMedium
77Filexxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxxxxxxxxxx.xxxpredictiveHigh
79Filexxxx/xxx_xxxxxxxxx.xpredictiveHigh
80Filexxxxxx_xxxxxx.xxxpredictiveHigh
81Filexxxxxxxxxxx/xxxxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
82Filexx.xxxxxxxxxx.xxxxpredictiveHigh
83Filexxx/xxxx/xxx_xxxxxxxxx.xpredictiveHigh
84Filexxxx.xxxpredictiveMedium
85Filexxxxx.xxxpredictiveMedium
86Filexxxxxxxx-xxxxxxxx.xxxpredictiveHigh
87Filexxxxxx_xxxxxxxxxx_xxxxx.xxxpredictiveHigh
88Filexxxxx.xxxpredictiveMedium
89Filexxxx.xxxpredictiveMedium
90Filexxxxxx.xxxpredictiveMedium
91Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
92Filexxxxxxxx.xpredictiveMedium
93Filexxxx_xxxxxxx_xxxxxxx.xxxpredictiveHigh
94Filexxx/xxx.xxxxxxx/xxxxxxxx.xxxpredictiveHigh
95Filexxx/xxxx/xxxx/xxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
96Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictiveHigh
97Filexxxxx.xpredictiveLow
98Filexx_xxxxxx.xxxpredictiveHigh
99Filexxxx.xxxpredictiveMedium
100Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxxpredictiveHigh
101Filexx-xxxxx/xxxxxx-xxxx.xxxpredictiveHigh
102Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
103Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
104Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
105Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
106Filexx-xxxx.xxxpredictiveMedium
107Filexxxx/xxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
108File~/xxxxxxxx/xx-xxxxxxxxxx.xxxpredictiveHigh
109Libraryxxxxxxxx/xxxxxxx/xxx.xxxpredictiveHigh
110Libraryxxxxxxxxxx.xxxpredictiveHigh
111Libraryxxx/xxxxx.xxxpredictiveHigh
112Libraryxxx/xxxxxx.xxxpredictiveHigh
113Libraryxxx/xxxxxxxx.xxpredictiveHigh
114Libraryxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
115Libraryxxxx/xxxxxxxxxxxx/xxxxx/xxxxx.xxpredictiveHigh
116ArgumentxxxxxxxpredictiveLow
117ArgumentxxxxxxxxpredictiveMedium
118ArgumentxxxxxpredictiveLow
119ArgumentxxxpredictiveLow
120ArgumentxxxxxxxxpredictiveMedium
121ArgumentxxxpredictiveLow
122ArgumentxxxxxpredictiveLow
123Argumentxxxx_xxpredictiveLow
124ArgumentxxxxxxxpredictiveLow
125Argumentxxxxxxx/xxxxxxpredictiveHigh
126Argumentxxxxxxx/xxxxxxxxxxxpredictiveHigh
127Argumentxxxxxxxxx=xxxxpredictiveHigh
128Argumentxxxxxx_xxxpredictiveMedium
129ArgumentxxxpredictiveLow
130Argumentx_xxxpredictiveLow
131ArgumentxxxxxxpredictiveLow
132ArgumentxxxxxxpredictiveLow
133ArgumentxxxxxpredictiveLow
134ArgumentxxxxpredictiveLow
135ArgumentxxxxxxxxpredictiveMedium
136Argumentxxxxx_xxxxpredictiveMedium
137ArgumentxxxxpredictiveLow
138Argumentxx_xxxxxxxxpredictiveMedium
139ArgumentxxxpredictiveLow
140Argumentxxxx_xxxxpredictiveMedium
141ArgumentxxpredictiveLow
142ArgumentxxxxxpredictiveLow
143Argumentxx_xxxxxxxxpredictiveMedium
144Argumentxx_xxxxxpredictiveMedium
145Argumentx_xxxxxxxxpredictiveMedium
146ArgumentxxxxxxxxpredictiveMedium
147Argumentxxxx x xxxxpredictiveMedium
148ArgumentxxxxxxxpredictiveLow
149ArgumentxxxxpredictiveLow
150Argumentxxxx/xxxxxxxpredictiveMedium
151Argumentxxx_xxxxxxxxpredictiveMedium
152ArgumentxxxxxxpredictiveLow
153Argumentxxxx_xxpredictiveLow
154ArgumentxxxxpredictiveLow
155ArgumentxxxxxxxpredictiveLow
156Argumentxxxxxxxx/xxxx/xxxxx/xxxx/xxxxxxxxx/xxxxxxxxxxxx/xxpredictiveHigh
157ArgumentxxxxxxxpredictiveLow
158ArgumentxxxpredictiveLow
159Argumentxxxxxxx_xxxxxxxpredictiveHigh
160ArgumentxxxxxxxxxxxxpredictiveMedium
161Argumentxxxxxxx_xxxpredictiveMedium
162ArgumentxxxpredictiveLow
163Argumentxxx_xxxxpredictiveMedium
164ArgumentxxxxxpredictiveLow
165ArgumentxxxxxpredictiveLow
166ArgumentxxxpredictiveLow
167Argumentxxxxxxx_xxpredictiveMedium
168ArgumentxxxxpredictiveLow
169ArgumentxxxxxpredictiveLow
170ArgumentxxxxxpredictiveLow
171Argumentxxxxxx_xxpredictiveMedium
172ArgumentxxxpredictiveLow
173ArgumentxxxxxxxxpredictiveMedium
174Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
175Input Value'"--></xxxxx></xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
176Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
177Input Value' xx 'x'='xpredictiveMedium
178Input Value../predictiveLow
179Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
180Input ValuexxxpredictiveLow
181Network Portxxx/xxxxxpredictiveMedium
182Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!