Babar تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

التسلسل الزمني

اللغة

en30

البلد

us26
gb2
fr2

الفاعلين

Babar3

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined10
Router Operating System4
Groupware Software2
Virtualization Software2
Content Management System2

المجهز

Microsoft2
Not Defined2
Xerox2
Incredible Interactive2
Joomla2

منتج

Microsoft Exchange Server2
Kubernetes2
Xerox AltaLink B80xx2
Xerox AltaLink C80302
Xerox AltaLink C80352

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2MailEnable Enterprise Premium XML Data XML External Entity8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.040.00224CVE-2019-12924
3SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html سكربتات مشتركة8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00000
4WoltLab Burning Book addentry.php حقن إس كيو إل7.36.8$0-$5k$0-$5kFunctionalUnavailable0.020.00804CVE-2006-5509
5DZCP deV!L`z Clanportal config.php تجاوز الصلاحيات7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.810.00943CVE-2010-0966
6Kubernetes kubelet pprof الكشف عن المعلومات7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.130.55583CVE-2019-11248
7D-Link DIR-815 POST Request soapcgi_main Privilege Escalation8.07.9$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00317CVE-2023-51123
8Schneider Electric Modicon M218 Logic Controller Service Port 1105 الحرمان من الخدمة3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00071CVE-2021-22800
9TETRA TEA1 Keystream Generator Tetraburst Remote Code Execution8.48.4$0-$5k$0-$5kNot DefinedNot Defined0.020.00048CVE-2022-24402
10TETRA Air Interface Encryption Tetraburst ثغرات غير معروفة5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00048CVE-2022-24404
11Citrix ADC/Gateway سكربتات مشتركة4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.010.03845CVE-2023-24488
12ZyXEL P660HN-T v1 ViewLog.asp تجاوز الصلاحيات7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.020.00000
13Microsoft Exchange Server Email تجاوز الصلاحيات8.47.8$25k-$100k$0-$5kFunctionalOfficial Fix0.000.55670CVE-2020-16875
14Carbonize Lazarus Guestbook template.class.php تجاوز الصلاحيات9.88.8$0-$5kجاري الحسابProof-of-ConceptOfficial Fix0.000.04617CVE-2007-1486
15Microsoft IIS Log File Permission الكشف عن المعلومات5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.00042CVE-2012-2531
16Apache HTTP Server mod_cache الحرمان من الخدمة5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.010.04147CVE-2013-4352
17Host Web Server phpinfo.php phpinfo الكشف عن المعلومات5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.080.00000
18Lars Ellingsen Guestserver guestbook.cgi سكربتات مشتركة4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.100.00169CVE-2005-4222
19McAfee Network Security Management Command Line Interface الكشف عن المعلومات5.95.7$0-$5kجاري الحسابNot DefinedOfficial Fix0.000.00042CVE-2020-7284
20Incredible Interactive Dragonfly Commerce Administration dc_categorieslist.asp Stored ثغرات غير معروفة5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00581CVE-2005-2220

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
164.20.43.107vps238561.trouble-free.netBabar24/12/2020verifiedعالي
269.25.212.153Babar24/12/2020verifiedعالي
383.149.75.58reserved.ps-it.nlBabar24/12/2020verifiedعالي
4XXX.XXX.XX.XXxxxxx.xxxxxxx-xxxxxxx.xxxXxxxx24/12/2020verifiedعالي
5XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxx24/12/2020verifiedعالي
6XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxx24/12/2020verifiedعالي
7XXX.XXX.XXX.XXXxxxxxx.xxxxxxx.xxxxXxxxx24/12/2020verifiedعالي
8XXX.XXX.XX.XXXxxxxxx.xxxxxxx-xxxxxxxx.xxxXxxxx24/12/2020verifiedعالي
9XXX.XX.XX.XXXxxxxxxxx.xxxx.xxxxxxxxxx.xxXxxxx24/12/2020verifiedعالي
10XXX.XXX.XXX.XXxxx.xxxxxxxxx.xxxXxxxx24/12/2020verifiedعالي
11XXX.XXX.XXX.XXxxxxxx.xxxxxxxxx.xxxXxxxx24/12/2020verifiedعالي
12XXX.XX.XXX.XXxxx.xxxxxxx.xxxxXxxxx24/12/2020verifiedعالي
13XXX.XX.XX.XXXxxxx-xxx-xx-xx-xxx.xxxxxxxxx.xxxXxxxx24/12/2020verifiedعالي
14XXX.XX.XX.XXXxxxxxxxx.xxxxxx.xxxXxxxx24/12/2020verifiedعالي
15XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx24/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1059CWE-94Argument Injectionpredictiveعالي
2T1059.007CWE-79, CWE-80Cross Site Scriptingpredictiveعالي
3TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
4TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
5TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File/debug/pprofpredictiveمتوسط
2Fileaddentry.phppredictiveمتوسط
3Filedata/gbconfiguration.datpredictiveعالي
4Filexx_xxxxxxxxxxxxxx.xxxpredictiveعالي
5Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxpredictiveعالي
6Filexxxxxxxxx.xxxpredictiveعالي
7Filexxx/xxxxxx.xxxpredictiveعالي
8Filexxxxxxx.xxxpredictiveمتوسط
9Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveعالي
10Filexxxxxxxx.xxxxx.xxxpredictiveعالي
11Filexxxxxxx.xxxpredictiveمتوسط
12Argumentxxxxxxxxpredictiveمتوسط
13Argumentxxxxx_xxpredictiveمتوسط
14Argumentxxxxxxxpredictiveواطئ
15Argumentxxxxxxxxxpredictiveمتوسط
16Argumentxxxxxxxxpredictiveمتوسط
17Argumentxxxxxx_xxxxpredictiveمتوسط
18Argumentxxxxxxxpredictiveواطئ
19Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveعالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!