Chafer تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (327)

التسلسل الزمني

اللغة

en278
es14
ru10
de6
fr6

البلد

us178
ru34
es26
cn14
gb10

الفاعلين

Chafer7
APT392
MechaFlounder2
MyKings1
Cobalt Strike1

النشاطات

الاهتمام

التسلسل الزمني

النوع

Not Defined112
Content Management System20
Web Server18
WordPress Plugin18
Operating System14

المجهز

Not Defined114
Microsoft18
Apache12
D-Link10
Google8

منتج

Microsoft Windows8
Google Chrome8
WordPress8
BigBlueButton6
Microsoft IIS6

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash الكشف عن المعلومات5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2nginx تجاوز الصلاحيات6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.310.00241CVE-2020-12440
3Microsoft IIS سكربتات مشتركة5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.00548CVE-2017-0055
4VMware vRealize Orchestrator Path Redirect3.02.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00119CVE-2021-22036
5vm2 تجاوز الصلاحيات9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.010.00464CVE-2023-32314
6OpenSSH Authentication Username الكشف عن المعلومات5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
7PHPMailer Phar Deserialization addAttachment تجاوز الصلاحيات5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00748CVE-2020-36326
8jQuery Property extend Pollution سكربتات مشتركة6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.03625CVE-2019-11358
9Rust Programming Language Standard Library type_id تلف الذاكرة7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00301CVE-2019-12083
10WordPress حقن إس كيو إل6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00467CVE-2022-21664
11Apple iOS WebKit تلف الذاكرة6.36.0$100k أو أكثر$5k-$25kHighOfficial Fix0.000.00349CVE-2021-30666
12WordPress اجتياز الدليل5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00326CVE-2023-2745
13Canon IJ Network Tool Wi-Fi Connection Setup الكشف عن المعلومات5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00052CVE-2023-1763
14ciubotaru share-on-diaspora new_window.php سكربتات مشتركة4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00063CVE-2017-20176
15Postfix Admin functions.inc.php حقن إس كيو إل7.37.0$5k-$25k$0-$5kHighOfficial Fix0.030.00263CVE-2014-2655
16D-Link DCS-2530L/DCS-2670L ddns_enc.cgi تجاوز الصلاحيات7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.020.00135CVE-2020-25079
17Microsoft IIS IP/Domain Restriction تجاوز الصلاحيات6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.040.00817CVE-2014-4078
18SourceCodester Library Management System bookdetails.php حقن إس كيو إل7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.040.00322CVE-2022-2214
19Phplinkdirectory PHP Link Directory conf_users_edit.php طلب تزوير مشترك6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00526CVE-2011-0643
20Lotus Domino Request الكشف عن المعلومات5.35.1$0-$5kجاري الحسابNot DefinedOfficial Fix0.020.00877CVE-2002-0245

حملات (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
183.142.230.113Chafer22/12/2020verifiedعالي
289.38.97.11289-38-97-112.hosted-by-worldstream.netChafer22/12/2020verifiedعالي
389.38.97.11589-38-97-115.hosted-by-worldstream.netChafer22/12/2020verifiedعالي
4XX.XXX.XXX.XXXXxxxxx22/12/2020verifiedعالي
5XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxxx22/12/2020verifiedعالي
6XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxXxxxxx27/03/2022verifiedعالي
7XXX.XXX.XXX.XXXxxxxx22/12/2020verifiedعالي
8XXX.XXX.XXX.XXXxxxxXxxxxx12/12/2020verifiedعالي
9XXX.XXX.XXX.XXXxxx-xx.xxxxxx.xxXxxxxx22/12/2020verifiedعالي
10XXX.XX.XXX.XXxxx.xxxxxxxxxxxxxxx.xxxxXxxxxx22/12/2020verifiedعالي
11XXX.XXX.XX.XXXxxxxXxxxxx12/12/2020verifiedعالي

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالثغراتمتجه الوصولالنوعالثقة
1T1006CWE-21, CWE-22Path Traversalpredictiveعالي
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveعالي
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
4T1059CWE-94Argument Injectionpredictiveعالي
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictiveعالي
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictiveعالي
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictiveعالي
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictiveعالي
12TXXXXCWE-XXXxx Xxxxxxxxxpredictiveعالي
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictiveعالي
15TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictiveعالي
16TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي
18TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictiveعالي

IOA - Indicator of Attack (136)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File//etc/RT2870STA.datpredictiveعالي
2File/admin/index.php?id=themes&action=edit_template&filename=blogpredictiveعالي
3File/api/loginpredictiveمتوسط
4File/appConfig/userDB.jsonpredictiveعالي
5File/bin/boapredictiveمتوسط
6File/cgi-bin/wapopenpredictiveعالي
7File/CPEpredictiveواطئ
8File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictiveعالي
9File/jquery_file_upload/server/php/index.phppredictiveعالي
10File/librarian/bookdetails.phppredictiveعالي
11File/magnoliaPublic/travel/members/login.htmlpredictiveعالي
12File/Main_AdmStatus_Content.asppredictiveعالي
13File/public/login.htmpredictiveعالي
14File/requests.phppredictiveعالي
15File/self.keypredictiveمتوسط
16File/xxxxxxx/predictiveمتوسط
17File/xxx/xxx/xxxxxpredictiveعالي
18File/xxxxxxxx/xxxx_xxxxx.xxxpredictiveعالي
19Filexxxxxxx.xxxpredictiveمتوسط
20Filexxxxx.xxxpredictiveمتوسط
21Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveعالي
22Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveعالي
23Filexxxxxxxxxx.xxxpredictiveعالي
24Filexxxxxxxxxxx.xxxpredictiveعالي
25Filexx_xxxxxxxxxx.xxxpredictiveعالي
26Filexxx:.xxxpredictiveمتوسط
27Filexxxxxxx.xxxpredictiveمتوسط
28Filexxxxxx_xxxxxx.xxxpredictiveعالي
29Filexxxxxxxx.xxxpredictiveمتوسط
30Filexxx-xxx/xxxx_xxx.xxxpredictiveعالي
31Filexxxxxx.xxxpredictiveمتوسط
32Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveعالي
33Filexxxxxx.xxxpredictiveمتوسط
34Filexxx.xxxpredictiveواطئ
35Filexxxxx.xxxpredictiveمتوسط
36Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictiveعالي
37Filexxxxxxxxx.xxx.xxxpredictiveعالي
38Filexxxxxxxxxxxx_xxxx.xxxpredictiveعالي
39Filexxx_xxxxxx.xxxpredictiveعالي
40Filexxxx_xxxxxxx.xxx.xxxpredictiveعالي
41Filexxxx_xxxx.xpredictiveمتوسط
42Filexxxxxxxxx.xxxpredictiveعالي
43Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictiveعالي
44Filexxxxx.xxxpredictiveمتوسط
45Filexxxxxx.xpredictiveمتوسط
46Filexxxx/xxx_xxx.xpredictiveعالي
47Filexxxxxxxx.xxxpredictiveمتوسط
48Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveعالي
49Filexxx_xxxxxx.xxpredictiveعالي
50Filexxxx/xxxx/xxxxx.xxxpredictiveعالي
51Filexxx_xxxxxx.xxxpredictiveعالي
52Filexxxxxx.xxxpredictiveمتوسط
53Filexxxxxxxxxxxxxx.xxxpredictiveعالي
54Filexxxxxxx.xxxpredictiveمتوسط
55Filexxxxx.xxxxx.xxxpredictiveعالي
56Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveعالي
57Filexxxx/xxxxxpredictiveمتوسط
58Filexxxxx.xxxpredictiveمتوسط
59Filexxxxxxxx.xxxpredictiveمتوسط
60Filexxxxxxxxxx.xxxpredictiveعالي
61Filexxxxxxxx_xxxx.xxxpredictiveعالي
62Filexxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictiveعالي
63Filexxxxxxx.xpredictiveمتوسط
64Filexxxxxx.xxxpredictiveمتوسط
65Filexxxx.xxxpredictiveمتوسط
66Filexxxxx/xxx/xxxx.xpredictiveعالي
67Filexxxxxx_xxx_xxxxx_xxx.xxxpredictiveعالي
68Filexxx_xxx_xxxxx.xxxpredictiveعالي
69Filexxxx/xxxxxxxxxxxxxxx.xxxxxxpredictiveعالي
70Filexxxxxxx_xxxxx.xxxpredictiveعالي
71Filexxxxxxx_xxxxxxxxxx.xxxpredictiveعالي
72Filexxx.xxxpredictiveواطئ
73Filexxxxxx.xxxpredictiveمتوسط
74Filexxxxxx.xxxpredictiveمتوسط
75Filexxxxxxxxxxxxxx.xxxpredictiveعالي
76Filexxxxxxx.xxxpredictiveمتوسط
77Filexx-xxxxx/xxxx-xxx.xxxpredictiveعالي
78Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/predictiveعالي
79Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveعالي
80Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveعالي
81Filexx-xxxxxxxxxxx.xxxpredictiveعالي
82Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictiveعالي
83Libraryxxxxxx.xxxpredictiveمتوسط
84Argument$xxxxx_xxxxxxxxxxpredictiveعالي
85Argumentxxxxxxxpredictiveواطئ
86Argumentxxxxxpredictiveواطئ
87Argumentxxxxxxpredictiveواطئ
88Argumentxxxpredictiveواطئ
89Argumentxxxxxpredictiveواطئ
90Argumentxxxxxxxxxxxxxxxpredictiveعالي
91Argumentxxxx/xxxxpredictiveمتوسط
92Argumentxxxxxxxxpredictiveمتوسط
93Argumentxxxxpredictiveواطئ
94Argumentxxxxxxxxxxpredictiveمتوسط
95Argumentxxxxpredictiveواطئ
96Argumentxxxxxxxxxxpredictiveمتوسط
97Argumentxxxx_xxxxxxxxpredictiveعالي
98Argumentxxxx[xxx]predictiveمتوسط
99Argumentxxxxxxxxpredictiveمتوسط
100Argumentxxxxpredictiveواطئ
101Argumentxxxxxpredictiveواطئ
102Argumentxxxxx_xxpredictiveمتوسط
103Argumentxxxx_xxxxxxxpredictiveمتوسط
104Argumentxxpredictiveواطئ
105Argumentxxxxpredictiveواطئ
106Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveعالي
107Argumentx/xx/xxxpredictiveمتوسط
108Argumentxxxx_xxxxpredictiveمتوسط
109Argumentxx_xxxxxxxpredictiveمتوسط
110Argumentxxxpredictiveواطئ
111Argumentxxxxxxxxx/xxxxxx/xxxxxxxxxpredictiveعالي
112Argumentxxxxxxxxxxpredictiveمتوسط
113Argumentxxxxxxxxxxxxxpredictiveعالي
114Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveعالي
115Argumentxxxxxxpredictiveواطئ
116Argumentxxxxx_xxxxpredictiveمتوسط
117Argumentxxxxxxxxpredictiveمتوسط
118Argumentxxxxxxxxpredictiveمتوسط
119Argumentxxxxxxxpredictiveواطئ
120Argumentxxxx xxxxxpredictiveمتوسط
121Argumentxxxx_xxxxxpredictiveمتوسط
122Argumentxxxxpredictiveواطئ
123Argumentxxxxxxpredictiveواطئ
124Argumentxxxxxxxxxxpredictiveمتوسط
125Argumentx/xxxxxxxxxxxxpredictiveعالي
126Argumentxxxxpredictiveواطئ
127Argumentxxxxxxxxpredictiveمتوسط
128Argumentxxxxx/xxxpredictiveمتوسط
129Argumentxxxpredictiveواطئ
130Argumentxxxxxxpredictiveواطئ
131Argumentxxxxxxxxpredictiveمتوسط
132Argumentxxxxxxxxx_xxxxxx_xx_[xxxx]predictiveعالي
133Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveعالي
134Input Value../..predictiveواطئ
135Network Portxxx/xxxxpredictiveمتوسط
136Network Portxxx/xxx (xxx)predictiveعالي

المصادر (5)

The following list contains external sources which discuss the actor and the associated activities:

التالي نظرة عامة السابق

Do you know our Splunk app?

Download it now for free!