Chalubo تحليل

IOB - Indicator of Behavior (45)

التسلسل الزمني

اللغة

en28
zh14
ru2
de2

البلد

cn24
us16
ru2
de2

الفاعلين

النشاطات

الاهتمام

التسلسل الزمني

النوع

المجهز

منتج

Google Chrome4
Kerio Connect2
Kerio Connect Client Desktop Application2
Cisco Meeting Server2
Open Webmail2

الثغرات

#الثغرةBaseTemp0dayاليومق�معالجةEPSSCTICVE
1Cisco Unified Communications Manager TLS Certificate تشفير ضعيف5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001100.00CVE-2014-7991
2Mobile Device Monitoring Service API تجاوز الصلاحيات5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2022-0732
3Deltek Vision RPC over HTTP SQL حقن إس كيو إل8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.005760.03CVE-2018-18251
4Kerio Connect/Connect Client Desktop Application E-Mail Preview تجاوز الصلاحيات6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001850.05CVE-2017-7440
5Google Chrome V8 تجاوز الصلاحيات7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000820.05CVE-2024-0518
6Google Chrome V8 الكشف عن المعلومات7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.001790.04CVE-2024-0519
7Fortinet FortiWeb Authorization Header حقن إس كيو إل7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.05CVE-2020-29015
8Ignition Automation Ignition JavaSerializationCodec تجاوز الصلاحيات9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2023-39476
9QNAP QTS Photo Station تجاوز الصلاحيات8.58.4$0-$5k$0-$5kHighOfficial Fix0.963410.06CVE-2019-7192
10Hikvision Hybrid SAN Web Module تجاوز الصلاحيات8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.267700.05CVE-2022-28171
11Synacor Zimbra Collaboration mboximport اجتياز الدليل4.74.5$0-$5k$0-$5kHighOfficial Fix0.947580.00CVE-2022-27925
12Gitblit اجتياز الدليل6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.007730.00CVE-2022-31268
13Open Webmail openwebmail-main.pl سكربتات مشتركة4.34.2$0-$5k$0-$5kHighUnavailable0.002490.00CVE-2007-4172
14Johannes Sixt Kdbg .kdbgrc تجاوز الصلاحيات5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2003-0644
15Litespeed Technologies OpenLiteSpeed Web Server Dashboard اجتياز الدليل5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.04CVE-2022-0072
16Dovecot Quoted String تلف الذاكرة8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.613880.04CVE-2019-11500
17MODX CMS modRestServiceRequest XML External Entity7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002360.00CVE-2020-25911
18RoundCube حقن إس كيو إل6.36.0$0-$5k$0-$5kHighOfficial Fix0.004350.05CVE-2021-44026
19Valmet DNA Service Port 1517 تجاوز الصلاحيات9.39.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2021-26726
20WordPress URL تجاوز الصلاحيات8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.007120.00CVE-2019-17670

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDعنوان بروتوكول الإنترنتHostnameممثلحملاتIdentifiedالنوعالثقة
1103.27.185.139Chalubo24/01/2022verifiedمتوسط
2XXX.XX.XXX.XXXxxxxxx24/01/2022verifiedمتوسط
3XXX.XXX.XXX.XXXXxxxxxx30/05/2024verifiedVery High
4XXX.XXX.XXX.XXXXxxxxxx30/05/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueالفئةالثغراتمتجه الوصولالنوعالثقة
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictiveعالي
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictiveعالي
3T1059CAPEC-242CWE-94Argument Injectionpredictiveعالي
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictiveعالي
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictiveعالي
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictiveعالي
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictiveعالي
8TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictiveعالي
9TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveعالي
10TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveعالي
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictiveعالي
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictiveعالي

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDالفئةIndicatorالنوعالثقة
1File.kdbgrcpredictiveواطئ
2File/resources//../predictiveعالي
3File/xxxxxxx/predictiveمتوسط
4Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveعالي
5Filexxxxx.xxxpredictiveمتوسط
6Filexxxxxxxxxxx-xxxx.xxpredictiveعالي
7Filexxxx.xx.xxpredictiveمتوسط
8Argumentxxxxxx_xxxxx_xxxpredictiveعالي
9Argumentxxxpredictiveواطئ
10Argumentxxxxxx/xxxxxx_xxxxxxpredictiveعالي
11Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxpredictiveعالي
12Input Value\xpredictiveواطئ
13Network Portxxxxxpredictiveواطئ
14Network Portxxx/xx (xxx)predictiveمتوسط

المصادر (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!