Babar Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

Sprache

en	30

Land

us	24
fr	2
ca	2
gb	2

Akteure

Babar	4

Interesse

Typ

Not Defined	8
Router Operating System	4
Anti-Malware Software	2
SCADA Software	2
Web Server	2

Hersteller

SonicWALL	2
Incredible Interactive	2
Thomas R. Pasawicz	2
ZyXEL	2
Schneider Electric	2

Produkt

SonicWALL AntiSpam	2
SonicWALL EMail Security Appliance	2
Incredible Interactive Dragonfly Commerce	2
Thomas R. Pasawicz HyperBook Guestbook	2
ZyXEL P660HN-T v1	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	CTI	EPSS	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02	0.02016	CVE-2007-1192
2	MailEnable Enterprise Premium XML Data XML External Entity	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04	0.00224	CVE-2019-12924
3	SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html Cross Site Scripting	8.0	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00000
4	WoltLab Burning Book addentry.php SQL Injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.02	0.00804	CVE-2006-5509
5	DZCP deV!L`z Clanportal config.php erweiterte Rechte	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.54	0.00943	CVE-2010-0966
6	Kubernetes kubelet pprof Information Disclosure	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.09	0.53513	CVE-2019-11248
7	D-Link DIR-815 POST Request soapcgi_main Privilege Escalation	8.0	7.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.02	0.00317	CVE-2023-51123
8	Schneider Electric Modicon M218 Logic Controller Service Port 1105 Denial of Service	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00071	CVE-2021-22800
9	TETRA TEA1 Keystream Generator Tetraburst Remote Code Execution	8.4	8.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00048	CVE-2022-24402
10	TETRA Air Interface Encryption Tetraburst unbekannte Schwachstelle	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00048	CVE-2022-24404
11	Citrix ADC/Gateway Cross Site Scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.01	0.03845	CVE-2023-24488
12	ZyXEL P660HN-T v1 ViewLog.asp erweiterte Rechte	7.3	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.02	0.00000
13	Microsoft Exchange Server Email erweiterte Rechte	8.4	7.8	$25k-$100k	$0-$5k	Functional	Official Fix	0.00	0.55670	CVE-2020-16875
14	Carbonize Lazarus Guestbook template.class.php erweiterte Rechte	9.8	8.8	$0-$5k	Wird berechnet	Proof-of-Concept	Official Fix	0.00	0.04617	CVE-2007-1486
15	Microsoft IIS Log File Permission Information Disclosure	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.05	0.00042	CVE-2012-2531
16	Apache HTTP Server mod_cache Denial of Service	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.01	0.04147	CVE-2013-4352
17	Host Web Server phpinfo.php phpinfo Information Disclosure	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.08	0.00000
18	Lars Ellingsen Guestserver guestbook.cgi Cross Site Scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.00169	CVE-2005-4222
19	McAfee Network Security Management Command Line Interface Information Disclosure	5.9	5.7	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.00	0.00042	CVE-2020-7284
20	Incredible Interactive Dragonfly Commerce Administration dc_categorieslist.asp Stored unbekannte Schwachstelle	5.3	5.1	$0-$5k	Wird berechnet	Not Defined	Official Fix	0.02	0.00581	CVE-2005-2220

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Hostname	Akteur	Identifiziert	Typ	Akzeptanz
1	64.20.43.107	vps238561.trouble-free.net	Babar	24.12.2020	verifiziert	High
2	69.25.212.153		Babar	24.12.2020	verifiziert	High
3	83.149.75.58	reserved.ps-it.nl	Babar	24.12.2020	verifiziert	High
4	XXX.XXX.XX.XX	xxxxx.xxxxxxx-xxxxxxx.xxx	Xxxxx	24.12.2020	verifiziert	High
5	XXX.XXX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxx	24.12.2020	verifiziert	High
6	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxx	Xxxxx	24.12.2020	verifiziert	High
7	XXX.XXX.XXX.XXX	xxxxxx.xxxxxxx.xxxx	Xxxxx	24.12.2020	verifiziert	High
8	XXX.XXX.XX.XXX	xxxxxx.xxxxxxx-xxxxxxxx.xxx	Xxxxx	24.12.2020	verifiziert	High
9	XXX.XX.XX.XXX	xxxxxxxx.xxxx.xxxxxxxxxx.xx	Xxxxx	24.12.2020	verifiziert	High
10	XXX.XXX.XXX.XX	xxx.xxxxxxxxx.xxx	Xxxxx	24.12.2020	verifiziert	High
11	XXX.XXX.XXX.XX	xxxxxx.xxxxxxxxx.xxx	Xxxxx	24.12.2020	verifiziert	High
12	XXX.XX.XXX.XX	xxx.xxxxxxx.xxxx	Xxxxx	24.12.2020	verifiziert	High
13	XXX.XX.XX.XXX	xxxx-xxx-xx-xx-xxx.xxxxxxxxx.xxx	Xxxxx	24.12.2020	verifiziert	High
14	XXX.XX.XX.XXX	xxxxxxxx.xxxxxx.xxx	Xxxxx	24.12.2020	verifiziert	High
15	XXX.XXX.XXX.XX	xx-xxx-xxx-xxx-xx.xxxxxxxx.xxx.xxxxxxxxx.xxx	Xxxxx	24.12.2020	verifiziert	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1059	CWE-94	Argument Injection	prädiktiv	High
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	prädiktiv	High
3	TXXXX	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
4	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
6	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	/debug/pprof	prädiktiv	Medium
2	File	addentry.php	prädiktiv	Medium
3	File	data/gbconfiguration.dat	prädiktiv	High
4	File	xx_xxxxxxxxxxxxxx.xxx	prädiktiv	High
5	File	xxxxxxxx_xxxxxxxxx_xxxxx.xxx	prädiktiv	High
6	File	xxxxxxxxx.xxx	prädiktiv	High
7	File	xxx/xxxxxx.xxx	prädiktiv	High
8	File	xxxxxxx.xxx	prädiktiv	Medium
9	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	prädiktiv	High
10	File	xxxxxxxx.xxxxx.xxx	prädiktiv	High
11	File	xxxxxxx.xxx	prädiktiv	Medium
12	Argument	xxxxxxxx	prädiktiv	Medium
13	Argument	xxxxx_xx	prädiktiv	Medium
14	Argument	xxxxxxx	prädiktiv	Low
15	Argument	xxxxxxxxx	prädiktiv	Medium
16	Argument	xxxxxxxx	prädiktiv	Medium
17	Argument	xxxxxx_xxxx	prädiktiv	Medium
18	Argument	xxxxxxx	prädiktiv	Low
19	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	prädiktiv	High

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Might our Artificial Intelligence support you?

Check our Alexa App!