Chalubo Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Sprache

en	34
zh	12
de	2

Land

CN: China	30
US: USA	14
DE: Germany	2

Akteure

Chalubo	3
APT10	1
ZuoRAT	1
pupy	1
Sliver	1

Interesse

Typ

Not Defined	16
Content Management System	8
Unified Communication Software	4
Web Browser	2
Network Attached Storage Software	2

Hersteller

Not Defined	6
Fortinet	4
Joomla	4
Forcepoint	4
Cisco	4

Produkt

Joomla CMS	4
WebKit WebKitGTK	2
QNAP QTS	2
Fortinet FortiWebManager	2
Gitblit	2

Schwachstellen

#	Schwachstelle	Base	Temp	0day	Heute	Aus	Mas	EPSS	CTI	CVE
1	Cisco Unified Communications Manager TLS Certificate schwache Verschlüsselung	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00112	0.00	CVE-2014-7991
2	Mobile Device Monitoring Service API erweiterte Rechte	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.00	CVE-2022-0732
3	Deltek Vision RPC over HTTP SQL SQL Injection	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00576	0.03	CVE-2018-18251
4	Vera VeraEdge/Veralite Web User Interface RunLua schwache Authentisierung	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.10148	0.00	CVE-2017-9389
5	Dolibarr ERP CRM SQL File erweiterte Rechte	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.07	CVE-2024-37821
6	Kerio Connect/Connect Client Desktop Application E-Mail Preview erweiterte Rechte	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00185	0.04	CVE-2017-7440
7	Google Chrome V8 erweiterte Rechte	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00082	0.05	CVE-2024-0518
8	Google Chrome V8 Information Disclosure	7.5	7.4	$25k-$100k	$5k-$25k	High	Official Fix	0.00179	0.05	CVE-2024-0519
9	Fortinet FortiWeb Authorization Header SQL Injection	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00131	0.05	CVE-2020-29015
10	Ignition Automation Ignition JavaSerializationCodec erweiterte Rechte	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00065	0.04	CVE-2023-39476
11	QNAP QTS Photo Station erweiterte Rechte	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.96341	0.05	CVE-2019-7192
12	Hikvision Hybrid SAN Web Module erweiterte Rechte	8.2	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.27157	0.05	CVE-2022-28171
13	Synacor Zimbra Collaboration mboximport Directory Traversal	4.7	4.5	$0-$5k	$0-$5k	High	Official Fix	0.94758	0.00	CVE-2022-27925
14	Gitblit Directory Traversal	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00625	0.08	CVE-2022-31268
15	Open Webmail openwebmail-main.pl Cross Site Scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00249	0.00	CVE-2007-4172
16	Johannes Sixt Kdbg .kdbgrc erweiterte Rechte	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2003-0644
17	Litespeed Technologies OpenLiteSpeed Web Server Dashboard Directory Traversal	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00071	0.05	CVE-2022-0072
18	Dovecot Quoted String Pufferüberlauf	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.61388	0.05	CVE-2019-11500
19	MODX CMS modRestServiceRequest XML External Entity	7.3	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00260	0.00	CVE-2020-25911
20	RoundCube SQL Injection	8.0	7.9	$0-$5k	$0-$5k	High	Official Fix	0.01441	0.04	CVE-2021-44026

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-Adresse	Akteur	Identifiziert	Typ	Akzeptanz
1	103.27.185.139	Chalubo	24.01.2022	verifiziert	Medium
2	XXX.XX.XXX.XX	Xxxxxxx	24.01.2022	verifiziert	Medium
3	XXX.XXX.XXX.XXX	Xxxxxxx	30.05.2024	verifiziert	Very High
4	XXX.XXX.XXX.XXX	Xxxxxxx	30.05.2024	verifiziert	Very High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klassifizierung	Schwachstellen	Zugriffsart	Typ	Akzeptanz
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	prädiktiv	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	prädiktiv	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	prädiktiv	High
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	prädiktiv	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	prädiktiv	High
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	prädiktiv	High
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	prädiktiv	High
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	prädiktiv	High
9	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	prädiktiv	High
10	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	prädiktiv	High
11	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	prädiktiv	High
12	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	prädiktiv	High

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasse	Indicator	Typ	Akzeptanz
1	File	.kdbgrc	prädiktiv	Low
2	File	/resources//../	prädiktiv	High
3	File	/uncpath/	prädiktiv	Medium
4	File	xxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxx	prädiktiv	High
5	File	xxxxx.xxx	prädiktiv	Medium
6	File	xxxxxxxxxxx-xxxx.xx	prädiktiv	High
7	File	xxxx.xx.xx	prädiktiv	Medium
8	Argument	xxxx	prädiktiv	Low
9	Argument	xxxxxx_xxxxx_xxx	prädiktiv	High
10	Argument	xxx	prädiktiv	Low
11	Argument	xxxxxx/xxxxxx_xxxxxx	prädiktiv	High
12	Input Value	xxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxx	prädiktiv	High
13	Input Value	\x	prädiktiv	Low
14	Network Port	xxxxx	prädiktiv	Low
15	Network Port	xxx/xx (xxx)	prädiktiv	Medium

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ ZurückÜbersichtWeiter ▸

Do you know our Splunk app?

Download it now for free!