Chalubo Analyse

IOB - Indicator of Behavior (45)

Zeitverlauf

Sprache

en36
zh8
ru2

Land

cn22
us20
ru2

Akteure

Aktivitäten

Interesse

Zeitverlauf

Typ

Hersteller

Produkt

Automattic WooCommerce plugin2
Cisco Unified Communications Manager2
MikroTik Winbox2
Open Webmail2
WebKit WebKitGTK2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasEPSSCTICVE
1Cisco Unified Communications Manager TLS Certificate schwache Verschlüsselung5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001100.00CVE-2014-7991
2Mobile Device Monitoring Service API erweiterte Rechte5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2022-0732
3Deltek Vision RPC over HTTP SQL SQL Injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.005760.03CVE-2018-18251
4Kerio Connect/Connect Client Desktop Application E-Mail Preview erweiterte Rechte6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001850.05CVE-2017-7440
5Google Chrome V8 erweiterte Rechte7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000820.05CVE-2024-0518
6Google Chrome V8 Information Disclosure7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.001790.04CVE-2024-0519
7Fortinet FortiWeb Authorization Header SQL Injection7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.05CVE-2020-29015
8Ignition Automation Ignition JavaSerializationCodec erweiterte Rechte9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2023-39476
9QNAP QTS Photo Station erweiterte Rechte8.58.4$0-$5k$0-$5kHighOfficial Fix0.963410.06CVE-2019-7192
10Hikvision Hybrid SAN Web Module erweiterte Rechte8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.267700.05CVE-2022-28171
11Synacor Zimbra Collaboration mboximport Directory Traversal4.74.5$0-$5k$0-$5kHighOfficial Fix0.947580.00CVE-2022-27925
12Gitblit Directory Traversal6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.007730.00CVE-2022-31268
13Open Webmail openwebmail-main.pl Cross Site Scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002490.00CVE-2007-4172
14Johannes Sixt Kdbg .kdbgrc erweiterte Rechte5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2003-0644
15Litespeed Technologies OpenLiteSpeed Web Server Dashboard Directory Traversal5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.04CVE-2022-0072
16Dovecot Quoted String Pufferüberlauf8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.613880.04CVE-2019-11500
17MODX CMS modRestServiceRequest XML External Entity7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002360.00CVE-2020-25911
18RoundCube SQL Injection6.36.0$0-$5k$0-$5kHighOfficial Fix0.004350.05CVE-2021-44026
19Valmet DNA Service Port 1517 erweiterte Rechte9.39.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2021-26726
20WordPress URL erweiterte Rechte8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.007120.00CVE-2019-17670

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
1103.27.185.139Chalubo24.01.2022verifiziertMedium
2XXX.XX.XXX.XXXxxxxxx24.01.2022verifiziertMedium
3XXX.XXX.XXX.XXXXxxxxxx30.05.2024verifiziertVery High
4XXX.XXX.XXX.XXXXxxxxxx30.05.2024verifiziertVery High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File.kdbgrcprädiktivLow
2File/resources//../prädiktivHigh
3File/xxxxxxx/prädiktivMedium
4Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxprädiktivHigh
5Filexxxxx.xxxprädiktivMedium
6Filexxxxxxxxxxx-xxxx.xxprädiktivHigh
7Filexxxx.xx.xxprädiktivMedium
8Argumentxxxxxx_xxxxx_xxxprädiktivHigh
9ArgumentxxxprädiktivLow
10Argumentxxxxxx/xxxxxx_xxxxxxprädiktivHigh
11Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxprädiktivHigh
12Input Value\xprädiktivLow
13Network PortxxxxxprädiktivLow
14Network Portxxx/xx (xxx)prädiktivMedium

Referenzen (3)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!