Chalubo Analyse

IOB - Indicator of Behavior (45)

Chronologie

Langue

en36
zh10

De campagne

cn28
us16

Acteurs

Activités

Intérêt

Chronologie

Taper

Fournisseur

Produit

Google Chrome4
Synacor Zimbra Collaboration4
Forcepoint NGFW2
Ignition Automation Ignition2
Microsoft Windows2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Cisco Unified Communications Manager TLS Certificate chiffrement faible5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001100.00CVE-2014-7991
2Mobile Device Monitoring Service API elévation de privilèges5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2022-0732
3Deltek Vision RPC over HTTP SQL sql injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.005760.03CVE-2018-18251
4Kerio Connect/Connect Client Desktop Application E-Mail Preview elévation de privilèges6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001850.05CVE-2017-7440
5Google Chrome V8 elévation de privilèges7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000820.05CVE-2024-0518
6Google Chrome V8 divulgation de l'information7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.001790.00CVE-2024-0519
7Fortinet FortiWeb Authorization Header sql injection7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.05CVE-2020-29015
8Ignition Automation Ignition JavaSerializationCodec elévation de privilèges9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2023-39476
9QNAP QTS Photo Station elévation de privilèges8.58.4$0-$5k$0-$5kHighOfficial Fix0.963410.06CVE-2019-7192
10Hikvision Hybrid SAN Web Module elévation de privilèges8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.267700.05CVE-2022-28171
11Synacor Zimbra Collaboration mboximport directory traversal4.74.5$0-$5k$0-$5kHighOfficial Fix0.947580.03CVE-2022-27925
12Gitblit directory traversal6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.007730.07CVE-2022-31268
13Open Webmail openwebmail-main.pl cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002490.00CVE-2007-4172
14Johannes Sixt Kdbg .kdbgrc elévation de privilèges5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2003-0644
15Litespeed Technologies OpenLiteSpeed Web Server Dashboard directory traversal5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.04CVE-2022-0072
16Dovecot Quoted String buffer overflow8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.613880.04CVE-2019-11500
17MODX CMS modRestServiceRequest XML External Entity7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002360.00CVE-2020-25911
18RoundCube sql injection6.36.0$0-$5k$0-$5kHighOfficial Fix0.004350.03CVE-2021-44026
19Valmet DNA Service Port 1517 elévation de privilèges9.39.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2021-26726
20WordPress URL elévation de privilèges8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.007120.00CVE-2019-17670

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1103.27.185.139Chalubo24/01/2022verifiedMoyen
2XXX.XX.XXX.XXXxxxxxx24/01/2022verifiedMoyen
3XXX.XXX.XXX.XXXXxxxxxx30/05/2024verifiedVery High
4XXX.XXX.XXX.XXXXxxxxxx30/05/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveÉlevé
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveÉlevé
10TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveÉlevé
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File.kdbgrcpredictiveFaible
2File/resources//../predictiveÉlevé
3File/xxxxxxx/predictiveMoyen
4Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveÉlevé
5Filexxxxx.xxxpredictiveMoyen
6Filexxxxxxxxxxx-xxxx.xxpredictiveÉlevé
7Filexxxx.xx.xxpredictiveMoyen
8Argumentxxxxxx_xxxxx_xxxpredictiveÉlevé
9ArgumentxxxpredictiveFaible
10Argumentxxxxxx/xxxxxx_xxxxxxpredictiveÉlevé
11Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxpredictiveÉlevé
12Input Value\xpredictiveFaible
13Network PortxxxxxpredictiveFaible
14Network Portxxx/xx (xxx)predictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!