Chalubo Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Chronologie

Langue

en36
zh8
de2
ru2

De campagne

US: USA22
CN: China16
DE: Germany2
RU: Russia2

Acteurs

Chalubo2
APT101
ZuoRAT1
pupy1
Sliver1

Activités

Intérêt

Chronologie

Taper

Not Defined16
Groupware Software4
Content Management System4
Web Server2
Anti-Malware Software2

Fournisseur

Cisco4
Synacor4
Apache4
Microsoft4
Not Defined4

Produit

Synacor Zimbra Collaboration4
Deltek Vision2
Cisco Jabber2
Apache Sling2
Vera VeraEdge2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Cisco Unified Communications Manager TLS Certificate chiffrement faible5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001120.00CVE-2014-7991
2Mobile Device Monitoring Service API elévation de privilèges5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.04CVE-2022-0732
3Deltek Vision RPC over HTTP SQL sql injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.005760.03CVE-2018-18251
4Vera VeraEdge/Veralite Web User Interface RunLua authentification faible7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.101480.00CVE-2017-9389
5Dolibarr ERP CRM SQL File elévation de privilèges6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000430.07CVE-2024-37821
6Kerio Connect/Connect Client Desktop Application E-Mail Preview elévation de privilèges6.46.4$0-$5kCalculateurNot DefinedNot Defined0.001850.04CVE-2017-7440
7Google Chrome V8 elévation de privilèges7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000820.05CVE-2024-0518
8Google Chrome V8 divulgation de l'information7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.001790.05CVE-2024-0519
9Fortinet FortiWeb Authorization Header sql injection7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.05CVE-2020-29015
10Ignition Automation Ignition JavaSerializationCodec elévation de privilèges9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.04CVE-2023-39476
11QNAP QTS Photo Station elévation de privilèges8.58.4$0-$5k$0-$5kHighOfficial Fix0.963410.05CVE-2019-7192
12Hikvision Hybrid SAN Web Module elévation de privilèges8.28.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.271570.00CVE-2022-28171
13Synacor Zimbra Collaboration mboximport directory traversal4.74.5$0-$5k$0-$5kHighOfficial Fix0.950230.00CVE-2022-27925
14Gitblit directory traversal6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.006250.07CVE-2022-31268
15Open Webmail openwebmail-main.pl cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002490.00CVE-2007-4172
16Johannes Sixt Kdbg .kdbgrc elévation de privilèges5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2003-0644
17Litespeed Technologies OpenLiteSpeed Web Server Dashboard directory traversal5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.05CVE-2022-0072
18Dovecot Quoted String buffer overflow8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.613880.05CVE-2019-11500
19MODX CMS modRestServiceRequest XML External Entity7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002600.00CVE-2020-25911
20RoundCube sql injection8.07.9$0-$5k$0-$5kHighOfficial Fix0.014410.04CVE-2021-44026

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
1103.27.185.139Chalubo24/01/2022verifiedMoyen
2XXX.XX.XXX.XXXxxxxxx24/01/2022verifiedMoyen
3XXX.XXX.XXX.XXXXxxxxxx30/05/2024verifiedVery High
4XXX.XXX.XXX.XXXXxxxxxx30/05/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveÉlevé
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
3T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveÉlevé
10TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveÉlevé
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File.kdbgrcpredictiveFaible
2File/resources//../predictiveÉlevé
3File/uncpath/predictiveMoyen
4Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveÉlevé
5Filexxxxx.xxxpredictiveMoyen
6Filexxxxxxxxxxx-xxxx.xxpredictiveÉlevé
7Filexxxx.xx.xxpredictiveMoyen
8ArgumentxxxxpredictiveFaible
9Argumentxxxxxx_xxxxx_xxxpredictiveÉlevé
10ArgumentxxxpredictiveFaible
11Argumentxxxxxx/xxxxxx_xxxxxxpredictiveÉlevé
12Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxpredictiveÉlevé
13Input Value\xpredictiveFaible
14Network PortxxxxxpredictiveFaible
15Network Portxxx/xx (xxx)predictiveMoyen

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Do you need the next level of professionalism?

Upgrade your account now!