Chafer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (329)

タイムライン

言語

en292
es12
ru6
it6
fr6

国・地域

us182
ru20
ir16
es16
cn16

アクター

Chafer6
APT392
MechaFlounder2
MyKings1
Cobalt Strike1

アクティビティ

関心

タイムライン

タイプ

Not Defined104
Content Management System24
Web Server18
Operating System16
WordPress Plugin12

ベンダー

Not Defined114
Microsoft16
Apache12
Google8
VMware6

製品

WordPress8
Apache HTTP Server8
Microsoft Windows8
Google Chrome6
Joomla6

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.67CVE-2020-12440
3Microsoft IIS クロスサイトスクリプティング5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.13CVE-2017-0055
4VMware vRealize Orchestrator Path Redirect3.02.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.001190.00CVE-2021-22036
5vm2 特権昇格9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.005370.04CVE-2023-32314
6OpenSSH Authentication Username 情報の漏洩5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.39CVE-2016-6210
7PHPMailer Phar Deserialization addAttachment 特権昇格5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.007480.00CVE-2020-36326
8jQuery Property extend Pollution クロスサイトスクリプティング6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.39CVE-2019-11358
9Rust Programming Language Standard Library type_id メモリ破損7.77.5$0-$5k$0-$5kNot DefinedOfficial Fix0.003010.00CVE-2019-12083
10WordPress SQLインジェクション6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.00CVE-2022-21664
11Apple iOS WebKit メモリ破損6.36.0$100k 以上$5k-$25kHighOfficial Fix0.004240.00CVE-2021-30666
12WordPress ディレクトリトラバーサル5.75.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.04CVE-2023-2745
13Canon IJ Network Tool Wi-Fi Connection Setup 情報の漏洩5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000520.00CVE-2023-1763
14ciubotaru share-on-diaspora new_window.php クロスサイトスクリプティング4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000630.04CVE-2017-20176
15Postfix Admin functions.inc.php SQLインジェクション7.37.0$5k-$25k$0-$5kHighOfficial Fix0.002530.03CVE-2014-2655
16D-Link DCS-2530L/DCS-2670L ddns_enc.cgi 特権昇格7.57.5$5k-$25k$5k-$25kNot DefinedNot Defined0.001350.02CVE-2020-25079
17Microsoft IIS IP/Domain Restriction 特権昇格6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.008170.47CVE-2014-4078
18SourceCodester Library Management System bookdetails.php SQLインジェクション7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003220.04CVE-2022-2214
19Phplinkdirectory PHP Link Directory conf_users_edit.php 未知の脆弱性6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.005260.00CVE-2011-0643
20Lotus Domino Request 情報の漏洩5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.008770.00CVE-2002-0245

キャンペーン (2)

These are the campaigns that can be associated with the actor:

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
183.142.230.113Chafer2020年12月22日verified
289.38.97.11289-38-97-112.hosted-by-worldstream.netChafer2020年12月22日verified
389.38.97.11589-38-97-115.hosted-by-worldstream.netChafer2020年12月22日verified
4XX.XXX.XXX.XXXXxxxxx2020年12月22日verified
5XX.XXX.XX.XXXxx-xxx-xx-xxx.xxxxxx.xxxx.xxXxxxxx2020年12月22日verified
6XXX.XX.XXX.XXXxxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxXxxxxx2022年03月27日verified
7XXX.XXX.XXX.XXXxxxxx2020年12月22日verified
8XXX.XXX.XXX.XXXxxxxXxxxxx2020年12月12日verified
9XXX.XXX.XXX.XXXxxx-xx.xxxxxx.xxXxxxxx2020年12月22日verified
10XXX.XX.XXX.XXxxx.xxxxxxxxxxxxxxx.xxxxXxxxxx2020年12月22日verified
11XXX.XXX.XX.XXXxxxxXxxxxx2020年12月12日verified

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique脆弱性アクセスベクタータイプ信頼度
1T1006CWE-21, CWE-22Path Traversalpredictive
2T1040CWE-294, CWE-319Authentication Bypass by Capture-replaypredictive
3T1055CWE-74Improper Neutralization of Data within XPath Expressionspredictive
4T1059CWE-94Argument Injectionpredictive
5TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
6TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
7TXXXX.XXXCWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
9TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
10TXXXXCWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
11TXXXXCWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
12TXXXXCWE-XXXxx Xxxxxxxxxpredictive
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
14TXXXXCWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
16TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive
18TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxpredictive

IOA - Indicator of Attack (138)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File//etc/RT2870STA.datpredictive
2File/admin/index.php?id=themes&action=edit_template&filename=blogpredictive
3File/api/loginpredictive
4File/appConfig/userDB.jsonpredictive
5File/bin/boapredictive
6File/cgi-bin/wapopenpredictive
7File/CPEpredictive
8File/cwp_{SESSION_HASH}/admin/loader_ajax.phppredictive
9File/jquery_file_upload/server/php/index.phppredictive
10File/librarian/bookdetails.phppredictive
11File/magnoliaPublic/travel/members/login.htmlpredictive
12File/Main_AdmStatus_Content.asppredictive
13File/public/login.htmpredictive
14File/requests.phppredictive
15File/self.keypredictive
16File/xxxxxxx/predictive
17File/xxx/xxx/xxxxxpredictive
18File/xxxxxxxx/xxxx_xxxxx.xxxpredictive
19Filexxxxxxx.xxxpredictive
20Filexxxxx.xxxpredictive
21Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictive
22Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictive
23Filexxxxxxxxxx.xxxpredictive
24Filexxxxxxxxxxx.xxxpredictive
25Filexx_xxxxxxxxxx.xxxpredictive
26Filexxx:.xxxpredictive
27Filexxx/xxx.xxxpredictive
28Filexxxxxxx.xxxpredictive
29Filexxxxxx_xxxxxx.xxxpredictive
30Filexxxxxxxx.xxxpredictive
31Filexxx-xxx/xxxx_xxx.xxxpredictive
32Filexxxxxx.xxxpredictive
33Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
34Filexxxxxx.xxxpredictive
35Filexxx.xxxpredictive
36Filexxxxx.xxxpredictive
37Filexxx/xxxxxxxx/xxx_xxxxxxxxxxxx.xxpredictive
38Filexxxxxxxxx.xxx.xxxpredictive
39Filexxxxxxxxxxxx_xxxx.xxxpredictive
40Filexxx_xxxxxx.xxxpredictive
41Filexxxx_xxxxxxx.xxx.xxxpredictive
42Filexxxx_xxxx.xpredictive
43Filexxxxxxxxx.xxxpredictive
44Filexxxxxxxx/xxxxx.xxxx-xxx.xxxpredictive
45Filexxxxx.xxxpredictive
46Filexxxxxx.xpredictive
47Filexxxx/xxx_xxx.xpredictive
48Filexxxxxxxx.xxxpredictive
49Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictive
50Filexxx_xxxxxx.xxpredictive
51Filexxxx/xxxx/xxxxx.xxxpredictive
52Filexxx_xxxxxx.xxxpredictive
53Filexxxxxx.xxxpredictive
54Filexxxxxxxxxxxxxx.xxxpredictive
55Filexxxxxxx.xxxpredictive
56Filexxxxx.xxxxx.xxxpredictive
57Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictive
58Filexxxx/xxxxxpredictive
59Filexxxxx.xxxpredictive
60Filexxxxxxxx.xxxpredictive
61Filexxxxxxxxxx.xxxpredictive
62Filexxxxxxxx_xxxx.xxxpredictive
63Filexxxxxxxx.xxx?x=xxxxxx&x=xxxxxxxxxxpredictive
64Filexxxxxxx.xpredictive
65Filexxxxxx.xxxpredictive
66Filexxxx.xxxpredictive
67Filexxxxx/xxx/xxxx.xpredictive
68Filexxxxxx_xxx_xxxxx_xxx.xxxpredictive
69Filexxx_xxx_xxxxx.xxxpredictive
70Filexxxx/xxxxxxxxxxxxxxx.xxxxxxpredictive
71Filexxxxxxx_xxxxx.xxxpredictive
72Filexxxxxxx_xxxxxxxxxx.xxxpredictive
73Filexxx.xxxpredictive
74Filexxxxxx.xxxpredictive
75Filexxxxxx.xxxpredictive
76Filexxxxxxxxxxxxxx.xxxpredictive
77Filexxxxxxx.xxxpredictive
78Filexx-xxxxx/xxxx-xxx.xxxpredictive
79Filexx-xxxxxxx/xxxxxxx/xxxx-xx-xxxx/predictive
80Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictive
81Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictive
82Filexx-xxxxxxxxxxx.xxxpredictive
83Libraryxxxxxxx/xxx/xxxxxx.xxx.xxxpredictive
84Libraryxxxxxx.xxxpredictive
85Argument$xxxxx_xxxxxxxxxxpredictive
86Argumentxxxxxxxpredictive
87Argumentxxxxxpredictive
88Argumentxxxxxxpredictive
89Argumentxxxpredictive
90Argumentxxxxxpredictive
91Argumentxxxxxxxxxxxxxxxpredictive
92Argumentxxxx/xxxxpredictive
93Argumentxxxxxxxxpredictive
94Argumentxxxxpredictive
95Argumentxxxxxxxxxxpredictive
96Argumentxxxxpredictive
97Argumentxxxxxxxxxxpredictive
98Argumentxxxx_xxxxxxxxpredictive
99Argumentxx_xxpredictive
100Argumentxxxx[xxx]predictive
101Argumentxxxxxxxxpredictive
102Argumentxxxxpredictive
103Argumentxxxxxpredictive
104Argumentxxxxx_xxpredictive
105Argumentxxxx_xxxxxxxpredictive
106Argumentxxpredictive
107Argumentxxxxpredictive
108Argumentxxxxxxxxxxxxx/xxxxxxxxxxxxxxpredictive
109Argumentx/xx/xxxpredictive
110Argumentxxxx_xxxxpredictive
111Argumentxx_xxxxxxxpredictive
112Argumentxxxpredictive
113Argumentxxxxxxxxx/xxxxxx/xxxxxxxxxpredictive
114Argumentxxxxxxxxxxpredictive
115Argumentxxxxxxxxxxxxxpredictive
116Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
117Argumentxxxxxxpredictive
118Argumentxxxxx_xxxxpredictive
119Argumentxxxxxxxxpredictive
120Argumentxxxxxxxxpredictive
121Argumentxxxxxxxpredictive
122Argumentxxxx xxxxxpredictive
123Argumentxxxx_xxxxxpredictive
124Argumentxxxxpredictive
125Argumentxxxxxxpredictive
126Argumentxxxxxxxxxxpredictive
127Argumentx/xxxxxxxxxxxxpredictive
128Argumentxxxxpredictive
129Argumentxxxxxxxxpredictive
130Argumentxxxxx/xxxpredictive
131Argumentxxxpredictive
132Argumentxxxxxxpredictive
133Argumentxxxxxxxxpredictive
134Argumentxxxxxxxxx_xxxxxx_xx_[xxxx]predictive
135Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictive
136Input Value../..predictive
137Network Portxxx/xxxxpredictive
138Network Portxxx/xxx (xxx)predictive

参考 (5)

The following list contains external sources which discuss the actor and the associated activities:

概要

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!