Chalubo 解析

IOB - Indicator of Behavior (45)

タイムライン

言語

en30
zh14
de2

国・地域

cn28
us12
de2

アクター

アクティビティ

関心

タイムライン

タイプ

ベンダー

製品

Forcepoint Email Security4
Synacor Zimbra Collaboration4
Litespeed Technologies OpenLiteSpeed2
Dovecot2
Apache Tomcat2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Cisco Unified Communications Manager TLS Certificate 弱い暗号化5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001100.00CVE-2014-7991
2Mobile Device Monitoring Service API 特権昇格5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2022-0732
3Deltek Vision RPC over HTTP SQL SQLインジェクション8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.005760.03CVE-2018-18251
4Kerio Connect/Connect Client Desktop Application E-Mail Preview 特権昇格6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001850.05CVE-2017-7440
5Google Chrome V8 特権昇格7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000820.05CVE-2024-0518
6Google Chrome V8 情報の漏洩7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.001790.00CVE-2024-0519
7Fortinet FortiWeb Authorization Header SQLインジェクション7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.05CVE-2020-29015
8Ignition Automation Ignition JavaSerializationCodec 特権昇格9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2023-39476
9QNAP QTS Photo Station 特権昇格8.58.4$0-$5k$0-$5kHighOfficial Fix0.963410.06CVE-2019-7192
10Hikvision Hybrid SAN Web Module 特権昇格8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.267700.05CVE-2022-28171
11Synacor Zimbra Collaboration mboximport ディレクトリトラバーサル4.74.5$0-$5k$0-$5kHighOfficial Fix0.947580.03CVE-2022-27925
12Gitblit ディレクトリトラバーサル6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.007730.07CVE-2022-31268
13Open Webmail openwebmail-main.pl クロスサイトスクリプティング4.34.2$0-$5k$0-$5kHighUnavailable0.002490.00CVE-2007-4172
14Johannes Sixt Kdbg .kdbgrc 特権昇格5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2003-0644
15Litespeed Technologies OpenLiteSpeed Web Server Dashboard ディレクトリトラバーサル5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.04CVE-2022-0072
16Dovecot Quoted String メモリ破損8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.613880.04CVE-2019-11500
17MODX CMS modRestServiceRequest XML External Entity7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002360.00CVE-2020-25911
18RoundCube SQLインジェクション6.36.0$0-$5k$0-$5kHighOfficial Fix0.004350.03CVE-2021-44026
19Valmet DNA Service Port 1517 特権昇格9.39.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2021-26726
20WordPress URL 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.007120.00CVE-2019-17670

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
1103.27.185.139Chalubo2022年01月24日verified
2XXX.XX.XXX.XXXxxxxxx2022年01月24日verified
3XXX.XXX.XXX.XXXXxxxxxx2024年05月30日verifiedVery High
4XXX.XXX.XXX.XXXXxxxxxx2024年05月30日verifiedVery High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File.kdbgrcpredictive
2File/resources//../predictive
3File/xxxxxxx/predictive
4Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictive
5Filexxxxx.xxxpredictive
6Filexxxxxxxxxxx-xxxx.xxpredictive
7Filexxxx.xx.xxpredictive
8Argumentxxxxxx_xxxxx_xxxpredictive
9Argumentxxxpredictive
10Argumentxxxxxx/xxxxxx_xxxxxxpredictive
11Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxpredictive
12Input Value\xpredictive
13Network Portxxxxxpredictive
14Network Portxxx/xx (xxx)predictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!