Babar Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

Język

en	30

Kraj

us	24
cn	2
ca	2
fr	2

Aktorzy

Babar	4

Wysiłek

Rodzaj

Not Defined	16
Groupware Software	2
Content Management System	2
Web Server	2
Virtualization Software	2

Sprzedawca

Not Defined	4
Microsoft	2
Joomla	2
Thomas R. Pasawicz	2
Trend Micro	2

Produkt

Microsoft Exchange Server	2
Joomla CMS	2
Thomas R. Pasawicz HyperBook Guestbook	2
Trend Micro Threat Discovery Appliance	2
Lars Ellingsen Guestserver	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	MailEnable Enterprise Premium XML Data XML External Entity	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00224	0.02	CVE-2019-12924
3	SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html cross site scripting	8.0	7.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.02
4	WoltLab Burning Book addentry.php sql injection	7.3	6.8	$0-$5k	$0-$5k	Functional	Unavailable	0.00804	0.02	CVE-2006-5509
5	DZCP deV!L`z Clanportal config.php privilege escalation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.43	CVE-2010-0966
6	Kubernetes kubelet pprof information disclosure	7.3	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.55625	0.08	CVE-2019-11248
7	D-Link DIR-815 POST Request soapcgi_main Privilege Escalation	8.0	7.9	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00317	0.02	CVE-2023-51123
8	Schneider Electric Modicon M218 Logic Controller Service Port 1105 denial of service	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00071	0.00	CVE-2021-22800
9	TETRA TEA1 Keystream Generator Tetraburst Remote Code Execution	8.4	8.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00048	0.05	CVE-2022-24402
10	TETRA Air Interface Encryption Tetraburst nieznana luka	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00048	0.04	CVE-2022-24404
11	Citrix ADC/Gateway cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07218	0.01	CVE-2023-24488
12	ZyXEL P660HN-T v1 ViewLog.asp privilege escalation	7.3	6.4	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.05
13	Microsoft Exchange Server Email privilege escalation	8.4	7.8	$25k-$100k	$0-$5k	Functional	Official Fix	0.58152	0.00	CVE-2020-16875
14	Carbonize Lazarus Guestbook template.class.php privilege escalation	9.8	8.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.04617	0.00	CVE-2007-1486
15	Microsoft IIS Log File Permission information disclosure	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00042	0.05	CVE-2012-2531
16	Apache HTTP Server mod_cache denial of service	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.04147	0.04	CVE-2013-4352
17	Host Web Server phpinfo.php phpinfo information disclosure	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00000	0.04
18	Lars Ellingsen Guestserver guestbook.cgi cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00169	0.04	CVE-2005-4222
19	McAfee Network Security Management Command Line Interface information disclosure	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2020-7284
20	Incredible Interactive Dragonfly Commerce Administration dc_categorieslist.asp Stored nieznana luka	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00581	0.02	CVE-2005-2220

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Identified	Rodzaj	Pewność siebie
1	64.20.43.107	vps238561.trouble-free.net	Babar	2020-12-24	verified	Wysoki
2	69.25.212.153		Babar	2020-12-24	verified	Wysoki
3	83.149.75.58	reserved.ps-it.nl	Babar	2020-12-24	verified	Wysoki
4	XXX.XXX.XX.XX	xxxxx.xxxxxxx-xxxxxxx.xxx	Xxxxx	2020-12-24	verified	Wysoki
5	XXX.XXX.XXX.XXX	xx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxx	Xxxxx	2020-12-24	verified	Wysoki
6	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxx	Xxxxx	2020-12-24	verified	Wysoki
7	XXX.XXX.XXX.XXX	xxxxxx.xxxxxxx.xxxx	Xxxxx	2020-12-24	verified	Wysoki
8	XXX.XXX.XX.XXX	xxxxxx.xxxxxxx-xxxxxxxx.xxx	Xxxxx	2020-12-24	verified	Wysoki
9	XXX.XX.XX.XXX	xxxxxxxx.xxxx.xxxxxxxxxx.xx	Xxxxx	2020-12-24	verified	Wysoki
10	XXX.XXX.XXX.XX	xxx.xxxxxxxxx.xxx	Xxxxx	2020-12-24	verified	Wysoki
11	XXX.XXX.XXX.XX	xxxxxx.xxxxxxxxx.xxx	Xxxxx	2020-12-24	verified	Wysoki
12	XXX.XX.XXX.XX	xxx.xxxxxxx.xxxx	Xxxxx	2020-12-24	verified	Wysoki
13	XXX.XX.XX.XXX	xxxx-xxx-xx-xx-xxx.xxxxxxxxx.xxx	Xxxxx	2020-12-24	verified	Wysoki
14	XXX.XX.XX.XXX	xxxxxxxx.xxxxxx.xxx	Xxxxx	2020-12-24	verified	Wysoki
15	XXX.XXX.XXX.XX	xx-xxx-xxx-xxx-xx.xxxxxxxx.xxx.xxxxxxxxx.xxx	Xxxxx	2020-12-24	verified	Wysoki

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	Wysoki
3	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
4	TXXXX	CAPEC-136	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/debug/pprof	predictive	Medium
2	File	addentry.php	predictive	Medium
3	File	data/gbconfiguration.dat	predictive	Wysoki
4	File	xx_xxxxxxxxxxxxxx.xxx	predictive	Wysoki
5	File	xxxxxxxx_xxxxxxxxx_xxxxx.xxx	predictive	Wysoki
6	File	xxxxxxxxx.xxx	predictive	Wysoki
7	File	xxx/xxxxxx.xxx	predictive	Wysoki
8	File	xxxxxxx.xxx	predictive	Medium
9	File	xxxxxxx_xxx_xxxxx_xxxxxx.xxxx	predictive	Wysoki
10	File	xxxxxxxx.xxxxx.xxx	predictive	Wysoki
11	File	xxxxxxx.xxx	predictive	Medium
12	Argument	xxxxxxxx	predictive	Medium
13	Argument	xxxxx_xx	predictive	Medium
14	Argument	xxxxxxx	predictive	Niski
15	Argument	xxxxxxxxx	predictive	Medium
16	Argument	xxxxxxxx	predictive	Medium
17	Argument	xxxxxx_xxxx	predictive	Medium
18	Argument	xxxxxxx	predictive	Niski
19	Input Value	%xxxxxx+-x+x+xx.x.xx.xxx%xx%xx	predictive	Wysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!