Chalubo Analiza

IOB - Indicator of Behavior (45)

Oś czasu

Język

en32
zh12
de2

Kraj

cn28
us12
de2

Aktorzy

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Sprzedawca

Produkt

Joomla CMS4
Forcepoint Email Security4
Open Webmail2
Apache Tomcat2
Craft CMS2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1Cisco Unified Communications Manager TLS Certificate weak encryption5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.001100.00CVE-2014-7991
2Mobile Device Monitoring Service API privilege escalation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2022-0732
3Deltek Vision RPC over HTTP SQL sql injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.005760.03CVE-2018-18251
4Kerio Connect/Connect Client Desktop Application E-Mail Preview privilege escalation6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001850.05CVE-2017-7440
5Google Chrome V8 privilege escalation7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000820.05CVE-2024-0518
6Google Chrome V8 information disclosure7.57.4$25k-$100k$5k-$25kHighOfficial Fix0.001790.00CVE-2024-0519
7Fortinet FortiWeb Authorization Header sql injection7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001310.05CVE-2020-29015
8Ignition Automation Ignition JavaSerializationCodec privilege escalation9.89.8$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2023-39476
9QNAP QTS Photo Station privilege escalation8.58.4$0-$5k$0-$5kHighOfficial Fix0.963410.06CVE-2019-7192
10Hikvision Hybrid SAN Web Module privilege escalation8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.267700.05CVE-2022-28171
11Synacor Zimbra Collaboration mboximport directory traversal4.74.5$0-$5k$0-$5kHighOfficial Fix0.947580.03CVE-2022-27925
12Gitblit directory traversal6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.007730.07CVE-2022-31268
13Open Webmail openwebmail-main.pl cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002490.00CVE-2007-4172
14Johannes Sixt Kdbg .kdbgrc privilege escalation5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2003-0644
15Litespeed Technologies OpenLiteSpeed Web Server Dashboard directory traversal5.55.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.04CVE-2022-0072
16Dovecot Quoted String memory corruption8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.613880.04CVE-2019-11500
17MODX CMS modRestServiceRequest XML External Entity7.37.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002360.00CVE-2020-25911
18RoundCube sql injection6.36.0$0-$5k$0-$5kHighOfficial Fix0.004350.03CVE-2021-44026
19Valmet DNA Service Port 1517 privilege escalation9.39.3$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2021-26726
20WordPress URL privilege escalation8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.007120.00CVE-2019-17670

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
1103.27.185.139Chalubo2022-01-24verifiedMedium
2XXX.XX.XXX.XXXxxxxxx2022-01-24verifiedMedium
3XXX.XXX.XXX.XXXXxxxxxx2024-05-30verifiedVery High
4XXX.XXX.XXX.XXXXxxxxxx2024-05-30verifiedVery High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveWysoki
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3T1059CAPEC-242CWE-94Argument InjectionpredictiveWysoki
4TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveWysoki
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
9TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveWysoki
10TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveWysoki
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveWysoki
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (14)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File.kdbgrcpredictiveNiski
2File/resources//../predictiveWysoki
3File/xxxxxxx/predictiveMedium
4Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveWysoki
5Filexxxxx.xxxpredictiveMedium
6Filexxxxxxxxxxx-xxxx.xxpredictiveWysoki
7Filexxxx.xx.xxpredictiveMedium
8Argumentxxxxxx_xxxxx_xxxpredictiveWysoki
9ArgumentxxxpredictiveNiski
10Argumentxxxxxx/xxxxxx_xxxxxxpredictiveWysoki
11Input Valuexxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxxpredictiveWysoki
12Input Value\xpredictiveNiski
13Network PortxxxxxpredictiveNiski
14Network Portxxx/xx (xxx)predictiveMedium

Referencje (3)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!