Babar Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

Curso de tempo

Idioma

en30

País

us22
ca4
fr2

Actores

Babar4

Actividades

Interesse

Curso de tempo

Tipo

Not Defined16
Groupware Software2
Web Server2
Connectivity Software2
Content Management System2

Fabricante

Microsoft4
TETRA2
Not Defined2
Incredible Interactive2
Thomas R. Pasawicz2

Produto

TETRA TEA12
Microsoft Exchange Server2
Host2
Incredible Interactive Dragonfly Commerce2
Thomas R. Pasawicz HyperBook Guestbook2

Vulnerabilidades

#VulnerabilidadeBaseTemp0dayHojeExpMasEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação5.35.2$5k-$25kCalculadoHighWorkaround0.020160.00CVE-2007-1192
2MailEnable Enterprise Premium XML Data XML External Entity8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.002240.02CVE-2019-12924
3SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html Roteiro Cruzado de Sítios8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
4WoltLab Burning Book addentry.php Injecção SQL7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
5DZCP deV!L`z Clanportal config.php direitos alargados7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.11CVE-2010-0966
6Kubernetes kubelet pprof Divulgação de Informação7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.556250.04CVE-2019-11248
7D-Link DIR-815 POST Request soapcgi_main Privilege Escalation8.07.9$5k-$25k$5k-$25kNot DefinedNot Defined0.003170.02CVE-2023-51123
8Schneider Electric Modicon M218 Logic Controller Service Port 1105 Negação de Serviço3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.00CVE-2021-22800
9TETRA TEA1 Keystream Generator Tetraburst Remote Code Execution8.48.4$0-$5k$0-$5kNot DefinedNot Defined0.000480.00CVE-2022-24402
10TETRA Air Interface Encryption Tetraburst vulnerabilidade desconhecida5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000480.04CVE-2022-24404
11Citrix ADC/Gateway Roteiro Cruzado de Sítios4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.072180.04CVE-2023-24488
12ZyXEL P660HN-T v1 ViewLog.asp direitos alargados7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.04
13Microsoft Exchange Server Email direitos alargados8.47.8$25k-$100k$0-$5kFunctionalOfficial Fix0.506120.00CVE-2020-16875
14Carbonize Lazarus Guestbook template.class.php direitos alargados9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.046170.03CVE-2007-1486
15Microsoft IIS Log File Permission Divulgação de Informação5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000420.05CVE-2012-2531
16Apache HTTP Server mod_cache Negação de Serviço5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.041470.06CVE-2013-4352
17Host Web Server phpinfo.php phpinfo Divulgação de Informação5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.05
18Lars Ellingsen Guestserver guestbook.cgi Roteiro Cruzado de Sítios4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.30CVE-2005-4222
19McAfee Network Security Management Command Line Interface Divulgação de Informação5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-7284
20Incredible Interactive Dragonfly Commerce Administration dc_categorieslist.asp Stored vulnerabilidade desconhecida5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.005810.02CVE-2005-2220

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDEndereço IPHostnameActorCampanhasIdentifiedTipoAceitação
164.20.43.107vps238561.trouble-free.netBabar24/12/2020verifiedAlto
269.25.212.153Babar24/12/2020verifiedAlto
383.149.75.58reserved.ps-it.nlBabar24/12/2020verifiedAlto
4XXX.XXX.XX.XXxxxxx.xxxxxxx-xxxxxxx.xxxXxxxx24/12/2020verifiedAlto
5XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxx24/12/2020verifiedAlto
6XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxx24/12/2020verifiedAlto
7XXX.XXX.XXX.XXXxxxxxx.xxxxxxx.xxxxXxxxx24/12/2020verifiedAlto
8XXX.XXX.XX.XXXxxxxxx.xxxxxxx-xxxxxxxx.xxxXxxxx24/12/2020verifiedAlto
9XXX.XX.XX.XXXxxxxxxxx.xxxx.xxxxxxxxxx.xxXxxxx24/12/2020verifiedAlto
10XXX.XXX.XXX.XXxxx.xxxxxxxxx.xxxXxxxx24/12/2020verifiedAlto
11XXX.XXX.XXX.XXxxxxxx.xxxxxxxxx.xxxXxxxx24/12/2020verifiedAlto
12XXX.XX.XXX.XXxxx.xxxxxxx.xxxxXxxxx24/12/2020verifiedAlto
13XXX.XX.XX.XXXxxxx-xxx-xx-xx-xxx.xxxxxxxxx.xxxXxxxx24/12/2020verifiedAlto
14XXX.XX.XX.XXXxxxxxxxx.xxxxxx.xxxXxxxx24/12/2020verifiedAlto
15XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx24/12/2020verifiedAlto

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassificaçãoVulnerabilidadesTipo de acessoTipoAceitação
1T1059CAPEC-242CWE-94Argument InjectionpredictiveAlto
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveAlto
3TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveAlto
4TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveAlto
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveAlto
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveAlto

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTipoAceitação
1File/debug/pprofpredictiveMédio
2Fileaddentry.phppredictiveMédio
3Filedata/gbconfiguration.datpredictiveAlto
4Filexx_xxxxxxxxxxxxxx.xxxpredictiveAlto
5Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxpredictiveAlto
6Filexxxxxxxxx.xxxpredictiveAlto
7Filexxx/xxxxxx.xxxpredictiveAlto
8Filexxxxxxx.xxxpredictiveMédio
9Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveAlto
10Filexxxxxxxx.xxxxx.xxxpredictiveAlto
11Filexxxxxxx.xxxpredictiveMédio
12ArgumentxxxxxxxxpredictiveMédio
13Argumentxxxxx_xxpredictiveMédio
14ArgumentxxxxxxxpredictiveBaixo
15ArgumentxxxxxxxxxpredictiveMédio
16ArgumentxxxxxxxxpredictiveMédio
17Argumentxxxxxx_xxxxpredictiveMédio
18ArgumentxxxxxxxpredictiveBaixo
19Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveAlto

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

VoltarVisão GeralPróximo

Do you know our Splunk app?

Download it now for free!