Chalubo Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (47)

Lang

en	34
zh	12
ru	2

Land

CN: China	24
US: USA	18
RU: Russia	2

Skådespelare

Chalubo	3
SpyNote	1
Hook	1
APT10	1
ZuoRAT	1

Intressera

Typ

Not Defined	20
Web Browser	6
Content Management System	4
Smartphone Operating System	2
Anti-Malware Software	2

Säljare

Not Defined	6
Apache	6
Google	4
Joomla	2
Fortinet	2

Produkt

Google Chrome	4
Joomla CMS	2
Mobile Device Monitoring Service	2
Fortinet FortiWeb	2
Forcepoint Email Security	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Cisco Unified Communications Manager TLS Certificate svag kryptering	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00112	0.00	CVE-2014-7991
2	Mobile Device Monitoring Service API privilegier eskalering	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.00	CVE-2022-0732
3	Deltek Vision RPC over HTTP SQL sql injektion	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00576	0.03	CVE-2018-18251
4	Vera VeraEdge/Veralite Web User Interface RunLua svag autentisering	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.10148	0.00	CVE-2017-9389
5	Dolibarr ERP CRM SQL File privilegier eskalering	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.07	CVE-2024-37821
6	Kerio Connect/Connect Client Desktop Application E-Mail Preview privilegier eskalering	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00185	0.04	CVE-2017-7440
7	Google Chrome V8 privilegier eskalering	7.5	7.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00082	0.05	CVE-2024-0518
8	Google Chrome V8 informationsgivning	7.5	7.4	$25k-$100k	$5k-$25k	High	Official Fix	0.00179	0.05	CVE-2024-0519
9	Fortinet FortiWeb Authorization Header sql injektion	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00131	0.05	CVE-2020-29015
10	Ignition Automation Ignition JavaSerializationCodec privilegier eskalering	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00065	0.04	CVE-2023-39476
11	QNAP QTS Photo Station privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.96341	0.05	CVE-2019-7192
12	Hikvision Hybrid SAN Web Module privilegier eskalering	8.2	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.27157	0.05	CVE-2022-28171
13	Synacor Zimbra Collaboration mboximport kataloggenomgång	4.7	4.5	$0-$5k	$0-$5k	High	Official Fix	0.94758	0.00	CVE-2022-27925
14	Gitblit kataloggenomgång	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00625	0.08	CVE-2022-31268
15	Open Webmail openwebmail-main.pl cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00249	0.00	CVE-2007-4172
16	Johannes Sixt Kdbg .kdbgrc privilegier eskalering	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2003-0644
17	Litespeed Technologies OpenLiteSpeed Web Server Dashboard kataloggenomgång	5.5	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00071	0.05	CVE-2022-0072
18	Dovecot Quoted String minneskorruption	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.61388	0.05	CVE-2019-11500
19	MODX CMS modRestServiceRequest XML External Entity	7.3	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00236	0.00	CVE-2020-25911
20	RoundCube sql injektion	8.0	7.9	$0-$5k	$0-$5k	High	Official Fix	0.01441	0.04	CVE-2021-44026

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Skådespelare	Identified	Typ	Förtroende
1	103.27.185.139	Chalubo	24/01/2022	verified	Medium
2	XXX.XX.XXX.XX	Xxxxxxx	24/01/2022	verified	Medium
3	XXX.XXX.XXX.XXX	Xxxxxxx	30/05/2024	verified	Very High
4	XXX.XXX.XXX.XXX	Xxxxxxx	30/05/2024	verified	Very High

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Hög
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Hög
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Hög
4	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
9	TXXXX.XXX	CAPEC-133	CWE-XXX	Xxxxxxxx	predictive	Hög
10	TXXXX.XXX	CAPEC-	CWE-XX	Xxxxxxxxxxxxx	predictive	Hög
11	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög
12	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (15)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	.kdbgrc	predictive	Låg
2	File	/resources//../	predictive	Hög
3	File	/uncpath/	predictive	Medium
4	File	xxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxx	predictive	Hög
5	File	xxxxx.xxx	predictive	Medium
6	File	xxxxxxxxxxx-xxxx.xx	predictive	Hög
7	File	xxxx.xx.xx	predictive	Medium
8	Argument	xxxx	predictive	Låg
9	Argument	xxxxxx_xxxxx_xxx	predictive	Hög
10	Argument	xxx	predictive	Låg
11	Argument	xxxxxx/xxxxxx_xxxxxx	predictive	Hög
12	Input Value	xxxx/xxxxx/xxxxxxxx/xxxxxxx/xx/xxxxxxx/xxxxxxxxxx/xx_xxxx	predictive	Hög
13	Input Value	\x	predictive	Låg
14	Network Port	xxxxx	predictive	Låg
15	Network Port	xxx/xx (xxx)	predictive	Medium

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Interested in the pricing of exploits?

See the underground prices here!