Babar 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

时间轴

语言

en30

国家/地区

us20
ca4
gb2
cn2

演员

Babar4

活动

利益

时间轴

类型

Not Defined12
Anti-Malware Software2
Mail Server Software2
Virtualization Software2
Web Server2

供应商

Not Defined4
TETRA4
DZCP2
McAfee2
SonicWALL2

产品

DZCP deV!L`z Clanportal2
McAfee Network Security Management2
SonicWALL AntiSpam 2
SonicWALL EMail Security Appliance2
MailEnable Enterprise Premium2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k计算HighWorkaround0.020160.00CVE-2007-1192
2MailEnable Enterprise Premium XML Data XML External Entity8.58.5$0-$5k计算Not DefinedNot Defined0.002240.02CVE-2019-12924
3SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html 跨网站脚本8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
4WoltLab Burning Book addentry.php SQL注入7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
5DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.52CVE-2010-0966
6Kubernetes kubelet pprof 信息公开7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.556250.03CVE-2019-11248
7D-Link DIR-815 POST Request soapcgi_main Privilege Escalation8.07.9$5k-$25k$5k-$25kNot DefinedNot Defined0.003170.04CVE-2023-51123
8Schneider Electric Modicon M218 Logic Controller Service Port 1105 拒绝服务3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.00CVE-2021-22800
9TETRA TEA1 Keystream Generator Tetraburst Remote Code Execution8.48.4$0-$5k$0-$5kNot DefinedNot Defined0.000480.04CVE-2022-24402
10TETRA Air Interface Encryption Tetraburst 未知漏洞5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000480.04CVE-2022-24404
11Citrix ADC/Gateway 跨网站脚本4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.052280.04CVE-2023-24488
12ZyXEL P660HN-T v1 ViewLog.asp 权限升级7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.00
13Microsoft Exchange Server Email 权限升级8.47.8$25k-$100k$0-$5kFunctionalOfficial Fix0.506120.00CVE-2020-16875
14Carbonize Lazarus Guestbook template.class.php 权限升级9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.043170.03CVE-2007-1486
15Microsoft IIS Log File Permission 信息公开5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000420.04CVE-2012-2531
16Apache HTTP Server mod_cache 拒绝服务5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.041470.06CVE-2013-4352
17Host Web Server phpinfo.php phpinfo 信息公开5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.05
18Lars Ellingsen Guestserver guestbook.cgi 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.15CVE-2005-4222
19McAfee Network Security Management Command Line Interface 信息公开5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-7284
20Incredible Interactive Dragonfly Commerce Administration dc_categorieslist.asp Stored 未知漏洞5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.005810.02CVE-2005-2220

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
164.20.43.107vps238561.trouble-free.netBabar2020-12-24verified
269.25.212.153Babar2020-12-24verified
383.149.75.58reserved.ps-it.nlBabar2020-12-24verified
4XXX.XXX.XX.XXxxxxx.xxxxxxx-xxxxxxx.xxxXxxxx2020-12-24verified
5XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxx2020-12-24verified
6XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxx2020-12-24verified
7XXX.XXX.XXX.XXXxxxxxx.xxxxxxx.xxxxXxxxx2020-12-24verified
8XXX.XXX.XX.XXXxxxxxx.xxxxxxx-xxxxxxxx.xxxXxxxx2020-12-24verified
9XXX.XX.XX.XXXxxxxxxxx.xxxx.xxxxxxxxxx.xxXxxxx2020-12-24verified
10XXX.XXX.XXX.XXxxx.xxxxxxxxx.xxxXxxxx2020-12-24verified
11XXX.XXX.XXX.XXxxxxxx.xxxxxxxxx.xxxXxxxx2020-12-24verified
12XXX.XX.XXX.XXxxx.xxxxxxx.xxxxXxxxx2020-12-24verified
13XXX.XX.XX.XXXxxxx-xxx-xx-xx-xxx.xxxxxxxxx.xxxXxxxx2020-12-24verified
14XXX.XX.XX.XXXxxxxxxxx.xxxxxx.xxxXxxxx2020-12-24verified
15XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx2020-12-24verified

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1059CAPEC-242CWE-94Argument Injectionpredictive
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
3TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/debug/pprofpredictive
2Fileaddentry.phppredictive
3Filedata/gbconfiguration.datpredictive
4Filexx_xxxxxxxxxxxxxx.xxxpredictive
5Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxpredictive
6Filexxxxxxxxx.xxxpredictive
7Filexxx/xxxxxx.xxxpredictive
8Filexxxxxxx.xxxpredictive
9Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictive
10Filexxxxxxxx.xxxxx.xxxpredictive
11Filexxxxxxx.xxxpredictive
12Argumentxxxxxxxxpredictive
13Argumentxxxxx_xxpredictive
14Argumentxxxxxxxpredictive
15Argumentxxxxxxxxxpredictive
16Argumentxxxxxxxxpredictive
17Argumentxxxxxx_xxxxpredictive
18Argumentxxxxxxxpredictive
19Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you need the next level of professionalism?

Upgrade your account now!