Chaes Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en22
es2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

mo10
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Chaes2
Mirai1
Meterpreter1
Havoc1
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
Content Management System4
Social Network Software2
Forum Software2
Document Processing Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined4
PHPOutsourcing2
Facebook2
Tiki2
Bitrix2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHPOutsourcing IdeaBox2
Facebook WhatsApp2
Tiki TikiWiki2
vBulletin2
Bitrix Site Manager2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013021.02CVE-2007-0354
2UCMS top.php adminchannelscache information exposure3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.001260.05CVE-2021-25809
3Bomgar Remote Support Portal JavaStart.jar Applet path traversal9.19.1$0-$5k$0-$5kNot DefinedNot Defined0.001950.03CVE-2017-12815
4vBulletin redirector.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001060.04CVE-2018-6200
5Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable0.001130.03CVE-2008-2052
6Tiki TikiWiki tiki-editpage.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.011940.03CVE-2004-1386
7confucious Package set Prototype privileges management8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.005210.00CVE-2020-7714
8Ozeki NG SMS Gateway ASP.NET SMS Module privileges management4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.001190.00CVE-2020-14021
9Microsoft IIS File Name privileges management5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.933890.00CVE-1999-0012
10KDE .kss.pid race condition4.03.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-1999-1269
11Microsoft Windows IP Fragmentation Bonk denial of service5.35.1$25k-$100k$0-$5kHighOfficial Fix0.775600.00CVE-1999-0258
12Microsoft Windows SMB Logon denial of service5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.002780.00CVE-1999-0225
13Qualcomm Snapdragon Auto Client Map Table use after free6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2020-11124
14Qualcomm Snapdragon Auto WPA buffer overflow8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.003320.00CVE-2020-3667
15GNOME libxml2 entities.c xmlEncodeEntitiesInternal buffer overflow8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.002970.00CVE-2020-24977
16IBM InfoSphere Metadata Asset Manager server-side request forgery6.06.0$5k-$25k$5k-$25kNot DefinedNot Defined0.000830.00CVE-2020-4632
17Facebook WhatsApp Sticker input validation7.47.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000840.00CVE-2020-1890
18OS4Ed openSIS MassDropModal.php sql injection7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2020-6134
19RealNetworks RealOne Player Temp File cross site scripting6.36.3$5k-$25k$0-$5kNot DefinedNot Defined0.009690.00CVE-2003-1509
20GitLab Application unknown vulnerability4.24.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2020-13294

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1108.166.219.4343-219-166-108-dedicated.multacom.comChaes03/19/2024verifiedHigh
2176.123.3.100Chaes03/19/2024verifiedHigh
3XXX.XXX.X.XXXXxxxx03/19/2024verifiedHigh
4XXX.XXX.XXX.XXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxx03/19/2024verifiedHigh
5XXX.XXX.XXX.XXXxxxxxxxx.xxxxxxxxxxx.xxx.xxXxxxx03/19/2024verifiedHigh
6XXX.XX.XXX.XXXxxx-xx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxx03/19/2024verifiedHigh
7XXX.XXX.XXX.XXxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.xxXxxxx03/19/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-215CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (17)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.kss.pidpredictiveMedium
2File/+CSCOE+/logon.htmlpredictiveHigh
3Fileemail.phppredictiveMedium
4Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
5Filexxxxxxx.xxxpredictiveMedium
6Filexxxxxxx/xxxxxxxx.xpredictiveHigh
7Filexxxxxxxxxxxxx.xxxpredictiveHigh
8Filexxxxxxxx.xxxpredictiveMedium
9Filexxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxx.xxxpredictiveMedium
11Filexxxx-xxxxxxxx.xxxpredictiveHigh
12Filexxx.xxxpredictiveLow
13ArgumentxxxxxxxxpredictiveMedium
14ArgumentxxxxpredictiveLow
15ArgumentxxpredictiveLow
16ArgumentxxxpredictiveLow
17ArgumentxxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!