PakistanChatMessenger Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (331)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en294
es20
ja10
ru4
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us236
nl6
gb4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

PakistanChatMessenger3
Lazarus2
Conti2
Cobalt Strike2
Silence1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined152
Content Management System30
Operating System24
Multimedia Player Software20
Smartphone Operating System12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined94
Apple30
Adobe22
SourceCodester20
IBM12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Flash Player18
Apple Mac OS X14
Apple iOS12
WordPress8
PHP6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Foxit PDF Reader exportXFAData Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.07CVE-2023-27363
2php-revista articulo.php sql injection6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.019000.03CVE-2006-4608
3SourceCodester Facebook News Feed Like Post unrestricted upload7.57.4$0-$5k$0-$5kNot DefinedNot Defined0.000910.25CVE-2024-1027
4Tongda OA 2017 delete.php sql injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-6885
5D-Link DAR-7000 workidajax.php sql injection6.96.8$5k-$25k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2023-6581
6Totolink X5000R cstecgi.cgi setWizardCfg os command injection6.96.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001190.08CVE-2023-6612
7SourceCodester Online Exam System GET Parameter updateCourse.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.00CVE-2023-2642
8Simple File List Plugin ee-downloader.php path traversal6.46.3$0-$5k$0-$5kNot DefinedNot Defined0.422220.02CVE-2022-1119
9Quirm SAXON Error Message news.php information disclosure5.34.6$0-$5k$0-$5kUnprovenOfficial Fix0.007960.00CVE-2007-4861
10DouPHP article.php cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-30205
11Solidweb Novus notas.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.000990.03CVE-2007-5123
12Synacor Zimbra Webmail Subsystem upload unrestricted upload6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.004660.00CVE-2020-12846
13IBM HTTP Server memory corruption6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003590.03CVE-2015-4947
14WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.003180.04CVE-2017-5611
15Kashipara Billing Software HTTP POST Request material_bill.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.04CVE-2024-0494
16ProLion CryptoSpike REST API Endpoint path traversal5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001260.03CVE-2023-36654
17ProLion CryptoSpike REST API Endpoint sql injection5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000520.05CVE-2023-36652
18ProLion CryptoSpike REST API Endpoint hard-coded key7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-36647
19ProLion CryptoSpike REST API Endpoint access control7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.001090.00CVE-2023-36646
20ProLion CryptoSpike Login REST API improper authentication8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.001060.03CVE-2023-36655

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.2.78.240PakistanChatMessenger05/31/2021verifiedHigh
2XX.XXX.XXX.XXXxx-xxx-xxx.xxxxxxxx.xxxxXxxxxxxxxxxxxxxxxxxxx05/31/2021verifiedHigh
3XXX.XXX.XX.XXXxxxxxxxxxxxxxxxxxxxx05/31/2021verifiedHigh
4XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxxxxxx05/31/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCAPEC-16CWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-492CWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (185)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/about-us.phppredictiveHigh
2File/admin/article.phppredictiveHigh
3File/admin/countrymanagement.phppredictiveHigh
4File/admin/transactions/track_shipment.phppredictiveHigh
5File/admin/user/manage_user.phppredictiveHigh
6File/administration/settings_registration.phppredictiveHigh
7File/ajax-files/postComment.phppredictiveHigh
8File/application/index/controller/File.phppredictiveHigh
9File/application/index/controller/Screen.phppredictiveHigh
10File/application/websocket/controller/Setting.phppredictiveHigh
11File/auth/auth.php?user=1predictiveHigh
12File/blogpredictiveLow
13File/categorypage.phppredictiveHigh
14File/cgi-bin/cstecgi.cgipredictiveHigh
15File/cgi-bin/cstecgi.cgi?action=loginpredictiveHigh
16File/classes/Master.phppredictiveHigh
17File/collection/allpredictiveHigh
18File/general/email/outbox/delete.phppredictiveHigh
19File/home.phppredictiveMedium
20File/list_temp_photo_pin_upload.phppredictiveHigh
21File/loginpredictiveLow
22File/nova/bin/detnetpredictiveHigh
23File/print.phppredictiveMedium
24File/searchpin.phppredictiveHigh
25File/xxxxxxx/xxxxxxpredictiveHigh
26File/xxxxxxxx/xxxx/xxxxxxxxpredictiveHigh
27File/xxxx_xxxxx_xxxxxxx.xxxpredictiveHigh
28File/xxxx/xxx/xxxxpredictiveHigh
29File/xxxx/xxx/xxxxxxxxxx.xxxpredictiveHigh
30File/xxxx/xxxxxxxpredictiveHigh
31File/xxxx/xxxxxx/xxxxxxpredictiveHigh
32File/xxxx/?xxxx=xxxxxx_xxxxxxxpredictiveHigh
33Filexxxxx/xxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxxx/xxxxx/xxxxxxx_xxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxx\xxxxx\xxxxxxx\xxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
37Filexxxxxxxx.xxxpredictiveMedium
38Filexxx_xxxxxxx.xxxpredictiveHigh
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxx/xxx_xxxxxx.xpredictiveHigh
42Filexxxx-xxx.xxxpredictiveMedium
43Filexxxxxxxx.xxxpredictiveMedium
44Filexxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxx/xxxxxxx.xxxxpredictiveHigh
46Filexxxxxx/xxxx.xpredictiveHigh
47Filexxxxxx/xxx.xpredictiveMedium
48Filexxx.xxx.xxxxpredictiveMedium
49Filexxxxxxx.xxxpredictiveMedium
50Filexxxxxx/xxxxx/xxxxxxx.xpredictiveHigh
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxxx.xxxpredictiveMedium
53Filexxxx_xxx.xxxpredictiveMedium
54Filexxxxxxxxxx_xxxxxx.xxxpredictiveHigh
55Filexxxx.xxxpredictiveMedium
56Filexxxxx_xxxxx.xxxpredictiveHigh
57Filexxxx_xxxxxxxx_xxxxxxxxx.xpredictiveHigh
58Filexxxxxxxxx.xxxpredictiveHigh
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxxxx/xxxx/xxxxxx/xxxxxx.xxxpredictiveHigh
61Filexxx_xxxx.xxxpredictiveMedium
62Filexxxxxx/xxxxx_xxxx_xxxxxxxpredictiveHigh
63Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
64Filexxxx.xxxx.xxxpredictiveHigh
65Filexxxxxxxxxxx.xpredictiveHigh
66Filexxxxxx_xxxxxxx.xxxxpredictiveHigh
67Filexxxxxxxxxxxx.xxxpredictiveHigh
68Filexxx/xxxxx/xxxxx.xxxx.xxxpredictiveHigh
69Filexxxxxxxx/xxxxx-xxxxxxxxxx-xxxx.xxxpredictiveHigh
70Filexxxxx.xxxpredictiveMedium
71Filexxxxx.xxx?xxxxxx=xxx&xxxxxx=xxxx&x=xxxxxxpredictiveHigh
72Filexxxxx/xxxxx.xxxpredictiveHigh
73Filex_xxxxxxxx_xxxxxpredictiveHigh
74Filexxxxxxxxxx/xxxx.xpredictiveHigh
75Filexxxxxxx/xxxxxxx.xpredictiveHigh
76Filexxxxx.xxxpredictiveMedium
77Filexxxxxxxxxx.xxxpredictiveHigh
78Filexxxxxxxxxxxxxx.xxxpredictiveHigh
79Filexxxx/xxx_xxxxxxxxx.xpredictiveHigh
80Filexxxxxx_xxxxxx.xxxpredictiveHigh
81Filexxxxxxxx_xxxx.xxxpredictiveHigh
82Filexxxxxxxxxxx/xxxxxxxxx/xxxxxxxxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
83Filexx.xxxxxxxxxx.xxxxpredictiveHigh
84Filexxx/xxxx/xxx_xxxxxxxxx.xpredictiveHigh
85Filexxxx.xxxpredictiveMedium
86Filexxxxx.xxxpredictiveMedium
87Filexxxxxxxx-xxxxxxxx.xxxpredictiveHigh
88Filexxxxxx_xxxxxxxxxx_xxxxx.xxxpredictiveHigh
89Filexxxxx.xxxpredictiveMedium
90Filexxxx.xxxpredictiveMedium
91Filexxxxxx.xxxpredictiveMedium
92Filexxxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
93Filexxxxxxxx.xpredictiveMedium
94Filexxxx_xxxxxxx_xxxxxxx.xxxpredictiveHigh
95Filexxx/xxx.xxxxxxx/xxxxxxxx.xxxpredictiveHigh
96Filexxx/xxxx/xxxx/xxx/xxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
97Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictiveHigh
98Filexxxxx.xpredictiveLow
99Filexx_xxxxxx.xxxpredictiveHigh
100Filexxxx.xxxpredictiveMedium
101Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxxx.xxxpredictiveHigh
102Filexx-xxxxx/xxxxxx-xxxx.xxxpredictiveHigh
103Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
104Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
105Filexx-xxxxxxxx/xx-xxxxxxxxx.xxxpredictiveHigh
106Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
107Filexx-xxxx.xxxpredictiveMedium
108Filexxxx/xxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
109File~/xxxxxxxx/xx-xxxxxxxxxx.xxxpredictiveHigh
110Libraryxxxxxxxx/xxxxxxx/xxx.xxxpredictiveHigh
111Libraryxxxxxxxxxx.xxxpredictiveHigh
112Libraryxxx/xxxxx.xxxpredictiveHigh
113Libraryxxx/xxxxxx.xxxpredictiveHigh
114Libraryxxx/xxxxxxxx.xxpredictiveHigh
115Libraryxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
116Libraryxxxx/xxxxxxxxxxxx/xxxxx/xxxxx.xxpredictiveHigh
117ArgumentxxxxxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119ArgumentxxxxxpredictiveLow
120ArgumentxxxpredictiveLow
121ArgumentxxxxxxxxpredictiveMedium
122ArgumentxxxpredictiveLow
123ArgumentxxxxxpredictiveLow
124Argumentxxxx_xxpredictiveLow
125ArgumentxxxxxxxpredictiveLow
126Argumentxxxxxxx/xxxxxxpredictiveHigh
127Argumentxxxxxxx/xxxxxxxxxxxpredictiveHigh
128Argumentxxxxxxxxx=xxxxpredictiveHigh
129Argumentxxxxxx_xxxpredictiveMedium
130ArgumentxxxpredictiveLow
131Argumentx_xxxpredictiveLow
132ArgumentxxxxxxpredictiveLow
133ArgumentxxxxxxpredictiveLow
134ArgumentxxxxxpredictiveLow
135ArgumentxxxxpredictiveLow
136ArgumentxxxxxxxxpredictiveMedium
137Argumentxxxxx_xxxxpredictiveMedium
138ArgumentxxxxpredictiveLow
139Argumentxx_xxxxxxxxpredictiveMedium
140ArgumentxxxpredictiveLow
141Argumentxxxx_xxxxpredictiveMedium
142ArgumentxxpredictiveLow
143ArgumentxxxxxpredictiveLow
144Argumentxx_xxxxxxxxpredictiveMedium
145Argumentxx_xxxxxpredictiveMedium
146ArgumentxxxxxxxxxxpredictiveMedium
147Argumentx_xxxxxxxxpredictiveMedium
148ArgumentxxxxxxxxpredictiveMedium
149Argumentxxxx x xxxxpredictiveMedium
150ArgumentxxxxxxxpredictiveLow
151ArgumentxxxxpredictiveLow
152Argumentxxxx/xxxxxxxpredictiveMedium
153Argumentxxx_xxxxxxxxpredictiveMedium
154ArgumentxxxxxxpredictiveLow
155Argumentxxxx_xxpredictiveLow
156ArgumentxxxxpredictiveLow
157ArgumentxxxxxxxpredictiveLow
158Argumentxxxxxxxx/xxxx/xxxxx/xxxx/xxxxxxxxx/xxxxxxxxxxxx/xxpredictiveHigh
159ArgumentxxxxxxxpredictiveLow
160ArgumentxxxpredictiveLow
161Argumentxxxxxxx_xxxxxxxpredictiveHigh
162ArgumentxxxxxxxxxxxxpredictiveMedium
163Argumentxxxxxxx_xxxpredictiveMedium
164ArgumentxxxxxxpredictiveLow
165ArgumentxxxpredictiveLow
166Argumentxxx_xxxxpredictiveMedium
167ArgumentxxxxxpredictiveLow
168ArgumentxxxxxpredictiveLow
169ArgumentxxxpredictiveLow
170Argumentxxxxxxx_xxpredictiveMedium
171ArgumentxxxxpredictiveLow
172ArgumentxxxxxpredictiveLow
173ArgumentxxxxxpredictiveLow
174Argumentxxxxxx_xxpredictiveMedium
175ArgumentxxxpredictiveLow
176ArgumentxxxxxxxxpredictiveMedium
177Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
178Input Value'"--></xxxxx></xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
179Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
180Input Value' xx 'x'='xpredictiveMedium
181Input Value../predictiveLow
182Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
183Input ValuexxxpredictiveLow
184Network Portxxx/xxxxxpredictiveMedium
185Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!