Babar Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (30)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en30

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us20
ca4
fr2
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Babar4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined12
Web Server4
Content Management System2
Anti-Malware Software2
Virtualization Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

TETRA4
Joomla2
Microsoft2
Thomas R. Pasawicz2
McAfee2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Joomla CMS2
TETRA TEA12
TETRA Air Interface Encryption2
Microsoft IIS2
Thomas R. Pasawicz HyperBook Guestbook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2MailEnable Enterprise Premium XML Data xml external entity reference8.58.5$0-$5kCalculatingNot DefinedNot Defined0.002240.02CVE-2019-12924
3SonicWALL AntiSpam / EMail Security Appliance MTA Queue Report Module reports_mta_queue_status.html cross site scripting8.07.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
4WoltLab Burning Book addentry.php sql injection7.36.8$0-$5k$0-$5kFunctionalUnavailable0.008040.00CVE-2006-5509
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.72CVE-2010-0966
6Kubernetes kubelet pprof information disclosure7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.556250.04CVE-2019-11248
7D-Link DIR-815 POST Request soapcgi_main Privilege Escalation8.07.9$5k-$25k$5k-$25kNot DefinedNot Defined0.003170.04CVE-2023-51123
8Schneider Electric Modicon M218 Logic Controller Service Port 1105 denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.00CVE-2021-22800
9TETRA TEA1 Keystream Generator Tetraburst initialization8.48.4$0-$5k$0-$5kNot DefinedNot Defined0.000480.00CVE-2022-24402
10TETRA Air Interface Encryption Tetraburst integrity check5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.000480.04CVE-2022-24404
11Citrix ADC/Gateway cross site scripting4.34.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.052280.04CVE-2023-24488
12ZyXEL P660HN-T v1 ViewLog.asp command injection7.36.4$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.05
13Microsoft Exchange Server Email code injection8.47.8$25k-$100k$0-$5kFunctionalOfficial Fix0.506120.00CVE-2020-16875
14Carbonize Lazarus Guestbook template.class.php file inclusion9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.043170.03CVE-2007-1486
15Microsoft IIS Log File Permission information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000420.04CVE-2012-2531
16Apache HTTP Server mod_cache null pointer dereference5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.041470.06CVE-2013-4352
17Host Web Server phpinfo.php phpinfo information disclosure5.35.2$5k-$25k$0-$5kNot DefinedWorkaround0.000000.05
18Lars Ellingsen Guestserver guestbook.cgi cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001690.43CVE-2005-4222
19McAfee Network Security Management Command Line Interface information disclosure5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2020-7284
20Incredible Interactive Dragonfly Commerce Administration dc_categorieslist.asp Stored unknown vulnerability5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.005810.02CVE-2005-2220

IOC - Indicator of Compromise (15)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.20.43.107vps238561.trouble-free.netBabar12/24/2020verifiedHigh
269.25.212.153Babar12/24/2020verifiedHigh
383.149.75.58reserved.ps-it.nlBabar12/24/2020verifiedHigh
4XXX.XXX.XX.XXxxxxx.xxxxxxx-xxxxxxx.xxxXxxxx12/24/2020verifiedHigh
5XXX.XXX.XXX.XXXxx.xx.xxxx.xxx.xxxxxx.xx-xxxxxxx.xxxXxxxx12/24/2020verifiedHigh
6XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
7XXX.XXX.XXX.XXXxxxxxx.xxxxxxx.xxxxXxxxx12/24/2020verifiedHigh
8XXX.XXX.XX.XXXxxxxxx.xxxxxxx-xxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
9XXX.XX.XX.XXXxxxxxxxx.xxxx.xxxxxxxxxx.xxXxxxx12/24/2020verifiedHigh
10XXX.XXX.XXX.XXxxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
11XXX.XXX.XXX.XXxxxxxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
12XXX.XX.XXX.XXxxx.xxxxxxx.xxxxXxxxx12/24/2020verifiedHigh
13XXX.XX.XX.XXXxxxx-xxx-xx-xx-xxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh
14XXX.XX.XX.XXXxxxxxxxx.xxxxxx.xxxXxxxx12/24/2020verifiedHigh
15XXX.XXX.XXX.XXxx-xxx-xxx-xxx-xx.xxxxxxxx.xxx.xxxxxxxxx.xxxXxxxx12/24/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/debug/pprofpredictiveMedium
2Fileaddentry.phppredictiveMedium
3Filedata/gbconfiguration.datpredictiveHigh
4Filexx_xxxxxxxxxxxxxx.xxxpredictiveHigh
5Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxpredictiveHigh
6Filexxxxxxxxx.xxxpredictiveHigh
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxxxxx_xxx_xxxxx_xxxxxx.xxxxpredictiveHigh
10Filexxxxxxxx.xxxxx.xxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12ArgumentxxxxxxxxpredictiveMedium
13Argumentxxxxx_xxpredictiveMedium
14ArgumentxxxxxxxpredictiveLow
15ArgumentxxxxxxxxxpredictiveMedium
16ArgumentxxxxxxxxpredictiveMedium
17Argumentxxxxxx_xxxxpredictiveMedium
18ArgumentxxxxxxxpredictiveLow
19Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!