CredStealer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (219)

タイムライン

言語

en204
ru14
de2

国・地域

us32
cn22
ru4
es4
gb2

アクター

CredStealer2
Meterpreter2
TeamTNT1
BlackByte1
Tsunami1

アクティビティ

関心

タイムライン

タイプ

Not Defined92
WordPress Plugin18
Operating System18
Content Management System12
E-Commerce Management Software8

ベンダー

Not Defined88
Apple8
Linux6
Microsoft6
Cisco6

製品

Apple macOS8
Linux Kernel6
Google Chrome4
Netgear D78004
Netgear R61004

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash 特権昇格6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.04CVE-2017-6342
2Cyr to Lat Plugin SQLインジェクション6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.03CVE-2022-4290
3HPE Onboard Administrator Reflected クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.02CVE-2020-7132
4xwikisas macro-pdfviewer PDF Viewer Macro 情報の漏洩6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
5Moises Heberle WooCommerce Bookings Calendar Plugin クロスサイトスクリプティング5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
6Foxit PDF Reader AcroForm メモリ破損6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.03CVE-2024-30354
7Tenda AC10 SetStaticRouteCfg fromSetRouteStatic メモリ破損8.88.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.03CVE-2024-2581
8MediaTek MT8798 Lk メモリ破損6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022
9Kofax Power PDF PNG File Parser 情報の漏洩4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2024-27336
10Linux Kernel ASPM pci_set_power_state_locked サービス拒否4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-26605
11Elementor Plugin 特権昇格5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.07CVE-2024-24934
12IBM Security Access Manager Container DSC Server サービス拒否6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2023-31006
13WP Recipe Maker Plugin クロスサイトスクリプティング5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.02CVE-2024-0382
14Dahua IPC/SD/NVR/XVR Packet 未知の脆弱性4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.03CVE-2022-30564
15PrestaShop blockwishlist SQLインジェクション7.77.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007410.02CVE-2022-31101
16ThemePunch OHG Slider Revolution Plugin 特権昇格7.27.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.05CVE-2023-47784
17OpenZeppelin openzeppelin-contracts Subcall 特権昇格5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.06CVE-2023-49798
18Brocade Fabric OS 弱い暗号化6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2021-27795
19WPFactory Products, Order & Customers Export for WooCommerce Plugin クロスサイトスクリプティング5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-47547
20Bitrix24 MIME Type 特権昇格8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2023-1720

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.9.148.108mx1.dendrite.networkCredStealer2023年07月18日verified
2XXX.XXX.XXX.XXXXxxxxxxxxxx2023年07月18日verified

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22, CWE-425Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site Scriptingpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
7TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
8TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx Xxxxxxxxpredictive
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx Xxxxxxpredictive
10TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx Xxxxxxxxxxxxxpredictive
12TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictive
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
18TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
19TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (81)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/ajax.php?action=read_msgpredictive
2File/debug/pprofpredictive
3File/desktop_app/file.ajax.php?action=uploadfilepredictive
4File/envpredictive
5File/goform/SetNetControlListpredictive
6File/goform/SetStaticRouteCfgpredictive
7File/src/chatbotapp/chatWindow.javapredictive
8Fileadmin/categories_industry.phppredictive
9Fileadmin/class-woo-popup-admin.phppredictive
10Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictive
11Filexxxxxxxxxxxx/xxxxx/xxxx/predictive
12Filexxxxx.xxxpredictive
13Filexxx_xx_xxx_xxx.xxxpredictive
14Filexxx.xpredictive
15Filexxxpredictive
16Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictive
17Filexxxxxxx/xxx/xxx-xx.xpredictive
18Filexxx_xxxx.xpredictive
19Filexxx/xxxxx.xxxxxpredictive
20Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictive
21Filexxxxxxxxx.xxx.xxxpredictive
22Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictive
23Filexxxxxx.xxxpredictive
24Filexxxxxxx/xxxxx.xxx.xxxpredictive
25Filexx_xxxxx.xpredictive
26Filexxxxx_xxxxx.xpredictive
27Filexxxxxx/xxx/xxxxxxxx.xpredictive
28Filexxxx.xxxpredictive
29Filexxxxx.xxxpredictive
30Filexxxxxxxx.xxxpredictive
31Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictive
32Filexxxxxxxxxxx-xxxx.xxpredictive
33Filexxxxxxxxx/xxxxx.xxxxxpredictive
34Filexxxxx/xxxxx.xxxxxpredictive
35Filexxxxxxx.xpredictive
36Filexxxxxxxxxxxxx.xxxpredictive
37Filexxxxxx-xxxxxx.xxxpredictive
38Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictive
39Filexxx.xpredictive
40Filexxxxxxxxxxxxxxxxpredictive
41Filexxx-xxxxxxx-xxx.xxpredictive
42Filexxxxxxx.xpredictive
43Filexxx.xxxpredictive
44Filexx-xxxxx-xxxxxx.xxxpredictive
45File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictive
46Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictive
47Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictive
48Libraryxxxxxxx.xxxpredictive
49Libraryxxxxx.xxxpredictive
50Libraryxxxxxxxxxxxxx.xxx)predictive
51Argumentxxxxxxpredictive
52Argumentxxxpredictive
53Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictive
54Argumentxxxxxxpredictive
55Argumentx:\xxxxxxx\xpredictive
56Argumentxxxxx_xxxxpredictive
57Argumentxxxxx_xxpredictive
58Argumentxxxxxxxxpredictive
59Argumentxxxxxxxxxxxxxxxxxpredictive
60Argumentxxx_xxxpredictive
61Argumentxxxxpredictive
62Argumentxxxxpredictive
63Argumentxxxx_xxxxxpredictive
64Argumentxxxxxx_xxxpredictive
65Argumentxxxxpredictive
66Argumentxxpredictive
67Argumentxxxxxxxpredictive
68Argumentxxxxpredictive
69Argumentxxxxpredictive
70Argumentxxxxxxxxxxxxpredictive
71Argumentxxxxxxxpredictive
72Argumentx_xxxxpredictive
73Argumentxxxxxx/xxxxxx_xxxxxxpredictive
74Argumentxxxx_xxxxxpredictive
75Argumentxxxpredictive
76Argumentxxxxxpredictive
77Argumentxxxxxxxxxxxpredictive
78Argumentxxpredictive
79Argumentxxxxxxpredictive
80Argumentx-xxxxxxxxx-xxxxpredictive
81Input Value//xxx//xxxxxxx.xxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Do you know our Splunk app?

Download it now for free!