MintStealer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

言語

en	38
es	2

国・地域

us	20
ps	6

アクター

MintStealer	3
Mirai	2
Cobalt Strike	2
Stealc	2
RisePro	2

関心

タイプ

Not Defined	18
Programming Tool Software	4
Router Operating System	4
E-Commerce Management Software	2
Photo Gallery Software	2

ベンダー

Not Defined	12
Zend	4
SourceCodester	4
Huawei	2
Juniper	2

製品

Zend Framework	4
Huawei Flybox B660	2
obs-service-go_modules	2
Juniper Junos Space	2
Heimdal	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	T&W WIFI Repeater BE126 Upgrade Process 弱い認証	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00091	0.04	CVE-2018-9232
2	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 情報の漏洩	5.3	5.2	$5k-$25k	計算中	High	Workaround	0.02016	0.00	CVE-2007-1192
3	SourceCodester Alphaware Simple E-Commerce System admin_index.php SQLインジェクション	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00171	0.04	CVE-2023-1503
4	DD-WRT Web Interface 未知の脆弱性	7.5	6.9	$0-$5k	$0-$5k	Unproven	Not Defined	0.00312	0.04	CVE-2012-6297
5	Dreaxteam Xt-News show_news.php SQLインジェクション	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00202	0.02	CVE-2006-6747
6	Google Android Transcode Permission Controller getAvailabilityStatus 特権昇格	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-21005
7	sudo 特権昇格	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00068	0.04	CVE-2023-28486
8	Simple Art Gallery adminHome.php SQLインジェクション	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00144	0.04	CVE-2023-1416
9	obs-service-go_modules 特権昇格	5.0	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2022-45155
10	SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System login.php SQLインジェクション	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00531	0.04	CVE-2023-1352
11	PMB restaure_act.php Privilege Escalation	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00528	0.00	CVE-2023-24736
12	Heimdal Fix CVE-2022-3437 未知の脆弱性	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00065	0.00	CVE-2022-45142
13	IBM Maximo Asset Management/Maximo Application Suite Web UI クロスサイトスクリプティング	5.1	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00058	0.00	CVE-2022-35645
14	Shenzhen Zhiboton ZBT WE1626 SPI Bus Interface 情報の漏洩	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.00	CVE-2022-45552
15	Mozilla Firefox libaudio メモリ破損	5.0	4.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00046	0.00	CVE-2023-25747
16	Linux Kernel memory-tiers.c memory_tier_init 特権昇格	5.5	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-23005
17	Medtronic InsterStim Applications 弱い認証	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00054	0.00	CVE-2023-25931
18	CodeIgniter 未知の脆弱性	5.3	5.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00136	0.00	CVE-2022-24712
19	DrayTek Vigor/Vigor3910 wlogin.cgi メモリ破損	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00182	0.08	CVE-2022-32548
20	Microsoft Windows Kernel 未知の脆弱性	2.9	2.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00043	0.00	CVE-2022-38022

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	アクター	Identified	タイプ	信頼度
1	85.114.96.2	MintStealer	2024年03月03日	verified	高
2	95.214.25.207	MintStealer	2023年08月30日	verified	高
3	XXX.XX.XX.XX	Xxxxxxxxxxx	2024年03月03日	verified	高
4	XXX.XX.XX.XX	Xxxxxxxxxxx	2023年10月29日	verified	高
5	XXX.XX.XX.XX	Xxxxxxxxxxx	2024年04月10日	verified	高
6	XXX.XX.XXX.XX	Xxxxxxxxxxx	2023年10月29日	verified	高
7	XXX.XX.XXX.XXX	Xxxxxxxxxxx	2024年03月03日	verified	高
8	XXX.XX.XXX.XXX	Xxxxxxxxxxx	2023年10月29日	verified	高
9	XXX.XXX.XX.XXX	Xxxxxxxxxxx	2023年10月31日	verified	高

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1059.007	CAPEC-209	CWE-79, CWE-80	Cross Site Scripting	predictive	高
2	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	高
3	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/admin/login.php	predictive	高
2	File	/cgi-bin/wlogin.cgi	predictive	高
3	File	/htmlcode/html/system_reboot.asp	predictive	高
4	File	/xxxxxxxxxx/xxxxxxxx_xxx.xxx	predictive	高
5	File	xxxxx/xxxxx_xxxxx.xxx	predictive	高
6	File	xxxxxxxxx.xxx	predictive	高
7	File	xxxxxxxxx.x	predictive	中
8	File	xxxxxxx.xxx	predictive	中
9	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	高
10	File	xxxxxxxxx.xxx	predictive	高
11	File	xx/xxxxxx-xxxxx.x	predictive	高
12	File	xxxx_xxxx.xxx	predictive	高
13	Argument	xx/xx	predictive	低
14	Argument	xxxxx_xxxxxx_xxxx	predictive	高
15	Argument	xxx_xx	predictive	低
16	Argument	xxx	predictive	低
17	Argument	xx_xxxx	predictive	低
18	Argument	xxxxxxxxxxx	predictive	中
19	Argument	xxxxxx_xxxxxxxx	predictive	高
20	Argument	xxxxxxx	predictive	低
21	Argument	xxxxxxxxxxx/xxxxxxxxxxx	predictive	高
22	Argument	xxxxxxxx/xxxxxxxx	predictive	高
23	Input Value	xxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx	predictive	高

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!