SocStealer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

タイムライン

言語

en8
zh4
de4

国・地域

us8
cn8

アクター

SocStealer3
Ponystealer1
DCRat1

アクティビティ

関心

タイムライン

タイプ

Not Defined6
WordPress Plugin2
Content Management System2
SSH Server Software2
Mail Client Software2

ベンダー

Not Defined12
Oracle2
UMN2

製品

Oracle Web Applications Desktop Integrator2
NotificationX Plugin2
Drupal2
Devilz Clanportal2
Dropbear2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1NotificationX Plugin SQL Statement SQLインジェクション5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.04CVE-2022-0349
2TestLink attachmentdownload.php 特権昇格6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.000860.04CVE-2022-35195
3UMN MapServer SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003760.00CVE-2011-2703
4SCMS 特権昇格7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001020.00CVE-2018-19654
5Oracle WebLogic Server Centralized Thirdparty Jars 情報の漏洩3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2020-8908
6Tenda AC23 httpd formGetSysToolDDNS メモリ破損8.38.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001310.03CVE-2023-0782
7Oracle Web Applications Desktop Integrator Upload Remote Code Execution9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.973440.04CVE-2022-21587
8OpenSSH FIDO Authentication 弱い認証5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002010.03CVE-2021-36368
9Dropbear Non-RFC-compliant Check 弱い認証6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.04CVE-2021-36369
10Microsoft Windows EducatedScholar 特権昇格10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.742610.00CVE-2009-2532
11Jenkins Agent-to-Controller 特権昇格5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001920.02CVE-2021-21685
12Mutt/NeoMutt IMAP Server Response 弱い暗号化5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.00CVE-2020-28896
13Devilz Clanportal File Upload 未知の脆弱性5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.07CVE-2006-6338
14HoMaP index.php SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.001000.00CVE-2008-2989
15DZCP deV!L`z Clanportal browser.php 情報の漏洩5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.92CVE-2007-1167
16Drupal Transliterate 特権昇格6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001460.00CVE-2016-9452

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
145.76.142.14445.76.142.144.vultrusercontent.comSocStealer2022年04月08日verified
2XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022年04月08日verified
3XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxxx2022年04月08日verified
4XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022年04月08日verified
5XXX.XXX.XX.XXxxxx-xxxx-xxxx-xxx-xx-xxxx.xxxxxxxx.xxxXxxxxxxxxx2022年04月08日verified

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictive
2TXXXXCAPEC-242CWE-XXXxxxxxxx Xxxxxxxxxpredictive
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/bin/httpdpredictive
2Fileinc/filebrowser/browser.phppredictive
3Filexxxxx.xxxpredictive
4Library/xxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictive
5Argumentxxxxpredictive
6Argumentxxpredictive
7Argumentxx_xxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Interested in the pricing of exploits?

See the underground prices here!