X-Files Stealer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (14)

タイムライン

言語

en12
de2

国・地域

us6
de2

アクター

Mirai2
Bashlite2
AsyncRAT2
RedLine Stealer2
X-Files Stealer2

アクティビティ

関心

タイムライン

タイプ

Not Defined10
Operating System2

ベンダー

Not Defined4
Linux2
BD2
Open-Xchange2
GNU2

製品

Linux Kernel2
Grammarly Extension2
Wire2
BD Totalys MultiProcessor2
Open-Xchange OX App Suite2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1Form.io Email Template 特権昇格6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.005250.04CVE-2020-28246
2SourceCodester Food Ordering System PHP File ajax.php 特権昇格7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.003070.00CVE-2023-24646
3Linux Kernel capsule-loader.c メモリ破損4.64.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.03CVE-2022-40307
4BD Totalys MultiProcessor 弱い認証8.17.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2022-40263
5GNU adns 未知の脆弱性6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.010530.00CVE-2008-4100
6Grafana 情報の漏洩5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.000690.00CVE-2019-19499
7NVIDIA Windows GPU Display Driver DLL Loader 特権昇格5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.000510.00CVE-2019-5694
8Open-Xchange OX App Suite App Loader クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2023-41708
9Grammarly Extension 特権昇格6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003280.05CVE-2018-6654
10Wire SAML IdP Metadata 弱い認証8.48.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002010.04CVE-2022-31122
11cPanel Account Suspension email_accounts.json サービス拒否3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2018-20880

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
191.92.240.39X-Files Stealer2024年01月19日verified
2XXX.XXX.XX.XXXX-xxxxx Xxxxxxx2022年07月26日verified
3XXX.XXX.XX.XXXX-xxxxx Xxxxxxx2022年08月02日verified

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
2T1059.007CAPEC-209CWE-79Cross Site Scriptingpredictive
3TXXXXCAPEC-19CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx Xxxxxxxxxxxpredictive
5TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx Xxxxpredictive
6TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
7TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictive
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (3)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/fos/admin/ajax.phppredictive
2Filexxxxxxx/xxxxxxxx/xxx/xxxxxxx-xxxxxx.xpredictive
3Filexxxxx_xxxxxxxx.xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

Samples (2)

The following list contains associated samples:

概要

Do you want to use VulDB in your project?

Use the official API to access entries easily!