Xehook Stealer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

言語

en	20
ru	8

国・地域

us	26
ru	2

アクター

Aurora Stealer	1
Ave Maria	1
RedLine Stealer	1
Zusy	1
Raccoon	1

関心

タイプ

Not Defined	12
Forum Software	6
Database Software	2
Firewall Software	2
Auction Software	2

ベンダー

Not Defined	8
Microsoft	4
PCCS-Linux	2
Cisco	2
Matt Tourtillott	2

製品

WebGAIS	2
PCCS-Linux MySQLDatabase Admin Tool	2
Cisco ASA	2
Matt Tourtillott nph-maillist	2
Matthew Redman Allmanage	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Mozilla Firefox InstallVersion.compareTo クロスサイトスクリプティング	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04947	0.00	CVE-2005-2260
2	MIT Kerberos Key Distribution Center メモリ破損	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.74632	0.00	CVE-2005-1174
3	Novell eDirectory Modular Authentication Service 弱い認証	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
4	Microsoft IIS Frontpage Server Extensions shtml.dll Username 情報の漏洩	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.15958	0.05	CVE-2000-0114
5	Apple Mac OS X Temporary Files サービス拒否	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05953	0.00	CVE-2005-0524
6	Aastra 6753i IP Phone Authentication 弱い認証	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
7	Moreover.com Cached Feed.cgi Script cached_feed.cgi ディレクトリトラバーサル	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01256	0.05	CVE-2000-0906
8	Ranson Johnson MailForm mailform.pl File 情報の漏洩	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00472	0.00	CVE-2000-0877
9	Ranson Johnson Mailto CGI Script mailto.cgi 特権昇格	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00773	0.00	CVE-2000-0878
10	Way Way-Board way-board.cgi File 情報の漏洩	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01534	0.00	CVE-2001-0214
11	eXtropia BPS Forum bbs_forum.cgi ディレクトリトラバーサル	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01587	0.00	CVE-2001-0123
12	Ikonboard register.cgi 特権昇格	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00773	0.05	CVE-2001-0076
13	PCCS-Linux MySQLDatabase Admin Tool dbconnect.inc Password 情報の漏洩	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00696	0.02	CVE-2000-0707
14	Matthew Redman Allmanage File Upload allmanageup.pl 特権昇格	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01221	0.00	CVE-2000-0435
15	Classifieds CGI Form classifieds.cgi 特権昇格	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05470	0.00	CVE-1999-0935
16	Matt Tourtillott nph-maillist nph-maillist.pl 特権昇格	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01220	0.00	CVE-2001-0400
17	Microsoft FrontPage Extensions authors.pwd 情報の漏洩	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00000	0.00
18	Leif M. Wright ad.cgi 特権昇格	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04848	0.05	CVE-2001-0025
19	CGI Script Center Auction Weaver auctionweaver.pl ディレクトリトラバーサル	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00540	0.00	CVE-2000-0811
20	CGI Script Center Account Manager amadmin.pl 特権昇格	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03592	0.00	CVE-2000-0689

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	キャンペーン	Identified	タイプ	信頼度
1	45.15.156.174		Xehook Stealer		2024年04月02日	verified	高

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
3	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/+CSCOE+/logon.html	predictive	高
2	File	ad.cgi	predictive	低
3	File	allmanageup.pl	predictive	高
4	File	amadmin.pl	predictive	中
5	File	xxxxxxxxxxxxx.xx	predictive	高
6	File	xxxxxxx.xxx	predictive	中
7	File	xxx_xxxxx.xxx	predictive	高
8	File	xxxxxx_xxxx.xxx	predictive	高
9	File	xxxxxxxxxxx.xxx	predictive	高
10	File	xxxxxxxxx.xxx	predictive	高
11	File	xxxxxxx.xx	predictive	中
12	File	xxxxxxx.xxx_	predictive	中
13	File	xxxxxxxx.xxx	predictive	中
14	File	xxxxxxxx.xx	predictive	中
15	File	xxxxxx.xxx	predictive	中
16	File	xxx-xxxxxxxx.xx	predictive	高
17	File	xxxxxxxx.xxx	predictive	中
18	File	xxxxxxxx.xxx	predictive	中
19	File	xxxxxxxxxx.xxx	predictive	高
20	File	xxx-xxxxx.xxx	predictive	高
21	Library	/_xxx_xxx/xxxxx.xxx	predictive	高
22	Argument	xxxxxxx	predictive	低
23	Argument	xxxxxxxx/xxxxxx	predictive	高
24	Argument	xx	predictive	低
25	Argument	xxxxx	predictive	低
26	Argument	xxxxxxxx	predictive	中
27	Argument	xxxx	predictive	低
28	Argument	xxxxx	predictive	低
29	Argument	xxxx	predictive	低
30	Argument	xxxx_xxxx	predictive	中
31	Argument	xxxxxxxxx	predictive	中
32	Argument	xx-xxxxxx_xxxx	predictive	高
33	Input Value	<xxxxxxxx>\x	predictive	中

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!