AgentTesla Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en708
de80
zh52
sv40
ru26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA968
RU: Russia14
CN: China6
NL: Netherland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AgentTesla5
Mirai3
Cobalt Strike2
RedLine Stealer2
Coper1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined94
Content Management System20
Forum Software4
Groupware Software4
Database Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined46
SourceCodester10
Edgewall Software6
DZCP6
itsourcecode4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Edgewall Software Trac6
PHP-Fusion6
DZCP deV!L`z Clanportal4
SAP SQL Anywhere4
Esoftpro Online Guestbook Pro4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.042771.51CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot definedOfficial fixexpected0.869682.97CVE-2020-15906
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.009700.95CVE-2010-0966
4Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot definedNot defined 0.000001.03
5Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot definedNot defined 0.000000.40
6DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.081890.16CVE-2007-1167
7SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot definedOfficial fix 0.010201.90CVE-2022-28959
8MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.018020.24CVE-2007-0354
9Advisto Peel SHOPPING caddie_ajout.php cross-site request forgery6.56.5$0-$5k$0-$5kNot definedNot defined 0.001390.00CVE-2018-20848
10Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$100k and more$0-$5kHighOfficial fixverified0.943780.00CVE-2023-4966
11WP-ViperGB Plugin remove_query_arg cross site scripting5.25.1$0-$5k$0-$5kNot definedOfficial fix 0.001900.00CVE-2015-9356
12Devilz Clanportal index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable 0.010160.07CVE-2006-3347
13TikiWiki tiki-index.php path traversal7.37.0$0-$5k$0-$5kNot definedOfficial fix 0.017730.16CVE-2007-5684
14eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot definedNot defined 0.000001.27
15V-EVA Press Release Script page.php sql injection7.37.1$0-$5k$0-$5kHighUnavailablepossible0.030350.16CVE-2010-5047
16SourceCodester Service Provider Management System System Info Page index.php cross site scripting3.23.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.001440.06CVE-2024-6267
17OxWall cross site scripting4.34.3$0-$5k$0-$5kNot definedNot defined 0.005150.08CVE-2012-0872
18Arthmoor QSF-Portal index.php path traversal5.45.4$0-$5k$0-$5kNot definedOfficial fix 0.000590.07CVE-2019-25099
19LushiWarPlaner register.php sql injection7.37.3$0-$5k$0-$5kHighUnavailablepossible0.008350.06CVE-2007-0864
20SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.001050.08CVE-2024-1875

IOC - Indicator of Compromise (23)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.4.1.4AgentTesla04/20/2020verifiedLow
223.94.239.8923-94-239-89-host.colocrossing.comAgentTesla04/03/2024verifiedHigh
345.67.228.51vm1700022.stark-industries.solutionsAgentTesla10/23/2023verifiedHigh
482.115.209.180AgentTesla04/03/2024verifiedHigh
589.47.1.10AgentTesla10/23/2023verifiedHigh
6XX.XXX.XX.XXXXxxxxxxxxx01/19/2024verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxxxxx01/19/2024verifiedHigh
8XXX.XX.XX.XXXxxxxxxxxx10/23/2023verifiedHigh
9XXX.XX.XX.XXXxxxxxxxxx10/23/2023verifiedHigh
10XXX.XXX.XX.XXxxx-xxx-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx04/03/2024verifiedHigh
11XXX.XXX.X.XXXXxxxxxxxxx10/23/2023verifiedHigh
12XXX.XXX.XXX.XXXXxxxxxxxxx10/23/2023verifiedHigh
13XXX.XXX.XX.XXXXxxxxxxxxx10/23/2023verifiedHigh
14XXX.XXX.XXX.XXXxxxxxxxxxx-x.xxx-xxxxxxx.xxxXxxxxxxxxx10/23/2023verifiedMedium
15XXX.XXX.XX.XXxxxxxxx.xxxxx.xxxxXxxxxxxxxx08/05/2024verifiedVery High
16XXX.XX.XX.XXXxxxxxxxxx10/23/2023verifiedHigh
17XXX.XX.XXX.XXXxxxxxxxxx10/23/2023verifiedHigh
18XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxxxxxxxxx10/23/2023verifiedHigh
19XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx04/03/2024verifiedHigh
20XXX.XXX.XXX.Xxxx-xxx-xxx-x-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx04/03/2024verifiedHigh
21XXX.XXX.X.XXXXxxxxxxxxx10/23/2023verifiedHigh
22XXX.XXX.XXX.XXxxxxxxxxx10/23/2023verifiedHigh
23XXX.XXX.XXX.XXXxxxxxxxxx04/03/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (128)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/emp-profile-avatar.phppredictiveHigh
2File/admin/manage_complaint.phppredictiveHigh
3File/backend/register.phppredictiveHigh
4File/cgi-bin/login.cgipredictiveHigh
5File/cgi-bin/nas_sharing.cgipredictiveHigh
6File/cgi-bin/vitogate.cgipredictiveHigh
7File/classes/Master.phppredictiveHigh
8File/classes/SystemSettings.php?f=update_settingspredictiveHigh
9File/control/register_case.phppredictiveHigh
10File/netflow/servlet/CReportPDFServletpredictiveHigh
11File/oauth/idp/.well-known/openid-configurationpredictiveHigh
12File/request.phppredictiveMedium
13File/Script/admin/core/update_policypredictiveHigh
14File/Setting/change_password_savepredictiveHigh
15File/show_news.phppredictiveHigh
16File/spip.phppredictiveMedium
17File/userLogin.asppredictiveHigh
18File/xxx/xxxx_xxx_xxx_xxxxxx.xxxpredictiveHigh
19Filexxxxxxx.xxxpredictiveMedium
20Filexxxxxxxx.xxxpredictiveMedium
21Filexxxxx.xxxxpredictiveMedium
22Filexxxxx/xxxx_xxxxx_xxxx.xxxpredictiveHigh
23Filexxxxx_xxxxxx.xxxpredictiveHigh
24Filexxx/xxxxxxxxxxx/xxxxx.xxpredictiveHigh
25Filexxxx.xpredictiveLow
26Filexxx-xxxxxxx.xxxxpredictiveHigh
27Filexxxxxxx/xxxxxx.xxxpredictiveHigh
28Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxx-xxxxxxx.xxxpredictiveHigh
31Filexxxxxx.xxxpredictiveMedium
32Filexxxxxxxxxx.xxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxx.xxxpredictiveHigh
36Filexxxx-xxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
39Filexxxxxxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxxx.xxxpredictiveHigh
42Filexx/xxx/xxxx_xxxxx.xpredictiveHigh
43Filexxxxxx/xxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
44Filexxx/xxxxxx.xxxpredictiveHigh
45Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
46Filexxxxx.xxxpredictiveMedium
47Filexxxxxxxxx/xxxxxx_xxxx_xxxxx/xxxx_xxxxx.xxxpredictiveHigh
48Filexxxxx/xxxxx.xxxpredictiveHigh
49Filexxxxx.xxxxpredictiveMedium
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxx/xxxxxxxx.xxxpredictiveHigh
52Filexxxxxx.xxxpredictiveMedium
53Filexxx/xxxxxxxxx/xxxxx/xx_xxx_xxxx_xxxxxxxxxx.xpredictiveHigh
54Filexxx_xxxx.xxxpredictiveMedium
55Filexxxxxxx_xxx.xxxpredictiveHigh
56Filexxxx.xxxpredictiveMedium
57Filexxx-xxxxxxxx.xxxpredictiveHigh
58Filexxx_xxx_xxxx.xxxpredictiveHigh
59Filexxxxxxxx.xxxpredictiveMedium
60Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
61Filexxxxxxxx_xx.xxxpredictiveHigh
62Filexxxxxxxx_xxxx.xxxpredictiveHigh
63Filexxxxx/xxxxxxxx.xxxpredictiveHigh
64Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
65Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
66Filexxxxxx_xxxx/xxxxx.xxxpredictiveHigh
67Filexxxxxxxx.xxxxx.xxxpredictiveHigh
68Filexxxx-xxxxx.xxxpredictiveHigh
69Filexxxx-xxxxxxxx.xxxpredictiveHigh
70Filexxxx-xxxxx.xxxpredictiveHigh
71Filexxxx-xxxxxxxx.xxxpredictiveHigh
72Filexxxxxxxxxx.xxxpredictiveHigh
73Filexxxxx/xxxxxxxxxx/xxxxxxxxxx_xxxxx_xxxxxxxxxxpredictiveHigh
74Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
75Filexxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
76Filexxxx/xxxxxxxx.xxxpredictiveHigh
77Filexxxx_xxxxxx.xxxpredictiveHigh
78Filexx-xxxxxxxxx.xxxpredictiveHigh
79Argumentxxxxxxx/xxxxxxxxxxpredictiveHigh
80Argumentxxx/xxxpredictiveLow
81Argumentxxxxxxx_xxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxxxxxxpredictiveLow
84ArgumentxxxxxxxxxxpredictiveMedium
85ArgumentxxxxxxpredictiveLow
86Argumentxxxxxxxxx[x]predictiveMedium
87ArgumentxxxxxxxpredictiveLow
88ArgumentxxxxxxxxpredictiveMedium
89ArgumentxxxxpredictiveLow
90Argumentxxxxxxx[]predictiveMedium
91ArgumentxxxxxpredictiveLow
92Argumentxxxxx_xxxpredictiveMedium
93Argumentxxxxx_xx/xxxx_xxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxpredictiveHigh
94ArgumentxxxxpredictiveLow
95Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
96ArgumentxxxxxpredictiveLow
97ArgumentxxxxxxpredictiveLow
98Argumentxx_xxpredictiveLow
99ArgumentxxpredictiveLow
100ArgumentxxxxxpredictiveLow
101Argumentxxx_xxxxxxxxpredictiveMedium
102ArgumentxxxxpredictiveLow
103ArgumentxxxxxxxxpredictiveMedium
104Argumentxxxxxxxx_xxxpredictiveMedium
105ArgumentxxxxpredictiveLow
106Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
107ArgumentxxxxpredictiveLow
108Argumentxxxxx_xxxx_xxxxpredictiveHigh
109ArgumentxxxxxpredictiveLow
110ArgumentxxxxxxxxxxxxxxpredictiveHigh
111ArgumentxxxxxxxxxxxpredictiveMedium
112ArgumentxxxxxxpredictiveLow
113Argumentxxxxxx_xxxxxxpredictiveHigh
114ArgumentxxxxxxpredictiveLow
115Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
116ArgumentxxxxxxpredictiveLow
117Argumentxxxxxx xxxx/xxxxxx xxxxx xxxxpredictiveHigh
118ArgumentxxxpredictiveLow
119ArgumentxxxxxxxxxxxpredictiveMedium
120Argumentxx_xxpredictiveLow
121Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
122ArgumentxxxxxpredictiveLow
123Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictiveHigh
124Argument_xx_xxxx[xxxx_xxxx]predictiveHigh
125Input Value/%xxpredictiveLow
126Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh
127Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveHigh
128Input Valuex:\xxxx.xxxpredictiveMedium

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!