Alfonso Stealer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (273)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en188
ru64
zh14
sv4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA114
RU: Russia110
CN: China36
GB: Great Britain14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

TrickBot9
RedLine Stealer7
DCRat4
Conti3
Alfonso Stealer2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined120
Content Management System8
Web Server8
JavaScript Library8
Groupware Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined100
Microsoft12
Apache10
Bitrix8
Google4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Bitrix Site Manager6
Microsoft Exchange Server6
phpMyAdmin6
Jitsi Meet4
Yii Framework4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.038280.00CVE-2007-1192
2Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006300.02CVE-2022-27228
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.26CVE-2010-0966
4Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.919800.70CVE-2020-15906
5jQuery html cross site scripting5.95.8$0-$5k$0-$5kHighOfficial Fix0.381510.02CVE-2020-11023
6Znuny AJAX Request sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.04CVE-2024-32493
7ILIAS Cloze Test Text gap Persistent cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.001350.00CVE-2019-1010237
8Harbor improper authentication6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.064190.03CVE-2022-46463
9Jitsi Meet hard-coded credentials8.57.9$0-$5k$0-$5kNot DefinedNot Defined0.002790.00CVE-2020-11878
10nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.20CVE-2020-12440
11WordPress Pingback server-side request forgery5.75.7$5k-$25k$5k-$25kNot DefinedNot Defined0.002640.02CVE-2022-3590
12Crestron AM-100/AM-101 HTTP Endpoint file_transfer.cgi command injection9.89.7$0-$5k$0-$5kHighWorkaround0.974090.04CVE-2019-3929
13Bitrix24 ajax.php server-side request forgery8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.012220.00CVE-2020-13484
14Fortinet FortiOS/FortiProxy Administrative Interface authentication bypass9.89.7$25k-$100k$0-$5kHighOfficial Fix0.972430.02CVE-2022-40684
15Apache Tomcat HTTP Digest Authentication Implementation improper authentication8.27.1$5k-$25k$0-$5kUnprovenOfficial Fix0.004030.00CVE-2012-5887
16PBSite register.php Local Privilege Escalation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
17TEM FLEX-1080/FLEX-1085 Log log.cgi information disclosure5.34.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.001410.02CVE-2022-1077
18F5 BIG-IP iControl REST Authentication bash missing authentication9.89.6$5k-$25k$0-$5kHighOfficial Fix0.465820.02CVE-2022-1388
19Vmware Workspace ONE Access/Identity Manager Template injection9.89.4$5k-$25k$0-$5kHighOfficial Fix0.974830.02CVE-2022-22954
20Apache Groovy MethodClosure.java MethodClosure injection8.58.5$5k-$25k$5k-$25kNot DefinedNot Defined0.060450.00CVE-2015-3253

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
189.23.101.20Alfonso Stealer06/19/2023verifiedHigh
2XX.XXX.XX.XXxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxx Xxxxxxx11/03/2021verifiedVery Low
3XXX.XXX.XX.XXXxxxxxxxxx-xxx.xxxx.xxxxxxxXxxxxxx Xxxxxxx06/19/2023verifiedHigh
4XXX.XX.XXX.XXXxxx.xxxxx.xxxXxxxxxx Xxxxxxx04/05/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (132)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin/login.phppredictiveHigh
3File/api/file_uploader.phppredictiveHigh
4File/app/Http/Controllers/Admin/NEditorController.phppredictiveHigh
5File/blogpredictiveLow
6File/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashxpredictiveHigh
7File/mgmt/tm/util/bashpredictiveHigh
8File/mifs/c/i/reg/reg.htmlpredictiveHigh
9File/secure/admin/ViewInstrumentation.jspapredictiveHigh
10File/secure/ViewCollectorspredictiveHigh
11File/SessionpredictiveMedium
12File/user/settingspredictiveHigh
13File/usr/bin/pkexecpredictiveHigh
14File/xAdmin/html/cm_doclist_view_uc.jsppredictiveHigh
15Fileadclick.phppredictiveMedium
16Filexxx_xxxxxxx.xxxpredictiveHigh
17Filexxxxx/xxxxxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxxxx.xxxpredictiveMedium
20Filexxx-xxx/xxxxxxx.xxpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxxx.xxxpredictiveMedium
23Filexxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
24Filex_xxxxxxpredictiveMedium
25Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxx_xxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxx_xxxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxxxxxx.xpredictiveHigh
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
34Filexxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxx.xxpredictiveMedium
36Filexxx/xxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxx.xxx/xxxxxxx/xxxxxpredictiveHigh
40Filexxxxx.xxpredictiveMedium
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxx.xxxpredictiveMedium
43Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
44Filexxx.xxxpredictiveLow
45Filexxxxx-xxxx-xxxx.xxxpredictiveHigh
46Filexxx_xxxxx_xxxx.xpredictiveHigh
47Filexxxxxxx.xxxpredictiveMedium
48Filexxxxxxx_xxxxxxx_xxxx.xxxpredictiveHigh
49Filexxx_xxxxxx.xxxxpredictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxxxxx.xxxpredictiveMedium
54Filexxxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
55Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxx.xxpredictiveMedium
57Filexxxxxx_xxxxxxx.xxxpredictiveHigh
58Filexxxxxxxx/xxxx/xxxx.xxx?xxxxxx=xxxxxxxxxxxxxxxxpredictiveHigh
59Filexxxx.xxxpredictiveMedium
60Filexxxx.xxpredictiveLow
61Filexxxxxxxx_xxxx.xxxpredictiveHigh
62Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxxxxx.xxxxx.xxxpredictiveHigh
65Filexxxx-xxxxx.xxxpredictiveHigh
66Filexxxxx.xpredictiveLow
67Filexxxxxxx.xxxpredictiveMedium
68Filexxx-xxx/predictiveMedium
69Filexxxxxxx/xxx/xxxxxxxpredictiveHigh
70Filexx-xxxxx/xxxxx.xxx?xxxx=xxxxxxxxxxxxpredictiveHigh
71Filexx-xxxx.xxxpredictiveMedium
72Filexx-xxxxxxxxx.xxxpredictiveHigh
73Libraryxxxxxx.xxxxx.xxxxxxxpredictiveHigh
74Argument*xxxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76ArgumentxxpredictiveLow
77ArgumentxxxxxxxxxxxxpredictiveMedium
78ArgumentxxxxxxpredictiveLow
79ArgumentxxxxxxpredictiveLow
80ArgumentxxxxxxxxpredictiveMedium
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxxxxpredictiveLow
83ArgumentxxxxxxxxpredictiveMedium
84Argumentxxx_xxpredictiveLow
85ArgumentxxxpredictiveLow
86Argumentxxxxxx_xxpredictiveMedium
87ArgumentxxxxxxpredictiveLow
88Argumentxxxxxxxx_xxxxxx/xxxxxxxx_xxxx/xxxxxxxx_xxxxxxxx/xxxxxxxx_xxxxpredictiveHigh
89ArgumentxxxxpredictiveLow
90ArgumentxxxpredictiveLow
91ArgumentxxxxxxxxxxpredictiveMedium
92ArgumentxxxxxxxpredictiveLow
93Argumentxx_xxxx/xxxxx/xxxpredictiveHigh
94Argumentxxxxxxxxx->xxxxxxxxxpredictiveHigh
95ArgumentxxxxpredictiveLow
96ArgumentxxxxxxxxpredictiveMedium
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxx_xxxxpredictiveMedium
99Argumentxxxx_xxxxxxpredictiveMedium
100Argumentxxxxxx_xxxxx_xxxpredictiveHigh
101Argumentxxxxxxxxx/xxxxxxxx/xxxxxxx/xxxx/xxxxxpredictiveHigh
102ArgumentxxxxpredictiveLow
103Argumentxxxx_xxxxxpredictiveMedium
104ArgumentxxpredictiveLow
105ArgumentxxpredictiveLow
106ArgumentxxxxxxpredictiveLow
107ArgumentxxxxxxxpredictiveLow
108ArgumentxxpredictiveLow
109Argumentxxxxxxx/xxxxxxxxxpredictiveHigh
110ArgumentxxxxpredictiveLow
111Argumentxx_xxx_xxxpredictiveMedium
112ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
113ArgumentxxxxxxxxxpredictiveMedium
114Argumentxxxxxxxx_xxpredictiveMedium
115Argumentxxxxxxx xxxxxpredictiveHigh
116ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
117ArgumentxxxxxxpredictiveLow
118ArgumentxxxxxxpredictiveLow
119Argumentxxxxxx_xxxpredictiveMedium
120ArgumentxxxxxxpredictiveLow
121Argumentxx_xxpredictiveLow
122Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
123ArgumentxxxxxpredictiveLow
124ArgumentxxpredictiveLow
125ArgumentxxxxxxpredictiveLow
126Argument_xxxxxx[xxxxxxxx_xxxx]predictiveHigh
127Input Value/xxxxxx/..%xxpredictiveHigh
128Input Valuexxxxx"][xxxxxx]xxxxx('xxx')[/xxxxxx]predictiveHigh
129Input Value<!-- xxxx -->predictiveHigh
130Pattern__xxxxxxxxx=predictiveMedium
131Network PortxxxxpredictiveLow
132Network Portxxx xxxxxx xxxxpredictiveHigh

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!