CredStealer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (326)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en304
ru22

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China32
US: USA30
RU: Russia8
ES: Spain4
NL: Netherland2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Meterpreter2
CredStealer2
AsyncRAT1
TeamTNT1
Cobalt Strike1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined124
WordPress Plugin20
Operating System18
Programming Language Software12
Content Management System12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined88
Apache8
Apple8
PHP Jabbers8
mooSocial6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple macOS6
Grafana4
Cisco Firepower Threat Defense4
mooSocial mooDating4
MantisBT4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Raisecom MSG1200/MSG2100E/MSG2200/MSG2300 Web Interface list_base_config.php os command injection7.57.2$0-$5k$0-$5kProof-of-ConceptWorkaroundexpected0.915200.00CVE-2024-7120
2Netgear WN604 Web Interface downloadFile.php information disclosure5.35.1$5k-$25k$0-$5kProof-of-ConceptWorkaroundexpected0.921240.00CVE-2024-6646
3Byzoro Smart S210 Management Platform uploadfile.php unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.867110.04CVE-2024-0939
4TVT DVR TD-2104TS-CL queryDevInfo information disclosure5.35.1$0-$5k$0-$5kProof-of-ConceptWorkaroundexpected0.812850.05CVE-2024-7339
5osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.101160.03CVE-2024-4348
6D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection8.18.1$5k-$25k$0-$5kAttackedWorkaroundverified0.944050.14CVE-2024-3273
7mooSocial mooDating URL users cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.071890.05CVE-2023-3847
8Dahua Smart Park Management devicePoint_addImgIco unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.904460.10CVE-2023-3836
9PHP Jabbers Bus Reservation System index.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.050230.03CVE-2023-4111
10PHP Jabbers Taxi Booking index.php cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.062580.00CVE-2023-4116
11DedeCMS select_templets.php path traversal4.64.5$0-$5k$0-$5kProof-of-ConceptNot defined 0.025530.08CVE-2023-2059
12PHP Jabbers Availability Booking Calendar index.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.043440.02CVE-2023-4110
13Ellucian Ethos Identity logout cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptOfficial fixpossible0.770480.03CVE-2023-2822
14PlayTube Redirect information disclosure5.45.2$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.900350.00CVE-2023-4714
15ColumbiaSoft Document Locator WebTools login improper authentication8.18.0$0-$5k$0-$5kNot definedOfficial fixexpected0.875650.04CVE-2023-5830
16Academy LMS GET Parameter filter sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedpossible0.432310.06CVE-2023-4974
17mooSocial mooDating URL question cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.071890.06CVE-2023-3843
18mooSocial mooDating URL ajax_invite cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.071890.03CVE-2023-3845
19Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password7.57.3$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.906610.03CVE-2023-5222
20Ruijie RG-EW1200G Administrator Password set_passwd access control7.16.9$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.909560.03CVE-2023-4169

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.148.108mx1.dendrite.networkCredStealer07/18/2023verifiedHigh
2XXX.XXX.XXX.XXXXxxxxxxxxxx07/18/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (22)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-24, CWE-28, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XCWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
21TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
22TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (166)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/academy/tutor/filterpredictiveHigh
2File/ad-listpredictiveMedium
3File/admin/suppliers/view_details.phppredictiveHigh
4File/ajax.php?action=read_msgpredictiveHigh
5File/api/authentication/loginpredictiveHigh
6File/api/sys/loginpredictiveHigh
7File/api/sys/set_passwdpredictiveHigh
8File/api/v2/open/rowsInfopredictiveHigh
9File/app/sys1.phppredictiveHigh
10File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
11File/cas/logoutpredictiveMedium
12File/catalog/all-productspredictiveHigh
13File/cgi-bin/adm.cgipredictiveHigh
14File/cgi-bin/mesh.cgi?page=upgradepredictiveHigh
15File/cgi-bin/nas_sharing.cgipredictiveHigh
16File/cgi-bin/nightled.cgipredictiveHigh
17File/cgi-bin/touchlist_sync.cgipredictiveHigh
18File/cgi-bin/vitogate.cgipredictiveHigh
19File/debug/pprofpredictiveMedium
20File/xxxxxxx_xxx/xxxx.xxxx.xxx?xxxxxx=xxxxxxxxxxpredictiveHigh
21File/xxxxxxxxxxxx.xxxpredictiveHigh
22File/xxxx/xxxxxxxxxxx_xxxxxxxxx?xxxxxxxxxxxx=xxxxpredictiveHigh
23File/xxxpredictiveLow
24File/xxxx-x-xxxxxpredictiveHigh
25File/xxxxxxxpredictiveMedium
26File/xxxxxxx/xxxx_xxxxxxpredictiveHigh
27File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
28File/xxxxxx/xxxxxxxxxxxxxxxxxpredictiveHigh
29File/xxx/xxxxxx/xxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
30File/xxxxx.xxxpredictiveMedium
31File/xxxxx.xxx?xxxx=xxxxxxxx_xxxpredictiveHigh
32File/xxxxxx/xxxxxxx.xxxpredictiveHigh
33File/xxxxxxxxxxxx/xxxxxxxxpredictiveHigh
34File/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
35File/xxxxxpredictiveLow
36File/xxx/xxxx.xxxpredictiveHigh
37File/xxxxxxxx/xxxxx.xxxpredictiveHigh
38File/xxxxxxxxxxxxpredictiveHigh
39File/xxxxxxpredictiveLow
40File/xxxxxx/xxxxxpredictiveHigh
41File/xxx/xxxxxxxxxx/xxxxxxxxxx.xxxxpredictiveHigh
42File/xxxx/xxxxxxxxxx.xxxpredictiveHigh
43File/xxxxxpredictiveLow
44File/xxxxx/xxxxpredictiveMedium
45Filexxx-xxxxxx-xxxx.xxxpredictiveHigh
46Filexxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
47Filexxxxx/xxxxx-xxx-xxxxx-xxxxx.xxxpredictiveHigh
48Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
49Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
50Filexxxxx.xxxpredictiveMedium
51Filexxx_xx_xxx_xxx.xxxpredictiveHigh
52Filexxx/xxxxxx/xxxx/xxx_xxxxxx.xxxpredictiveHigh
53Filexxx.xpredictiveLow
54FilexxxpredictiveLow
55Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
56Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
57Filexxx_xxxx.xpredictiveMedium
58Filexxx/xxxxx.xxxxxpredictiveHigh
59Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
60Filexxxxxxxxx.xxx.xxxpredictiveHigh
61Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
62Filexxxxxxx_xxx.xxxxpredictiveHigh
63Filexxxxxx.xxxpredictiveMedium
64Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
65Filexxxxx.xxxpredictiveMedium
66Filexx_xxxxx.xpredictiveMedium
67Filexxxxx_xxxxx.xpredictiveHigh
68Filexxxxxxxx/xxxxxxxxxpredictiveHigh
69Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
70Filexxxx.xxxpredictiveMedium
71Filexxxxx.xxxpredictiveMedium
72Filexxxx_xxxx_xxxxxx.xxxpredictiveHigh
73Filexxxxxxxx.xxxpredictiveMedium
74Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
75Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
76Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
77Filexxxxx/xxxxx.xxxxxpredictiveHigh
78Filexxxxxxx.xpredictiveMedium
79Filexxxxxxxxxxxxx.xxxpredictiveHigh
80Filexxxxxx-xxxxxxx.xxxpredictiveHigh
81Filexxxxxx-xxxxxx.xxxpredictiveHigh
82Filexxxxxxxxx.xxxpredictiveHigh
83Filexxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
84Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
85Filexxx/xxxx/xxxx/xxx/xxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
86Filexxx/xxxx.xpredictiveMedium
87Filexxx.xpredictiveLow
88FilexxxxxxxxxxxxxxxxpredictiveHigh
89Filexxx-xxxxxxx-xxx.xxpredictiveHigh
90Filexxxxxxx/xxxxxxx/xxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
91Filexxxxxxx.xpredictiveMedium
92Filexxx.xxxpredictiveLow
93Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
94File\xxxxxxxxxx\xxxxxxxxx\xxx\xxxxxx.xxpredictiveHigh
95File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
96Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
97Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
98Libraryxxxxxxx.xxxpredictiveMedium
99Libraryxxxxx.xxxpredictiveMedium
100Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
101ArgumentxxxxxxpredictiveLow
102ArgumentxxxxxxpredictiveLow
103ArgumentxxxpredictiveLow
104ArgumentxxxxxxxxxxxpredictiveMedium
105Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
106ArgumentxxxxxxpredictiveLow
107Argumentx:\xxxxxxx\xpredictiveMedium
108Argumentxxxxx_xxxxpredictiveMedium
109ArgumentxxxpredictiveLow
110ArgumentxxxpredictiveLow
111ArgumentxxxxxxxpredictiveLow
112Argumentxxxxx_xxpredictiveMedium
113ArgumentxxxxxxxxpredictiveMedium
114ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
115Argumentxxx_xxxpredictiveLow
116ArgumentxxxxpredictiveLow
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxxxxpredictiveMedium
119Argumentxxxx_xxxxxpredictiveMedium
120Argumentxxxx_xxxxxxpredictiveMedium
121Argumentxxxxxx[xxxxxxx]/xxxxxx[xxxxx]predictiveHigh
122Argumentxxxxxx_xxxpredictiveMedium
123ArgumentxxxxpredictiveLow
124ArgumentxxpredictiveLow
125ArgumentxxxxxpredictiveLow
126ArgumentxxxxxpredictiveLow
127Argumentxxxxx/xxxxxx_xxpredictiveHigh
128ArgumentxxxxxxxpredictiveLow
129ArgumentxxpredictiveLow
130ArgumentxxxxxxpredictiveLow
131Argumentxxxxxxxx[xx]predictiveMedium
132ArgumentxxxpredictiveLow
133ArgumentxxxxpredictiveLow
134ArgumentxxxxpredictiveLow
135ArgumentxxxxxxxxxxxxpredictiveMedium
136ArgumentxxxxxxpredictiveLow
137Argumentxxxxx_xxx/xxxxx_xxxpredictiveHigh
138ArgumentxxxxxxxpredictiveLow
139Argumentx_xxxxpredictiveLow
140ArgumentxxxxxxxxxxxxxpredictiveHigh
141Argumentxxxxxxxxxxx/xxxxpredictiveHigh
142Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
143ArgumentxxxxxxxxxxpredictiveMedium
144ArgumentxxxxxxpredictiveLow
145Argumentxxxxxxx_xxpredictiveMedium
146Argumentxxxx_xxxxxpredictiveMedium
147ArgumentxxxpredictiveLow
148ArgumentxxxxxpredictiveLow
149Argumentxxxxx_xxxxpredictiveMedium
150ArgumentxxxxxxpredictiveLow
151Argumentxxxxx_xxxxpredictiveMedium
152ArgumentxxxxxxxxpredictiveMedium
153ArgumentxxxxxxxxxxxpredictiveMedium
154ArgumentxxpredictiveLow
155ArgumentxxxxxxpredictiveLow
156ArgumentxxxpredictiveLow
157ArgumentxxxxxxpredictiveLow
158ArgumentxxxxxxxxpredictiveMedium
159ArgumentxxxxpredictiveLow
160Argumentx-xxxxxxxxx-xxxxpredictiveHigh
161Input Value"><xxxxxx>xxxxx(xxxxxxxx.xxxxxx)</xxxxxx>predictiveHigh
162Input Value/../../../../../../../../../xxxxxxx/xxx.xxxpredictiveHigh
163Input Value//xxx//xxxxxxx.xxxpredictiveHigh
164Input ValuexxxxxxpredictiveLow
165Input ValuexxpredictiveLow
166Input Valuexxxxxxx -xxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!