DeathStalker Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (203)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en192
de4
it2
es2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA26
CN: China10
ES: Spain6
RU: Russia4
BG: Bulgaria4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Feodo3
APT283
DeathStalker3
BazarBackdoor2
Cobalt Strike2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined96
Operating System12
Content Management System10
WordPress Plugin10
Smartphone Operating System8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined60
Google10
Microsoft8
IBM6
Apple6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android6
Microsoft Windows6
AXIS 2110 Network Camera4
Symonics libmysofa4
WordPress4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1FFmpeg get_bits.h get_bits_long stack-based overflow6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.000000.03
2Best Gallery Albums Plugin admin.php cross site scripting5.24.9$0-$5k$0-$5kNot definedOfficial fix 0.001780.00CVE-2014-8758
3AXIS 2110 Network Camera getparam.cgi denial of service9.89.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.047530.00CVE-2004-2427
4Oracle Application Express improper authorization5.04.8$5k-$25k$0-$5kNot definedOfficial fix 0.000470.04CVE-2024-21261
5PHPGurukul Apartment Visitors Management System admin-profile.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.000440.36CVE-2025-2380
61000 Projects Bookstore Management System book_detail.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000900.03CVE-2024-10845
71000 Projects Bookstore Management System search.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000900.04CVE-2024-10844
8PHPGurukul Online Shopping Portal two_tables.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.000510.00CVE-2024-10768
9composiohq composio api.py path path traversal4.03.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003570.11CVE-2024-8865
10code-projects Inventory Management Products Table Page viewProduct.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.001270.02CVE-2024-8710
11SourceCodester Online Graduate Tracer System nbproject exposure of information through directory listing5.35.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.000480.02CVE-2024-7809
12Pioneer DMH-WT7600NEX Media Service denial of service5.35.1$0-$5k$0-$5kNot definedNot defined 0.000340.01CVE-2024-23930
13onnx ONNX_ASSERTM out-of-bounds6.36.2$0-$5k$0-$5kNot definedOfficial fix 0.000290.00CVE-2024-27319
14Google Android Codec2BufferUtils.cpp ConvertRGBToPlanarYUV out-of-bounds write6.86.8$25k-$100k$5k-$25kNot definedOfficial fix 0.028370.02CVE-2024-0023
157-card Fakabao alipay_notify.php sql injection5.55.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000650.06CVE-2023-7183
16Scott Paterson Easy PayPal Shopping Cart Plugin cross site scripting5.15.1$0-$5k$0-$5kNot definedNot defined 0.000900.00CVE-2023-47239
17AWeber Free Sign Up Form and Landing Page Builder for Lead Generation and Email Newsletter Growth Plugin cross-site request forgery5.85.8$0-$5k$0-$5kNot definedNot defined 0.000970.00CVE-2023-47757
18Guillemant David WP Full Auto Tags Manager Plugin cross-site request forgery6.56.5$0-$5k$0-$5kNot definedNot defined 0.000960.05CVE-2023-34024
19Os Commerce cross site scripting6.56.5$0-$5k$0-$5kNot definedNot defined 0.001170.00CVE-2023-43718
20Dolibarr cross site scripting5.05.0$0-$5k$0-$5kNot definedOfficial fix 0.002060.02CVE-2023-5323

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Janicab

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
187.120.37.68www.tubebg.comDeathStalkerJanicab12/17/2022verifiedMedium
2XX.XXX.XXX.XXXXxxxxxxxxxxxXxxxxxx12/17/2022verifiedMedium
3XXX.XXX.XXX.XXXXxxxxxxxxxxxXxxxxxx12/17/2022verifiedMedium

TTP - Tactics, Techniques, Procedures (19)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-294, CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCAPEC-XXXCWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCAPEC-XCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
16TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (84)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin-profile.phppredictiveHigh
2File/admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.phppredictiveHigh
3File/etc/postfix/sender_loginpredictiveHigh
4File/goform/openSchedWifipredictiveHigh
5File/model/viewProduct.phppredictiveHigh
6File/services/details.asppredictiveHigh
7File/tracking/nbproject/predictiveHigh
8Fileadmin/getparam.cgipredictiveHigh
9FileaepxpredictiveLow
10Fileapp/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.phppredictiveHigh
11Filexxxxxx/xxxxxxxxxxpredictiveHigh
12Filexxxx_xxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxxpredictiveMedium
14Filexxxx/xxxxxx.xpredictiveHigh
15Filexxxxxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
17Filexxxxxxxx\xxxxxx\xxx.xxpredictiveHigh
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
20Filexxxxxxxxx.xxxpredictiveHigh
21Filexxxxxxx/xxx/xxxxxxxxxx/xxxxx.xpredictiveHigh
22Filexxxxxxx/xxx/xxxx/xxxxxx.xpredictiveHigh
23Filexxxxxxx.xxxpredictiveMedium
24Filexxx/xxxx_xxxx.xpredictiveHigh
25Filexxx/xxxxxxxxxx.xpredictiveHigh
26Filexxxx/xxxxxx.xpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxxxxxx.xxxpredictiveMedium
29Filexxxxxxxx.xxxpredictiveMedium
30Filexxxxxxx.xxxpredictiveMedium
31Filexxxxx/xxxxxxxx.xxx.xxxpredictiveHigh
32Filexxxxxxxxxx.xpredictiveMedium
33Filexxxxxx/xxxxx/xxxxxxx/xxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxx.xxxxpredictiveMedium
35Filexxxxxxxx.xxxpredictiveMedium
36Filexxxxxxx.xxpredictiveMedium
37Filexxxxxx.xxxpredictiveMedium
38Filexxxx/xxxxxx_xxxxxx.xxxpredictiveHigh
39Filexxxxxx.xxxpredictiveMedium
40Filexxxxxxxxx.xxxpredictiveHigh
41Filexxxxxxxxxxxx.xxxpredictiveHigh
42Filexxxxx/xxxxx.xxx?xxxxxxxxxxx_xx=xxxxpredictiveHigh
43Filexx-xxxxx/xxxxx.xxxpredictiveHigh
44Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
45Filexx-xxxxx.xxxpredictiveMedium
46Library/xxx/xxx_xx-xxxxx-xxx/xxxx.xx.xpredictiveHigh
47Libraryxxxxxxxx.xxxpredictiveMedium
48Libraryxxxxxx/xxxxxxxxxx/xxx_xxxx.xpredictiveHigh
49Libraryxxxxxx.xxxpredictiveMedium
50ArgumentxxxxxxpredictiveLow
51ArgumentxxxxxxxxxxpredictiveMedium
52ArgumentxxxxxxxxxxxxpredictiveMedium
53ArgumentxxxxxxpredictiveLow
54ArgumentxxxxxxxxxpredictiveMedium
55Argumentxxxxx xxxxxxx xx xxxxxxx xxxxxxxxxxxx xx xxxx xxxxxxxxxxpredictiveHigh
56ArgumentxxxxpredictiveLow
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxxxxxxpredictiveMedium
59ArgumentxxxxpredictiveLow
60ArgumentxxpredictiveLow
61Argumentxxx[xxxx_xx]predictiveMedium
62ArgumentxxxxxxxxxxxxpredictiveMedium
63Argumentxxxxxxx_xxxxxx_xxxxx[x]predictiveHigh
64Argumentxxxxx_xxxxx[xxxxxxxxx_xxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxx]/xxxxx_xxxxx[xxxx_xxxxxx]predictiveHigh
65Argumentxxxxx_xxpredictiveMedium
66Argumentxxx_xxxxx_xxpredictiveMedium
67ArgumentxxxxxxxxpredictiveMedium
68ArgumentxxxxxxpredictiveLow
69Argumentxxxxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
70ArgumentxxxxxxxpredictiveLow
71Argumentxxxxxxx_xxpredictiveMedium
72ArgumentxxxxxxxpredictiveLow
73ArgumentxxxxxxpredictiveLow
74ArgumentxxxxxxpredictiveLow
75ArgumentxxxxxpredictiveLow
76ArgumentxxxxxpredictiveLow
77Argument_xxx_xxxxxxx_xxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxx_xxxxpredictiveHigh
78Input Value/../predictiveLow
79Input ValuexxxxxxxxxxpredictiveMedium
80Input Valuex+xxxx (xxxxx xxxxxx xxxxxxx) xxx x+xxxx (xxxxx-xx-xxxx xxxxxxx)predictiveHigh
81Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
82Input Value\xxx\xxxpredictiveMedium
83Network Portxxx/xxxxpredictiveMedium
84Network Portxxx/xxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!