DynamicStealer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (327)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en220
de32
ko12
ru10
ja10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA126
SV: El Salvador10
PL: Poland8
RU: Russia8
DE: Germany8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BitRAT2
DynamicStealer2
Remcos1
RastaFarEye1
Quasar RAT1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined144
Web Browser26
Operating System22
WordPress Plugin20
Smartphone Operating System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined62
SourceCodester26
Microsoft18
Mozilla18
Google14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Mozilla Firefox14
Microsoft Windows12
Google Chrome10
Mozilla Thunderbird8
Chained Quiz Plugin6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000530.09CVE-2023-2090
2Void Contact Form 7 Widget for Elementor Page Builder Plugin void_cf7_opt_in_user_data_track cross-site request forgery4.34.2$0-$5k$0-$5kNot definedNot defined 0.000700.08CVE-2022-47166
3Hitachi Energy UNEM R16A inadequate encryption6.76.6$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.001270.00CVE-2021-40342
4Artifex MuJS jsdate.c MakeDay integer overflow6.56.4$0-$5k$0-$5kNot definedOfficial fix 0.001660.00CVE-2017-5628
5Centreon Poller sql injection4.74.5$0-$5k$0-$5kNot definedOfficial fixpossible0.477040.00CVE-2022-41142
6Compuware ISPW Operations Plugin Configuration authorization3.53.5$0-$5k$0-$5kNot definedNot defined 0.000700.00CVE-2022-36898
7Apple macOS behavioral workflow5.35.1$5k-$25k$0-$5kNot definedOfficial fix 0.000650.00CVE-2024-44255
8fanzila WebFinance save_Contract_Signer_Role.php sql injection6.96.9$0-$5k$0-$5kNot definedOfficial fix 0.000520.00CVE-2013-10015
9SourceCodester Young Entrepreneur E-Negosyo System GET Parameter index.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000700.08CVE-2023-1686
10SourceCodester Online Courseware activateteach.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.004310.27CVE-2024-3423
11SimplePHPscripts GuestBook Script URL Parameter preview.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.001670.04CVE-2023-3476
12Elefant CMS Version Comparison Persistent cross site scripting4.33.8$0-$5k$0-$5kNot definedOfficial fix 0.000710.04CVE-2017-20058
13jeecgboot JimuReport Template injection7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial fixexpected0.891230.00CVE-2023-4450
14Hongjing e-HR Login Interface loadhistroyorgtree sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.003020.06CVE-2023-6655
15kalcaddle KodExplorer API Endpoint getFile unrestricted upload7.57.3$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.004540.04CVE-2023-6850
16Poly VVX 601 Diagnostic Telnet Mode os command injection7.27.0$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.026610.04CVE-2023-4464
17keerti1924 PHP-MYSQL-User-Login-System edit.php access control6.86.6$0-$5k$0-$5kProof-of-ConceptNot defined 0.002410.08CVE-2024-1701
18CodeAstro House Rental Management System User Registration Page cross site scripting4.94.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.002160.00CVE-2024-1825
19Smsot get.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.002250.04CVE-2024-0734
20SourceCodester Engineers Online Portal session expiration4.24.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.001480.05CVE-2024-0350

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.253.84.218DynamicStealer06/26/2024verifiedVery High
2XXX.XXX.XXX.XXXXxxxxxxxxxxxxx05/01/2024verifiedVery High
3XXX.XXX.XXX.XXXxxxxxxxxxx.xxxxxxxxxxxxx.xxxXxxxxxxxxxxxxx05/03/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (21)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-24, CWE-36, CWE-425Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
5T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
6TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXXCWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-XXXCWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
18TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
19TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
20TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
21TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (178)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/action/ipcamSetParamPostpredictiveHigh
2File/admin/?page=orders/view_orderpredictiveHigh
3File/admin/add_exercises.phppredictiveHigh
4File/admin/admin-profile.phppredictiveHigh
5File/admin/api/theme-edit/predictiveHigh
6File/admin/baojia_list.phppredictiveHigh
7File/admin/clientspredictiveHigh
8File/admin/doctors.phppredictiveHigh
9File/admin/inquiries/view_inquiry.phppredictiveHigh
10File/admin/maintenance/manage_category.phppredictiveHigh
11File/admin/maintenance/view_designation.phppredictiveHigh
12File/adminui/history_log.phppredictiveHigh
13File/ajax/remove_sniffer_raw_log/predictiveHigh
14File/bin/httpdpredictiveMedium
15File/cgi-bin/cstecgi.cgipredictiveHigh
16File/config-manager/savepredictiveHigh
17File/control/addcase_stage.phppredictiveHigh
18File/doctor/view-appointment-detail.phppredictiveHigh
19File/edit.phppredictiveMedium
20File/get.phppredictiveMedium
21File/goform/AddSysLogRulepredictiveHigh
22File/xxxxxx/xxxxxxxxxxxx/predictiveHigh
23File/xxxxxx/xxxxxxxxxxxxpredictiveHigh
24File/xxxxxx/xxxxxxpredictiveHigh
25File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
26File/x/xxxxxx?xxxxxxpredictiveHigh
27File/xxxxx/xxxx/xx.xxxpredictiveHigh
28File/xxxxx.xxx?xxxxxx=xxxxxxxx/xxxxxxxxpredictiveHigh
29File/xxxxx.xxx?xxxxxxxxx/xx/xxxxxxxx/xxxxxxxpredictiveHigh
30File/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
31File/xxxxxxx.xxxpredictiveMedium
32File/xxxxxx-xxxxxx-xxxxxxx-xxxxxx/xxxxx/xxxxx.xxx?xxxx=xxxxxx_xxxxxxxpredictiveHigh
33File/xx/xxxxxx/xxxxxxxxxxxxxxpredictiveHigh
34File/xxxx/xxxx_xxxxxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
35File/xxxx/xxxx_xxxxxx.xxxpredictiveHigh
36File/xxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
37File/x_xxxxxxxxxxx/xxxxxxxxxxxx/%xx./.%xx/xxxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxxpredictiveHigh
38File/xxx/xxxxxxxxxxxxxx.xxxpredictiveHigh
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxx.xxxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxx/?xxxx=xxxxx/xxxx_xxxxpredictiveHigh
44Filexxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxxx/xxxxxx.xxxpredictiveHigh
46Filexxxx.xxx?xxxxxx=xxxxxx_xxxxxpredictiveHigh
47Filexxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
48Filexxx/xxxxx/xxxxxxxxx/_xxxxxxxx.xxxx.xxxpredictiveHigh
49Filexx_xxxxx_xxxxx.xxxpredictiveHigh
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxx.xxxpredictiveMedium
52Filexxxxxxxxxxxx/xxxxx/xxxxxxxx/xxxxx.xxxpredictiveHigh
53Filexxxxxxxx/xxxxx.xxxpredictiveHigh
54Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
55Filexxxxxxxxxxx_xxxxpredictiveHigh
56Filexxxxx-xxxxxxx.xxxpredictiveHigh
57Filexxxxxx.xxpredictiveMedium
58Filexxxx_xxxx.xpredictiveMedium
59Filexxxxxx/xxxx/xxx_xxxx.xpredictiveHigh
60Filexxxxx.xxxpredictiveMedium
61Filexxxxxxx/xxx/xxx-xxxx.xpredictiveHigh
62Filexxxxxxx/xxxxx/xxx-xxxx/xxx_xxx.xpredictiveHigh
63Filexxxx-xxxxx.xxxpredictiveHigh
64Filexxxxxxxx.xxxpredictiveMedium
65Filexxxx_xxxx.xxxpredictiveHigh
66Filexxxxxxxxxxxxxxxxx.xxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
67Filexxxxxxx.xxxpredictiveMedium
68Filexxxxxxxxxxx.xxxpredictiveHigh
69Filexxxxxx/xxxxx/xxxx_xxxxxxxx_xxxxxx_xxxx.xxxpredictiveHigh
70Filexxxxx.xxxpredictiveMedium
71Filexxxxxxx_xxxx.xxxpredictiveHigh
72Filexxxxxx.xpredictiveMedium
73Filexxxxxx_xxxx.xxxpredictiveHigh
74Filexxxxxx/xxxxxx.xxxpredictiveHigh
75Filexx/xxx.xpredictiveMedium
76Filexxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
77Filexxx.xxxpredictiveLow
78Filexxxx_xxxxxxx.xxxpredictiveHigh
79Filexxxxxx_xxxxxx.xxpredictiveHigh
80Filexxxx/xxxxxxx/xxxxxxxx.xxxpredictiveHigh
81Filexxxxxxxxx.xxxpredictiveHigh
82Filexxxx-xxx.xxxpredictiveMedium
83Filexxxxxxx.xxxpredictiveMedium
84Filexxxxxxxxxxxxxx.xxxpredictiveHigh
85Filexxxxx.xxxpredictiveMedium
86Filexxxxxx.xxxpredictiveMedium
87Filexxxx/xxx/xxx_xxxx.xpredictiveHigh
88Filexxxxxx.xxxpredictiveMedium
89Filexxxxx.xxxpredictiveMedium
90Filexxx_xxxxxxxx.xxxpredictiveHigh
91Filexxxx/xxxxxx_xxxxxx.xxxpredictiveHigh
92Filexxx/xxxxxxxxx/xxxxx/xxxxxxx/predictiveHigh
93Filexxx/xxxx/xxxx/xxx/xxx/xxx/xxxxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
94Filexxx/xxxxxxx-xxxx.xxxpredictiveHigh
95Filexxxxxx_xxxxxxx.xxxpredictiveHigh
96Filexxxxxxxxxxxxxx.xxxpredictiveHigh
97Filexxxx_xxxxxxxxxx.xxxpredictiveHigh
98Filexxxx_xxx.xxxpredictiveMedium
99Filexxxx_xxxxxxx.xxxpredictiveHigh
100Filexxx/xxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
101Filexx-xxxxxxxxx.xxxpredictiveHigh
102Libraryxxx/xxxxxxx/xxx.xxpredictiveHigh
103LibraryxxxxxxpredictiveLow
104Argument$_xxxxxx['xxxxx_xxxxxx']predictiveHigh
105ArgumentxxxxxxxpredictiveLow
106ArgumentxxxxxxxxxpredictiveMedium
107Argumentxxx_xxxpredictiveLow
108ArgumentxxxxxxpredictiveLow
109ArgumentxxxxxxxpredictiveLow
110ArgumentxxxxxxxxpredictiveMedium
111Argumentxxxx_xxxpredictiveMedium
112ArgumentxxxxxpredictiveLow
113ArgumentxxxxxxpredictiveLow
114Argumentxxxxxx_xxxpredictiveMedium
115ArgumentxxxxpredictiveLow
116Argumentxxxx_xx_xxxxxpredictiveHigh
117ArgumentxxxxpredictiveLow
118ArgumentxxxxxxxxxxpredictiveMedium
119ArgumentxxxxxxpredictiveLow
120ArgumentxxxxxxxxxpredictiveMedium
121Argumentxxxxxx_xxxxxxxxpredictiveHigh
122Argumentxxxxx_xxpredictiveMedium
123ArgumentxxxxpredictiveLow
124Argumentxxxx_xxxpredictiveMedium
125Argumentxxxxx/xxxxx/xxxxxxpredictiveHigh
126Argumentxxxxxxxx_xxxxxpredictiveHigh
127Argumentxxxx/xxpredictiveLow
128ArgumentxxxxxxxxxpredictiveMedium
129Argumentx_xxxxpredictiveLow
130Argumentxx_xxpredictiveLow
131ArgumentxxxxpredictiveLow
132ArgumentxxpredictiveLow
133ArgumentxxpredictiveLow
134Argumentxxxxx_xxxxpredictiveMedium
135ArgumentxxpredictiveLow
136Argumentxx_xxxxxpredictiveMedium
137Argumentxxxx_xxxxpredictiveMedium
138ArgumentxxxxxxxpredictiveLow
139Argumentxxxxx_xxxxpredictiveMedium
140Argumentxx_xxxxxpredictiveMedium
141Argumentx/xpredictiveLow
142ArgumentxxxxpredictiveLow
143ArgumentxxxxpredictiveLow
144Argumentxxx_xxxxx_xxpredictiveMedium
145ArgumentxxxxpredictiveLow
146Argumentxxxx_xxxxxpredictiveMedium
147ArgumentxxxxxxxxpredictiveMedium
148ArgumentxxxxxxxxpredictiveMedium
149ArgumentxxxxpredictiveLow
150Argumentxxxx/xxxxpredictiveMedium
151Argumentxxxxx_xxxx_xxxxpredictiveHigh
152ArgumentxxxxxxxxpredictiveMedium
153ArgumentxxxxxxxxpredictiveMedium
154ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
155ArgumentxxxxxxxxpredictiveMedium
156ArgumentxxxxxxpredictiveLow
157ArgumentxxxxxxxxxxxxpredictiveMedium
158ArgumentxxxxxxxxpredictiveMedium
159Argumentxxxxxxxxxx/xxxxxxx/xxxx/xxxxxx xxxx/xxxxxpredictiveHigh
160ArgumentxxxxxxxxxxxxxxpredictiveHigh
161Argumentxx_xxpredictiveLow
162Argumentxxxx/xxxxxx xxxxpredictiveHigh
163ArgumentxxxpredictiveLow
164Argumentxxxx_xxxxpredictiveMedium
165ArgumentxxxpredictiveLow
166Argumentxxxx-xxxxxpredictiveMedium
167ArgumentxxxxxxxxpredictiveMedium
168Argumentxxxxxxxx/xxxxpredictiveHigh
169Argumentxxxx_xxpredictiveLow
170ArgumentxxxxxpredictiveLow
171ArgumentxxxxpredictiveLow
172ArgumentxxxxxxxxxxxxxpredictiveHigh
173Argument_xxpredictiveLow
174Input Value%xxpredictiveLow
175Input Value-xpredictiveLow
176Input Value<xxx xxx="x" xxxxxxx="xxxxxxx.xxx(x)">predictiveHigh
177Input Value<xxxxxx>xxxxx(xxx)</xxxxxx>predictiveHigh
178Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Samples (3)

The following list contains associated samples:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!