Ficker Stealer Analysisinfo

IOB - Indicator of Behavior (299)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en248
ru34
pl4
zh4
ja4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

PHP6
UltraVNC6
Qualcomm QAM8295P6
Qualcomm QCA6574AU6
Qualcomm QCA6595AU6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000000.34
2Zyxel ARMOR Z1/ARMOR Z2 CGI Program os command injection8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.000680.04CVE-2021-4029
3Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009361.83CVE-2020-15906
4Apple macOS wifivelocityd default permission8.28.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.001480.03CVE-2020-3838
5Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.80
6DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.021950.53CVE-2010-0966
7DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.28CVE-2007-1167
8Harbor improper authentication6.96.8$0-$5k$0-$5kNot DefinedNot Defined0.057380.03CVE-2022-46463
9UltraVNC VNC Server memory corruption8.78.6$0-$5k$0-$5kNot DefinedOfficial Fix0.017630.03CVE-2019-8274
10Serendipity exit.php privileges management6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.19
11WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001770.22CVE-2008-0507
12Devilz Clanportal File Upload5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.05CVE-2006-6338
13UltraVNC VNC Server memory corruption8.78.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.017630.00CVE-2019-8271
14UltraVNC VNC Server access control8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.108590.04CVE-2019-8275
15BlackBerry QNX SDP BMP Image Codec Privilege Escalation6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.006150.04CVE-2021-32024
16esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001350.06CVE-2010-4996
17Oracle GlassFish Server Web Container memory corruption9.89.6$100k and more$5k-$25kNot DefinedOfficial Fix0.046120.04CVE-2016-3607
18SourceCodester Employee and Visitor Gate Pass Logging System Master.php save_designation cross site scripting3.23.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000900.08CVE-2024-6650
19SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001321.11CVE-2022-28959
20VICIdial vicidial.php cross site scripting4.84.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.04CVE-2021-35377

IOC - Indicator of Compromise (65)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.56.212.247Ficker Stealer12/21/2023verifiedVery High
25.178.2.214Ficker Stealer01/12/2023verifiedHigh
38.208.86.224Ficker Stealer08/05/2021verifiedLow
48.209.71.17Ficker Stealer11/17/2021verifiedMedium
58.211.195.96Ficker Stealer07/03/2021verifiedLow
634.65.142.243243.142.65.34.bc.googleusercontent.comFicker Stealer03/22/2021verifiedVery Low
734.90.166.44.166.90.34.bc.googleusercontent.comFicker Stealer03/24/2021verifiedVery Low
834.91.253.186186.253.91.34.bc.googleusercontent.comFicker Stealer04/09/2021verifiedVery Low
934.94.171.115115.171.94.34.bc.googleusercontent.comFicker Stealer04/22/2021verifiedVery Low
1034.106.112.240240.112.106.34.bc.googleusercontent.comFicker Stealer04/19/2021verifiedVery Low
1135.203.73.169169.73.203.35.bc.googleusercontent.comFicker Stealer04/25/2021verifiedVery Low
1235.228.242.2121.242.228.35.bc.googleusercontent.comFicker Stealer03/28/2021verifiedVery Low
1337.0.8.225avilalee.cartierevannucci.comFicker Stealer07/20/2021verifiedLow
14XX.XX.XXX.Xxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxx Xxxxxxx12/21/2023verifiedVery High
15XX.XX.X.XXXXxxxxx Xxxxxxx11/15/2022verifiedHigh
16XX.XX.XXX.XXXXxxxxx Xxxxxxx04/20/2021verifiedLow
17XX.XXX.XX.XXXxxxxx Xxxxxxx03/22/2021verifiedLow
18XX.XXX.XXX.XXXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxx Xxxxxxx08/19/2021verifiedLow
19XX.XXX.XXX.XXxxxxxx.xxxxxxx.xxxXxxxxx Xxxxxxx11/17/2022verifiedHigh
20XX.XXX.XXX.XXXxxx.xxxXxxxxx Xxxxxxx11/08/2022verifiedMedium
21XX.XXX.XXX.XXxxxxxxxxxxxxxx.xxxxxxx.xxxXxxxxx Xxxxxxx12/19/2022verifiedHigh
22XX.XXX.XX.XXXXxxxxx Xxxxxxx12/29/2021verifiedMedium
23XX.XXX.XXX.XXXXxxxxx Xxxxxxx08/25/2021verifiedLow
24XX.XXX.XX.XXXxxxxx.xx-xx-xxx-xx.xxXxxxxx Xxxxxxx05/03/2021verifiedLow
25XX.XXX.XXX.Xxxxx-xx-xxx-xxx-x.xxxxxx-xx-xxxxxx.xxXxxxxx Xxxxxxx03/28/2021verifiedVery Low
26XX.XXX.XXX.XXxxxx.xxxxxXxxxxx Xxxxxxx02/20/2023verifiedHigh
27XX.XXX.XX.XXxxxxxxxx.xxxXxxxxx Xxxxxxx12/21/2023verifiedVery High
28XX.XXX.XX.XXXxxxxxxx.xxxXxxxxx Xxxxxxx02/20/2023verifiedHigh
29XX.XX.XX.XXXxxxxx Xxxxxxx11/11/2022verifiedMedium
30XX.XX.XX.XXXXxxxxx Xxxxxxx11/21/2022verifiedHigh
31XX.XX.XX.XXXXxxxxx Xxxxxxx01/24/2023verifiedHigh
32XX.XX.XXX.XXXxxxxxxxxx.xxXxxxxx Xxxxxxx05/06/2022verifiedMedium
33XX.XXX.XXX.XXXXxxxxx Xxxxxxx07/15/2021verifiedLow
34XX.XXX.XX.XXxxxxxxxxxxx.xxXxxxxx Xxxxxxx08/28/2021verifiedLow
35XX.XXX.XX.XXXxxxx.xxXxxxxx Xxxxxxx04/26/2021verifiedLow
36XX.XX.XXX.XXxxxxxxxxx.xxxxxxxxxx.xxxXxxxxx Xxxxxxx04/18/2021verifiedLow
37XX.XXX.XX.XXXxxxxxxxxx.xxxXxxxxx Xxxxxxx10/01/2022verifiedMedium
38XX.XXX.XXX.XXxxxxxxx-xxxxxxx.xxx.xxXxxxxx Xxxxxxx01/23/2023verifiedHigh
39XX.XXX.XXX.XXxxxxx-xx.xxXxxxxx Xxxxxxx02/24/2023verifiedHigh
40XX.XXX.XX.XXXXxxxxx Xxxxxxx02/16/2024verifiedVery High
41XX.XX.XXX.XXXXxxxxx Xxxxxxx04/13/2021verifiedLow
42XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx Xxxxxxx06/29/2021verifiedVery Low
43XX.XXX.XX.XXXxxxx-xx-xxx-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxx Xxxxxxx05/10/2021verifiedVery Low
44XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx Xxxxxxx12/24/2022verifiedMedium
45XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx Xxxxxxx01/05/2023verifiedMedium
46XX.XXX.XXX.XXxxxxxx-xxx.xxxxxxxxxxx.xxxXxxxxx Xxxxxxx06/22/2021verifiedLow
47XX.XXX.XXX.XXXxxxxxx.xxxXxxxxx Xxxxxxx01/07/2023verifiedHigh
48XX.XXX.XXX.XXXxxxxxxx.xxxXxxxxx Xxxxxxx11/30/2022verifiedHigh
49XXX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxx Xxxxxxx11/17/2022verifiedMedium
50XXX.XX.XX.XXXxxxxxx.xxx.xx.xx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxx Xxxxxxx04/08/2021verifiedLow
51XXX.XXX.XXX.XXXXxxxxx Xxxxxxx04/05/2021verifiedLow
52XXX.XXX.XXX.XXXXxxxxx Xxxxxxx05/16/2021verifiedLow
53XXX.XX.XX.XXxxxxxx.xxxxxx.xxxxxXxxxxx Xxxxxxx12/14/2020verifiedVery Low
54XXX.XX.XX.XXXXxxxxx Xxxxxxx06/10/2021verifiedLow
55XXX.XXX.XXX.XXXXxxxxx Xxxxxxx04/22/2021verifiedLow
56XXX.XXX.XXX.XXXxxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxx Xxxxxxx10/17/2024verifiedVery High
57XXX.XX.XXX.XXXxxx.xxxxx.xxXxxxxx Xxxxxxx04/04/2021verifiedLow
58XXX.XXX.XX.XXXXxxxxx Xxxxxxx10/31/2022verifiedMedium
59XXX.XXX.XXX.XXxxxx.xxxxxxxx.xxXxxxxx Xxxxxxx10/24/2022verifiedMedium
60XXX.X.XX.XXXxxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxx Xxxxxxx08/09/2021verifiedVery Low
61XXX.X.XX.XXXxxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxx Xxxxxxx06/26/2021verifiedVery Low
62XXX.XXX.XX.XXXXxxxxx Xxxxxxx07/08/2021verifiedLow
63XXX.XXX.XX.XXXXxxxxx Xxxxxxx05/14/2021verifiedLow
64XXX.XXX.XXX.XXXxxxxxxxxxxx.xxxxxxxxxxxxxx.xxxXxxxxx Xxxxxxx10/12/2022verifiedMedium
65XXX.XX.XXX.XXXxxxxxx.xxxxxx.xxxxXxxxxx Xxxxxxx08/15/2021verifiedLow

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (95)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/agc/vicidial.phppredictiveHigh
2File/cgi-bin/viewcertpredictiveHigh
3File/classes/Master.phppredictiveHigh
4File/cstecgi.cgipredictiveMedium
5File/forum/away.phppredictiveHigh
6File/freelance/resume_listpredictiveHigh
7File/ovirt-engine/webadmin/GenericApiGWTServicepredictiveHigh
8File/pms/admin/crimes/manage_crime.phppredictiveHigh
9File/sitecore/shell/Invoke.aspxpredictiveHigh
10File/spip.phppredictiveMedium
11File/uncpath/predictiveMedium
12File/xxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
13File/xxx/xxx/xxxxxx.xxxxpredictiveHigh
14File/xxx/xxx/xx/xxxxxx/xxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxx/xxxxxx.xxx/xxxxxx.xxx.xxxpredictiveHigh
18Filexxxxxxxxxxxxx/xxxxxxxxxx/xxx_xxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
19Filexxxxxxxxx.xxxpredictiveHigh
20FilexxxxxxxxxxxpredictiveMedium
21Filexxxxxxx.xxxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxx-xxx/xxxxxxx.xxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
27Filexxxx_xxx.xxxpredictiveMedium
28Filexxx_xxxxxx_xxxx_xxxxxx.xpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxx/xxxx/xxxx.xpredictiveHigh
31Filexxx/xxxxxx.xxxpredictiveHigh
32Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxxpredictiveMedium
34Filexxxxx.xxx?xxxx=xxxxxxx_xxxxxpredictiveHigh
35Filexxxxx-xxxxxx-xxxxxx.xxxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxx_xxxxxx.xpredictiveMedium
38Filexxx_xxxx.xxxpredictiveMedium
39Filexxxxxxx.xxxpredictiveMedium
40Filexxxx.xxxpredictiveMedium
41Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
42Filexxxxxx_xxxxxx.xxxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
45Filexxxx-xxxxxxxx.xxxpredictiveHigh
46Filexxxxxxx_xxxx.xxxpredictiveHigh
47Filexxxxxxx.xxxpredictiveMedium
48Filexxxx-xxxxx.xxxpredictiveHigh
49Filexxxx-xxxxx.xxxpredictiveHigh
50Filexxxx-xxxxxxxx.xxxpredictiveHigh
51Filexxxxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
54Filexxxx\xxxxxx_xxxx.xxxpredictiveHigh
55Filexxxx.xxxpredictiveMedium
56Filexxxx_xxxxxxx.xxxpredictiveHigh
57Filexxx/xxxxxxxx/xxxxxxxx.xxxpredictiveHigh
58Filexxxxxx.xxx?xxxxxx=xxxxxxxxx.xxxx&xxxxxxxxxxx=xpredictiveHigh
59Filexxxx/xxxx_xxxxxx.xpredictiveHigh
60FilexxxxxxxpredictiveLow
61Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
62Libraryxxxxxxxx.xxxpredictiveMedium
63ArgumentxxxxxxxxpredictiveMedium
64ArgumentxxxxxxxxxxxxxpredictiveHigh
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxpredictiveLow
67ArgumentxxxxxxxxxxpredictiveMedium
68ArgumentxxxxpredictiveLow
69ArgumentxxxxxxpredictiveLow
70Argumentxxxxxx xxxxpredictiveMedium
71Argumentxxxx_xxxpredictiveMedium
72ArgumentxxxxxxxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxpredictiveLow
75ArgumentxxxxxpredictiveLow
76Argumentxxx_xxxxxxxxpredictiveMedium
77ArgumentxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79ArgumentxxxxxxxxxpredictiveMedium
80Argumentxxxx/xxxxxxpredictiveMedium
81ArgumentxxpredictiveLow
82ArgumentxxxxxxxpredictiveLow
83ArgumentxxxpredictiveLow
84ArgumentxxxxxxpredictiveLow
85Argumentxxxxxx_xxxxxxpredictiveHigh
86Argumentxxxxxx_xxxpredictiveMedium
87ArgumentxxxpredictiveLow
88ArgumentxxxpredictiveLow
89ArgumentxxxxxxxxxpredictiveMedium
90ArgumentxxxxpredictiveLow
91ArgumentxxxpredictiveLow
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94Input Value%x/%xpredictiveLow
95Input Value.%xx.../.%xx.../predictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Samples (5)

The following list contains associated samples:

This view requires CTI permissions

Just purchase a CTI license today!