FickerStealer Analysis

IOB - Indicator of Behavior (351)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en266
es44
de26
it4
sv4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us162
ru90
cn46
fr10
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows10
Jenkins10
Linux Kernel8
PHP6
Apache HTTP Server6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.000.00109CVE-2013-3096
3Genetechsolutions Pie-Register wp-login.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00904CVE-2013-4954
4Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00062CVE-2013-1917
5Atlassian Confluence Server Widget Connector Macro path traversal8.58.4$0-$5kCalculatingHighOfficial Fix0.000.97508CVE-2019-3396
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
7Oracle MySQL Server InnoDB access control5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00098CVE-2018-3185
8ISC BIND named resolver.c input validation8.68.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.62316CVE-2016-1286
9D-Link DIR-645 Authentication getcfg.php information disclosure8.68.2$5k-$25k$0-$5kHighOfficial Fix0.020.00000
10ALFA AWUS036ACH Driver Network Configuration injection6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.080.00159CVE-2020-26143
11Atlassian Confluence Workbox Notification Comment information disclosure5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00149CVE-2017-9505
12BusyBox unlzma Applet out-of-bounds7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00123CVE-2021-42374
13Linux Kernel port.c mlx4_register_mac memory corruption6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00045CVE-2010-5332
14DT Register Extension sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00169CVE-2016-1000271
15Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2021-30747
16Qualcomm Snapdragon Automobile Register access control5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2017-11004
17XiongMai IP Camera/DVR NetSurveillance Web Interface memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00372CVE-2017-16725
18ONLYOFFICE Document Server WebSocket API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00174CVE-2020-11537
19nginx ngx_http_mp4_module information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00198CVE-2018-16845
20GitLab cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00067CVE-2020-13345

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
123.21.27.29ec2-23-21-27-29.compute-1.amazonaws.comFickerStealer05/11/2022verifiedMedium
223.21.42.25ec2-23-21-42-25.compute-1.amazonaws.comFickerStealer05/11/2022verifiedMedium
323.21.140.41ec2-23-21-140-41.compute-1.amazonaws.comFickerStealer05/11/2022verifiedMedium
450.19.243.236ec2-50-19-243-236.compute-1.amazonaws.comFickerStealer05/11/2022verifiedMedium
554.221.253.252ec2-54-221-253-252.compute-1.amazonaws.comFickerStealer05/11/2022verifiedMedium
6XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedMedium
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedMedium
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedMedium
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedMedium
10XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedMedium
11XX.XXX.XXX.XXxx-xxxxxxx-xxx.xxxxxXxxxxxxxxxxxx05/11/2022verifiedHigh
12XX.XXX.XX.XXXXxxxxxxxxxxxx05/11/2022verifiedHigh
13XXX.XX.XX.XXXxxxxxxxxxxxx05/11/2022verifiedHigh
14XXX.XX.XX.XXXXxxxxxxxxxxxx05/11/2022verifiedHigh
15XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedHigh
16XXX.XXX.XX.XXXxxxxxxxxxxxx05/11/2022verifiedHigh
17XXX.XXX.XXX.XXXxxxxxxxxxxxx05/11/2022verifiedHigh
18XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedHigh
19XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedHigh
20XXX.XX.XX.XXXXxxxxxxxxxxxx05/11/2022verifiedHigh
21XXX.X.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxx05/11/2022verifiedHigh
22XXX.X.XX.XXXxxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxx05/11/2022verifiedHigh
23XXX.X.XX.XXXXxxxxxxxxxxxx05/11/2022verifiedHigh
24XXX.XX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedHigh
25XXX.XXX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx05/11/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Path TraversalpredictiveHigh
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4T1059CWE-94Argument InjectionpredictiveHigh
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh
18TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (117)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.envpredictiveLow
2File/category.phppredictiveHigh
3File/cgi-bin/delete_CApredictiveHigh
4File/cgi-bin/luci;stok=/localepredictiveHigh
5File/Config/SaveUploadedHotspotLogoFilepredictiveHigh
6File/downloadpredictiveMedium
7File/general/email/outbox/delete.phppredictiveHigh
8File/getcfg.phppredictiveMedium
9File/get_getnetworkconf.cgipredictiveHigh
10File/GponForm/device_Form?script/predictiveHigh
11File/includes/rrdtool.inc.phppredictiveHigh
12File/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=eventspredictiveHigh
13File/Main_AdmStatus_Content.asppredictiveHigh
14File/xxxxxxxxxpredictiveMedium
15File/xxxx/xxxxxxxxxxxpredictiveHigh
16File/xxxpredictiveLow
17File/xxxxxxx/predictiveMedium
18File/xxxxxx/xxxxxx.xxxpredictiveHigh
19File/xxx/xxx/xxxxxpredictiveHigh
20File/xx/xxxxx.xxxpredictiveHigh
21Filexxxxx/xxxxxxx.xxxpredictiveHigh
22Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
23Filexxxxx/xxxx.xxxxxxx.xxxpredictiveHigh
24Filexxxxx/xxxx.xxxx.xxxpredictiveHigh
25Filexxxxx\xxxxxxxxxx\xxxxxxxxxx.xxxpredictiveHigh
26Filexxx.xxxpredictiveLow
27Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveHigh
28Filexxx_xxxxxxxx.xxxpredictiveHigh
29Filexxxx_xx.xxpredictiveMedium
30Filexxxxx-xx-xxxx-xxxxx.xxxpredictiveHigh
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexx.x/xxxxxxxx.xpredictiveHigh
33Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxx/xxxxxxxxx/xxx_xxxxx.xpredictiveHigh
35Filexxxxxxx/xxxx/xxxx/xxxx_xxxxxxxxxx.xpredictiveHigh
36Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxxx.xxxxpredictiveMedium
39Filexxxxxxxx/xxxx_xxxxpredictiveHigh
40Filexxxx_xxxx.xpredictiveMedium
41Filexxxxxxxx/xxxx_xxxxxxxx/xxxxxxxx_xxxxxxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
44Filexxxxxxxx.xxxpredictiveMedium
45Filexxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxxpredictiveHigh
46Filexxxxxxx.xxxpredictiveMedium
47Filexxx_xxxxxxxxx.xpredictiveHigh
48Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
49Filexxxxxxxx.xxpredictiveMedium
50Filexxxxx.xpredictiveLow
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxx.xxpredictiveMedium
53Filexxxxxxxx_xxxx.xxxpredictiveHigh
54Filexxxxxxxx.xxxpredictiveMedium
55Filexxxxxx_xxxxxxx.xxxpredictiveHigh
56Filexxxx_xxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xx/xxxxxxxxxx.xx/xxxxxxxxxxx.xxpredictiveHigh
58Filexxxxxxxxxxx.xpredictiveHigh
59Filexxx/xx_xxx.xpredictiveMedium
60Filexx.xxxpredictiveLow
61Filexxxxxxx.xxxpredictiveMedium
62Filexxxxxxx.xxxpredictiveMedium
63Filexxx_xxxxx.xxx?xxxx=xxxxxxxxpredictiveHigh
64Filexxxxxxx.xxxpredictiveMedium
65Filexx-xxxxx/xxxx.xxx?xxxx_xxxx=xxxxxpredictiveHigh
66Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveHigh
67Filexx-xxxxx.xxxpredictiveMedium
68Library/_xxx_xxx/xxxxx.xxxpredictiveHigh
69Libraryxxx/xxxx/xxxxxx.xxpredictiveHigh
70LibraryxxxxxxxxxpredictiveMedium
71Argument--xxxxxx/--xxxxxxxxpredictiveHigh
72Argumentxxxxxxxxxx xxx xxxxxxxpredictiveHigh
73Argumentxxxxxxxxxx_xxxxpredictiveHigh
74ArgumentxxxpredictiveLow
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxxxxxxpredictiveLow
77ArgumentxxxxxxxpredictiveLow
78Argumentxxxxxx_xxxpredictiveMedium
79Argumentxxxx_xxxxxx=xxxxpredictiveHigh
80ArgumentxxxxxpredictiveLow
81ArgumentxxxxxxxxpredictiveMedium
82ArgumentxxxxxxxxpredictiveMedium
83ArgumentxxpredictiveLow
84ArgumentxxxxpredictiveLow
85ArgumentxxxxpredictiveLow
86Argumentxxxx_xxxxxxxpredictiveMedium
87ArgumentxxpredictiveLow
88ArgumentxxxxxxxxxxpredictiveMedium
89ArgumentxxpredictiveLow
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxpredictiveLow
92ArgumentxxxxxxxxpredictiveMedium
93Argumentxxxxxxx/xxxxpredictiveMedium
94ArgumentxxpredictiveLow
95ArgumentxxxxxpredictiveLow
96ArgumentxxxxxxxxpredictiveMedium
97ArgumentxxxxxxxxpredictiveMedium
98ArgumentxxxxpredictiveLow
99ArgumentxxxxxxxpredictiveLow
100ArgumentxxxxxxxxxxxpredictiveMedium
101Argumentxxxxxx_xxxxpredictiveMedium
102ArgumentxxxxxxxpredictiveLow
103ArgumentxxxxxxxxpredictiveMedium
104ArgumentxxxpredictiveLow
105Argumentx_xxpredictiveLow
106ArgumentxxxxpredictiveLow
107Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
108ArgumentxxxxxpredictiveLow
109Argumentx-xxxxxxxxx-xxxpredictiveHigh
110Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
111Input Value-x+xxxxx+xxxxxx+x,x,xxxxxxx()predictiveHigh
112Input Value../predictiveLow
113Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
114Pattern|xx|xx|xx|predictiveMedium
115Network Portxxx/xxxxpredictiveMedium
116Network Portxxx/xxxx (xx-xxx)predictiveHigh
117Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you know our Splunk app?

Download it now for free!