FickerStealer Analysis

IOB - Indicator of Behavior (332)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en248
es54
de12
ru6
fr4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us138
ru94
cn56
fr10
ir4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Microsoft Edge6
Microsoft ChakraCore6
Drupal6
WordPress6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.040.04187CVE-2007-1192
2D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.040.00954CVE-2013-3096
3Genetechsolutions Pie-Register wp-login.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.050.02255CVE-2013-4954
4Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01282CVE-2013-1917
5Atlassian Confluence Server Widget Connector Macro path traversal8.58.2$0-$5k$0-$5kHighOfficial Fix0.020.96089CVE-2019-3396
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.440.49183CVE-2016-6210
7Oracle MySQL Server InnoDB access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01104CVE-2018-3185
8ISC BIND named resolver.c input validation8.68.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.26383CVE-2016-1286
9D-Link DIR-645 Authentication getcfg.php information disclosure8.68.2$5k-$25k$0-$5kHighOfficial Fix0.030.00000
10ALFA AWUS036ACH Driver Network Configuration injection6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01108CVE-2020-26143
11Atlassian Confluence Workbox Notification Comment information disclosure5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00890CVE-2017-9505
12BusyBox unlzma Applet out-of-bounds7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00950CVE-2021-42374
13Linux Kernel port.c mlx4_register_mac memory corruption6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.00950CVE-2010-5332
14DT Register Extension sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00885CVE-2016-1000271
15Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2021-30747
16Qualcomm Snapdragon Automobile Register access control5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2017-11004
17XiongMai IP Camera/DVR NetSurveillance Web Interface memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.030.01578CVE-2017-16725
18ONLYOFFICE Document Server WebSocket API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.090.00885CVE-2020-11537
19nginx ngx_http_mp4_module information disclosure4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.090.04714CVE-2018-16845
20GitLab cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.010.00890CVE-2020-13345

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.21.27.29ec2-23-21-27-29.compute-1.amazonaws.comFickerStealerverifiedMedium
223.21.42.25ec2-23-21-42-25.compute-1.amazonaws.comFickerStealerverifiedMedium
323.21.140.41ec2-23-21-140-41.compute-1.amazonaws.comFickerStealerverifiedMedium
450.19.243.236ec2-50-19-243-236.compute-1.amazonaws.comFickerStealerverifiedMedium
554.221.253.252ec2-54-221-253-252.compute-1.amazonaws.comFickerStealerverifiedMedium
6XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
10XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
11XX.XXX.XXX.XXxx-xxxxxxx-xxx.xxxxxXxxxxxxxxxxxxverifiedHigh
12XX.XXX.XX.XXXXxxxxxxxxxxxxverifiedHigh
13XXX.XX.XX.XXXxxxxxxxxxxxxverifiedHigh
14XXX.XX.XX.XXXXxxxxxxxxxxxxverifiedHigh
15XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxxxxxverifiedHigh
16XXX.XXX.XX.XXXxxxxxxxxxxxxverifiedHigh
17XXX.XXX.XXX.XXXxxxxxxxxxxxxverifiedHigh
18XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxxverifiedHigh
19XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxxverifiedHigh
20XXX.XX.XX.XXXXxxxxxxxxxxxxverifiedHigh
21XXX.X.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxxverifiedHigh
22XXX.X.XX.XXXxxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxxverifiedHigh
23XXX.X.XX.XXXXxxxxxxxxxxxxverifiedHigh
24XXX.XX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxxverifiedHigh
25XXX.XXX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (110)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.envpredictiveLow
2File/category.phppredictiveHigh
3File/cgi-bin/delete_CApredictiveHigh
4File/Config/SaveUploadedHotspotLogoFilepredictiveHigh
5File/downloadpredictiveMedium
6File/getcfg.phppredictiveMedium
7File/get_getnetworkconf.cgipredictiveHigh
8File/GponForm/device_Form?script/predictiveHigh
9File/includes/rrdtool.inc.phppredictiveHigh
10File/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=eventspredictiveHigh
11File/Main_AdmStatus_Content.asppredictiveHigh
12File/NAGErrorspredictiveMedium
13File/xxxx/xxxxxxxxxxxpredictiveHigh
14File/xxxpredictiveLow
15File/xxxxxxx/predictiveMedium
16File/xxxxxx/xxxxxx.xxxpredictiveHigh
17File/xxx/xxx/xxxxxpredictiveHigh
18File/xx/xxxxx.xxxpredictiveHigh
19Filexxxxx/xxxxxxx.xxxpredictiveHigh
20Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
21Filexxxxx/xxxx.xxxxxxx.xxxpredictiveHigh
22Filexxxxx/xxxx.xxxx.xxxpredictiveHigh
23Filexxxxx\xxxxxxxxxx\xxxxxxxxxx.xxxpredictiveHigh
24Filexxx.xxxpredictiveLow
25Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveHigh
26Filexxx_xxxxxxxx.xxxpredictiveHigh
27Filexxxx_xx.xxpredictiveMedium
28Filexxxxx-xx-xxxx-xxxxx.xxxpredictiveHigh
29Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
30Filexx.x/xxxxxxxx.xpredictiveHigh
31Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
32Filexxxxxxx/xxxxxxxxx/xxx_xxxxx.xpredictiveHigh
33Filexxxxxxx/xxxx/xxxx/xxxx_xxxxxxxxxx.xpredictiveHigh
34Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveHigh
35Filexxxxx.xxxpredictiveMedium
36Filexxxxxxx.xxxxpredictiveMedium
37Filexxxxxxxx/xxxx_xxxxpredictiveHigh
38Filexxxx_xxxx.xpredictiveMedium
39Filexxxxxxxx/xxxx_xxxxxxxx/xxxxxxxx_xxxxxxx.xxxpredictiveHigh
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxxpredictiveHigh
44Filexxxxxxx.xxxpredictiveMedium
45Filexxx_xxxxxxxxx.xpredictiveHigh
46Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
47Filexxxxxxxx.xxpredictiveMedium
48Filexxxxx.xpredictiveLow
49Filexxxxxxxx.xxxpredictiveMedium
50Filexxxxxxx.xxpredictiveMedium
51Filexxxxxxxx_xxxx.xxxpredictiveHigh
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxxxx_xxxxxxx.xxxpredictiveHigh
54Filexxxx_xxxxxxxx.xxxpredictiveHigh
55Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xx/xxxxxxxxxx.xx/xxxxxxxxxxx.xxpredictiveHigh
56Filexxxxxxxxxxx.xpredictiveHigh
57Filexxx/xx_xxx.xpredictiveMedium
58Filexx.xxxpredictiveLow
59Filexxxxxxx.xxxpredictiveMedium
60Filexxxxxxx.xxxpredictiveMedium
61Filexxx_xxxxx.xxx?xxxx=xxxxxxxxpredictiveHigh
62Filexxxxxxx.xxxpredictiveMedium
63Filexx-xxxxx/xxxx.xxx?xxxx_xxxx=xxxxxpredictiveHigh
64Filexx-xxxxx.xxxpredictiveMedium
65LibraryxxxxxxxxxpredictiveMedium
66Argument--xxxxxx/--xxxxxxxxpredictiveHigh
67Argumentxxxxxxxxxx xxx xxxxxxxpredictiveHigh
68Argumentxxxxxxxxxx_xxxxpredictiveHigh
69ArgumentxxxpredictiveLow
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxpredictiveLow
72Argumentxxxx_xxxxxx=xxxxpredictiveHigh
73ArgumentxxxxxpredictiveLow
74ArgumentxxxxxxxxpredictiveMedium
75ArgumentxxxxxxxxpredictiveMedium
76ArgumentxxpredictiveLow
77ArgumentxxxxpredictiveLow
78ArgumentxxxxpredictiveLow
79Argumentxxxx_xxxxxxxpredictiveMedium
80ArgumentxxpredictiveLow
81ArgumentxxxxxxxxxxpredictiveMedium
82ArgumentxxpredictiveLow
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxpredictiveLow
85ArgumentxxxxxxxxpredictiveMedium
86Argumentxxxxxxx/xxxxpredictiveMedium
87ArgumentxxpredictiveLow
88ArgumentxxxxxpredictiveLow
89ArgumentxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxxpredictiveLow
93ArgumentxxxxxxxxxxxpredictiveMedium
94Argumentxxxxxx_xxxxpredictiveMedium
95ArgumentxxxxxxxpredictiveLow
96ArgumentxxxxxxxxpredictiveMedium
97ArgumentxxxpredictiveLow
98Argumentx_xxpredictiveLow
99ArgumentxxxxpredictiveLow
100Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
101ArgumentxxxxxpredictiveLow
102Argumentx-xxxxxxxxx-xxxpredictiveHigh
103Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
104Input Value-x+xxxxx+xxxxxx+x,x,xxxxxxx()predictiveHigh
105Input Value../predictiveLow
106Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
107Pattern|xx|xx|xx|predictiveMedium
108Network Portxxx/xxxxpredictiveMedium
109Network Portxxx/xxxx (xx-xxx)predictiveHigh
110Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!