FickerStealer Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en238
es48
de19
it3
pl3

Country

us156
ru74
cn51
fr10
es4

Actors

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25k$0-$5kHighWorkaround0.05CVE-2007-1192
2D-Link DIR-865L register_send.php improper authentication7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.04CVE-2013-3096
3Genetechsolutions Pie-Register wp-login.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2013-4954
4Linux Foundation Xen EFLAGS Register SYSENTER input validation6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2013-1917
5Atlassian Confluence Server Widget Connector Macro path traversal8.58.2$0-$5k$0-$5kHighOfficial Fix0.00CVE-2019-3396
6OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.40CVE-2016-6210
7Oracle MySQL Server InnoDB access control5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-3185
8ISC BIND named resolver.c input validation8.68.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.06CVE-2016-1286
9Atlassian Confluence Workbox Notification Comment information disclosure5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2017-9505
10D-Link DIR-645 Authentication getcfg.php information disclosure8.68.2$5k-$25k$0-$5kHighOfficial Fix0.03
11Linux Kernel port.c mlx4_register_mac memory corruption6.56.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2010-5332
12DT Register Extension sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.02CVE-2016-1000271
13Apple M1 Register s3_5_c15_c10_1 M1RACLES access control8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-30747
14Qualcomm Snapdragon Automobile Register access control5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2017-11004
15XiongMai IP Camera/DVR NetSurveillance Web Interface memory corruption8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.14CVE-2017-16725
16ONLYOFFICE Document Server WebSocket API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.06CVE-2020-11537
17nginx ngx_http_mp4_module information disclosure4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2018-16845
18GitLab cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2020-13345
19Nextcloud Server Access Control download access control5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-8139
20Microsoft IIS IP/Domain Restriction access control6.55.7$25k-$100k$0-$5kUnprovenOfficial Fix0.26CVE-2014-4078

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
123.21.27.29ec2-23-21-27-29.compute-1.amazonaws.comFickerStealerverifiedMedium
223.21.42.25ec2-23-21-42-25.compute-1.amazonaws.comFickerStealerverifiedMedium
323.21.140.41ec2-23-21-140-41.compute-1.amazonaws.comFickerStealerverifiedMedium
450.19.243.236ec2-50-19-243-236.compute-1.amazonaws.comFickerStealerverifiedMedium
554.221.253.252ec2-54-221-253-252.compute-1.amazonaws.comFickerStealerverifiedMedium
6XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
10XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedMedium
11XX.XXX.XXX.XXxx-xxxxxxx-xxx.xxxxxXxxxxxxxxxxxxverifiedHigh
12XX.XXX.XX.XXXXxxxxxxxxxxxxverifiedHigh
13XXX.XX.XX.XXXxxxxxxxxxxxxverifiedHigh
14XXX.XX.XX.XXXXxxxxxxxxxxxxverifiedHigh
15XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxxxxxverifiedHigh
16XXX.XXX.XX.XXXxxxxxxxxxxxxverifiedHigh
17XXX.XXX.XXX.XXXxxxxxxxxxxxxverifiedHigh
18XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxxverifiedHigh
19XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxxverifiedHigh
20XXX.XX.XX.XXXXxxxxxxxxxxxxverifiedHigh
21XXX.X.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxxverifiedHigh
22XXX.X.XX.XXXxxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxxverifiedHigh
23XXX.X.XX.XXXXxxxxxxxxxxxxverifiedHigh
24XXX.XX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxxverifiedHigh
25XXX.XXX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CWE-79Cross Site ScriptingpredictiveHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCWE-XXXXxxxxxxxxxx Xxxxxxx Xx XxxxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (106)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/.envpredictiveLow
2File/category.phppredictiveHigh
3File/cgi-bin/delete_CApredictiveHigh
4File/Config/SaveUploadedHotspotLogoFilepredictiveHigh
5File/downloadpredictiveMedium
6File/getcfg.phppredictiveMedium
7File/get_getnetworkconf.cgipredictiveHigh
8File/GponForm/device_Form?script/predictiveHigh
9File/includes/rrdtool.inc.phppredictiveHigh
10File/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=eventspredictiveHigh
11File/Main_AdmStatus_Content.asppredictiveHigh
12File/NAGErrorspredictiveMedium
13File/xxxx/xxxxxxxxxxxpredictiveHigh
14File/xxxpredictiveLow
15File/xxxxxxx/predictiveMedium
16File/xxxxxx/xxxxxx.xxxpredictiveHigh
17File/xxx/xxx/xxxxxpredictiveHigh
18File/xx/xxxxx.xxxpredictiveHigh
19Filexxxxx/xxxxxxx.xxxpredictiveHigh
20Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveHigh
21Filexxxxx/xxxx.xxxxxxx.xxxpredictiveHigh
22Filexxxxx/xxxx.xxxx.xxxpredictiveHigh
23Filexxxxx\xxxxxxxxxx\xxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveHigh
25Filexxx_xxxxxxxx.xxxpredictiveHigh
26Filexxxx_xx.xxpredictiveMedium
27Filexxxxx-xx-xxxx-xxxxx.xxxpredictiveHigh
28Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexx.x/xxxxxxxx.xpredictiveHigh
30Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxxxx/xxxxxxxxx/xxx_xxxxx.xpredictiveHigh
32Filexxxxxxx/xxxx/xxxx/xxxx_xxxxxxxxxx.xpredictiveHigh
33Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveHigh
34Filexxxxx.xxxpredictiveMedium
35Filexxxxxxx.xxxxpredictiveMedium
36Filexxxxxxxx/xxxx_xxxxpredictiveHigh
37Filexxxx_xxxx.xpredictiveMedium
38Filexxxxxxxx/xxxx_xxxxxxxx/xxxxxxxx_xxxxxxx.xxxpredictiveHigh
39Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveHigh
40Filexxxxxxxx.xxxpredictiveMedium
41Filexxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxxpredictiveHigh
42Filexxxxxxx.xxxpredictiveMedium
43Filexxx_xxxxxxxxx.xpredictiveHigh
44Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveHigh
45Filexxxxxxxx.xxpredictiveMedium
46Filexxxxx.xpredictiveLow
47Filexxxxxxxx.xxxpredictiveMedium
48Filexxxxxxx.xxpredictiveMedium
49Filexxxxxxxx_xxxx.xxxpredictiveHigh
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxx_xxxxxxx.xxxpredictiveHigh
52Filexxxx_xxxxxxxx.xxxpredictiveHigh
53Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xx/xxxxxxxxxx.xx/xxxxxxxxxxx.xxpredictiveHigh
54Filexxxxxxxxxxx.xpredictiveHigh
55Filexxx/xx_xxx.xpredictiveMedium
56Filexx.xxxpredictiveLow
57Filexxxxxxx.xxxpredictiveMedium
58Filexxxxxxx.xxxpredictiveMedium
59Filexxx_xxxxx.xxx?xxxx=xxxxxxxxpredictiveHigh
60Filexxxxxxx.xxxpredictiveMedium
61Filexx-xxxxx/xxxx.xxx?xxxx_xxxx=xxxxxpredictiveHigh
62Filexx-xxxxx.xxxpredictiveMedium
63LibraryxxxxxxxxxpredictiveMedium
64Argument--xxxxxx/--xxxxxxxxpredictiveHigh
65Argumentxxxxxxxxxx xxx xxxxxxxpredictiveHigh
66Argumentxxxxxxxxxx_xxxxpredictiveHigh
67ArgumentxxxpredictiveLow
68ArgumentxxxxxxxxpredictiveMedium
69Argumentxxxx_xxxxxx=xxxxpredictiveHigh
70ArgumentxxxxxpredictiveLow
71ArgumentxxxxxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxpredictiveLow
74ArgumentxxxxpredictiveLow
75ArgumentxxxxpredictiveLow
76Argumentxxxx_xxxxxxxpredictiveMedium
77ArgumentxxpredictiveLow
78ArgumentxxxxxxxxxxpredictiveMedium
79ArgumentxxpredictiveLow
80ArgumentxxxxpredictiveLow
81ArgumentxxxxxpredictiveLow
82ArgumentxxxxxxxxpredictiveMedium
83Argumentxxxxxxx/xxxxpredictiveMedium
84ArgumentxxpredictiveLow
85ArgumentxxxxxpredictiveLow
86ArgumentxxxxxxxxpredictiveMedium
87ArgumentxxxxxxxxpredictiveMedium
88ArgumentxxxxpredictiveLow
89ArgumentxxxxxxxpredictiveLow
90ArgumentxxxxxxxxxxxpredictiveMedium
91Argumentxxxxxx_xxxxpredictiveMedium
92ArgumentxxxxxxxpredictiveLow
93ArgumentxxxxxxxxpredictiveMedium
94ArgumentxxxpredictiveLow
95Argumentx_xxpredictiveLow
96ArgumentxxxxpredictiveLow
97Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
98Argumentx-xxxxxxxxx-xxxpredictiveHigh
99Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveHigh
100Input Value-x+xxxxx+xxxxxx+x,x,xxxxxxx()predictiveHigh
101Input Value../predictiveLow
102Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
103Pattern|xx|xx|xx|predictiveMedium
104Network Portxxx/xxxxpredictiveMedium
105Network Portxxx/xxxx (xx-xxx)predictiveHigh
106Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!