MetaStealer Analysis

IOB - Indicator of Behavior (71)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
ru10
es4
fr2
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us32
ru14
es4
is4
ag2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Online Student Admission System2
GNU Bash2
Tourismscripts Tourism Script Accomodation Hotel B ...2
cpCommerce2
360 FireLine Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Red Lion HMI Panel URI 7pk error6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00238CVE-2017-14855
2GNU Bash mod_cgi os command injection9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.97348CVE-2014-7169
3Hostel Searching Project view-property.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00223CVE-2022-4051
4Ovidentia CMS index.php sql injection4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.070.00089CVE-2021-29343
5phpBB XS bb_usage_stats.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.07955CVE-2006-4893
6SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00068CVE-2022-2681
7Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.00080CVE-2023-36745
8Elementor Plugin Template Import unrestricted upload6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00054CVE-2023-48777
9News & Blog Designer Pack Plugin file inclusion7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00322CVE-2023-5815
10LearnPress Plugin command injection7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.050.16476CVE-2023-6634
11Likeshop HTTP POST Request File.php userFormImage unrestricted upload8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00727CVE-2024-0352
12Proxmox proxmox-widget-toolkit Edit Notes cross site scripting5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00052CVE-2023-46854
13GG18/GG20 ECDSA Private Key injection7.77.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00070CVE-2023-33241
14Mozilla Firefox SPDY/HTTP/2 cryptographic issues5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.020.00411CVE-2014-1584
15Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.01192CVE-2023-21529
16MetInfo URL Redirector login.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00107CVE-2017-11718
17SourceCodester Sanitization Management System Admin Login sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00120CVE-2022-4726
18Microsoft SharePoint Workflow input validation10.08.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.91072CVE-2013-1330
19NdkAdvancedCustomizationFields createPdf.php cross site scripting4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00063CVE-2022-40840
20Redis XAUTOCLAIM Command heap-based overflow8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00598CVE-2022-31144

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
2T1059CWE-94Argument InjectionpredictiveHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/index.phppredictiveMedium
2File/uncpath/predictiveMedium
3Fileabout.phppredictiveMedium
4Fileadmin.phppredictiveMedium
5Fileadmin_feature.phppredictiveHigh
6Fileaj.htmlpredictiveLow
7Fileakocomments.phppredictiveHigh
8Filearchives.phppredictiveMedium
9Filexxxxxxx.xxxpredictiveMedium
10Filexxxx.xxx.xxxpredictiveMedium
11Filexx_xxxxx_xxxxx.xxxpredictiveHigh
12Filexxx-xxxxxx-xxxxxxxxxx-xxxxxx/xxxxxxx.xxxpredictiveHigh
13Filexxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
14Filexxx-xxx/xxxxxx/xxxxx.xxpredictiveHigh
15Filexxxxxxxxxxx.xxx.xxxpredictiveHigh
16Filexxxxxxx.xxxpredictiveMedium
17Filexxxxxxxxx.xxxpredictiveHigh
18Filexxxxxx.xxxpredictiveMedium
19Filexxxxxx.xxxpredictiveMedium
20Filexxxx-xxxxxxx.xxxpredictiveHigh
21Filexxxxxxxxx.xxxpredictiveHigh
22Filexxxxx.xxxpredictiveMedium
23Filexxxxxx.xxxpredictiveMedium
24Filexxxxx.xxxpredictiveMedium
25Filexxxx.xxxpredictiveMedium
26Filexxxxxx/xxxxx.xxxpredictiveHigh
27Filexxxxx.xxxpredictiveMedium
28Filexxxx.xxxpredictiveMedium
29Filexxxxxx/xxx/xx/xxx.xxpredictiveHigh
30Filexxxxxx.xxxpredictiveMedium
31Filexxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
32Filexxxxxxx_xxxxxx.xxxpredictiveHigh
33Filexxxx.xxxpredictiveMedium
34Filexxxx-xxxxxxxx.xxxpredictiveHigh
35Filexxxx.xxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxxx.xxxpredictiveHigh
37Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
38Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
39Argumentxxx_xxpredictiveLow
40Argumentxxxxxx_xxxxx_xxxxpredictiveHigh
41ArgumentxxxxpredictiveLow
42Argumentxx_xxxxpredictiveLow
43ArgumentxxxxxxxxpredictiveMedium
44Argumentxxxxxxx[xxxxxx]predictiveHigh
45ArgumentxxxxxpredictiveLow
46Argumentxxxxx_xxpredictiveMedium
47Argumentxxxxx_xxxxpredictiveMedium
48ArgumentxxpredictiveLow
49ArgumentxxpredictiveLow
50Argumentxxxx_xxpredictiveLow
51ArgumentxxxxxpredictiveLow
52Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
53Argumentxxxx_xxxxpredictiveMedium
54Argumentxxxxx_xxxx_xxxxpredictiveHigh
55ArgumentxxxpredictiveLow
56Argumentxxxxxxxx_xxpredictiveMedium
57ArgumentxxxxxxxxpredictiveMedium
58ArgumentxxxpredictiveLow
59Argumentxxxx-xxxxxpredictiveMedium
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
62Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
63Input Valuexxxxxx_xxxxxxxxpredictiveHigh

References (9)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

Want to stay up to date on a daily basis?

Enable the mail alert feature now!