MetaStealer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (97)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en74
ru12
es4
zh4
pt2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA32
RU: Russia14
WF: Wallis and Futuna8
CN: China8
ES: Spain4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MetaStealer9
RedLine Stealer3
Socks5 Systemz2
Stealc2
United States of America2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined40
Content Management System8
E-Commerce Management Software6
Hospitality Software4
Smartphone Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined34
SourceCodester4
Apache4
Microsoft4
HIS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FS Expedia Clone2
HIS Auktion2
Athonet vEPC MME2
Loris Hotel Reservation System2
Discuz!2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Red Lion HMI Panel URI 7pk error6.96.9$0-$5k$0-$5kNot definedNot defined 0.006190.00CVE-2017-14855
2SourceCodester Clinics Patient Management System congratulations.php redirect4.94.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000320.00CVE-2024-8555
3GNU Bash mod_cgi os command injection9.89.6$0-$5k$0-$5kHighOfficial fixverified0.889550.00CVE-2014-7169
4Hostel Searching Project view-property.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot defined 0.000450.08CVE-2022-4051
5Ovidentia CMS index.php sql injection4.34.1$0-$5k$0-$5kProof-of-ConceptNot defined 0.001880.00CVE-2021-29343
6phpBB XS bb_usage_stats.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.012580.02CVE-2006-4893
7SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot defined 0.000630.09CVE-2022-2681
8Google Android CredentialManagerUi.java createPendingetent information disclosure4.44.3$5k-$25k$0-$5kNot definedOfficial fix 0.000100.00CVE-2023-40076
9Athonet vEPC MME denial of service4.74.7$0-$5k$0-$5kNot definedNot defined 0.000520.07CVE-2024-24457
10Nextcloud user_oidc redirect3.83.7$0-$5k$0-$5kNot definedOfficial fix 0.000120.02CVE-2024-52512
11Intel Server M20NTP BIOS UEFI Firmware use after free6.46.4$5k-$25k$5k-$25kNot definedNot defined 0.000160.08CVE-2024-40885
12Mehrdad Farahani WP EIS Plugin sql injection7.47.3$0-$5k$0-$5kNot definedNot defined 0.000850.00CVE-2024-51623
13Linux Kernel ntfs3 ni_lock_dir deadlock5.75.5$0-$5k$0-$5kNot definedOfficial fix 0.000240.00CVE-2024-50245
14andoma vmir vmir_wasm_parser.c export_function memory corruption5.55.3$0-$5k$0-$5kNot definedNot defined 0.000170.00CVE-2024-35427
15SourceCodesters Clinics Patient Management System print_diseases.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000800.00CVE-2024-8565
16WEBrick Toolkit HTTP Request admin request smuggling5.65.5$0-$5k$0-$5kNot definedOfficial fix 0.000690.00CVE-2024-47220
17D-Link DAR-7000 Backup_Server_commit.php os command injection7.57.3$5k-$25k$0-$5kProof-of-ConceptWorkaround 0.001700.07CVE-2024-9004
18SourceCodester Contact Manager with Export to VCF index.html cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000930.00CVE-2024-8337
19Campcodes Supplier Management System edit_area.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot defined 0.000810.08CVE-2024-8344
20master-nan Sweet-CMS index sql injection7.57.4$0-$5k$0-$5kNot definedOfficial fix 0.001310.07CVE-2024-8332

IOC - Indicator of Compromise (19)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
14.224.60.120MetaStealer11/21/2023verifiedHigh
213.114.196.60ec2-13-114-196-60.ap-northeast-1.compute.amazonaws.comMetaStealer02/26/2024verifiedMedium
313.125.88.10ec2-13-125-88-10.ap-northeast-2.compute.amazonaws.comMetaStealer02/26/2024verifiedMedium
431.192.232.4klipto.man00.1.pserver.spaceMetaStealer02/11/2025verifiedVery High
5XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxxxx-x.xxx.xxXxxxxxxxxxx09/22/2024verifiedHigh
6XX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxx11/26/2023verifiedHigh
7XXX.XXX.XXX.XXXxxxxxxxxxx04/27/2024verifiedVery High
8XXX.XX.XX.XXXXxxxxxxxxxx09/22/2024verifiedVery High
9XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxx-xxxXxxxxxxxxxx05/16/2023verifiedHigh
10XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxx.xxxxXxxxxxxxxxx05/16/2023verifiedHigh
11XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxx.xxxxXxxxxxxxxxx04/18/2025verifiedVery High
12XXX.XXX.XXX.XXXxxxxxx.xxxXxxxxxxxxxx12/02/2022verifiedLow
13XXX.XXX.XXX.XXXxxxxxxxxxx05/16/2023verifiedHigh
14XXX.XXX.XXX.XXXxxxxxxxxxx01/31/2023verifiedMedium
15XXX.XXX.XXX.XXXXxxxxxxxxxx04/06/2022verifiedLow
16XXX.XX.XX.XXXXxxxxxxxxxx11/30/2023verifiedHigh
17XXX.XX.XX.XXXXxxxxxxxxxx11/30/2023verifiedHigh
18XXX.XX.XXX.XXXxxx.xxxXxxxxxxxxxx11/30/2023verifiedHigh
19XXX.XX.XX.XXXXxxxxxxxxxx12/29/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (83)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/adminpredictiveLow
2File/admin/edit_area.phppredictiveHigh
3File/index.phppredictiveMedium
4File/print_diseases.phppredictiveHigh
5File/src/vmir_wasm_parser.cpredictiveHigh
6File/table/indexpredictiveMedium
7File/uncpath/predictiveMedium
8File/view/DBManage/Backup_Server_commit.phppredictiveHigh
9Fileabout.phppredictiveMedium
10Fileadmin.phppredictiveMedium
11Fileadmin_feature.phppredictiveHigh
12Filexx.xxxxpredictiveLow
13Filexxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxx.xxxpredictiveMedium
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxx.xxx.xxxpredictiveMedium
17Filexxxxx/xxxx_xxx.xpredictiveHigh
18Filexx_xxxxx_xxxxx.xxxpredictiveHigh
19Filexxx-xxxxxx-xxxxxxxxxx-xxxxxx/xxxxxxx.xxxpredictiveHigh
20Filexxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
21Filexxx-xxx/xxxxxx/xxxxx.xxpredictiveHigh
22Filexxxxxxxxxxx.xxx.xxxpredictiveHigh
23Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
24Filexxxxxxx.xxxpredictiveMedium
25Filexxxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxxxx.xxxpredictiveMedium
29Filexxxx-xxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxx.xxxpredictiveHigh
31Filexxxx.xpredictiveLow
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxx.xxxpredictiveMedium
34Filexxxxx.xxxxpredictiveMedium
35Filexxxxx.xxxpredictiveMedium
36Filexxxx.xxxpredictiveMedium
37Filexxxxxx/xxxxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxx.xxxpredictiveMedium
40Filexxxxxx/xxx/xx/xxx.xxpredictiveHigh
41Filexxxxxx.xxxpredictiveMedium
42Filexxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
43Filexxxxxxx_xxxxxx.xxxpredictiveHigh
44Filexxxx.xxxpredictiveMedium
45Filexxxx-xxxxxxxx.xxxpredictiveHigh
46Filexxxx.xxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxxx.xxxpredictiveHigh
48Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveHigh
49Libraryxxxxxxx.xpredictiveMedium
50Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
51Argumentxxx_xxpredictiveLow
52Argumentxxxxxxx_xxxxpredictiveMedium
53Argumentxxxxxxx-xxxxxx/xxxxxxxx-xxxxxxxxpredictiveHigh
54Argumentxxxxxx_xxxxx_xxxxpredictiveHigh
55Argumentxxxxxxx/xxxx/xxpredictiveHigh
56Argumentxxxxx/xxxxxxpredictiveMedium
57ArgumentxxxxpredictiveLow
58Argumentxx_xxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60Argumentxxxxxxx[xxxxxx]predictiveHigh
61Argumentxxxx_xxxxpredictiveMedium
62ArgumentxxxxxpredictiveLow
63ArgumentxxxxpredictiveLow
64Argumentxxxxx_xxpredictiveMedium
65Argumentxxxxx_xxxxpredictiveMedium
66ArgumentxxpredictiveLow
67ArgumentxxpredictiveLow
68Argumentxxxx_xxpredictiveLow
69ArgumentxxxxxpredictiveLow
70Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
71Argumentxxxx_xxxxpredictiveMedium
72Argumentxxxxx_xxxx_xxxxpredictiveHigh
73ArgumentxxxpredictiveLow
74Argumentxxxxxxxx_xxpredictiveMedium
75Argumentxxxxxxxxxx_xxpredictiveHigh
76Argumentxxxxxx_xxxx_xxxxpredictiveHigh
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxpredictiveLow
79Argumentxxxx-xxxxxpredictiveMedium
80ArgumentxxxxxxxxpredictiveMedium
81Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
82Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
83Input Valuexxxxxx_xxxxxxxxpredictiveHigh

References (11)

The following list contains external sources which discuss the actor and the associated activities:

Samples (3)

The following list contains associated samples:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!