MintStealer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (114)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en78
ru16
zh16
fr2
es2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA42
GB: Great Britain12
CN: China12
IR: Iran8
RU: Russia8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MintStealer7
Cobalt Strike5
Sliver4
IcedID3
NetSupportManager RAT3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined38
Operating System10
Smartphone Operating System6
Firewall Software4
Web Server4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined48
Linux4
Google4
Zend4
Huawei4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Gitea4
Linux Kernel4
Google Android4
Zend Framework4
PHP4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1T&W WIFI Repeater BE126 Upgrade Process improper authentication6.56.5$0-$5k$0-$5kNot definedNot defined 0.001880.04CVE-2018-9232
2Joomla sql injection6.36.3$5k-$25k$5k-$25kNot definedNot defined 0.001000.04CVE-2022-23797
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaroundpossible0.029560.00CVE-2007-1192
4Microsoft Exchange Server ProxyShell unrestricted upload6.66.3$25k-$100k$5k-$25kAttackedOfficial fixverified0.939670.03CVE-2021-31207
5SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.000450.09CVE-2023-1503
6Mattermost Server Websocket certificate validation6.86.7$0-$5k$0-$5kNot definedOfficial fix 0.002160.08CVE-2023-3615
7PHP uniqid cryptographic issues6.55.9$5k-$25k$0-$5kProof-of-ConceptOfficial fix 0.047950.00CVE-2010-1128
8PbootCMS function.php parserIfLabel code injection8.07.9$0-$5k$0-$5kNot definedNot definedpossible0.600370.06CVE-2022-32417
9SonicWALL Secure Remote Access cross site scripting6.66.6$0-$5k$0-$5kAttackedNot definedverified0.859080.09CVE-2021-20028
10DD-WRT Web Interface cross-site request forgery7.56.9$0-$5k$0-$5kUnprovenNot defined 0.006530.06CVE-2012-6297
11Boa Terminal input validation5.34.8$0-$5k$0-$5kProof-of-ConceptNot defined 0.111090.07CVE-2009-4496
12Xenforo code injection7.77.5$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.004240.03CVE-2024-38458
13ghostty Window Title code injection6.36.0$0-$5k$0-$5kNot definedOfficial fix 0.003120.09CVE-2024-56803
14Asus SABERTOOTH X99 Driver IOCTL Request AsIO64.sys exposed ioctl with insufficient access control6.66.5$0-$5k$0-$5kNot definedNot defined 0.000420.00CVE-2024-33219
15Cisco ASA expression/command delimiters9.39.1$25k-$100k$5k-$25kNot definedOfficial fix 0.004310.08CVE-2024-20329
16FreeBSD ctl_read_buffer uninitialized resource8.78.6$5k-$25k$0-$5kNot definedOfficial fix 0.000520.00CVE-2024-8178
17ProFTPD mod_copy File access control7.37.0$0-$5k$0-$5kHighOfficial fixexpected0.940670.03CVE-2015-3306
18Umi UMI.CMS Administrator Account cross-site request forgery6.35.7$0-$5k$0-$5kProof-of-ConceptOfficial fix 0.003900.03CVE-2013-2754
19cvat authorization6.46.3$0-$5k$0-$5kNot definedOfficial fix 0.000730.08CVE-2024-45393
20Microsoft Exchange Server ProxyShell9.49.0$25k-$100k$5k-$25kAttackedOfficial fixverified0.941490.00CVE-2021-34523

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
185.114.96.2MintStealer03/03/2024verifiedHigh
285.192.56.133possiblesquare.aeza.networkMintStealer02/01/2025verifiedVery High
395.214.25.207MintStealer08/30/2023verifiedHigh
4XXX.XX.XX.XXXxxxxxxxxxx03/03/2024verifiedHigh
5XXX.XX.XX.XXXxxxxxxxxxx10/29/2023verifiedHigh
6XXX.XX.XX.XXXxxxxxxxxxx04/10/2024verifiedHigh
7XXX.XXX.XX.XXXXxxxxxxxxxx08/15/2024verifiedVery High
8XXX.XXX.X.XXXxxxxxxxxxx11/18/2024verifiedVery High
9XXX.XX.XXX.XXXxxxxxxxxxx10/29/2023verifiedHigh
10XXX.XX.XXX.XXXXxxxxxxxxxx03/03/2024verifiedHigh
11XXX.XX.XXX.XXXXxxxxxxxxxx10/29/2023verifiedHigh
12XXX.XXX.XX.XXXXxxxxxxxxxx10/31/2023verifiedHigh
13XXX.XXX.XXX.XXXxxxxxxxxxx11/18/2024verifiedVery High
14XXX.XXX.XXX.XXXXxxxxxxxxxx11/24/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-XXXCWE-XX, CWE-XXXxxxx Xxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXCWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
14TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/login.phppredictiveHigh
2File/cgi-bin/wlogin.cgipredictiveHigh
3File/htmlcode/html/system_reboot.asppredictiveHigh
4File/index/ajax/langpredictiveHigh
5File/sauvegarde/restaure_act.phppredictiveHigh
6Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
7Filexxxxx/xxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
8Filexxxxxxxxx.xxxpredictiveHigh
9Filexxx_xxxxxxxx.xxpredictiveHigh
10Filexxxxxx/xxxxxxx/xxxx/xxxxxxx/xxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
11Filexxxxxxxxx.xpredictiveMedium
12Filexxxxxxx.xxxpredictiveMedium
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexx.xxpredictiveLow
17Filexx/xxxxxx-xxxxx.xpredictiveHigh
18Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
19Filexxxxxxx_xxxxxx.xpredictiveHigh
20Filexxxx_xxxx.xxxpredictiveHigh
21Filexxxxxx_xxx.xxpredictiveHigh
22Filex/xxxxx.xxxpredictiveMedium
23Filexxx.xxxpredictiveLow
24Filexxx/xxxxx_xxxxxx.xxxpredictiveHigh
25Libraryxxxxxx.xxxpredictiveMedium
26Argumentxx/xxpredictiveLow
27Argumentxxxxx_xxxxxx_xxxxpredictiveHigh
28Argumentxxx_xxpredictiveLow
29ArgumentxxxpredictiveLow
30Argumentxxxx/xxxxpredictiveMedium
31Argumentxxxxx_xxxxxxxxpredictiveHigh
32ArgumentxxxxpredictiveLow
33Argumentxx_xxxxpredictiveLow
34ArgumentxxxxpredictiveLow
35ArgumentxxxxpredictiveLow
36ArgumentxxxxxxxxxxxpredictiveMedium
37Argumentxxxxxx_xxxxxxxxpredictiveHigh
38ArgumentxxxxxxxpredictiveLow
39Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
40ArgumentxxxxxxxpredictiveLow
41Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
42Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh

References (5)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!