NodeStealer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (25)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
es4
pl2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA6
TT: Trinidad and Tobago6
ES: Spain4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NodeStealer1
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

WordPress Plugin4
Not Defined4
Blog Software2
Web Server2
Content Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined14
Rockwell Automation2
Esoftpro2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Html5 Audio Player Plugin2
WP Blog and Widget Plugin2
FreeRDP2
nginx2
Joomla2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Esoftpro Online Guestbook Pro ogp_show.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001080.06CVE-2009-4935
2FreeRDP ZGFX Decoder out-of-bounds4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001430.00CVE-2022-39316
3Apache Spark UI command injection7.17.0$5k-$25k$0-$5kHighOfficial Fix0.971760.03CVE-2022-33891
4Cisco Email Security Appliance Antispam Protection Mechanism input validation6.66.3$25k-$100k$0-$5kNot DefinedOfficial Fix0.001290.00CVE-2020-3368
5Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001380.05CVE-2022-23797
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002410.44CVE-2020-12440
7Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002440.02CVE-2009-2441
8Crayon Syntax Highlighter Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000860.04CVE-2022-47167
9Html5 Audio Player Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2023-0170
10WP Blog and Widget Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2022-4824
11jQuery Countdown Widget Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2023-0171
12Leaflet Maps Marker Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2022-4677
13LibEtPan mailimap_types.c mailimap_mailbox_data_status_free null pointer dereference4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000710.00CVE-2022-4121
14Linux Kernel Slip Driver slip.c sl_tx_timeout use after free6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2022-41858
15Rockwell Automation MicroLogix 1100/MicroLogix 1400 Embedded Webserver cross site scripting5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000620.00CVE-2022-46670
16BigBlueButton Webcams Lock Setting insertion of sensitive information into sent data6.16.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001220.00CVE-2022-23488
17LibVNCServer rfbproto.c allocation of resources9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001850.00CVE-2020-14405
18Discuz! DiscuzX WeChat Login plugin.php 7pk security7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.012900.00CVE-2018-20423

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • NodeStealer

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.82.20.8484.20.82.34.bc.googleusercontent.comNodeStealer11/09/2023verifiedMedium
2XX.XXX.XX.XXxxxxxx XxxxxxxXxxxxxxxxxx12/20/2024verifiedVery High

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Basic Cross Site ScriptingpredictiveHigh
2TXXXXCAPEC-XXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
3TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-XXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (8)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filedrivers/net/slip/slip.cpredictiveHigh
2Filelibvncclient/rfbproto.cpredictiveHigh
3Filexxx-xxxxx/xxxx/xxxxxxxx_xxxxx.xpredictiveHigh
4Filexxx_xxxx.xxxpredictiveMedium
5Filexxxxxx.xxxpredictiveMedium
6ArgumentxxxxxxxpredictiveLow
7ArgumentxxxxxpredictiveLow
8ArgumentxxxxxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!