ObserverStealer Analysisinfo

IOB - Indicator of Behavior (253)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en200
sv24
ru14
de4
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Devilz Clanportal4
Linux Kernel4
PHPizabi4
IBM QRadar WinCollect Agent2
ORing IAP-4202

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Indexu suggest_category.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.68
2TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010751.70CVE-2006-6168
3Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.73
4Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$100k and more$0-$5kHighOfficial Fix0.952900.03CVE-2023-4966
5DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.028200.19CVE-2010-0966
6PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.005540.05CVE-2007-0529
7PHPizabi index.php path traversal6.55.7$0-$5k$0-$5kUnprovenUnavailable0.005080.05CVE-2008-3723
8SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001933.79CVE-2022-28959
9itsourcecode Online Blood Bank Management System Send Blood Request Page request.php cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000660.04CVE-2024-7303
10YaBB cross site scripting3.53.4$0-$5kCalculatingNot DefinedOfficial Fix0.002510.03CVE-2005-4426
11Devilz Clanportal index.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptUnavailable0.009110.06CVE-2006-3347
12SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000750.15CVE-2024-1875
13Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.914571.95CVE-2020-15906
14CodeAstro Online Railway Reservation System Profile Photo Update emp-profile-avatar.php unrestricted upload4.74.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.002060.07CVE-2024-7910
15Devilz Clanportal File Upload5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.029320.05CVE-2006-6338
16DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.046040.63CVE-2007-1167
17DZCP Witze Addon index.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.001330.03CVE-2012-5000
18SourceCodester Service Provider Management System System Info Page index.php cross site scripting3.23.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.05CVE-2024-6267
19RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgery5.85.7$0-$5k$0-$5kNot DefinedOfficial Fix0.006140.05CVE-2015-10116
20Intelliants eSyndiCat suggest-category.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.004110.83CVE-2010-4504

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.42.64.13ObserverStealer11/11/2023verifiedHigh
2X.XX.XX.XXxxxxxxxxxxxxxx04/06/2024verifiedVery High
3X.XX.XX.XXXxxxxxxxxxxxxxx02/10/2024verifiedVery High
4XX.XXX.XXX.XXXxxxxxxxxxxxxxx07/07/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (72)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/emp-profile-avatar.phppredictiveHigh
2File/ajax.phppredictiveMedium
3File/classes/SystemSettings.php?f=update_settingspredictiveHigh
4File/forum/away.phppredictiveHigh
5File/oauth/idp/.well-known/openid-configurationpredictiveHigh
6File/request.phppredictiveMedium
7File/settings/accountpredictiveHigh
8File/simple-online-bidding-system/admin/index.php?page=manage_userpredictiveHigh
9File/spip.phppredictiveMedium
10File/xxxxxxxxx.xxxpredictiveHigh
11File/xxxxxxx.xxxpredictiveMedium
12File/xxxx/xxxxxxx_xxxx_xxxx_xxxxxx_xxxxx.xxxpredictiveHigh
13Filexxxxx.xxxxpredictiveMedium
14Filexxxxx/xxxxx-xxxxxxx-xx-xxxxxxxxxxxxxxxxxxxx-xxxxx.xxxpredictiveHigh
15Filexxxxx/xxxxxxxx/xxxxx_xxxxxxx.xxxpredictiveHigh
16Filexxxxx\xxxxx\xxxx_xxxx.xxxpredictiveHigh
17Filexxxxx_xxxxxx.xxxpredictiveHigh
18Filexxx_xxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxxxx.xxxpredictiveHigh
20Filexxxx_xxxxxxxxxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxx.xxxpredictiveMedium
23Filexxx/xxxxxx.xxxpredictiveHigh
24Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
25Filexxxxx.xxxxpredictiveMedium
26Filexxxxx.xxxpredictiveMedium
27Filexxxxx.xxx/xxxxxxxxx_xxxx/xxx_xxxxxxx_xxxxxxxxxx/predictiveHigh
28Filexxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx/xxxxx.xxxpredictiveHigh
30Filexxxxxx_xxxx.xxxpredictiveHigh
31Filexxx_xxxx.xxxpredictiveMedium
32Filexxxx.xxxpredictiveMedium
33Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
34Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
35Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
36Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
37Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
38Filexxxxxx_xxxx/xxxxx.xxxpredictiveHigh
39Filexxxxxxxx.xxxxx.xxxpredictiveHigh
40Filexxxx-xxxxx.xxxpredictiveHigh
41Filexxxx-xxxxxxxx.xxxpredictiveHigh
42Filexxxxxxx-x-x-x.xxxpredictiveHigh
43Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
44Filexxxxx/xx_xxxx.xpredictiveHigh
45Filexx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxxpredictiveHigh
46Filexxxxxx.xxxpredictiveMedium
47Filexxxx.xxpredictiveLow
48Filexxxxxxxxxxxx.xxxpredictiveHigh
49Argumentxxxxxxx/xxxxxxxxxxpredictiveHigh
50Argumentxxx/xxxpredictiveLow
51ArgumentxxxxxxxxpredictiveMedium
52ArgumentxxxxxpredictiveLow
53ArgumentxxxxxxxpredictiveLow
54Argumentxxxxxxx/xxxxxxxpredictiveHigh
55ArgumentxxxxxxxpredictiveLow
56ArgumentxxxxxpredictiveLow
57Argumentxxxxx_xxxpredictiveMedium
58ArgumentxxxxpredictiveLow
59ArgumentxxxxxxxxpredictiveMedium
60ArgumentxxxxxpredictiveLow
61Argumentxxxxxx_xxxpredictiveMedium
62ArgumentxxpredictiveLow
63ArgumentxxxpredictiveLow
64ArgumentxxxxxpredictiveLow
65Argumentxxxxxxx_xxpredictiveMedium
66Argumentxxxxx_xxxx_xxxxpredictiveHigh
67Argumentxx_xxxxpredictiveLow
68ArgumentxxxxxxpredictiveLow
69Argumentxxxxxx xxxx/xxxxxx xxxxx xxxxpredictiveHigh
70ArgumentxxxpredictiveLow
71ArgumentxxxxxpredictiveLow
72Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

This view requires CTI permissions

Just purchase a CTI license today!