Oski Stealer Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (69)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en	50
es	10
ar	4
ja	2
ru	2

Country

DE: Germany	22
US: USA	16
WF: Wallis and Futuna	10
AR: Argentina	4
ES: Spain	4

Actors

Oski Stealer	7
RedLine Stealer	5
Nanocore RAT	4
Mirai	3
BitRAT	3

Activities

Interest

Timeline

Type

Not Defined	40
Content Management System	6
WordPress Plugin	4
Forum Software	4
Automation Software	2

Vendor

Not Defined	28
SourceCodester	4
HiNet	4
ARC Informatique	2
WSO2	2

Product

HiNet GPON	4
ARC Informatique PcVue	2
WSO2 API Manager	2
WSO2 Identity Server	2
WSO2 Identity Server Analytics	2

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#	Vulnerability	Base	Temp	0day	Today	Exp	Cou	EPSS	CTI	CVE
1	Codoforum User Registration register cross site scripting	5.2	4.7	$0-$5k	$0-$5k	Proof-of-Concept	Not defined	0.01819	0.02	CVE-2020-5842
2	JetElements Plugin privilege escalation	6.3	6.1	$0-$5k	$0-$5k	Not defined	Not defined	0.00667	0.00	CVE-2023-39157
3	TannerRitchie Web Applications DancePress Plugin cross-site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not defined	Not defined	0.00027	0.02	CVE-2024-53775
4	Xmlsoft Libxml2 XML File SAX2.c xmlSAX2StartElement denial of service	5.0	5.0	$0-$5k	$0-$5k	Not defined	Not defined	0.00273	0.06	CVE-2023-39615
5	Alain Diart & Eric Ambrosi Silverlight Video Player Plugin cross-site request forgery	5.7	5.6	$0-$5k	$0-$5k	Not defined	Not defined	0.00025	0.03	CVE-2024-53713
6	Samsung GamingHub Response improper validation of specified type of input	7.5	7.3	$0-$5k	$0-$5k	Not defined	Official fix	0.00213	0.06	CVE-2024-49420
7	WP Booking Calendar Plugin Setting cross site scripting	3.6	3.5	$0-$5k	$0-$5k	Not defined	Official fix	0.00048	0.00	CVE-2024-10893
8	Samsung GamingHub WebView input validation	4.3	4.2	$0-$5k	$0-$5k	Not defined	Official fix	0.00066	0.07	CVE-2024-49419
9	Microsoft Windows Remote Registry Request denial of service	5.3	4.8	$5k-$25k	$0-$5k	Proof-of-Concept	Official fix	0.15566	0.05	CVE-2000-0377
10	Apple iPhone UBS checkm8 privileges management	6.4	5.9	$5k-$25k	$0-$5k	Functional	Official fix	0.00191	0.03	CVE-2019-8900
11	Apple tvOS WebKit memory corruption	7.5	7.2	$5k-$25k	$0-$5k	Proof-of-Concept	Official fix	0.04575	0.02	CVE-2017-2369
12	Ultimate Blocks Plugin cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not defined	Official fix	0.00030	0.05	CVE-2024-10678
13	MyParcel Plugin cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not defined	Not defined	0.00061	0.08	CVE-2024-9608
14	Cobham Aviator 700e Privileges hard-coded credentials	8.4	8.4	$0-$5k	$0-$5k	Not defined	Not defined	0.00097	0.00	CVE-2014-2964
15	Clario permission	7.8	7.8	$0-$5k	$0-$5k	Not defined	Not defined	0.00067	0.00	CVE-2024-34474
16	ConsoleTVs Noxen users.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not defined	0.00063	0.00	CVE-2022-2956
17	SourceCodester Online Pizza Ordering System Login Page ajax.php sql injection	7.0	6.8	$0-$5k	$0-$5k	Proof-of-Concept	Not defined	0.00038	0.00	CVE-2023-1455
18	AWStats Config awstats.pl cross site scripting	4.3	4.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official fix	0.00499	0.27	CVE-2006-3681
19	Powerdev EncapsBB index_header.php file inclusion	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not defined	0.00861	0.00	CVE-2005-0917
20	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official fix	0.04277	0.07	CVE-2006-6168

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	2.56.57.108	montoyalozano.imatee.com	Oski Stealer	12/21/2023	verified	High
2	2.56.59.226		Oski Stealer	12/21/2023	verified	High
3	X.XX.XXX.XXX	xxx-x-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxx Xxxxxxx	04/02/2022	verified	Very Low
4	XX.X.XX.XXX		Xxxx Xxxxxxx	12/21/2023	verified	High
5	XX.XX.XX.XXX		Xxxx Xxxxxxx	06/07/2024	verified	Very High
6	XX.XXX.XX.XXX	xx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxx	Xxxx Xxxxxxx	12/21/2023	verified	High
7	XX.XXX.XXX.XX	xxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxx Xxxxxxx	04/05/2023	verified	Medium
8	XXX.XXX.XXX.XX		Xxxx Xxxxxxx	12/21/2023	verified	High
9	XXX.XXX.XXX.XXX	xxxxxxxxx.xxxxx.xxx.xx	Xxxx Xxxxxxx	06/07/2024	verified	Very High

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
2	T1059.007	CAPEC-209	CWE-79, CWE-80	Basic Cross Site Scripting	predictive	High
3	T1068	CAPEC-122	CWE-264, CWE-269, CWE-284	Execution with Unnecessary Privileges	predictive	High
4	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-XXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
6	TXXXX.XXX	CAPEC-XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
7	TXXXX		CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
8	TXXXX	CAPEC-XXX	CWE-XX	Xxx Xxxxxxxxx	predictive	High
9	TXXXX	CAPEC-XXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
10	TXXXX	CAPEC-XXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	High
11	TXXXX.XXX	CAPEC-X	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (40)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/getcfg.php	predictive	Medium
2	File	/libxml2/SAX2.c	predictive	High
3	File	/Noxen-master/users.php	predictive	High
4	File	/product.php	predictive	Medium
5	File	/spip.php	predictive	Medium
6	File	xxxxx.xxx	predictive	Medium
7	File	xxxxx/xxxxx.xxx	predictive	High
8	File	xxxxx/xxxx.xxx?xxxxxx=xxxxxx	predictive	High
9	File	xxxxxxx.xx	predictive	Medium
10	File	xxxxxx/xxxx.xxx	predictive	High
11	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	High
12	File	xxxxxx_xxxxxxx.xxx	predictive	High
13	File	xxxx.xxx	predictive	Medium
14	File	xxxxx.xxx?x=/xxxx/xxxxxxxx	predictive	High
15	File	xxxxx_xxxxxx.xxx	predictive	High
16	File	xxxxxxx.xxx	predictive	Medium
17	File	xxxx.xxx	predictive	Medium
18	File	xxxxxxxxxx_xxxxx.xxxxxx	predictive	High
19	File	xxxx-xxxxxxxx.xxx	predictive	High
20	File	xxxxxxxxx.xxx	predictive	High
21	File	xxxx_xxxxxxx.xxx	predictive	High
22	File	xxxx_xxxxxxx.xxx	predictive	High
23	Argument	xxxxxxx	predictive	Low
24	Argument	xxxxxx	predictive	Low
25	Argument	xxxxxx_xxxx_xxxxxxxx	predictive	High
26	Argument	xxx_xxxx	predictive	Medium
27	Argument	xxxxx	predictive	Low
28	Argument	xx	predictive	Low
29	Argument	xxx	predictive	Low
30	Argument	xxxxxxxxxxxx	predictive	Medium
31	Argument	xxxxxxxx-xxxxx	predictive	High
32	Argument	xxxx	predictive	Low
33	Argument	xxxxxxxx	predictive	Medium
34	Argument	xxx	predictive	Low
35	Argument	xxx	predictive	Low
36	Input Value	"><xxxxxx>xxxxx(/xxx/)</xxxxxx>	predictive	High
37	Input Value	xxx%xxxx.xxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxx	predictive	High
38	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	High
39	Network Port	xxxx	predictive	Low
40	Network Port	xxx xxxxxx xxxx	predictive	High

References (4)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

This view requires CTI permissions

Just purchase a CTI license today!