Ostap Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en264
zh214
ru76
pt58
ar54

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

CN: China228
RU: Russia82
PT: Portugal58
FR: France56
AR: Argentina54

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Rhadamanthys3
RedLine Stealer2
Stealc2
Magecart1
LaplasClipper1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined192
WordPress Plugin32
Operating System20
Database Software10
Web Server10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined134
SourceCodester24
Microsoft14
Google10
Apache8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
SourceCodester Record Management System8
Linux Kernel8
MailCleaner8
Google Chrome6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Apryse WebViewer PDF Document cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.04CVE-2024-4327
2MailCleaner Email os command injection9.89.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.05CVE-2024-3191
3osCommerce all-products cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000650.02CVE-2024-4348
4MailCleaner Admin Interface cross site scripting5.85.7$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000450.02CVE-2024-3192
5SourceCodester Pisay Online E-Learning System controller.php unrestricted upload7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.00CVE-2024-4349
6MailCleaner Admin Endpoints os command injection8.88.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000460.07CVE-2024-3193
7BloomPixel Max Addons Pro for Bricks Plugin authorization6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.02CVE-2024-32951
8Elementor ImageBox Plugin cross site scripting3.53.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.04CVE-2024-3074
9Dell Wyse Proprietary OS Telemetry Dashboard information disclosure4.74.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.03CVE-2024-28963
10Dell Repository Manager API Module improper authorization8.18.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2024-28976
11AnnounceKit Plugin cross site scripting2.42.4$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-3023
12Repute Infosystems ARMember Plugin authorization7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32948
13Dell Repository Manager Logger Module improper authorization4.04.0$5k-$25k$0-$5kNot DefinedNot Defined0.000440.08CVE-2024-28977
14ThemeNcode Fan Page Widget by Plugin cross site scripting4.14.1$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33695
15Apache Parquet Parquet-MR denial of service3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001160.02CVE-2021-41561
16GOG Galaxy RPC Object Manager Symbolic Link GalaxyClientService.exe denial of service4.64.6$0-$5k$0-$5kNot DefinedNot Defined0.000450.05CVE-2023-50915
17Opmantek Open-AudIT Community URL cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014130.00CVE-2021-44916
18StreamWeasels Twitch Integration Plugin information disclosure5.35.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-32716
19Jegstudio Financio Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-33690
20Culqi Plugin server-side request forgery5.65.5$0-$5k$0-$5kNot DefinedNot Defined0.000430.05CVE-2024-32819

IOC - Indicator of Compromise (8)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.4.8.3dynamic-005-004-008-003.5.4.pool.telefonica.deOstap09/11/2019verifiedVery Low
2185.130.104.149customer.clientshostname.comOstap09/11/2019verifiedLow
3XXX.XXX.XXX.XXXxxxx.xxx-xxxxx.xxXxxxx09/11/2019verifiedLow
4XXX.XXX.XXX.XXX.Xxxxx09/11/2019verifiedLow
5XXX.XXX.XX.XX.Xxxxx09/11/2019verifiedLow
6XXX.XXX.XX.XXxxxxxxxx.xxxxxxxxxxxxxxx.xxxXxxxx09/11/2019verifiedLow
7XXX.XXX.XXX.XXX.Xxxxx09/11/2019verifiedLow
8XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xxXxxxx09/11/2019verifiedVery Low

TTP - Tactics, Techniques, Procedures (23)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-137CWE-88, CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
5T1068CAPEC-104CWE-250, CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
6TXXXX.XXXCWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-XXXCWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-XXXCWE-XXXXxxx XxxxxxxxpredictiveHigh
11TXXXXCWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
12TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-XXXCWE-XXXXXxxxxxxxxxx Xxxxxxx Xxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
16TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
17TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xx Xxx Xxxxxxx Xx X Xxxxxxxx XxxxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
20TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
21TXXXXCAPEC-XXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
22TXXXX.XXXCAPEC-XXXCWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
23TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (216)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/+CSCOE+/logon.htmlpredictiveHigh
2File/admin.php?p=/Area/index#tab=t2predictiveHigh
3File/admin/add_ikev2.phppredictiveHigh
4File/admin/category_save.phppredictiveHigh
5File/admin/index2.htmlpredictiveHigh
6File/admin/list_ipAddressPolicy.phppredictiveHigh
7File/admin/manage_model.phppredictiveHigh
8File/admin/manage_user.phppredictiveHigh
9File/admin/search-vehicle.phppredictiveHigh
10File/admin/subject.phppredictiveHigh
11File/admin/system/dict/add.json?sqlid=system.dict.savepredictiveHigh
12File/admin/twitter.phppredictiveHigh
13File/api/v1/toolbox/device/update/swappredictiveHigh
14File/app/zentao/module/repo/model.phppredictiveHigh
15File/building/backmgr/urlpage/mobileurl/configfile/jx2_config.inipredictiveHigh
16File/catalog/all-productspredictiveHigh
17File/cgi-bin/cstecgi.cgipredictiveHigh
18File/cgi-bin/ExportSettings.shpredictiveHigh
19File/changePasswordpredictiveHigh
20File/cloudstore/ecode/setup/ecology_dev.zippredictiveHigh
21File/com/esafenet/servlet/policy/HookService.javapredictiveHigh
22File/edit-subject.phppredictiveHigh
23File/endpoint/add-user.phppredictiveHigh
24File/etc/postfix/sender_loginpredictiveHigh
25File/etc/shadow.samplepredictiveHigh
26File/foms/routers/place-order.phppredictiveHigh
27File/xxxxx/xxxx.xxxpredictiveHigh
28File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
29File/xxxxxx/xxxxxxxxxpredictiveHigh
30File/xxxxxx/xxxxxxxxxxxxxxxpredictiveHigh
31File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
32File/xxxx/xxxxxxxpredictiveHigh
33File/xxxxxx.xxxpredictiveMedium
34File/xxxxx.xxxpredictiveMedium
35File/xxxxx.xxx/xxxxxpredictiveHigh
36File/xxxxxx_xxx/xxxxxxx/xxxxxx/xxxxx/xxxxx.xxxxpredictiveHigh
37File/xxxxxx/xxxxxxxxxx.xxxpredictiveHigh
38File/xxxxx.xxx?x=xxxxx&x=xxxxx&x=xxxxxxx_xxxxpredictiveHigh
39File/xxxxxxxxxxx.xxx/xxxxxxxxpredictiveHigh
40File/xxxxxx_xxxxxx.xxxpredictiveHigh
41File/xxxxxx_xxxxxxxx.xxxpredictiveHigh
42File/xxxxxx_xx.xxxpredictiveHigh
43File/xxxxxx_xxxx.xxxpredictiveHigh
44File/xxxxxxxxx.xxxpredictiveHigh
45File/xxx.xxxpredictiveMedium
46File/xxxxx.xxxx.xxxpredictiveHigh
47File/xxx/xxxxx/xxxxxx/xxxx_xxxxx.xxxpredictiveHigh
48File/xxxxx_xxxx_xxxxxxx.xxxpredictiveHigh
49File/xxxxxxxx.xxxpredictiveHigh
50File/xxx/xxxxxxx/xxxpredictiveHigh
51File/xxxxxx.xxxpredictiveMedium
52File/xxxx.xxxpredictiveMedium
53File/xxxxxx.xx/_xxxx/xxxxxpredictiveHigh
54File/xxx/xxxx/xxxxxxxxxxxx?xxxxxxxx=xxxxxpredictiveHigh
55File/xxxxxxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
56File/xxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
57File/xxxxxxx.xxpredictiveMedium
58File/xxxx/xxxxxx_xxx.xxxpredictiveHigh
59File/xxxx_xxxx.xxxpredictiveHigh
60Filexxxxxxxxxxxxxx.xxxpredictiveHigh
61Filexxx_xxxxx_xxx_xxxx.xxxpredictiveHigh
62Filexxxx/xxxxx.xxxpredictiveHigh
63Filexxxxxx/xx/xxxxxxxxxxxx.xxpredictiveHigh
64Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
65Filexxx_xxxxxxxx.xxpredictiveHigh
66Filexxxx_xxxx_xx.xxpredictiveHigh
67Filexxxxxxx.xxpredictiveMedium
68Filexxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
69Filexxxxxxxxxx.xxxpredictiveHigh
70Filexxxxx.xpredictiveLow
71Filexxxxxxxx.xxxpredictiveMedium
72Filexxxxxxxx_xxxxxxxxxxxx.xxxpredictiveHigh
73Filexxxxxxx/xxx/xxx/xxx_xxxxx.xpredictiveHigh
74Filexxxxx.xxxpredictiveMedium
75Filexxxxx.xxxpredictiveMedium
76Filexxx.xxxpredictiveLow
77Filexxxx_xxxxxxxx.xxxpredictiveHigh
78Filexx/xxxxxxx.xpredictiveMedium
79Filexxxxxxxxx.xxxpredictiveHigh
80Filexxxxxxxxxxxx.xxxpredictiveHigh
81Filexxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
82Filexxxx/xxxxx/xxxxxxx.xxx.xxxpredictiveHigh
83FilexxxxxpredictiveLow
84Filexxxxxxx/xxxxxxx.xxx.xxxpredictiveHigh
85Filexxxxx.xxxpredictiveMedium
86Filexxxxxxx.xxxpredictiveMedium
87Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
88Filexx.xxxpredictiveLow
89Filexx/xxxxxx/xxxxxxxxxxxpredictiveHigh
90Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
91Filexxx_xxx.xxpredictiveMedium
92Filexxxxx.xxxpredictiveMedium
93Filexxxxxxxxxxxx.xxxpredictiveHigh
94Filexxxxxx.xxxpredictiveMedium
95Filexxxxxx_xxxxxxxx.xxxpredictiveHigh
96Filexxx_xxxxxx.xpredictiveMedium
97Filexxx_xxxx.xxxpredictiveMedium
98Filexxxxxxxx.xxxpredictiveMedium
99Filexxxxx.xxxx.xxxpredictiveHigh
100Filexxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
101Filexxxxxxxxxxxx.xxxpredictiveHigh
102Filexxx.xxpredictiveLow
103Filexxx/xxxxxx_xxxx.xxxpredictiveHigh
104Filexxxxxxx/xxx/xxxxxxx/xxxxxx/xxxx-xxxxxxxxxx/<xxxxxx>/xx.xxxpredictiveHigh
105Filexxxxxxxx.xxxpredictiveMedium
106Filexxxxxxxx.xxxpredictiveMedium
107Filexxxx-xxxxxxx.xpredictiveHigh
108Filexxxxxxxx.xxxpredictiveMedium
109Filexxxxxxxx.xxxpredictiveMedium
110Filexxxxxxxx_xx.xxxpredictiveHigh
111Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
112Filexxx.xxxxpredictiveMedium
113Filexxxxxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxxxpredictiveHigh
114Filexxxxxxxx/xxxxx/xxxxxxx.xxpredictiveHigh
115Filexxxx.xxxpredictiveMedium
116Filexxxxx_xxxx.xxxpredictiveHigh
117Filexxxxx_xxxx.xxxpredictiveHigh
118Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
119Filexxx/xxxx/xxxx/xxx/xxxxx/xxxxx/xxxx/xxxxxxx/xxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
120Filexxxxxx_xxxxx.xxxpredictiveHigh
121Filexxxxxxx-xxxxxxxx.xxxpredictiveHigh
122Filexxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
123Filexxxx-xxxxx.xxxpredictiveHigh
124Filexxxx-xxxxxxxx.xxxpredictiveHigh
125Filexxx.xpredictiveLow
126Filexxxxxxxxx/xx_xxxxxxxxx.xxxpredictiveHigh
127Filexxxx_xxxxxx.xxxpredictiveHigh
128Filexxxx_xxxx.xxxpredictiveHigh
129Filexxxx_xxxx_xxxx.xxxpredictiveHigh
130Filexxxxxxxxx.xxxpredictiveHigh
131Filexx-xxxx.xxxpredictiveMedium
132Filexx-xxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
133Filexx-xxxxx.xxxpredictiveMedium
134Filexxxxxxxx.xpredictiveMedium
135Libraryxxx/xxxx_xxxxx.xpredictiveHigh
136Argument$_xxxx['xxxxxxxxx']predictiveHigh
137ArgumentxxxpredictiveLow
138ArgumentxxxxxxxxpredictiveMedium
139ArgumentxxxxxpredictiveLow
140Argumentxxxxxxx_xxpredictiveMedium
141ArgumentxxxpredictiveLow
142ArgumentxxxxxxxxpredictiveMedium
143ArgumentxxxpredictiveLow
144ArgumentxxxxxpredictiveLow
145ArgumentxxxxxxxxxpredictiveMedium
146ArgumentxxxxxxpredictiveLow
147ArgumentxxxxxpredictiveLow
148ArgumentxxxxxxxxxxpredictiveMedium
149Argumentxxxx_xxxxxpredictiveMedium
150ArgumentxxpredictiveLow
151ArgumentxxxxxxxxpredictiveMedium
152ArgumentxxxxxpredictiveLow
153ArgumentxxxxpredictiveLow
154ArgumentxxxxpredictiveLow
155ArgumentxxxxxpredictiveLow
156ArgumentxxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
157Argumentxxxxx_xxxx_xxxxpredictiveHigh
158Argumentxxxxxxxx/xxxxxxxx/xxxxxxxx/xxxxxpredictiveHigh
159ArgumentxxxxxxxpredictiveLow
160ArgumentxxxxxxxpredictiveLow
161ArgumentxxxxxxpredictiveLow
162ArgumentxxxxpredictiveLow
163ArgumentxxxpredictiveLow
164ArgumentxxpredictiveLow
165ArgumentxxpredictiveLow
166Argumentxxxxxx/xxxx/xxxx/xxxxxxpredictiveHigh
167Argumentxxx_xxxpredictiveLow
168ArgumentxxxxpredictiveLow
169ArgumentxxxpredictiveLow
170ArgumentxxxpredictiveLow
171ArgumentxxxxxxxxxxpredictiveMedium
172Argumentxx_xxxxxx_xxxxxxxxxxxxpredictiveHigh
173Argumentxx_xxxxxpredictiveMedium
174ArgumentxxxxpredictiveLow
175Argumentxxxx/xxxxxx/xxxxxxxpredictiveHigh
176Argumentxxxx_xxpredictiveLow
177ArgumentxxxxxxxxxxxpredictiveMedium
178ArgumentxxxxxxpredictiveLow
179ArgumentxxxxpredictiveLow
180ArgumentxxxxxxxxpredictiveMedium
181ArgumentxxxxxxxxpredictiveMedium
182ArgumentxxxxpredictiveLow
183ArgumentxxxxpredictiveLow
184ArgumentxxxxpredictiveLow
185ArgumentxxxxxpredictiveLow
186ArgumentxxxxxxxxpredictiveMedium
187Argumentxxxxxxx_xxxxxxx_xxxxx_xxxxx_xxxxxpredictiveHigh
188ArgumentxxxxxxpredictiveLow
189ArgumentxxxxxxxxpredictiveMedium
190ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
191ArgumentxxxxxxxxxxxxxpredictiveHigh
192ArgumentxxxxxxxxxpredictiveMedium
193Argumentxxx['xxx_xxxxxxx']/xxx['xxx_xxxx']predictiveHigh
194ArgumentxxxxxxpredictiveLow
195ArgumentxxxxxxxxxxxxxxxpredictiveHigh
196ArgumentxxxxpredictiveLow
197ArgumentxxxpredictiveLow
198ArgumentxxxxxxxxxpredictiveMedium
199Argumentxxxx/xxxx/xxxx/xxxx/xxxxxpredictiveHigh
200Argumentxxxxxxxxxxx_xxpredictiveHigh
201ArgumentxxxxpredictiveLow
202ArgumentxxxxxpredictiveLow
203ArgumentxxxxxpredictiveLow
204ArgumentxxxxxxxxpredictiveMedium
205Argumentxxxxxx/xxxxxxx-xxxxxxxpredictiveHigh
206ArgumentxxxpredictiveLow
207ArgumentxxxxpredictiveLow
208ArgumentxxxxxxxxpredictiveMedium
209ArgumentxxxxxxxxpredictiveMedium
210Argumentxxx_xxxpredictiveLow
211Input Valuex%xxxxx%xxx=x%xxxxxxx%xxxxxxxx%xxx,x,x,x,x,x,x,xxxx(),xxxxxxxx()--+predictiveHigh
212Input Valuexxxxxxxxx\xxxxx -x xxxxxxxxxxpredictiveHigh
213Input Value<xxxxxx>xxxxx("xxx")</xxxxxx>predictiveHigh
214Input Value\xxx\xxxpredictiveMedium
215Network Portxxx/xx (xxxx)predictiveHigh
216Network PortxxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!