Passwordstealera Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en313
es8
fr4
de3
it2

Country

us313
de1
es1
fr1

Actors

Passwordstealera326
HawkEye4

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1Cisco Wireless LAN Controller IPv6 UDP Ingress input validation6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-9219
2Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Connection Authentication resource management4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-9221
3Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Packet resource management4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-9220
4WordPress WP_Query class-wp-query.php sql injection8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.09CVE-2017-5611
5Microsoft Windows Malware Protection Service memory corruption8.87.9$100k and more$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2017-0290
6Linux Kernel UDP Packet udp.c security check for standard8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.05CVE-2016-10229
7PHP unserialize use after free7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.07
8Apache Geode Pulse information disclosure6.96.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-5649
9PHP zend_operators.c null pointer dereference6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2017-6441
10Linux Kernel ecryptfs Subsystem main.c access control6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2014-9922
11Intel Hardware Accelerated Execution Manager IntelHAXM.sys access control7.87.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2017-5683
12Xen Memory access control6.96.2$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.08CVE-2017-7228
13Go SSH Library Host Key key management7.77.1$0-$5k$0-$5kNot DefinedNot Defined0.04CVE-2017-3204
14Linux Kernel Qualcomm Innovation Center ipc_router_socket.c msm_ipc_router_close null pointer dereference5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2016-5870
15Foxit Reader TIFF Image ConvertToPdf_x86.dll CreateFXPDFConvertor memory corruption6.56.3$0-$5k$0-$5kNot DefinedOfficial Fix0.00CVE-2016-3740
16WebKit JavaScriptCore ThunkGenerators.cpp out-of-bounds write8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.08CVE-2017-5949
17F5 SSL Intercept iApp Configuration access control8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.00CVE-2017-0305
18Starscream SSL Pinning WebSocket.swift stream certificate validation7.46.5$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2017-5887
19Cisco IOS XE Console os command injection6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2017-6606
20Trend Micro InterScan Web Security Virtual Appliance cross site scripting4.44.0$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.02CVE-2017-6340

IOC - Indicator of Compromise (20)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2T1068CWE-264, CWE-284Execution with Unnecessary PrivilegesHigh
3T1211CWE-254, CWE-3587PK Security FeaturesHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxx XxxxxxxxxxxHigh
5TXXXX.XXXCWE-XXXXxxxxxxx XxxxxxxxxxxxxHigh
6TXXXX.XXXCWE-XXX, CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxHigh
7TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxHigh

IOA - Indicator of Attack (128)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File/cgi-bin/kerbynetHigh
2File/cgi-bin/supervisor/CloudSetup.cgiHigh
3File/domain/addMedium
4File/etc/sudoersMedium
5File/index.php/weblinks-categoriesHigh
6File/plainLow
7File/show_group_members.phpHigh
8File/web/google_analytics.phpHigh
9Filearchive_endian.hHigh
10Filebmp.cLow
11Filecgi-bin/jc.cgiHigh
12Filechecklogin.phpHigh
13Filecmd.exeLow
14Filexxxxxx/xxx.xMedium
15Filexxxxxx/xxx.xMedium
16Filexxxxxx\xxxx.xHigh
17Filexxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xHigh
18Filexxxx\xxxxxxxxxxxxxxHigh
19Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxHigh
20Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxx_xxxxxxx.xHigh
21Filexxxxxxx/xxx/xxx-xxxxxxx.xHigh
22Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xHigh
23Filexxxxxxx/xxx/xxxxxx.xHigh
24Filexxxxxxx/xxxxxxxxx/xxxx.xHigh
25Filexxxxxxx.xxxMedium
26Filexx_xxxxxxx.xMedium
27Filexxxxxxx/xxxxxxxxxxxxxxxx.xxxHigh
28Filexxx.xLow
29Filexxxx.xLow
30Filexx/xxxxxxxx/xxxx.xHigh
31Filexx/xxxx/xxxxx.xHigh
32Filexxxxxx.xxxMedium
33Filexxxx/.xxxxxxxxxxxxxxxHigh
34Filexxx/xxx/xxx.xxxHigh
35Filexxxxx.xxxMedium
36Filexxxxxxx/xxxxx.xxxHigh
37Filexxxxxxxxx.xxxHigh
38Filexxxx.xxxx.xxxxx.xxxxxxx.xxxxxxxHigh
39Filexxx/xxxxxxxxxxxxxxx.xxxHigh
40Filexxxxxx/xxxxxx/xxxx.xHigh
41Filexxxx/xxxx/x_xxxxx.xHigh
42Filexxxxxxxxxxxxxxxxxx.xxxHigh
43Filexxxxx-xxxxx/xx-xxxxxx.xHigh
44Filexxxxxxxx/xxxxxxxx.xHigh
45Filexxx.xLow
46Filexxx/xxx_xxxxxx/xxx_xxxxxx_xxxxxx.xHigh
47Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xHigh
48Filexxx/xxxx/xxxx.xHigh
49Filexxx/xxx/xx_xxx.xHigh
50Filexxx/xxx/xxxxxxx.xHigh
51Filexxx/xxxxx/xxx_xxx.xHigh
52Filexxx/xxxxxx/xxx.xHigh
53Filexxx/xxxxxxx.xHigh
54Filexxxxxx_xxx.xMedium
55Filexxx/xxxxxxxx.xxHigh
56Filexxxxxxx/xxxx-xxxxxx.xHigh
57Filexxxxxxx.xxxMedium
58Filexxxx.xLow
59Filexxx/xxxx.xMedium
60Filexxxxxxxx.xMedium
61Filexx_xxxx.xMedium
62Filexxxx.xxLow
63Filexxxxxxxx/xxxxxxxx/xxx.xHigh
64Filexxxx_xxxxxx.xxHigh
65Filexxx.xLow
66Filexxx.xLow
67Filexxxxxxxxx.xxxHigh
68Filexxxxxxxx/xxxxxxx.xHigh
69Filexxx.xLow
70Filexxxxxx.xxxMedium
71Filexxxxxxxxx.xxxxxHigh
72Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
73Filexxx_xxxx.xxxMedium
74Filexxxx/xxxx_xxxxxxxxx.xHigh
75Filexxxx/xxxx_xxxxxx.xHigh
76Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxHigh
77Library/xxx/xxx/xxxx/High
78Libraryxxxxxxxxxxxx_xxx.xxxHigh
79Libraryxxxxxxxx.xxxMedium
80Libraryxxxxxx.xxxMedium
81Libraryxxx/xxx_xxxx_xxxxxx.xHigh
82Libraryxxxxxxxxxxxx.xxxHigh
83Libraryxxxxxx.xxxMedium
84Libraryxxxxxxxx.xxxMedium
85Libraryxx_xxxx.x/xxx_xxxx.x/xx_xxx.xHigh
86Libraryxxxxx.xxxMedium
87Libraryxxxxxx.xxxMedium
88ArgumentxxxxxxxxxxxxxxxHigh
89ArgumentxxxLow
90Argumentxxxxx_xxMedium
91ArgumentxxxxxxxxxxMedium
92ArgumentxxxLow
93ArgumentxxxxxxLow
94ArgumentxxxxxxxLow
95ArgumentxxxLow
96ArgumentxxxxLow
97ArgumentxxLow
98ArgumentxxxxxxxLow
99Argumentxxxxxxx xxxxMedium
100Argumentxxxx_xxxxMedium
101ArgumentxxxxLow
102ArgumentxxxxxxLow
103ArgumentxxxxxxxxMedium
104ArgumentxxxxxxxxMedium
105ArgumentxxxxxxxxMedium
106ArgumentxxxxxxLow
107ArgumentxxxxxxxxxxxxxxxHigh
108ArgumentxxLow
109ArgumentxxxxxxxxxMedium
110Argumentxxxx_xxLow
111ArgumentxxxxxxxxMedium
112Argumentxxxxxxxx/xxxxxxxxHigh
113ArgumentxxxxxxxxMedium
114Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxHigh
115Input Value' xx 'x'='xMedium
116Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxHigh
117Input ValuexxxxxxLow
118Input Value<xxxxxx>xxxxx(xxxxxxxx. xxxxxx)</xxxxxx>High
119Input ValuexxxxxxxLow
120Input ValuexxLow
121Pattern|xx|xx|xx|Medium
122Network Portxxx/xx (xxxxxx)High
123Network Portxxx/xx (xxx xxxxxxxx)High
124Network Portxxx/xxxxMedium
125Network Portxxx/xxxxxMedium
126Network PortxxxLow
127Network Portxxx/xxx (xxx)High
128Network Portxxx/xxxxMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you need the next level of professionalism?

Upgrade your account now!