Passwordstealera Analysis

IOB - Indicator of Behavior (455)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en422
es12
pl6
fr6
zh4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us388
gb10
es6
pl4
cn4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel24
Microsoft Windows24
F5 BIG-IP10
Microsoft Internet Explorer10
Microsoft Office8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1Microsoft IIS cross site scripting5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.480.25090CVE-2017-0055
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.390.04187CVE-2010-0966
3Microsoft Windows Malware Protection Service memory corruption8.87.9$100k and more$0-$5kProof-of-ConceptOfficial Fix0.020.87853CVE-2017-0290
4Cisco Wireless LAN Controller IPv6 UDP Ingress input validation6.46.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.01136CVE-2016-9219
5Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Packet resource management4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.040.00885CVE-2016-9220
6Cisco Mobility Express 2800/Mobility Express 3800 802.11 Ingress Connection Authentication resource management4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00885CVE-2016-9221
7Microsoft Windows LDAP Privilege Escalation7.56.8$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.09891CVE-2022-30139
8Apache Tomcat JNDI Realm improper authentication5.55.5$5k-$25k$5k-$25kNot DefinedNot Defined0.060.03032CVE-2021-30640
9OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.450.49183CVE-2016-6210
10Microsoft IIS Log File Permission information disclosure5.34.8$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.050.00890CVE-2012-2531
11Microsoft Windows SmartCard Authentication EsteemAudit privileges management6.35.4$25k-$100kCalculatingFunctionalOfficial Fix0.040.00000
12Microsoft Office RTF Document Necurs Dridex access control7.06.9$25k-$100k$0-$5kHighOfficial Fix0.060.95487CVE-2017-0199
13nginx SPDY memory corruption7.36.4$0-$5k$0-$5kUnprovenOfficial Fix0.070.06523CVE-2014-0133
14Linux Kernel IPX Interface af_ipx.c ipxitf_ioctl use after free6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01104CVE-2017-7487
15PHP unserialize use after free7.36.4$25k-$100k$0-$5kUnprovenOfficial Fix0.020.00000
16Linux Kernel UDP Packet udp.c security check8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.090.06908CVE-2016-10229
17WordPress WP_Query class-wp-query.php sql injection8.58.4$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.030.01974CVE-2017-5611
18Synacor Zimbra Collaboration Suite amavisd public unrestricted upload7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.010.79060CVE-2022-41352
19F5 BIG-IP APM Virtual Server vdesk redirect6.66.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.030.00954CVE-2018-5548
20Huawei AR Router 150/200/1200/2200/3200 SNMPv3 memory corruption7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.01055CVE-2013-4631

IOC - Indicator of Compromise (43)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
13.14.212.173ec2-3-14-212-173.us-east-2.compute.amazonaws.comPasswordstealeraverifiedMedium
23.19.114.185ec2-3-19-114-185.us-east-2.compute.amazonaws.comPasswordstealeraverifiedMedium
318.188.14.65ec2-18-188-14-65.us-east-2.compute.amazonaws.comPasswordstealeraverifiedMedium
423.249.161.111PasswordstealeraverifiedHigh
536.84.56.39PasswordstealeraverifiedHigh
636.84.57.230PasswordstealeraverifiedHigh
737.8.73.90PasswordstealeraverifiedHigh
874.118.139.67PasswordstealeraverifiedHigh
980.66.255.12980-66-255-129.kj.up.eePasswordstealeraverifiedHigh
10XX.XXX.XXX.XXxxxxx.xxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
11XX.XXX.XXX.XXXxxxx.xxx-xxxx.xxx.xxXxxxxxxxxxxxxxxxverifiedHigh
12XX.XXX.XXX.XXxxxxxxxx.xxxxx.xxx.xxXxxxxxxxxxxxxxxxverifiedHigh
13XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxx.xxxxxxx.xxXxxxxxxxxxxxxxxxverifiedHigh
14XX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
15XXX.XX.XX.XXXxxx.xx.xx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
16XXX.XX.XX.XXXxxxxxxxxxxxxxxxverifiedHigh
17XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
18XXX.XX.XX.XXXxxxxxxxxxxxxxxxverifiedHigh
19XXX.XX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
20XXX.XXX.XX.XXXxx-xxx-xxx-xx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
21XXX.XXX.XXX.XXXxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
22XXX.XXX.XXX.XXxxxxxxx.xxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
23XXX.XXX.X.XXXXxxxxxxxxxxxxxxxverifiedHigh
24XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
25XXX.XXX.XXX.XXxx-xxx-xxx-xxx.xxxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
26XXX.XXX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
27XXX.XXX.XX.XXXXxxxxxxxxxxxxxxxverifiedHigh
28XXX.XXX.XX.XXXxxxxxx.xxxxxxxxxxxxxxx.xxxxxXxxxxxxxxxxxxxxxverifiedHigh
29XXX.XXX.XX.XXxxxxxxx.x-xxxxxxxxxxxx.xxxxxxxx.xxXxxxxxxxxxxxxxxxverifiedHigh
30XXX.XX.XXX.XXXXxxxxxxxxxxxxxxxverifiedHigh
31XXX.XXX.XXX.XXXxx-xx-xxxx.xxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
32XXX.XXX.XXX.XXXxxxxxxxxxxxxxxxverifiedHigh
33XXX.XX.XXX.XXxx-xxx.xx.xxx.xx.xxxxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
34XXX.XXX.X.XXXXxxxxxxxxxxxxxxxverifiedHigh
35XXX.XXX.XXX.XXxxxxxxxxxxxxxxxverifiedHigh
36XXX.XX.XXX.XXxxxx.xxxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
37XXX.XXX.XXX.XXxxxx.xxxxxx-xxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
38XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
39XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
40XXX.XX.XXX.XXXxxx.xxxxxxxx.xxxxxxxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
41XXX.XX.XXX.Xxx-xxx.xxxXxxxxxxxxxxxxxxxverifiedHigh
42XXX.XXX.XX.XXXxxxxxxxxxxxxxxxverifiedHigh
43XXX.XXX.XX.XXxxxxxxx-xxx.xxxxxx.xxxXxxxxxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (193)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/cgi-bin/kerbynetpredictiveHigh
2File/cgi-bin/supervisor/CloudSetup.cgipredictiveHigh
3File/domain/addpredictiveMedium
4File/downloadpredictiveMedium
5File/etc/sudoerspredictiveMedium
6File/index.phppredictiveMedium
7File/index.php/weblinks-categoriespredictiveHigh
8File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
9File/plainpredictiveLow
10File/show_group_members.phppredictiveHigh
11File/statuspredictiveLow
12File/uncpath/predictiveMedium
13File/vdeskpredictiveLow
14File/web/google_analytics.phppredictiveHigh
15Fileadmin_component.phppredictiveHigh
16Fileapp/views/journals/index.builderpredictiveHigh
17Filearchive_endian.hpredictiveHigh
18Fileauth-gss2.cpredictiveMedium
19Filebmp.cpredictiveLow
20Filebody.asppredictiveMedium
21Filecaca/dither.cpredictiveHigh
22Filecgi-bin/jc.cgipredictiveHigh
23Filexxxxxxxxxx.xxxpredictiveHigh
24Filexxx.xxxpredictiveLow
25Filexxxxxx/xxx.xpredictiveMedium
26Filexxxxxx/xxx.xpredictiveMedium
27Filexxxxxx\xxxx.xpredictiveHigh
28Filexxxxxxx/xxxxxxx.xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxx/xxxxxxx/xxxxxxxxxx_xxxxxxxx.xxxpredictiveHigh
30Filexxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxxxx.xpredictiveHigh
31Filexxxx\xxxxxxxxxxxxxxpredictiveHigh
32Filexxxxxxxx_xxxxxxxxx_xxxxx.xxxpredictiveHigh
33Filexxxxxxx/xxx/xxx/xxxxxx/xxxxxx_xxxxxxx.xpredictiveHigh
34Filexxxxxxx/xxx/xxx-xxxxxxx.xpredictiveHigh
35Filexxxxxxx/xxxxx/xxx/xxxxxxx/xxxxxxx-xxx.xpredictiveHigh
36Filexxxxxxx/xxx/xxxxxx.xpredictiveHigh
37Filexxxxxxx/xxxxxxxxx/xxxx.xpredictiveHigh
38Filexxxxxxx.xxxpredictiveMedium
39Filexx_xxxxxxx.xpredictiveMedium
40Filexxxxxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
41Filexxx.xpredictiveLow
42Filexxxxx.xxxpredictiveMedium
43Filexxx/xxxx/xxxx_xxxxxx.xpredictiveHigh
44Filexxx/xxxx/xxxx.xpredictiveHigh
45Filexxxx.xpredictiveLow
46Filexx/xxxxxxxx/xxxx.xpredictiveHigh
47Filexx/xxxx/xxxxx.xpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49Filexxxxxx.xxxpredictiveMedium
50Filexxxx/.xxxxxxxxxxxxxxxpredictiveHigh
51Filexxxxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
52Filexxx/xxxxxx.xxxpredictiveHigh
53Filexxx/xxx/xxx.xxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxxxxxx/xxxxx.xxxpredictiveHigh
56Filexxxxxxxxx.xxxpredictiveHigh
57Filexxxxxxxx/xxxxxxxx_xxxxxxx_xxxxxx/xxxxx.xxxpredictiveHigh
58Filexxxxxxxxxx.xxxpredictiveHigh
59Filexxxx_xxxx.xxxpredictiveHigh
60Filexxxx.xxxx.xxxxx.xxxxxxx.xxxxxxxpredictiveHigh
61Filexxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
62Filexxxxxx/xxxxxx/xxxx.xpredictiveHigh
63Filexxxx/xxxx/x_xxxxx.xpredictiveHigh
64Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
65Filexxxxx-xxxxx/xx-xxxxxx.xpredictiveHigh
66Filexxxxxxx/xxxxxxx/xxx_xxxxxxx.xpredictiveHigh
67Filexxxxxxxx/xxxxxxxx.xpredictiveHigh
68Filexxx_xxxxx.xpredictiveMedium
69Filexxx_xxx_xxxxxx.xpredictiveHigh
70Filexxx_xxx.xpredictiveMedium
71Filexxx.xpredictiveLow
72Filexxxxxxx.xxxpredictiveMedium
73Filexxxxxx.xxxpredictiveMedium
74Filexxx/xxx_xxxxxx/xxx_xxxxxx_xxxxxx.xpredictiveHigh
75Filexxx/xxxx/xxxx_xxxxxxxxxx_xxxx.xpredictiveHigh
76Filexxx/xxxx/xxxx.xpredictiveHigh
77Filexxx/xxx/xx_xxx.xpredictiveHigh
78Filexxx/xxx/xxxxxxx.xpredictiveHigh
79Filexxx/xxxxx/xxx_xxx.xpredictiveHigh
80Filexxx/xxxxxx/xxx.xpredictiveHigh
81Filexxx/xxxxxxx.xpredictiveHigh
82Filexxxxxx_xxx.xpredictiveMedium
83Filexxx/xxxxxxxx.xxpredictiveHigh
84Filexxxxxxx/xxxx-xxxxxx.xpredictiveHigh
85Filexxxxxxx.xxxpredictiveMedium
86Filexxxx.xpredictiveLow
87Filexxxx.xxxpredictiveMedium
88Filexxx/xxxx.xpredictiveMedium
89Filexxxxxxxx.xxxpredictiveMedium
90Filexxxxxxxx.xpredictiveMedium
91Filexxx.xxxpredictiveLow
92Filexx_xxxx.xpredictiveMedium
93Filexxxx.xxpredictiveLow
94Filexxxxxx.xxpredictiveMedium
95Filexxxxxx/xxxxxxxx.xxxpredictiveHigh
96Filexxxxxxxx/xxxxxxxx/xxx.xpredictiveHigh
97Filexxxx.xxxpredictiveMedium
98Filexxxx_xxxxxx.xxpredictiveHigh
99Filexxx.xpredictiveLow
100Filexxx.xpredictiveLow
101Filexxxxxxxxx.xxxpredictiveHigh
102Filexxxxxxxx/xxxxxxx.xpredictiveHigh
103Filexxx.xpredictiveLow
104Filexxxxxx.xxxpredictiveMedium
105Filexxx.xxxpredictiveLow
106FilexxxxxxxpredictiveLow
107Filexxxxxxxxx.xxxxxpredictiveHigh
108Filexx-xxxxx/xxxxxxxxx.xxxpredictiveHigh
109Filexx-xxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxx.xxxpredictiveHigh
110Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
111Filexx-xxxxx.xxxpredictiveMedium
112Filexx-xxxxxxxx.xxxpredictiveHigh
113Filexxx_xxxx.xxxpredictiveMedium
114Filexxxxxx.xxxpredictiveMedium
115Filexxxx/xxxx_xxxxxxxxx.xpredictiveHigh
116Filexxxx/xxxx_xxxxxx.xpredictiveHigh
117Library/xxx/xxxx/xxxxx.x/xx-xxxx-xxxxxxx.xxxxxpredictiveHigh
118Library/xxx/xxx/xxxx/predictiveHigh
119Libraryxxxxxxxxxxxx_xxx.xxxpredictiveHigh
120Libraryxxxxxxxx.xxxpredictiveMedium
121Libraryxxxxxx.xxxpredictiveMedium
122Libraryxxxxxx.xxxpredictiveMedium
123Libraryxxxxxxx/xxx/xxxxx_xxxxxxx.xxx.xxxpredictiveHigh
124Libraryxxx/xxx_xxxx_xxxxxx.xpredictiveHigh
125Libraryxxxx.xxxpredictiveMedium
126Libraryxxxxxxxxxxxx.xxxpredictiveHigh
127Libraryxxxxxx.xxxpredictiveMedium
128Libraryxxxxxxxx.xxxpredictiveMedium
129Libraryxx_xxxx.x/xxx_xxxx.x/xx_xxx.xpredictiveHigh
130Libraryxxxxx.xxxpredictiveMedium
131Libraryxxxxxx.xxxpredictiveMedium
132Argument-xpredictiveLow
133Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
134Argumentxxxxx_xxxxxxxxpredictiveHigh
135ArgumentxxxxxxxxxxxxxxxpredictiveHigh
136ArgumentxxxpredictiveLow
137ArgumentxxxxxxxxpredictiveMedium
138Argumentxxxxx_xxpredictiveMedium
139ArgumentxxxpredictiveLow
140ArgumentxxxxxxxxxxpredictiveMedium
141Argumentxxxx_xxpredictiveLow
142Argumentxxxxxx_xxpredictiveMedium
143ArgumentxxxpredictiveLow
144ArgumentxxxxxxpredictiveLow
145ArgumentxxxxxxxpredictiveLow
146ArgumentxxxxxpredictiveLow
147ArgumentxxxxxxxpredictiveLow
148ArgumentxxxpredictiveLow
149ArgumentxxxxpredictiveLow
150ArgumentxxxxpredictiveLow
151ArgumentxxpredictiveLow
152ArgumentxxxxxxxpredictiveLow
153Argumentxxxx_xxpredictiveLow
154Argumentxxxxxxx xxxxpredictiveMedium
155Argumentxxxx_xxxxpredictiveMedium
156ArgumentxxxpredictiveLow
157Argumentxxxxxxx_xxxxpredictiveMedium
158ArgumentxxxxpredictiveLow
159ArgumentxxxxpredictiveLow
160ArgumentxxxxxxpredictiveLow
161Argumentxxxx_xxxpredictiveMedium
162ArgumentxxxxpredictiveLow
163ArgumentxxxxxxxxpredictiveMedium
164ArgumentxxxxxxxxpredictiveMedium
165Argumentxxxx_xxxxpredictiveMedium
166ArgumentxxxxxxxxpredictiveMedium
167ArgumentxxxpredictiveLow
168ArgumentxxxxxxpredictiveLow
169ArgumentxxxxxxxxxxxxxxxpredictiveHigh
170ArgumentxxpredictiveLow
171ArgumentxxxxxxxxxpredictiveMedium
172Argumentxxxx_xxpredictiveLow
173ArgumentxxxxxxxxpredictiveMedium
174Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
175Argumentxxxx_xxxxxpredictiveMedium
176Argumentx-xxxx-xxxxxpredictiveMedium
177ArgumentxxxxxxxxpredictiveMedium
178Input Value%xx%xxxxx%xx/xxx/xxxxxx%xx%xxpredictiveHigh
179Input Value' xx 'x'='xpredictiveMedium
180Input Value../predictiveLow
181Input Valuex%xx%xx%xxxxxxx%xxxxxxxx%xxxxxxxxxx%xxxxxx%xx%xxxxxxx_xxxxx%xx%xx--%xx%xxpredictiveHigh
182Input ValuexxxxxxpredictiveLow
183Input Value<xxxxxx>xxxxx(xxxxxxxx. xxxxxx)</xxxxxx>predictiveHigh
184Input ValuexxxxxxxpredictiveLow
185Input ValuexxpredictiveLow
186Pattern|xx|xx|xx|predictiveMedium
187Network Portxxx/xx (xxxxxx)predictiveHigh
188Network Portxxx/xx (xxx xxxxxxxx)predictiveHigh
189Network Portxxx/xxxxpredictiveMedium
190Network Portxxx/xxxxxpredictiveMedium
191Network PortxxxpredictiveLow
192Network Portxxx/xxx (xxx)predictiveHigh
193Network Portxxx/xxxxpredictiveMedium

References (4)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!