PennyWise Stealer Analysis

IOB - Indicator of Behavior (96)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en64
ru12
de8
it8
sv2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

aspWebAlbum2
Tiki2
Microsoft Exchange Server2
TikiWiki2
wpDataTables Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.32
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009364.33CVE-2020-15906
3LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.48
4Openads adclick.php Remote Code Execution7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018710.14CVE-2007-2046
5Discuz UCenter Home shop.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.000640.00CVE-2010-4912
6SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002200.05CVE-2023-2090
7jforum User input validation5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.05CVE-2019-7550
8Tiki Wiki CMS Groupware cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000790.04CVE-2016-7394
9Tiki Wiki CMS Groupware tiki-jsplugin.php input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.026750.07CVE-2010-4239
10Tiki Wiki CMS Groupware tiki-adminusers.php cross-site request forgery6.56.5$0-$5kCalculatingNot DefinedNot Defined0.002110.05CVE-2010-4241
11TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.66CVE-2006-6168
12real3d-flipbook-lite Plugin flipbooks.php cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000760.04CVE-2016-10967
13Advanced Poll booth.php path traversal7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.008640.00CVE-2003-1180
14Magento os command injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.006070.00CVE-2020-9578
15Adobe Commerce XML Document xml external entity reference9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.040720.03CVE-2024-34102
16Adobe Commerce os command injection7.26.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.06CVE-2024-20720
17wpDataTables Plugin sql injection8.68.5$0-$5k$0-$5kNot DefinedNot Defined0.000910.05CVE-2024-3820
18Apache HTTP Server Module response splitting5.35.1$25k-$100k$0-$5kNot DefinedOfficial Fix0.000440.09CVE-2024-24795
19SecurEnvoy MFA Desktop Service secserver ldap injection7.47.2$0-$5k$0-$5kNot DefinedOfficial Fix0.013010.05CVE-2024-37393
20WordPress File meta.php is_protected_meta path traversal6.86.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.003260.05CVE-2020-28039

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/forum/away.phppredictiveHigh
3File/owa/auth/logon.aspxpredictiveHigh
4File/secserverpredictiveMedium
5File/spip.phppredictiveMedium
6File/wp-admin/admin-ajax.phppredictiveHigh
7Fileaction.phppredictiveMedium
8Fileadclick.phppredictiveMedium
9Filexxxxx/xxxxxxxx/xxxx/xxx_xxxxx_xx_xxxx.xxxpredictiveHigh
10Filexxxxx.xxxpredictiveMedium
11Filexxx:.xxxpredictiveMedium
12Filexxx/xxx.xxxpredictiveMedium
13Filexxx/xxxxx.xxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxx.xxxpredictiveLow
16Filexxx.xxxpredictiveLow
17Filexxxxxx.xxxpredictiveMedium
18Filexxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxxx.xxxpredictiveMedium
21Filexxx/xxxxxxxxx/xx_xxxxxx_xxx.xpredictiveHigh
22Filexxx.xxxxxx.xxxpredictiveHigh
23Filexxxx.xxxpredictiveMedium
24Filexxxxxx/xx_xxxxxx_xxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
25Filexxxxxxx.xxxpredictiveMedium
26Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
27Filexxxxx\xxxx.xxxpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxx/xxxx_xx_xxx.xpredictiveHigh
30Filexxxxxxx_xxxxxx.xxxpredictiveHigh
31Filexxxx-xxxxxxxxxx.xxxpredictiveHigh
32Filexxxx-xxxxxxxx.xxxpredictiveHigh
33Filexxxx-xxxxx.xxxpredictiveHigh
34Filexxxx-xxxxxxxx.xxxpredictiveHigh
35Filexxxxxxxxxx.xxxpredictiveHigh
36Filexx-xxxxx/xxxxxxx-xxxxxxx.xxxpredictiveHigh
37Filexx-xxxxx/xxxxxxx-xxxxxxx.xxx?xxxx=xxxxx-xxxxx-xxxxxxxxpredictiveHigh
38Filexx-xxxxxxx/xxxxxxx/xxxxxx-xxxxxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
39Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
40ArgumentxxxxpredictiveLow
41ArgumentxxxxxxpredictiveLow
42ArgumentxxxxxpredictiveLow
43ArgumentxxxpredictiveLow
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxxpredictiveLow
46ArgumentxxxxpredictiveLow
47Argumentxxxxx_xxxx/xxxxx_xxx/xxxxx_xxxx/xxxx_xxpredictiveHigh
48ArgumentxxxxpredictiveLow
49Argumentxx_xxpredictiveLow
50ArgumentxxxxxxxxxxpredictiveMedium
51ArgumentxxpredictiveLow
52Argumentxxxxxxx_xxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54ArgumentxxxxpredictiveLow
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxxpredictiveMedium
57ArgumentxxxxxxpredictiveLow
58ArgumentxxxxpredictiveLow
59ArgumentxxxpredictiveLow
60ArgumentxxxxxxxxxxxpredictiveMedium
61ArgumentxxxpredictiveLow
62Argumentxxxxxx/xxxxpredictiveMedium
63ArgumentxxxxxxxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

Interested in the pricing of exploits?

See the underground prices here!