Persian Stalker Analysisinfo

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (130)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Language

en128
it2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

US: USA42
HU: Hungary24
PW: Palau12
WS: Samoa6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MyKings1
Persian Stalker1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined48
Operating System8
Web Server6
WordPress Plugin6
Network Camera Software6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined32
Apple8
Qualcomm4
D-Link4
IBM4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple macOS6
rsync4
Qualcomm AR80354
Qualcomm QCA63914
Qualcomm QCA64214

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

These are the vulnerabilities that we have identified as researched, approached, or attacked.

#VulnerabilityBaseTemp0dayTodayExpCouKEVEPSSCTICVE
1Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$100k and more$0-$5kHighOfficial fixverified0.943780.02CVE-2023-4966
2Hanwha Techwin Smartcam improper authentication8.58.5$0-$5k$0-$5kNot definedNot defined 0.005270.08CVE-2018-6299
3Omron CX-One CX-Programmer Password Storage information disclosure5.95.7$0-$5k$0-$5kNot definedOfficial fix 0.000580.00CVE-2015-0988
4XiongMai IP Camera/DVR NetSurveillance Web Interface memory corruption8.58.5$0-$5k$0-$5kNot definedNot defined 0.021500.00CVE-2017-16725
5Wowza Streaming Engine Installer bin default permission8.38.3$0-$5k$0-$5kNot definedNot defined 0.000850.00CVE-2019-7656
6Allegro RomPager Embedded Web Server rom-0 information disclosure5.34.9$0-$5k$0-$5kProof-of-ConceptWorkaround 0.000000.08
7Boa Webserver GET wapopen path traversal6.46.1$0-$5k$0-$5kProof-of-ConceptNot definedexpected0.907480.00CVE-2017-9833
8Multiple Vendor DVR download.rsp Credentials credentials management7.57.4$0-$5k$0-$5kNot definedWorkaround 0.005460.00CVE-2018-10676
9XiongMai uc-httpd path traversal7.57.5$0-$5k$0-$5kNot definedNot defined 0.043930.00CVE-2017-7577
10AVTECH IP Camera/NVR/DVR PwdGrp.cgi command injection9.89.2$5k-$25k$0-$5kHighUnavailable 0.000000.00
11thttpd WebService information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot defined 0.000000.00
12Safe Exam Browser Clipboard Management information disclosure5.75.7$0-$5k$0-$5kNot definedOfficial fix 0.001030.07CVE-2024-37742
13Bitrix Site Manager redirect.php link following5.34.7$0-$5k$0-$5kUnprovenUnavailable 0.002460.07CVE-2008-2052
14Simple Posts Ticker Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot definedNot defined 0.001030.00CVE-2023-4646
15mkdocs Dev-Server pathname traversal5.95.8$0-$5k$0-$5kNot definedNot definedpossible0.797180.03CVE-2021-40978
16Adobe Acrobat Reader out-of-bounds4.94.8$5k-$25k$0-$5kNot definedOfficial fix 0.000790.00CVE-2023-38248
17KramerAV VIA Connect/VIA Go Screen code injection8.38.1$0-$5k$0-$5kNot definedOfficial fix 0.000790.00CVE-2023-33469
18Microsoft .NET/Visual Studio denial of service6.86.2$5k-$25k$0-$5kUnprovenOfficial fix 0.012580.00CVE-2023-38178
19WebBoss.io CMS cross site scripting4.44.4$0-$5k$0-$5kNot definedNot defined 0.000840.00CVE-2023-39096

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1145.239.65.25ns3081843.ip-145-239-65.euPersian Stalker11/09/2018verifiedLow
2XXX.XXX.XXX.XXxxxxxx Xxxxxxx11/09/2018verifiedVery Low

TTP - Tactics, Techniques, Procedures (15)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Basic Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-XXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-XXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-XXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-XCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-XXXCWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-XXXCWE-XXXXxxxxxxxpredictiveHigh
12TXXXXCAPEC-XXXCWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCWE-XXXxxxxxxxxxxxxpredictiveHigh
14TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
15TXXXX.XXXCAPEC-XCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/index.htmlpredictiveHigh
2File/cgi-bin/luci/admin/network/wireless/statuspredictiveHigh
3File/cgi-bin/supervisor/PwdGrp.cgipredictiveHigh
4File/cgi-bin/wapopenpredictiveHigh
5File/DroboAccess/enable_userpredictiveHigh
6File/xxxxx/xxx/xxxxx.xxxpredictiveHigh
7File/xxxxx/xxx/.xxxx-xxxxx/xxxxxx-xxxxxxxxxxxxxpredictiveHigh
8File/xxx-xpredictiveLow
9File/xxx/xxxxx/xxxxxxxxxxxxxxxxxxxx/xxx/predictiveHigh
10File/xxxxxxxxx/xx-xxxxx/xxxxx.xxxpredictiveHigh
11Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
12Filexxxx.xpredictiveLow
13Filexxx-xxx/xxxxxxxx.xxxxpredictiveHigh
14Filexxx-xxx/xxxx-xxxpredictiveHigh
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxx/xxx/xxx/xxxx_xxx.xpredictiveHigh
17Filexxxxxxx.xpredictiveMedium
18Filexxxxx/xxxxxxxx/xxxxxxxxxxxx/xxxxxxxxxxxxpredictiveHigh
19Filexxxx/xxxxx.xxxpredictiveHigh
20Filexxx/xxx/xxxx_xxxxxxxx.xpredictiveHigh
21Filexxxxxxxx.xxxpredictiveMedium
22Filexxxxxxxx/xxxxxxxxpredictiveHigh
23Filexxx/xxx/xxx-xxx/xxxx.xxxpredictiveHigh
24Libraryxxxxxxxxxx.xxxpredictiveHigh
25ArgumentxxxxpredictiveLow
26ArgumentxxxxxxxxxxpredictiveMedium
27Argumentxxx_xxxxx_xxxx_xxxxxxxpredictiveHigh
28ArgumentxxxxpredictiveLow
29ArgumentxxxxpredictiveLow
30ArgumentxxxxxpredictiveLow
31ArgumentxxxxxxxxpredictiveMedium
32Argumentxxxxxxx_xxpredictiveMedium
33ArgumentxxxxxxpredictiveLow
34Argumentxxxxxxx_xxxxxpredictiveHigh
35ArgumentxxxxxxxxxxxxxxxxxxxpredictiveHigh
36ArgumentxxxxxxxxxxxxpredictiveMedium
37ArgumentxxxxxxxxpredictiveMedium
38Input Value..predictiveLow
39Input Value../..predictiveLow
40Input Value/%xxpredictiveLow
41Input Value/..predictiveLow
42Network Portxxx/xxxxpredictiveMedium
43Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

This view requires CTI permissions

Just purchase a CTI license today!