RecordStealer Analysis

IOB - Indicator of Behavior (226)

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en163
zh25
ru25
fr6
pl2

Country

us72
cn47
ru19
mo18
io7

Actors

Activities

Interest

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need you unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1ThinkPHP input validation8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.070.84749CVE-2019-9082
2ZZZCMS zzzphp File Upload unrestricted upload7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.070.00885CVE-2019-16720
3Microsoft Exchange Server ProxyShell Remote Code Execution9.58.2$25k-$100k$5k-$25kUnprovenOfficial Fix0.130.61804CVE-2021-34473
4VeronaLabs wp-statistics Plugin API Endpoint Blind sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00954CVE-2019-13275
5CutePHP CuteNews unrestricted upload7.56.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.35200CVE-2019-11447
6nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined3.680.00000CVE-2020-12440
7ZyXEL P660HN-T1A Remote System Log Forwarder ViewLog.asp command injection8.58.5$5k-$25k$0-$5kNot DefinedNot Defined0.030.68069CVE-2017-18368
8WordPress Object injection5.35.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.100.01034CVE-2022-21663
9OpenProject Activities API sql injection7.77.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000.93596CVE-2019-11600
10Ruijie RG-EW switch doSwitchApi Privilege Escalation6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.050.01978CVE-2021-43161
11Microsoft Windows Support Diagnostic Tool Follina Remote Code Execution7.37.1$25k-$100k$0-$5kHighWorkaround0.160.69589CVE-2022-30190
12Telesquare SDT-CW3B1 os command injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.030.45466CVE-2021-46422
13Microsoft Windows Active Directory Domain Services Privilege Escalation8.88.1$100k and more$0-$5kProof-of-ConceptOfficial Fix0.100.02288CVE-2022-26923
14QNAP QTS Media Library access control8.58.2$0-$5k$0-$5kHighOfficial Fix0.050.27000CVE-2017-13067
15PHP spl_heap.c compare use after free9.89.6$25k-$100k$0-$5kNot DefinedOfficial Fix0.030.05785CVE-2015-4116
16WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.330.01034CVE-2022-21664
17Microsoft Exchange SMTP Service heap-based overflow7.36.6$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.030.60616CVE-2005-0560
18Twig code injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01183CVE-2022-23614
19OpenLDAP Backend sql injection6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.030.01018CVE-2022-29155
20Google Chrome Password Manager use after free7.57.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.050.01319CVE-2020-15991

IOC - Indicator of Compromise (34)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
145.67.34.152mail.worthlesspussy.infoRecordStealerverifiedHigh
245.67.34.234varitbucks.siteRecordStealerverifiedHigh
345.67.34.238vm644735.stark-industries.solutionsRecordStealerverifiedHigh
445.84.0.152vm603207.stark-industries.solutionsRecordStealerverifiedHigh
545.133.216.145new18.vpsfastRecordStealerverifiedHigh
645.133.216.170wireguard.vasilchenko.devRecordStealerverifiedHigh
745.133.216.249vm542550.stark-industries.solutionsRecordStealerverifiedHigh
8XX.XXX.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxxverifiedHigh
9XX.XXX.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxxverifiedHigh
10XX.XXX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxxverifiedHigh
11XX.XXX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxxverifiedHigh
12XX.XXX.XX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxxverifiedHigh
13XX.XXX.XX.XXXxxxxxxxxxxxxverifiedHigh
14XX.XXX.XXX.XXXxxx-xx.xxxxxXxxxxxxxxxxxxverifiedHigh
15XX.XXX.XXX.XXXxxxxxxxxxxxxverifiedHigh
16XX.XXX.XXX.XXxxxxxx.xxxxxxxx.xxxXxxxxxxxxxxxxverifiedHigh
17XX.XX.XX.XXxxxx.xxxxxxx.xxxxXxxxxxxxxxxxxverifiedHigh
18XX.XX.XXX.XXxxx.xxxxxxx.xxxxxxXxxxxxxxxxxxxverifiedHigh
19XX.XX.XXX.XXXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxxverifiedHigh
20XX.XX.XXX.XXXxxxxxxxxxxxxverifiedHigh
21XX.XXX.XX.XXXxxxxxxxxx.xxxXxxxxxxxxxxxxverifiedHigh
22XX.XXX.XXX.XXXxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedHigh
23XX.XXX.XXX.XXxx-xxxx.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedHigh
24XXX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xxx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxxxxverifiedHigh
25XXX.XX.XX.Xxxxxxxxxx.xxXxxxxxxxxxxxxverifiedHigh
26XXX.XX.XXX.XXXxxxxxxxxxxxxverifiedHigh
27XXX.XX.XXX.XXXxxxxxxxxxxxxverifiedHigh
28XXX.XX.XXX.XXXxxxxxxxxxxxxverifiedHigh
29XXX.XX.XXX.XXXxxxxxxxxxxxxverifiedHigh
30XXX.XX.XXX.XXxxxxxxxx.xxxxx-xxxxxxxxxx.xxxxxxxxxXxxxxxxxxxxxxverifiedHigh
31XXX.XX.XXX.XXxxx.xxxxx.xxXxxxxxxxxxxxxverifiedHigh
32XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedHigh
33XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedHigh
34XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx.xxxxxxxxx.xxxXxxxxxxxxxxxxverifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IOA - Indicator of Attack (105)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/api/RecordingList/DownloadRecord?file=predictiveHigh
2File/cgi-bin/luci/api/switchpredictiveHigh
3File/cgi-bin/sm_changepassword.cgipredictiveHigh
4File/exportpredictiveLow
5File/guest_auth/cfg/upLoadCfg.phppredictiveHigh
6File/include/chart_generator.phppredictiveHigh
7File/index.phppredictiveMedium
8File/jsonrpcpredictiveMedium
9File/mims/login.phppredictiveHigh
10File/opt/zimbra/jetty/webapps/zimbra/publicpredictiveHigh
11File/rapi/read_urlpredictiveHigh
12File/SetTriggerWPS/PINpredictiveHigh
13File/xx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
14File/xx-xxxxx/xxxxx-xxxx.xxx?xx_xxxx=x&xxxxxx_xxxxpredictiveHigh
15Filexxxxx/xxxxxx/xxxxxxx.xxxpredictiveHigh
16Filexxx_xxxxxxx.xxxpredictiveHigh
17Filexxxxxx/xxx.xpredictiveMedium
18Filexxxxxxxxx.xxx.xxxpredictiveHigh
19Filexxxxx/xxxxx.xxxpredictiveHigh
20Filexxxx_xxxxx.xxxpredictiveHigh
21Filexxxxx.xxxpredictiveMedium
22Filexxxxxxx.xxxpredictiveMedium
23Filexxx/xxx/xxx_xxxx.xpredictiveHigh
24Filexx/xx-xx.xpredictiveMedium
25Filexxx/xxxx_xxxx.xpredictiveHigh
26Filexxxx_xxxxxx.xpredictiveHigh
27Filexxxxxx.xxxpredictiveMedium
28Filexxxx/xxxxxxx.xpredictiveHigh
29Filexxx/xxxxxx.xxxpredictiveHigh
30Filexxxxxxxx/xxxxx-xxxxxx-xxxx-xxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxx.xxx?xxx=xxxx&xxx=xxxxxxxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxxx.xxxpredictiveHigh
35Filexxxxx.xxxxpredictiveMedium
36Filexxxx/xxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxx/xxx.xxxpredictiveMedium
38Filexxx%xx.xxxpredictiveMedium
39Filexxxxxxx/xxxxxxx/xxx/xxxxxxxxxx.xxx?xxxxxxxx=xxxx&xxxxxx=xxxxxxxxxxpredictiveHigh
40Filexxxxxx.xpredictiveMedium
41Filexxxx.xxxpredictiveMedium
42Filexxxxx.xxxpredictiveMedium
43Filexxxxxx/?x=xxxxx/\xxxxx\xxx/xxxxxxxxxxxxxx&xxxxxxxx=xxxx_xxxx_xxxx_xxxxx&xxxx[x]=xxxxxx&xxxx[x][]predictiveHigh
44Filexxxxxx/xxxx_xxxxxxx_xxx.xxpredictiveHigh
45Filexxxxx.xxxpredictiveMedium
46Filexxxxxxxxx.xxxpredictiveHigh
47Filexxxxxxxx/xxxxx/xxxxxxxxxxxx/xxxxxxx/xxxxxxx/xxxxxx%xxxxxxxxx/xxxxxxxxxxxxxx.xxxxpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49Filexxxxx/xxxxx.xxxpredictiveHigh
50Filexxxxxxxxxxxx.xxxpredictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxx_xxx.xxxpredictiveHigh
53Filexxxxx/xxx/xxxxxxx/xxxxxx.xxxpredictiveHigh
54Filexxxxxx\xxxxxx\xxxxxxxxx-xxxxxx-xxxxxxx\xxx\xxxxxxx\xxxxxxxxxxxxx.xxxpredictiveHigh
55FilexxxxxxxxxxpredictiveMedium
56Filexxxxxxx.xxxpredictiveMedium
57Filexxxxxxx/xxxxx.xxxpredictiveHigh
58Filexx-xxxxx/xxxxx.xxx?xx-xxxxx-xxxxxx[]=xxxxxpredictiveHigh
59Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
60Libraryxxxxxxxxx.xxxpredictiveHigh
61Libraryxxxxxxxx/xxxxxxx/xxxxx/xxx.xxxpredictiveHigh
62Argument?xxxx_xxxx=xxxxxxx.xxx/xxxx=xxxxxx/xxx=xxx+/xxx/.xxxxxxxx/xxxxxxx=//xxxxxxxxxxxxxx.xxx=xpredictiveHigh
63ArgumentxxxxxpredictiveLow
64Argumentxxxxxx_xxxxpredictiveMedium
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxpredictiveLow
67ArgumentxxpredictiveLow
68ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
69Argumentxxxxxx_xxpredictiveMedium
70ArgumentxxxxxxxxpredictiveMedium
71ArgumentxxxxxxpredictiveLow
72ArgumentxxxxxxxxpredictiveMedium
73ArgumentxxxxpredictiveLow
74ArgumentxxpredictiveLow
75ArgumentxxxxxxpredictiveLow
76Argumentxx xxxxxxxpredictiveMedium
77ArgumentxxxxxxxpredictiveLow
78ArgumentxxxxxxxxpredictiveMedium
79ArgumentxxxxxxxxpredictiveMedium
80Argumentxxxxx_xxxx_xxxpredictiveHigh
81ArgumentxxxxxxxxxxxpredictiveMedium
82Argumentxxxxxx_xxxxpredictiveMedium
83ArgumentxxxxxxxxpredictiveMedium
84ArgumentxxxxxxpredictiveLow
85Argumentxxxxxxx_xxpredictiveMedium
86Argumentxxxx_xxpredictiveLow
87Argumentxxxxxxxx_xxxxxxxxpredictiveHigh
88ArgumentxxxxxxxxxxxxxxxxxxxxxpredictiveHigh
89ArgumentxxxpredictiveLow
90ArgumentxxxxpredictiveLow
91ArgumentxxxxxxxxpredictiveMedium
92Argumentxxxxxxxx/xxxxpredictiveHigh
93Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
94ArgumentxxxxxpredictiveLow
95Argumentxxxxx[_xxxxxxxx]predictiveHigh
96ArgumentxxxxpredictiveLow
97Argumentxxxx/xx/xxxx/xxxpredictiveHigh
98Input Value'||x=x#predictiveLow
99Input Value.%xx.../.%xx.../predictiveHigh
100Input Value../../../../../xxx/xxx/xxxxx/xxxx/xxxxxxxx/xxxxx/xxx.xxxpredictiveHigh
101Input ValuexxxxxxxxxxpredictiveMedium
102Patternx-xxxxxxxxxxpredictiveMedium
103Network PortxxxxpredictiveLow
104Network Portxxxx xxxxpredictiveMedium
105Network Portxxx/xxxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!