StrelaStealer تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

اللغة

en	52
ru	6
de	2
ja	2
es	2

البلد

ru	30
us	12
nl	4
de	2
es	2

الفاعلين

Stealc	2
RedLine Stealer	2
StrelaStealer	2
Rhadamanthys	2
Quasar RAT	1

الاهتمام

النوع

Not Defined	20
Operating System	6
Web Server	6
Connectivity Software	4
Content Management System	4

المجهز

Not Defined	22
Hassan Consulting	4
Microsoft	4
Apache	2
Rapid	2

منتج

OpenSSH	4
Hassan Consulting Shopping Cart	4
Apache OpenOffice	2
pyload	2
Rapid Scada	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	EPSS	CTI	CVE
1	Node.js تجاوز الصلاحيات	8.2	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00260	0.00	CVE-2020-8201
2	Email Subscribers / Newsletters File Download الكشف عن المعلومات	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.21953	0.04	CVE-2019-19985
3	Google Android Privilege Escalation	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00061	0.05	CVE-2021-0877
4	Google Android تلف الذاكرة	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-21042
5	Microsoft Windows Online Certificate Status Protocol SnapIn Remote Code Execution	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00120	0.04	CVE-2023-35313
6	GitHub Enterprise Server API الكشف عن المعلومات	3.9	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00111	0.00	CVE-2022-46257
7	Pallets Werkzeug Debugger tbtools.py render_full سكربتات مشتركة	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00183	0.04	CVE-2016-10516
8	Zyxel ATP/USG FLEX/VPN CGI Program الكشف عن المعلومات	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00077	0.00	CVE-2023-22918
9	Apache OpenOffice Calc تجاوز الصلاحيات	7.3	6.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00602	0.02	CVE-2014-3524
10	V3chat V3 Chat Profiles Dating Script توثيق ضعيف	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01685	0.00	CVE-2008-5784
11	SourceCodester Online Discussion Forum Site view_post.php حقن إس كيو إل	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00077	0.15	CVE-2023-3152
12	USAA Mobile Banking Screen Cache الكشف عن المعلومات	3.3	3.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00116	0.00	CVE-2015-1314
13	Zoho ManageEngine ServiceDesk Plus MSP توثيق ضعيف	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00343	0.00	CVE-2021-44675
14	Microsoft Exchange Outlook Web Access تجاوز الصلاحيات	5.3	4.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.01212	0.00	CVE-2014-6319
15	October CMS تجاوز الصلاحيات	5.3	5.1	$0-$5k	$0-$5k	High	Official Fix	0.01981	0.00	CVE-2021-32648
16	pyload تجاوز الصلاحيات	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.50964	0.00	CVE-2023-0297
17	cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar اجتياز الدليل	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00079	0.22	CVE-2022-4065
18	Verizon Fios Actiontec Mi424wr-gen31 Router Administration index.cgi طلب تزوير مشترك	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00348	0.01	CVE-2013-0126
19	Yandex Browser تجاوز الصلاحيات	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2022-28226
20	SheerDNS Directory_lookup اجتياز الدليل	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02

حملات (1)

These are the campaigns that can be associated with the actor:

Spain

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	ممثل	حملات	Identified	النوع	الثقة
1	45.9.74.12	StrelaStealer		03/04/2024	verified	عالي
2	XX.XXX.XX.XXX	Xxxxxxxxxxxxx	Xxxxx	24/06/2023	verified	عالي
3	XXX.XXX.XX.XX	Xxxxxxxxxxxxx		25/08/2023	verified	عالي
4	XXX.XXX.XX.XXX	Xxxxxxxxxxxxx		02/04/2024	verified	عالي

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الفئة	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	عالي
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	عالي
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	عالي
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	عالي
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	عالي
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	عالي
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	عالي
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
10	TXXXX	CAPEC-50	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
11	TXXXX	CAPEC-464	CWE-XXX	Xxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxx	predictive	عالي
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	/uncpath/	predictive	متوسط
2	File	admin\posts\view_post.php	predictive	عالي
3	File	ajax/include.php	predictive	عالي
4	File	app/admin/custom-fields/filter-result.php	predictive	عالي
5	File	boafrm/formSysCmd	predictive	عالي
6	File	xxxx	predictive	واطئ
7	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	predictive	عالي
8	File	xxxxx/xxxxxxx.xx	predictive	عالي
9	File	xxxxx.xxx	predictive	متوسط
10	File	xxxxx_xxxxxx.xxx	predictive	عالي
11	File	xxxxx.xxx	predictive	متوسط
12	File	xxxxx.xx	predictive	متوسط
13	File	xxxxx.xxx	predictive	متوسط
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	عالي
15	File	xxxxxxxxxxxxx.xxx	predictive	عالي
16	File	xxxx-xxxxxx.x	predictive	عالي
17	File	xxxx.xxx	predictive	متوسط
18	File	xxxx.xx	predictive	واطئ
19	File	xxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxx	predictive	عالي
20	File	xxxxxx_xxx/xxxx	predictive	عالي
21	File	xxxx/xxxxxxxxxxxx.xxx	predictive	عالي
22	Library	/xxxxx/xxxxxxxx/xxxxxxx.xxx	predictive	عالي
23	Library	xxxxxx.xxx	predictive	متوسط
24	Argument	xxxx	predictive	واطئ
25	Argument	xxxxx[xxxxx][xx]	predictive	عالي
26	Argument	xxxx	predictive	واطئ
27	Argument	xxxxxxxx	predictive	متوسط
28	Argument	xxxxxxxx	predictive	متوسط
29	Argument	xxxxxxx	predictive	واطئ
30	Argument	xxx	predictive	واطئ
31	Argument	xxxxxxxx	predictive	متوسط
32	Argument	xxxxxx	predictive	واطئ
33	Argument	xxxxxx	predictive	واطئ
34	Argument	xxxxx	predictive	واطئ
35	Argument	xxx	predictive	واطئ
36	Input Value	\x	predictive	واطئ

المصادر (5)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you need the next level of professionalism?

Upgrade your account now!