MetaStealer Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Zeitverlauf

Sprache

en58
ru12
it2

Land

us32
ru18
it2

Akteure

MetaStealer8
Meterpreter2
RedLine Stealer2
Redaman1
BitRAT1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined22
Hospitality Software8
E-Commerce Management Software6
WordPress Plugin4
Cloud Software2

Hersteller

Not Defined26
SourceCodester6
GNU2
Oracle2
Mozilla2

Produkt

cpCommerce2
SourceCodester Alphaware Simple E-Commerce System2
GNU Bash2
Oracle Communications Cloud Native Core Security E ...2
Mozilla Firefox2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1Red Lion HMI Panel URI erweiterte Rechte6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.000.00238CVE-2017-14855
2GNU Bash mod_cgi erweiterte Rechte9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.97348CVE-2014-7169
3Hostel Searching Project view-property.php SQL Injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00223CVE-2022-4051
4Ovidentia CMS index.php SQL Injection4.34.1$0-$5kWird berechnetProof-of-ConceptNot Defined0.070.00089CVE-2021-29343
5phpBB XS bb_usage_stats.php erweiterte Rechte7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.020.07955CVE-2006-4893
6SourceCodester Online Student Admission System Student User Page edit-profile.php Cross Site Scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00068CVE-2022-2681
7Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.060.00080CVE-2023-36745
8Elementor Plugin Template Import erweiterte Rechte6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00054CVE-2023-48777
9News & Blog Designer Pack Plugin erweiterte Rechte7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.020.00322CVE-2023-5815
10LearnPress Plugin erweiterte Rechte7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.050.16476CVE-2023-6634
11Likeshop HTTP POST Request File.php userFormImage erweiterte Rechte8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00727CVE-2024-0352
12Proxmox proxmox-widget-toolkit Edit Notes Cross Site Scripting5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.060.00052CVE-2023-46854
13GG18/GG20 ECDSA Private Key erweiterte Rechte7.77.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.030.00070CVE-2023-33241
14Mozilla Firefox SPDY/HTTP/2 schwache Verschlüsselung5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.020.00411CVE-2014-1584
15Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.020.01192CVE-2023-21529
16MetInfo URL Redirector login.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.000.00107CVE-2017-11718
17SourceCodester Sanitization Management System Admin Login SQL Injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.060.00120CVE-2022-4726
18Microsoft SharePoint Workflow erweiterte Rechte10.08.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.000.91072CVE-2013-1330
19NdkAdvancedCustomizationFields createPdf.php Cross Site Scripting4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000.00063CVE-2022-40840
20Redis XAUTOCLAIM Command Pufferüberlauf8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00598CVE-2022-31144

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
14.224.60.120MetaStealer21.11.2023verifiziertHigh
213.114.196.60ec2-13-114-196-60.ap-northeast-1.compute.amazonaws.comMetaStealer26.02.2024verifiziertMedium
313.125.88.10ec2-13-125-88-10.ap-northeast-2.compute.amazonaws.comMetaStealer26.02.2024verifiziertMedium
4XX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxx26.11.2023verifiziertHigh
5XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxx-xxxXxxxxxxxxxx16.05.2023verifiziertHigh
6XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxx.xxxxXxxxxxxxxxx16.05.2023verifiziertHigh
7XXX.XXX.XXX.XXXxxxxxx.xxxXxxxxxxxxxx02.12.2022verifiziertHigh
8XXX.XXX.XXX.XXXxxxxxxxxxx16.05.2023verifiziertHigh
9XXX.XXX.XXX.XXXxxxxxxxxxx31.01.2023verifiziertHigh
10XXX.XXX.XXX.XXXXxxxxxxxxxx06.04.2022verifiziertHigh
11XXX.XX.XX.XXXXxxxxxxxxxx30.11.2023verifiziertHigh
12XXX.XX.XX.XXXXxxxxxxxxxx30.11.2023verifiziertHigh
13XXX.XX.XXX.XXXxxx.xxxXxxxxxxxxxx30.11.2023verifiziertHigh
14XXX.XX.XX.XXXXxxxxxxxxxx29.12.2023verifiziertHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
2T1059CWE-94Argument InjectionprädiktivHigh
3T1059.007CWE-79, CWE-80Cross Site ScriptingprädiktivHigh
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxprädiktivHigh
8TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh
10TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxprädiktivHigh
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/index.phpprädiktivMedium
2File/uncpath/prädiktivMedium
3Fileabout.phpprädiktivMedium
4Fileadmin.phpprädiktivMedium
5Fileadmin_feature.phpprädiktivHigh
6Fileaj.htmlprädiktivLow
7Fileakocomments.phpprädiktivHigh
8Filearchives.phpprädiktivMedium
9Filexxxxxxx.xxxprädiktivMedium
10Filexxxx.xxx.xxxprädiktivMedium
11Filexx_xxxxx_xxxxx.xxxprädiktivHigh
12Filexxx-xxxxxx-xxxxxxxxxx-xxxxxx/xxxxxxx.xxxprädiktivHigh
13Filexxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxxprädiktivHigh
14Filexxx-xxx/xxxxxx/xxxxx.xxprädiktivHigh
15Filexxxxxxxxxxx.xxx.xxxprädiktivHigh
16Filexxxxxxx.xxxprädiktivMedium
17Filexxxxxxxxx.xxxprädiktivHigh
18Filexxxxxx.xxxprädiktivMedium
19Filexxxxxx.xxxprädiktivMedium
20Filexxxx-xxxxxxx.xxxprädiktivHigh
21Filexxxxxxxxx.xxxprädiktivHigh
22Filexxxxx.xxxprädiktivMedium
23Filexxxxxx.xxxprädiktivMedium
24Filexxxxx.xxxprädiktivMedium
25Filexxxx.xxxprädiktivMedium
26Filexxxxxx/xxxxx.xxxprädiktivHigh
27Filexxxxx.xxxprädiktivMedium
28Filexxxx.xxxprädiktivMedium
29Filexxxxxx/xxx/xx/xxx.xxprädiktivHigh
30Filexxxxxx.xxxprädiktivMedium
31Filexxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxxprädiktivHigh
32Filexxxxxxx_xxxxxx.xxxprädiktivHigh
33Filexxxx.xxxprädiktivMedium
34Filexxxx-xxxxxxxx.xxxprädiktivHigh
35Filexxxx.xxxxxxxxx.xxxprädiktivHigh
36Filexxxxxxxxx.xxxprädiktivHigh
37Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxprädiktivHigh
38Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:prädiktivHigh
39Argumentxxx_xxprädiktivLow
40Argumentxxxxxx_xxxxx_xxxxprädiktivHigh
41ArgumentxxxxprädiktivLow
42Argumentxx_xxxxprädiktivLow
43ArgumentxxxxxxxxprädiktivMedium
44Argumentxxxxxxx[xxxxxx]prädiktivHigh
45ArgumentxxxxxprädiktivLow
46Argumentxxxxx_xxprädiktivMedium
47Argumentxxxxx_xxxxprädiktivMedium
48ArgumentxxprädiktivLow
49ArgumentxxprädiktivLow
50Argumentxxxx_xxprädiktivLow
51ArgumentxxxxxprädiktivLow
52Argumentxxxxxxxxx_xxxxxxxx_xxxxprädiktivHigh
53Argumentxxxx_xxxxprädiktivMedium
54Argumentxxxxx_xxxx_xxxxprädiktivHigh
55ArgumentxxxprädiktivLow
56Argumentxxxxxxxx_xxprädiktivMedium
57ArgumentxxxxxxxxprädiktivMedium
58ArgumentxxxprädiktivLow
59Argumentxxxx-xxxxxprädiktivMedium
60ArgumentxxxxxxxxprädiktivMedium
61Argumentxxxxxxxx/xxxxxxxxprädiktivHigh
62Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>prädiktivHigh
63Input Valuexxxxxx_xxxxxxxxprädiktivHigh

Referenzen (9)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

ZurückÜbersichtWeiter

Want to stay up to date on a daily basis?

Enable the mail alert feature now!