FickerStealer Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (351)

Chronologie

Langue

en262
es52
de22
it6
ru4

De campagne

us174
ru96
cn38
fr8
es6

Acteurs

RedLine Stealer11
FickerStealer9
Cobalt Strike6
Azorult4
TrickBot3

Activités

Intérêt

Chronologie

Taper

Not Defined78
Web Server24
Operating System20
Content Management System16
Router Operating System12

Fournisseur

Not Defined98
Microsoft32
Apache14
Cisco10
Oracle8

Produit

Apache HTTP Server12
Microsoft IIS10
Microsoft Windows8
Linux Kernel8
WordPress8

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2D-Link DIR-865L register_send.php authentification faible7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.000.00109CVE-2013-3096
3Genetechsolutions Pie-Register wp-login.php cross site scripting4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00904CVE-2013-4954
4Linux Foundation Xen EFLAGS Register SYSENTER elévation de privilèges6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00062CVE-2013-1917
5Atlassian Confluence Server Widget Connector Macro directory traversal8.58.4$0-$5kCalculateurHighOfficial Fix0.000.97508CVE-2019-3396
6OpenSSH Authentication Username divulgation de l'information5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
7Oracle MySQL Server InnoDB elévation de privilèges5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00098CVE-2018-3185
8ISC BIND named resolver.c elévation de privilèges8.68.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.62316CVE-2016-1286
9D-Link DIR-645 Authentication getcfg.php divulgation de l'information8.68.2$5k-$25k$0-$5kHighOfficial Fix0.020.00000
10ALFA AWUS036ACH Driver Network Configuration elévation de privilèges6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.080.00159CVE-2020-26143
11Atlassian Confluence Workbox Notification Comment divulgation de l'information5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00149CVE-2017-9505
12BusyBox unlzma Applet divulgation de l'information7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00123CVE-2021-42374
13Linux Kernel port.c mlx4_register_mac buffer overflow6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00045CVE-2010-5332
14DT Register Extension sql injection8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00169CVE-2016-1000271
15Apple M1 Register s3_5_c15_c10_1 M1RACLES elévation de privilèges8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2021-30747
16Qualcomm Snapdragon Automobile Register elévation de privilèges5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2017-11004
17XiongMai IP Camera/DVR NetSurveillance Web Interface buffer overflow8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00372CVE-2017-16725
18ONLYOFFICE Document Server WebSocket API sql injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00174CVE-2020-11537
19nginx ngx_http_mp4_module divulgation de l'information5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00198CVE-2018-16845
20GitLab cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00067CVE-2020-13345

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
123.21.27.29ec2-23-21-27-29.compute-1.amazonaws.comFickerStealer11/05/2022verifiedMoyen
223.21.42.25ec2-23-21-42-25.compute-1.amazonaws.comFickerStealer11/05/2022verifiedMoyen
323.21.140.41ec2-23-21-140-41.compute-1.amazonaws.comFickerStealer11/05/2022verifiedMoyen
450.19.243.236ec2-50-19-243-236.compute-1.amazonaws.comFickerStealer11/05/2022verifiedMoyen
554.221.253.252ec2-54-221-253-252.compute-1.amazonaws.comFickerStealer11/05/2022verifiedMoyen
6XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedMoyen
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedMoyen
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedMoyen
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedMoyen
10XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedMoyen
11XX.XXX.XXX.XXxx-xxxxxxx-xxx.xxxxxXxxxxxxxxxxxx11/05/2022verifiedÉlevé
12XX.XXX.XX.XXXXxxxxxxxxxxxx11/05/2022verifiedÉlevé
13XXX.XX.XX.XXXxxxxxxxxxxxx11/05/2022verifiedÉlevé
14XXX.XX.XX.XXXXxxxxxxxxxxxx11/05/2022verifiedÉlevé
15XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedÉlevé
16XXX.XXX.XX.XXXxxxxxxxxxxxx11/05/2022verifiedÉlevé
17XXX.XXX.XXX.XXXxxxxxxxxxxxx11/05/2022verifiedÉlevé
18XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedÉlevé
19XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedÉlevé
20XXX.XX.XX.XXXXxxxxxxxxxxxx11/05/2022verifiedÉlevé
21XXX.X.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxx11/05/2022verifiedÉlevé
22XXX.X.XX.XXXxxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxx11/05/2022verifiedÉlevé
23XXX.X.XX.XXXXxxxxxxxxxxxx11/05/2022verifiedÉlevé
24XXX.XX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedÉlevé
25XXX.XXX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx11/05/2022verifiedÉlevé

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-22Path TraversalpredictiveÉlevé
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveÉlevé
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
4T1059CWE-94Argument InjectionpredictiveÉlevé
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveÉlevé
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveÉlevé
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé
18TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveÉlevé

IOA - Indicator of Attack (117)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/.envpredictiveFaible
2File/category.phppredictiveÉlevé
3File/cgi-bin/delete_CApredictiveÉlevé
4File/cgi-bin/luci;stok=/localepredictiveÉlevé
5File/Config/SaveUploadedHotspotLogoFilepredictiveÉlevé
6File/downloadpredictiveMoyen
7File/general/email/outbox/delete.phppredictiveÉlevé
8File/getcfg.phppredictiveMoyen
9File/get_getnetworkconf.cgipredictiveÉlevé
10File/GponForm/device_Form?script/predictiveÉlevé
11File/includes/rrdtool.inc.phppredictiveÉlevé
12File/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=eventspredictiveÉlevé
13File/Main_AdmStatus_Content.asppredictiveÉlevé
14File/xxxxxxxxxpredictiveMoyen
15File/xxxx/xxxxxxxxxxxpredictiveÉlevé
16File/xxxpredictiveFaible
17File/xxxxxxx/predictiveMoyen
18File/xxxxxx/xxxxxx.xxxpredictiveÉlevé
19File/xxx/xxx/xxxxxpredictiveÉlevé
20File/xx/xxxxx.xxxpredictiveÉlevé
21Filexxxxx/xxxxxxx.xxxpredictiveÉlevé
22Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveÉlevé
23Filexxxxx/xxxx.xxxxxxx.xxxpredictiveÉlevé
24Filexxxxx/xxxx.xxxx.xxxpredictiveÉlevé
25Filexxxxx\xxxxxxxxxx\xxxxxxxxxx.xxxpredictiveÉlevé
26Filexxx.xxxpredictiveFaible
27Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveÉlevé
28Filexxx_xxxxxxxx.xxxpredictiveÉlevé
29Filexxxx_xx.xxpredictiveMoyen
30Filexxxxx-xx-xxxx-xxxxx.xxxpredictiveÉlevé
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
32Filexx.x/xxxxxxxx.xpredictiveÉlevé
33Filexxxxxxxxxxxxxxxx.xxxpredictiveÉlevé
34Filexxxxxxx/xxxxxxxxx/xxx_xxxxx.xpredictiveÉlevé
35Filexxxxxxx/xxxx/xxxx/xxxx_xxxxxxxxxx.xpredictiveÉlevé
36Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveÉlevé
37Filexxxxx.xxxpredictiveMoyen
38Filexxxxxxx.xxxxpredictiveMoyen
39Filexxxxxxxx/xxxx_xxxxpredictiveÉlevé
40Filexxxx_xxxx.xpredictiveMoyen
41Filexxxxxxxx/xxxx_xxxxxxxx/xxxxxxxx_xxxxxxx.xxxpredictiveÉlevé
42Filexxxxx.xxxpredictiveMoyen
43Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveÉlevé
44Filexxxxxxxx.xxxpredictiveMoyen
45Filexxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxxpredictiveÉlevé
46Filexxxxxxx.xxxpredictiveMoyen
47Filexxx_xxxxxxxxx.xpredictiveÉlevé
48Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveÉlevé
49Filexxxxxxxx.xxpredictiveMoyen
50Filexxxxx.xpredictiveFaible
51Filexxxxxxxx.xxxpredictiveMoyen
52Filexxxxxxx.xxpredictiveMoyen
53Filexxxxxxxx_xxxx.xxxpredictiveÉlevé
54Filexxxxxxxx.xxxpredictiveMoyen
55Filexxxxxx_xxxxxxx.xxxpredictiveÉlevé
56Filexxxx_xxxxxxxx.xxxpredictiveÉlevé
57Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xx/xxxxxxxxxx.xx/xxxxxxxxxxx.xxpredictiveÉlevé
58Filexxxxxxxxxxx.xpredictiveÉlevé
59Filexxx/xx_xxx.xpredictiveMoyen
60Filexx.xxxpredictiveFaible
61Filexxxxxxx.xxxpredictiveMoyen
62Filexxxxxxx.xxxpredictiveMoyen
63Filexxx_xxxxx.xxx?xxxx=xxxxxxxxpredictiveÉlevé
64Filexxxxxxx.xxxpredictiveMoyen
65Filexx-xxxxx/xxxx.xxx?xxxx_xxxx=xxxxxpredictiveÉlevé
66Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveÉlevé
67Filexx-xxxxx.xxxpredictiveMoyen
68Library/_xxx_xxx/xxxxx.xxxpredictiveÉlevé
69Libraryxxx/xxxx/xxxxxx.xxpredictiveÉlevé
70LibraryxxxxxxxxxpredictiveMoyen
71Argument--xxxxxx/--xxxxxxxxpredictiveÉlevé
72Argumentxxxxxxxxxx xxx xxxxxxxpredictiveÉlevé
73Argumentxxxxxxxxxx_xxxxpredictiveÉlevé
74ArgumentxxxpredictiveFaible
75ArgumentxxxxxxxxpredictiveMoyen
76ArgumentxxxxxxxpredictiveFaible
77ArgumentxxxxxxxpredictiveFaible
78Argumentxxxxxx_xxxpredictiveMoyen
79Argumentxxxx_xxxxxx=xxxxpredictiveÉlevé
80ArgumentxxxxxpredictiveFaible
81ArgumentxxxxxxxxpredictiveMoyen
82ArgumentxxxxxxxxpredictiveMoyen
83ArgumentxxpredictiveFaible
84ArgumentxxxxpredictiveFaible
85ArgumentxxxxpredictiveFaible
86Argumentxxxx_xxxxxxxpredictiveMoyen
87ArgumentxxpredictiveFaible
88ArgumentxxxxxxxxxxpredictiveMoyen
89ArgumentxxpredictiveFaible
90ArgumentxxxxpredictiveFaible
91ArgumentxxxxxpredictiveFaible
92ArgumentxxxxxxxxpredictiveMoyen
93Argumentxxxxxxx/xxxxpredictiveMoyen
94ArgumentxxpredictiveFaible
95ArgumentxxxxxpredictiveFaible
96ArgumentxxxxxxxxpredictiveMoyen
97ArgumentxxxxxxxxpredictiveMoyen
98ArgumentxxxxpredictiveFaible
99ArgumentxxxxxxxpredictiveFaible
100ArgumentxxxxxxxxxxxpredictiveMoyen
101Argumentxxxxxx_xxxxpredictiveMoyen
102ArgumentxxxxxxxpredictiveFaible
103ArgumentxxxxxxxxpredictiveMoyen
104ArgumentxxxpredictiveFaible
105Argumentx_xxpredictiveFaible
106ArgumentxxxxpredictiveFaible
107Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
108ArgumentxxxxxpredictiveFaible
109Argumentx-xxxxxxxxx-xxxpredictiveÉlevé
110Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveÉlevé
111Input Value-x+xxxxx+xxxxxx+x,x,xxxxxxx()predictiveÉlevé
112Input Value../predictiveFaible
113Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveÉlevé
114Pattern|xx|xx|xx|predictiveMoyen
115Network Portxxx/xxxxpredictiveMoyen
116Network Portxxx/xxxx (xx-xxx)predictiveÉlevé
117Network Portxxx xxxxxx xxxxpredictiveÉlevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!