MetaStealer Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Chronologie

Langue

en54
ru12
es6

De campagne

us34
ru14
es6
cn2

Acteurs

MetaStealer7
RedLine Stealer2
Meterpreter2
Redaman1
BitRAT1

Activités

Intérêt

Chronologie

Taper

Not Defined24
Content Management System10
Hospitality Software8
E-Commerce Management Software4
Web Server4

Fournisseur

Not Defined22
SourceCodester4
GNU2
13enforme2
Proxmox2

Produit

PHP2
GNU Bash2
13enforme CMS2
Proxmox proxmox-widget-toolkit2
Elementor Plugin2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Red Lion HMI Panel URI elévation de privilèges6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002380.00CVE-2017-14855
2GNU Bash mod_cgi elévation de privilèges9.88.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.973480.03CVE-2014-7169
3Hostel Searching Project view-property.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002230.09CVE-2022-4051
4Ovidentia CMS index.php sql injection4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.07CVE-2021-29343
5phpBB XS bb_usage_stats.php elévation de privilèges7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.079550.02CVE-2006-4893
6SourceCodester Online Student Admission System Student User Page edit-profile.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000680.05CVE-2022-2681
7Microsoft Exchange Server Privilege Escalation8.37.6$25k-$100k$5k-$25kUnprovenOfficial Fix0.000800.00CVE-2023-36745
8Elementor Plugin Template Import elévation de privilèges6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2023-48777
9News & Blog Designer Pack Plugin elévation de privilèges7.37.1$0-$5k$0-$5kNot DefinedNot Defined0.003220.02CVE-2023-5815
10LearnPress Plugin elévation de privilèges7.87.7$0-$5k$0-$5kNot DefinedNot Defined0.145160.03CVE-2023-6634
11Likeshop HTTP POST Request File.php userFormImage elévation de privilèges8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.007270.10CVE-2024-0352
12Proxmox proxmox-widget-toolkit Edit Notes cross site scripting5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000520.06CVE-2023-46854
13GG18/GG20 ECDSA Private Key elévation de privilèges7.77.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000700.00CVE-2023-33241
14Mozilla Firefox SPDY/HTTP/2 chiffrement faible5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.004110.02CVE-2014-1584
15Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.011920.02CVE-2023-21529
16MetInfo URL Redirector login.php6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001070.00CVE-2017-11718
17SourceCodester Sanitization Management System Admin Login sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001200.00CVE-2022-4726
18Microsoft SharePoint Workflow elévation de privilèges10.08.7$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.910720.00CVE-2013-1330
19NdkAdvancedCustomizationFields createPdf.php cross site scripting4.84.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000700.00CVE-2022-40840
20Redis XAUTOCLAIM Command buffer overflow8.28.1$0-$5k$0-$5kNot DefinedOfficial Fix0.005980.04CVE-2022-31144

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
14.224.60.120MetaStealer21/11/2023verifiedÉlevé
213.114.196.60ec2-13-114-196-60.ap-northeast-1.compute.amazonaws.comMetaStealer26/02/2024verifiedMoyen
313.125.88.10ec2-13-125-88-10.ap-northeast-2.compute.amazonaws.comMetaStealer26/02/2024verifiedMoyen
4XX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxxxxxxxxx26/11/2023verifiedÉlevé
5XXX.XX.XX.XXXxxx-xx-xx-xxx.xxxxxxx-xxxXxxxxxxxxxx16/05/2023verifiedÉlevé
6XXX.XXX.XXX.XXXxxxxxxxxx.xxxxxxxxx.xxxxXxxxxxxxxxx16/05/2023verifiedÉlevé
7XXX.XXX.XXX.XXXxxxxxx.xxxXxxxxxxxxxx02/12/2022verifiedÉlevé
8XXX.XXX.XXX.XXXxxxxxxxxxx16/05/2023verifiedÉlevé
9XXX.XXX.XXX.XXXxxxxxxxxxx31/01/2023verifiedÉlevé
10XXX.XXX.XXX.XXXXxxxxxxxxxx06/04/2022verifiedÉlevé
11XXX.XX.XX.XXXXxxxxxxxxxx30/11/2023verifiedÉlevé
12XXX.XX.XX.XXXXxxxxxxxxxx30/11/2023verifiedÉlevé
13XXX.XX.XXX.XXXxxx.xxxXxxxxxxxxxx30/11/2023verifiedÉlevé
14XXX.XX.XX.XXXXxxxxxxxxxx29/12/2023verifiedÉlevé

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnérabilitésVecteur d'accèsTaperConfiance
1T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveÉlevé
2T1059CWE-94Argument InjectionpredictiveÉlevé
3T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveÉlevé
4TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveÉlevé
7TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveÉlevé
8TXXXXCWE-XXXxx XxxxxxxxxpredictiveÉlevé
9TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
10TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
11TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/index.phppredictiveMoyen
2File/uncpath/predictiveMoyen
3Fileabout.phppredictiveMoyen
4Fileadmin.phppredictiveMoyen
5Fileadmin_feature.phppredictiveÉlevé
6Fileaj.htmlpredictiveFaible
7Fileakocomments.phppredictiveÉlevé
8Filearchives.phppredictiveMoyen
9Filexxxxxxx.xxxpredictiveMoyen
10Filexxxx.xxx.xxxpredictiveMoyen
11Filexx_xxxxx_xxxxx.xxxpredictiveÉlevé
12Filexxx-xxxxxx-xxxxxxxxxx-xxxxxx/xxxxxxx.xxxpredictiveÉlevé
13Filexxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveÉlevé
14Filexxx-xxx/xxxxxx/xxxxx.xxpredictiveÉlevé
15Filexxxxxxxxxxx.xxx.xxxpredictiveÉlevé
16Filexxxxxxx.xxxpredictiveMoyen
17Filexxxxxxxxx.xxxpredictiveÉlevé
18Filexxxxxx.xxxpredictiveMoyen
19Filexxxxxx.xxxpredictiveMoyen
20Filexxxx-xxxxxxx.xxxpredictiveÉlevé
21Filexxxxxxxxx.xxxpredictiveÉlevé
22Filexxxxx.xxxpredictiveMoyen
23Filexxxxxx.xxxpredictiveMoyen
24Filexxxxx.xxxpredictiveMoyen
25Filexxxx.xxxpredictiveMoyen
26Filexxxxxx/xxxxx.xxxpredictiveÉlevé
27Filexxxxx.xxxpredictiveMoyen
28Filexxxx.xxxpredictiveMoyen
29Filexxxxxx/xxx/xx/xxx.xxpredictiveÉlevé
30Filexxxxxx.xxxpredictiveMoyen
31Filexxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveÉlevé
32Filexxxxxxx_xxxxxx.xxxpredictiveÉlevé
33Filexxxx.xxxpredictiveMoyen
34Filexxxx-xxxxxxxx.xxxpredictiveÉlevé
35Filexxxx.xxxxxxxxx.xxxpredictiveÉlevé
36Filexxxxxxxxx.xxxpredictiveÉlevé
37Libraryxxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxxpredictiveÉlevé
38Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveÉlevé
39Argumentxxx_xxpredictiveFaible
40Argumentxxxxxx_xxxxx_xxxxpredictiveÉlevé
41ArgumentxxxxpredictiveFaible
42Argumentxx_xxxxpredictiveFaible
43ArgumentxxxxxxxxpredictiveMoyen
44Argumentxxxxxxx[xxxxxx]predictiveÉlevé
45ArgumentxxxxxpredictiveFaible
46Argumentxxxxx_xxpredictiveMoyen
47Argumentxxxxx_xxxxpredictiveMoyen
48ArgumentxxpredictiveFaible
49ArgumentxxpredictiveFaible
50Argumentxxxx_xxpredictiveFaible
51ArgumentxxxxxpredictiveFaible
52Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveÉlevé
53Argumentxxxx_xxxxpredictiveMoyen
54Argumentxxxxx_xxxx_xxxxpredictiveÉlevé
55ArgumentxxxpredictiveFaible
56Argumentxxxxxxxx_xxpredictiveMoyen
57ArgumentxxxxxxxxpredictiveMoyen
58ArgumentxxxpredictiveFaible
59Argumentxxxx-xxxxxpredictiveMoyen
60ArgumentxxxxxxxxpredictiveMoyen
61Argumentxxxxxxxx/xxxxxxxxpredictiveÉlevé
62Input Value<xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveÉlevé
63Input Valuexxxxxx_xxxxxxxxpredictiveÉlevé

Références (9)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PrécédentAperçuSuivant

Do you know our Splunk app?

Download it now for free!