SocStealer Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Langue

en	12
zh	2
de	2

De campagne

cn	12
us	4

Acteurs

SocStealer	3
Ponystealer	1
DCRat	1

Intérêt

Taper

Not Defined	6
WordPress Plugin	2
Application Server Software	2
Connectivity Software	2
SSH Server Software	2

Fournisseur

Not Defined	12
Oracle	2
DZCP	2

Produit

NotificationX Plugin	2
Oracle WebLogic Server	2
Devilz Clanportal	2
OpenSSH	2
TestLink	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	NotificationX Plugin SQL Statement sql injection	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02414	0.04	CVE-2022-0349
2	TestLink attachmentdownload.php elévation de privilèges	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00086	0.04	CVE-2022-35195
3	UMN MapServer sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00376	0.00	CVE-2011-2703
4	SCMS elévation de privilèges	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00102	0.00	CVE-2018-19654
5	Oracle WebLogic Server Centralized Thirdparty Jars divulgation de l'information	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.00	CVE-2020-8908
6	Tenda AC23 httpd formGetSysToolDDNS buffer overflow	8.3	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00131	0.09	CVE-2023-0782
7	Oracle Web Applications Desktop Integrator Upload Remote Code Execution	9.8	9.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.97344	0.04	CVE-2022-21587
8	OpenSSH FIDO Authentication authentification faible	5.6	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00201	0.00	CVE-2021-36368
9	Dropbear Non-RFC-compliant Check authentification faible	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.04	CVE-2021-36369
10	Microsoft Windows EducatedScholar elévation de privilèges	10.0	9.5	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.74261	0.00	CVE-2009-2532
11	Jenkins Agent-to-Controller elévation de privilèges	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00192	0.02	CVE-2021-21685
12	Mutt/NeoMutt IMAP Server Response chiffrement faible	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00312	0.00	CVE-2020-28896
13	Devilz Clanportal File Upload vulnérabilité inconnue	5.3	4.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05362	0.06	CVE-2006-6338
14	HoMaP index.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00100	0.00	CVE-2008-2989
15	DZCP deV!L`z Clanportal browser.php divulgation de l'information	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.96	CVE-2007-1167
16	Drupal Transliterate elévation de privilèges	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00146	0.00	CVE-2016-9452

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	45.76.142.144	45.76.142.144.vultrusercontent.com	SocStealer	08/04/2022	verified	Élevé
2	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	08/04/2022	verified	Élevé
3	XX.XX.XXX.XX	xxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxx	Xxxxxxxxxx	08/04/2022	verified	Élevé
4	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	08/04/2022	verified	Élevé
5	XXX.XXX.XX.XX	xxxx-xxxx-xxxx-xxx-xx-xxxx.xxxxxxxx.xxx	Xxxxxxxxxx	08/04/2022	verified	Élevé

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1040	CAPEC-102	CWE-319	Authentication Bypass by Capture-replay	predictive	Élevé
2	TXXXX	CAPEC-242	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Élevé
3	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
5	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/bin/httpd	predictive	Moyen
2	File	inc/filebrowser/browser.php	predictive	Élevé
3	File	xxxxx.xxx	predictive	Moyen
4	Library	/xxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxx	predictive	Élevé
5	Argument	xxxx	predictive	Faible
6	Argument	xx	predictive	Faible
7	Argument	xx_xx	predictive	Faible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!