Stealth Falcon Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Chronologie

Langue

en44
de4
it2

De campagne

us40
cn4
gr2
ru2
se2

Acteurs

Stealth Falcon4
Sofacy1
Wizard Spider1
Hangover1
Raccoon1

Activités

Intérêt

Chronologie

Taper

Application Server Software10
Content Management System4
Web Server4
Database Administration Software4
Not Defined4

Fournisseur

Not Defined18
Oracle6
Microsoft4
Apache4
Google2

Produit

phpMyAdmin4
Apache Tomcat4
Google Android2
Joomla CMS2
JCK Editor2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Archive_Tar Tar.php directory traversal6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.923680.00CVE-2020-36193
2Umbraco CMS File Upload elévation de privilèges6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000770.09CVE-2020-9472
3ILIAS elévation de privilèges8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.001480.04CVE-2023-36487
4JCK Editor links.php sql injection8.58.3$0-$5k$0-$5kHighNot Defined0.816230.03CVE-2018-17254
5ILIAS Email Verification Privilege Escalation8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003140.00CVE-2022-31266
6Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.453520.00CVE-2023-21716
7Joomla CMS LDAP Authentication Password elévation de privilèges7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010390.04CVE-2017-14596
8Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.011920.02CVE-2023-21529
9Thales SafeNet Authentication Service chiffrement faible8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2021-42810
10DZCP deV!L`z Clanportal config.php elévation de privilèges7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.70CVE-2010-0966
11ZeroShell kerbynet elévation de privilèges8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.956230.04CVE-2020-29390
12Backdoor.Win32.Hupigon.acio elévation de privilèges6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
13Yoast SEO Plugin Term Description elévation de privilèges9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002440.02CVE-2019-13478
14phpMyAdmin Navigation Tree cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.197610.02CVE-2018-19970
15Palo Alto PAN-OS SAML Authentication authentification faible10.09.5$25k-$100k$5k-$25kNot DefinedOfficial Fix0.004510.00CVE-2020-2021
16Wowza Streaming Engine MBeans Server elévation de privilèges8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.015330.03CVE-2018-7047
17PHPOffice PhpSpreadsheet XML Data std_table.php XML External Entity7.56.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002340.02CVE-2019-12331
18OpenSSL Bleichenbacher chiffrement faible4.74.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.015080.02CVE-2019-1563
19Apache Mod Fcgid mod_fcgid fcgid_bucket.c fcgid_header_bucket_read buffer overflow5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006390.00CVE-2013-4365
20Oracle HTTP Server Web Listener buffer overflow7.57.4$5k-$25k$0-$5kHighOfficial Fix0.972400.04CVE-2017-9798

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
145.14.227.55static.pwxs.netStealth Falcon05/03/2024verifiedÉlevé
2XX.XXX.XX.XXXxxxxxx Xxxxxx20/12/2020verifiedÉlevé
3XXX.XXX.XX.XXXXxxxxxx Xxxxxx05/03/2024verifiedÉlevé
4XXX.XX.XX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxxxx Xxxxxx05/03/2024verifiedÉlevé

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1006CWE-21Path TraversalpredictiveÉlevé
2T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveÉlevé
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
7TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveÉlevé
8TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
9TXXXX.XXXCAPEC-0CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveÉlevé
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé
11TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveÉlevé
12TXXXX.XXXCAPEC-0CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveÉlevé
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File.procmailrcpredictiveMoyen
2File/cgi-bin/kerbynetpredictiveÉlevé
3File/uncpath/predictiveMoyen
4Filexxxx/xxxxxxxxxxxx.xxxpredictiveÉlevé
5Filexxx.xxx?xxx=xxxxx_xxxxpredictiveÉlevé
6Filexxxxx_xxxxxx.xpredictiveÉlevé
7Filexxx/xxxxxx.xxxpredictiveÉlevé
8Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveÉlevé
9Filexxxxxx-xxxxxx/xxxxx/xxxxxxxxx/xxxxxxx/xxx_xxxxx.xxxpredictiveÉlevé
10Filexxx.xxxpredictiveFaible
11ArgumentxxxxxxxxpredictiveMoyen
12ArgumentxxxxxxxxxpredictiveMoyen
13ArgumentxxxxxxpredictiveFaible
14Argumentxxxxxx_xxpredictiveMoyen
15ArgumentxxxpredictiveFaible
16ArgumentxxxxxxxxxxxxxxxxxxpredictiveÉlevé
17Input Value?<!xxxxxx?predictiveMoyen
18Pattern|xx|xx|xx|predictiveMoyen
19Network Portxxx/xx (xxxxxx)predictiveÉlevé

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!