Stealth Soldier Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Chronologie

Langue

en44
es2

De campagne

us24
ru22

Acteurs

Stealth Soldier1
Eye on the Nile1
SystemBC1

Activités

Intérêt

Chronologie

Taper

Operating System8
Not Defined8
Programming Language Software2
Database Administration Software2
Forum Software2

Fournisseur

Not Defined8
Linux6
Thomas R. Pasawicz2
MGB2
Google2

Produit

Linux Kernel6
Thomas R. Pasawicz HyperBook Guestbook2
PHP2
MGB OpenSource Guestbook2
phpMyAdmin2

Vulnérabilités

#VulnérabilitéBaseTemp0dayAujourd'huiExpConEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information5.35.2$5k-$25k$0-$5kHighWorkaround0.020160.02CVE-2007-1192
2JForum Login elévation de privilèges6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.06CVE-2012-5338
3Linux Kernel UDP Packet udp.c elévation de privilèges8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.048370.03CVE-2016-10229
4Linux Kernel buffer overflow10.09.0$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.074160.02CVE-2008-1673
5vBulletin redirector.php Redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001220.09CVE-2018-6200
6Linux Kernel nf_conntrack_h323_asn1.c decode_choice dénie de service7.56.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.084120.00CVE-2007-3642
7Netgear GC108P NSDP Packet sccd authentification faible6.76.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000730.00CVE-2021-40866
8Google Android xt_qtaguid.c qtaguid_untag buffer overflow6.56.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.000420.04CVE-2021-0399
9TP-LINK Archer C3150v2 dhcp.htm setDefaultHostname cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.005360.03CVE-2021-3275
10Google Android ADSPRPC Heap Manager buffer overflow8.58.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001190.05CVE-2018-3586
11Apple macOS WebKit elévation de privilèges6.36.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.002300.00CVE-2021-1801
12Linux Kernel ptrace.c elévation de privilèges7.87.6$5k-$25k$0-$5kHighOfficial Fix0.000520.15CVE-2019-13272
13Samsung Mobile Devices SEAndroid Protection Mechanism elévation de privilèges7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.000660.00CVE-2020-13829
14My Link Trader out.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.22
15PHP phpinfo cross site scripting6.35.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.089850.04CVE-2006-0996
16phpMyAdmin phpinfo.php divulgation de l'information5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001420.00CVE-2016-9848
17PHPWind goto.php Redirect6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.003480.00CVE-2015-4134
18MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.89CVE-2007-0354
19Google Chrome TransportDIB SkBitmap Pixel Data render_widget_snapshot_taker.cc WidgetDidReceivePaintAtSizeAck elévation de privilèges6.56.2$100k et plus$0-$5kNot DefinedOfficial Fix0.006220.00CVE-2013-2836
20Pixelpost cross site request forgery7.06.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.010980.02CVE-2010-3305

Campagnes (1)

These are the campaigns that can be associated with the actor:

  • North Africa

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadresse IPHostnameActeurCampagnesIdentifiedTaperConfiance
194.156.33.228Stealth SoldierNorth Africa08/06/2023verifiedÉlevé
294.156.33.229Stealth SoldierNorth Africa08/06/2023verifiedÉlevé
3XXX.XXX.XXX.XXXxxxxxx.xxx.xxxXxxxxxx XxxxxxxXxxxx Xxxxxx08/06/2023verifiedÉlevé
4XXX.XXX.XXX.XXXxxxxxx.xxx.xxxXxxxxxx XxxxxxxXxxxx Xxxxxx08/06/2023verifiedÉlevé
5XXX.XXX.XXX.XXXxxxxxx.xxx.xxxXxxxxxx XxxxxxxXxxxx Xxxxxx08/06/2023verifiedÉlevé
6XXX.XXX.XXX.XXXxxxxxx.xxx.xxxXxxxxxx XxxxxxxXxxxx Xxxxxx08/06/2023verifiedÉlevé

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClasseVulnérabilitésVecteur d'accèsTaperConfiance
1T1059CAPEC-242CWE-94Argument InjectionpredictiveÉlevé
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveÉlevé
3TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveÉlevé
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveÉlevé
5TXXXXCAPEC-0CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveÉlevé
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveÉlevé
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveÉlevé

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClasseIndicatorTaperConfiance
1File/forum/away.phppredictiveÉlevé
2File/out.phppredictiveMoyen
3File/sqfs/bin/sccdpredictiveÉlevé
4Fileadmin/index.phppredictiveÉlevé
5Filexxxxxxx/xxxxxxxxxx/xxxxxx_xxxxxx_xxxxxxxx_xxxxx.xxpredictiveÉlevé
6Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveÉlevé
7Filexxxx.xxxpredictiveMoyen
8Filexxxxx.xxxpredictiveMoyen
9Filexxxx.xxxpredictiveMoyen
10Filexxx/xxxxxx.xxxpredictiveÉlevé
11Filexxxxxx/xxxxxx.xpredictiveÉlevé
12Filexxx/xxxxxxxxx/xx_xxxxxxxxx_xxxx_xxxx.xpredictiveÉlevé
13Filexxxxxxx.xxxpredictiveMoyen
14Filexxxx.xxxpredictiveMoyen
15Filexxxxxxxxxx.xxxpredictiveÉlevé
16Filexxx.xpredictiveFaible
17Filexx_xxxxxxx.xpredictiveMoyen
18ArgumentxxxxxxxxpredictiveMoyen
19ArgumentxxpredictiveFaible
20ArgumentxxxxxxxxpredictiveMoyen
21ArgumentxxxxxxxxxxpredictiveMoyen
22Argumentxxxxxx_xxpredictiveMoyen
23ArgumentxxxpredictiveFaible
24ArgumentxxxpredictiveFaible
25Network PortxxxpredictiveFaible

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

PrécédentAperçuSuivant

Want to stay up to date on a daily basis?

Enable the mail alert feature now!