Stolen Pencil Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (178)

Langue

en	140
de	12
es	6
sv	6
fr	4

De campagne

us	120
sv	6
fr	4
ir	4
es	4

Acteurs

Stolen Pencil	6
Ave Maria	1
AsyncRAT	1
Vjw0rm	1
RedLine Stealer	1

Intérêt

Taper

Not Defined	72
Content Management System	16
Groupware Software	8
Web Browser	6
Application Server Software	4

Fournisseur

Not Defined	46
Microsoft	14
Oracle	4
Google	4
Site2Nite	4

Produit

Microsoft Exchange Server	8
Microsoft Internet Explorer	4
PHP-Nuke Kleinanzeigen module	2
Docomo LG L-04D	2
Oracle GlassFish Server	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash divulgation de l'information	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	DZCP deV!L`z Clanportal config.php elévation de privilèges	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.73	CVE-2010-0966
3	Revive Adserver lg.php Redirect	5.8	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00922	0.04	CVE-2021-22873
4	DZCP deV!L`z Clanportal browser.php divulgation de l'information	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.39	CVE-2007-1167
5	Wuzhicms group.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00172	0.02	CVE-2022-27431
6	phpPgAds/phpAdsNew lib-sessions.inc.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
7	LionWiki index.php elévation de privilèges	6.9	6.6	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01572	0.00	CVE-2020-27191
8	E-theni URL aff_liste_langue.php elévation de privilèges	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03405	0.00	CVE-2003-1256
9	PHPSurveyor dumplabel.php sql injection	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.00
10	PHP-Nuke Kleinanzeigen module modules.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00100	0.00	CVE-2008-3512
11	ZeeBuddy editadgroup.php sql injection	8.5	8.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00285	0.00	CVE-2017-15976
12	DCP-Portal golink.php sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.02
13	baigo CMS opt_base.inc.php elévation de privilèges	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01293	0.00	CVE-2019-9227
14	SourceCodester Online Boat Reservation System POST Parameter login.php cross site scripting	4.4	4.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00131	0.04	CVE-2023-1030
15	Xoops userinfo.php sql injection	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00316	0.00	CVE-2002-0216
16	VMware ESXi VMX elévation de privilèges	7.2	6.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.03	CVE-2021-22042
17	Apache Log4j Lookup dénie de service	6.4	6.1	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.96625	0.04	CVE-2021-45105
18	Fast C++ CSV Parser csv.h trim_chars buffer overflow	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00659	0.00	CVE-2018-13421
19	October CMS cross site request forgery	6.5	6.3	$0-$5k	$0-$5k	Functional	Official Fix	0.00196	0.00	CVE-2017-16244
20	automad FileController.php import elévation de privilèges	7.1	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00061	0.04	CVE-2023-7037

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Identified	Taper	Confiance
1	1.3.4.1		Stolen Pencil	09/12/2018	verified	Élevé
2	2.2.6.5		Stolen Pencil	09/12/2018	verified	Élevé
3	5.196.169.223	ip223.ip-5-196-169.eu	Stolen Pencil	20/12/2020	verified	Élevé
4	XX.XXX.XXX.XXX	xxxxxxxxxxxxxxxxxxxxx.xxx	Xxxxxx Xxxxxx	20/12/2020	verified	Élevé
5	XX.XXX.XXX.X		Xxxxxx Xxxxxx	20/12/2020	verified	Élevé
6	XXX.XXX.XXX.XX	xxxxxxxxxxxxxxxxxxxxxx.xx	Xxxxxx Xxxxxx	20/12/2020	verified	Élevé
7	XXX.XXX.XXX.XXX	xxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxx	Xxxxxx Xxxxxx	20/12/2020	verified	Élevé
8	XXX.XXX.XXX.XXX	xx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxx	Xxxxxx Xxxxxx	20/12/2020	verified	Élevé
9	XXX.XX.XX.XXX		Xxxxxx Xxxxxx	20/12/2020	verified	Élevé
10	XXX.XX.XXX.XXX	xx-xxx-xx-xxx-xxx.xxxx.xxxxxxxxx.xxx	Xxxxxx Xxxxxx	20/12/2020	verified	Élevé
11	XXX.XXX.XXX.XXX		Xxxxxx Xxxxxx	20/12/2020	verified	Élevé

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1059	CWE-94	Argument Injection	predictive	Élevé
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
4	TXXXX	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Élevé
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Élevé
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Élevé
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
9	TXXXX.XXX	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Élevé
10	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
11	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé
12	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Élevé
13	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxx	predictive	Élevé

IOA - Indicator of Attack (135)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	/admin/api/admin/articles/	predictive	Élevé
2	File	/admin/photo.php	predictive	Élevé
3	File	/admin/transactions/track_shipment.php	predictive	Élevé
4	File	/api/browserextension/UpdatePassword/	predictive	Élevé
5	File	/boat/login.php	predictive	Élevé
6	File	/book-services.php	predictive	Élevé
7	File	/coreframe/app/member/admin/group.php	predictive	Élevé
8	File	/forum/away.php	predictive	Élevé
9	File	/home/courses	predictive	Élevé
10	File	/horde/util/go.php	predictive	Élevé
11	File	/owa/auth/logon.aspx	predictive	Élevé
12	File	/secure/EditSubscription.jspa	predictive	Élevé
13	File	/systemrw/	predictive	Moyen
14	File	/tmp/supp_log	predictive	Élevé
15	File	?r=recruit/bgchecks/export&checkids=x	predictive	Élevé
16	File	account.php	predictive	Moyen
17	File	ActivityStarter.java	predictive	Élevé
18	File	admin/content.php	predictive	Élevé
19	File	xxxxx/xxxxxxxxxxx.xxx	predictive	Élevé
20	File	xxxxx/xxxxx.xxx	predictive	Élevé
21	File	xxxxx/xxxx.xxx	predictive	Élevé
22	File	xxxxx\xxxxxxx\xxxxx.xxx#xxxx_xxxx	predictive	Élevé
23	File	xxxxxxxx_xxx_xxxxxxx.xxx	predictive	Élevé
24	File	xxxxxxxx_xxxxxx_xxxxxxx.xxx	predictive	Élevé
25	File	xxx_xxxxx_xxxxxx.xxx	predictive	Élevé
26	File	xxx-xxxxx/xxxxxxxx-xxx	predictive	Élevé
27	File	xx_xxxxxxxxxx.xxx	predictive	Élevé
28	File	xxxxxxx.xxx	predictive	Moyen
29	File	xxx/xxx.xxx	predictive	Moyen
30	File	xxxxxxxx.xxx	predictive	Moyen
31	File	xxxxx.xxx	predictive	Moyen
32	File	xxxxxx.xxx	predictive	Moyen
33	File	xxxxx_xxxxxx.xxx	predictive	Élevé
34	File	xxxxxxx_xxx.xxx	predictive	Élevé
35	File	xxx.x	predictive	Faible
36	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Élevé
37	File	xxxxx.xxx	predictive	Moyen
38	File	xxxxxx.xxx	predictive	Moyen
39	File	xxxxxx.xxx	predictive	Moyen
40	File	xxxxxx.xxx	predictive	Moyen
41	File	xxxxxxx.xxx	predictive	Moyen
42	File	xxxxxxxxxxxxxxx.xxx	predictive	Élevé
43	File	xxxxxxxxx.xxx	predictive	Élevé
44	File	xxxxxxxxxxxxxx.xxx	predictive	Élevé
45	File	xxxx.xxx	predictive	Moyen
46	File	xxxxxx.xxx	predictive	Moyen
47	File	xxx/xxxxxx.xxx	predictive	Élevé
48	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Élevé
49	File	xxxxx.xxx	predictive	Moyen
50	File	xxx/xxx_xxx_xx.xxxx	predictive	Élevé
51	File	xxxxxxxxx/xxxxxxx/xxxxx.xxx	predictive	Élevé
52	File	xxxxx.xxx	predictive	Moyen
53	File	xxxxx/xxx/xxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxx	predictive	Élevé
54	File	xxxxx.xxx	predictive	Moyen
55	File	xx.xxx	predictive	Faible
56	File	xxxxxx.xxx	predictive	Moyen
57	File	xxxx/xxxx_x_xxxxxx/xxxx.xxx	predictive	Élevé
58	File	xxxxxxx.xxx	predictive	Moyen
59	File	xxxxxxx/xxxxxxx/xxxxx/xxxxxxx.xxx	predictive	Élevé
60	File	xxx_xxxx.xxx	predictive	Moyen
61	File	xxx_xxxx.xxx.xxx	predictive	Élevé
62	File	xxx-xxx/xxxxxxxxx.xxx	predictive	Élevé
63	File	xxxxx.xxx	predictive	Moyen
64	File	xxxxxxx/xxxx.xxx	predictive	Élevé
65	File	xxxxxxxx.xxx	predictive	Moyen
66	File	xxxxxxx_xxxxxxx.xxx	predictive	Élevé
67	File	xxxxxxxxxxxxx.xxx	predictive	Élevé
68	File	xxxxxxxx.xxx	predictive	Moyen
69	File	xxxxxxxxxx.xxx	predictive	Élevé
70	File	xxxxxxx-xxxxxxx.xxx	predictive	Élevé
71	File	xxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxx	predictive	Élevé
72	File	xxxx/xxxx.xxx	predictive	Élevé
73	File	xxxxxxxx.xxx	predictive	Moyen
74	File	xxxx_xxxx_xxxxxxx.xxx	predictive	Élevé
75	File	xxxx/xxx/xxxx-xxxxx.xxx	predictive	Élevé
76	File	xxx.xxx	predictive	Faible
77	File	xxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxx.xxx	predictive	Élevé
78	File	xxxxxxxx/xxxxxxx.xxxx	predictive	Élevé
79	File	xx-xxxxx/xxxxx.xxx	predictive	Élevé
80	File	xxxxxxx.xxxx	predictive	Moyen
81	Library	xxxxx.xxx	predictive	Moyen
82	Library	xxx-xxxxxxxx.xxx.xxx	predictive	Élevé
83	Argument	/xxx/xxxxxxxxxxx/xxxxxx/xx_xxxxxxxxxx.xxx?xxx=<xxxxx-xxx>/xxxxxxxx=x/xxxxxxx	predictive	Élevé
84	Argument	xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:	predictive	Élevé
85	Argument	xxxxxxxx	predictive	Moyen
86	Argument	xxxxxxxxx	predictive	Moyen
87	Argument	xx_xxxxx	predictive	Moyen
88	Argument	xx_xxxx_xxxx	predictive	Moyen
89	Argument	xxxxx_xxx	predictive	Moyen
90	Argument	xxxxxxxx	predictive	Moyen
91	Argument	xxxxxxx	predictive	Faible
92	Argument	xxxx	predictive	Faible
93	Argument	xxxxxxxxxxxx	predictive	Moyen
94	Argument	xxxx/xxxxxx/xxx	predictive	Élevé
95	Argument	xxxxxxx	predictive	Faible
96	Argument	xxxxxxx xxxx	predictive	Moyen
97	Argument	xxxxxxxx	predictive	Moyen
98	Argument	xxxxx_xx	predictive	Moyen
99	Argument	xx	predictive	Faible
100	Argument	xxxx	predictive	Faible
101	Argument	xx_xx	predictive	Faible
102	Argument	xx	predictive	Faible
103	Argument	xxxxxxx	predictive	Faible
104	Argument	xxxxxxx	predictive	Faible
105	Argument	xx	predictive	Faible
106	Argument	xx	predictive	Faible
107	Argument	xxxxxxxxx	predictive	Moyen
108	Argument	xxxx_xxxx	predictive	Moyen
109	Argument	xxxxxx	predictive	Faible
110	Argument	xxx_xxxx_x/xxx_xxxx_x	predictive	Élevé
111	Argument	xxx	predictive	Faible
112	Argument	xx_xxxx	predictive	Faible
113	Argument	xxxxxxx	predictive	Faible
114	Argument	xxx_xx	predictive	Faible
115	Argument	xxxxx[x][xxx]	predictive	Élevé
116	Argument	xxx	predictive	Faible
117	Argument	xxxxxx	predictive	Faible
118	Argument	xxxxxxxxxx	predictive	Moyen
119	Argument	xxxxxxxxx	predictive	Moyen
120	Argument	xxx	predictive	Faible
121	Argument	xxx_xxxx	predictive	Moyen
122	Argument	xxx_xxxxxxx	predictive	Moyen
123	Argument	xxxxxxxxx	predictive	Moyen
124	Argument	xxx	predictive	Faible
125	Argument	xxxxx	predictive	Faible
126	Argument	xxxx_xx	predictive	Faible
127	Argument	xxxxxx_xx	predictive	Moyen
128	Argument	xxxxx	predictive	Faible
129	Argument	xxxxx	predictive	Faible
130	Argument	xxx	predictive	Faible
131	Argument	xx	predictive	Faible
132	Argument	xxx	predictive	Faible
133	Argument	xxxxxxxx	predictive	Moyen
134	Argument	_xxxxxxx	predictive	Moyen
135	Input Value	%xx	predictive	Faible

Références (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!