SocStealer Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Linguaggio

en	8
de	4
zh	4

Nazione

us	8
cn	6

Attori

SocStealer	3
Ponystealer	1
DCRat	1

Interesse

Genere

Not Defined	8
Continuous Integration Software	2
Operating System	2
Connectivity Software	2
WordPress Plugin	2

Fornitore

Not Defined	12
UMN	2
Microsoft	2

Prodotto

UMN MapServer	2
Jenkins	2
Microsoft Windows	2
HoMaP	2
OpenSSH	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	NotificationX Plugin SQL Statement sql injection	5.6	5.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02414	0.04	CVE-2022-0349
2	TestLink attachmentdownload.php escalazione di privilegi	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00086	0.04	CVE-2022-35195
3	UMN MapServer sql injection	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00376	0.00	CVE-2011-2703
4	SCMS escalazione di privilegi	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00102	0.00	CVE-2018-19654
5	Oracle WebLogic Server Centralized Thirdparty Jars rivelazione di un 'informazione	3.3	3.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00060	0.00	CVE-2020-8908
6	Tenda AC23 httpd formGetSysToolDDNS buffer overflow	8.3	8.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00131	0.04	CVE-2023-0782
7	Oracle Web Applications Desktop Integrator Upload Remote Code Execution	9.8	9.6	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.97344	0.04	CVE-2022-21587
8	OpenSSH FIDO Authentication autenticazione debole	5.6	5.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00201	0.09	CVE-2021-36368
9	Dropbear Non-RFC-compliant Check autenticazione debole	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00097	0.04	CVE-2021-36369
10	Microsoft Windows EducatedScholar escalazione di privilegi	10.0	9.5	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.74261	0.00	CVE-2009-2532
11	Jenkins Agent-to-Controller escalazione di privilegi	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00192	0.02	CVE-2021-21685
12	Mutt/NeoMutt IMAP Server Response crittografia debole	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00312	0.00	CVE-2020-28896
13	Devilz Clanportal File Upload vulnerabilità sconosciuta	5.3	4.4	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05362	0.04	CVE-2006-6338
14	HoMaP index.php sql injection	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00100	0.00	CVE-2008-2989
15	DZCP deV!L`z Clanportal browser.php rivelazione di un 'informazione	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02733	0.25	CVE-2007-1167
16	Drupal Transliterate escalazione di privilegi	6.5	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00146	0.00	CVE-2016-9452

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Identified	Genere	Fiducia
1	45.76.142.144	45.76.142.144.vultrusercontent.com	SocStealer	08/04/2022	verified	Alto
2	XX.XX.XXX.XXX	xx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	08/04/2022	verified	Alto
3	XX.XX.XXX.XX	xxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxx	Xxxxxxxxxx	08/04/2022	verified	Alto
4	XXX.XXX.XXX.XXX	xxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxx	Xxxxxxxxxx	08/04/2022	verified	Alto
5	XXX.XXX.XX.XX	xxxx-xxxx-xxxx-xxx-xx-xxxx.xxxxxxxx.xxx	Xxxxxxxxxx	08/04/2022	verified	Alto

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1040	CWE-319	Authentication Bypass by Capture-replay	predictive	Alto
2	TXXXX	CWE-XX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/bin/httpd	predictive	Media
2	File	inc/filebrowser/browser.php	predictive	Alto
3	File	xxxxx.xxx	predictive	Media
4	Library	/xxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxx	predictive	Alto
5	Argument	xxxx	predictive	Basso
6	Argument	xx	predictive	Basso
7	Argument	xx_xx	predictive	Basso

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Do you need the next level of professionalism?

Upgrade your account now!