StrelaStealer Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Linguaggio

en	44
ru	14
fr	2
de	2
ja	2

Nazione

ru	26
us	18
fr	2
pt	2
de	2

Attori

RedLine Stealer	2
Stealc	2
Rhadamanthys	2
StrelaStealer	2
ISFB	1

Interesse

Genere

Not Defined	24
Web Server	10
Smartphone Operating System	2
SCADA Software	2
Web Browser	2

Fornitore

Not Defined	24
Microsoft	4
Google	4
Hassan Consulting	4
Cowon America	2

Prodotto

Hassan Consulting Shopping Cart	4
nginx	4
Microsoft IIS	2
Google Android	2
Cowon America jetAudio	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	Node.js escalazione di privilegi	8.2	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00260	0.00	CVE-2020-8201
2	Email Subscribers / Newsletters File Download rivelazione di un 'informazione	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.21953	0.06	CVE-2019-19985
3	Google Android Privilege Escalation	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00061	0.01	CVE-2021-0877
4	Google Android buffer overflow	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-21042
5	Microsoft Windows Online Certificate Status Protocol SnapIn Remote Code Execution	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00120	0.02	CVE-2023-35313
6	GitHub Enterprise Server API rivelazione di un 'informazione	3.9	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00111	0.00	CVE-2022-46257
7	Pallets Werkzeug Debugger tbtools.py render_full cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00183	0.04	CVE-2016-10516
8	Zyxel ATP/USG FLEX/VPN CGI Program rivelazione di un 'informazione	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00077	0.00	CVE-2023-22918
9	Apache OpenOffice Calc escalazione di privilegi	7.3	6.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00602	0.02	CVE-2014-3524
10	V3chat V3 Chat Profiles Dating Script autenticazione debole	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01685	0.00	CVE-2008-5784
11	SourceCodester Online Discussion Forum Site view_post.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00067	0.21	CVE-2023-3152
12	USAA Mobile Banking Screen Cache rivelazione di un 'informazione	3.3	3.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00116	0.00	CVE-2015-1314
13	Zoho ManageEngine ServiceDesk Plus MSP autenticazione debole	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00343	0.00	CVE-2021-44675
14	Microsoft Exchange Outlook Web Access escalazione di privilegi	5.3	4.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.01212	0.00	CVE-2014-6319
15	October CMS escalazione di privilegi	5.3	5.1	$0-$5k	$0-$5k	High	Official Fix	0.01981	0.00	CVE-2021-32648
16	pyload escalazione di privilegi	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.50964	0.00	CVE-2023-0297
17	cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar directory traversal	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00079	0.05	CVE-2022-4065
18	Verizon Fios Actiontec Mi424wr-gen31 Router Administration index.cgi cross site request forgery	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00348	0.01	CVE-2013-0126
19	Yandex Browser escalazione di privilegi	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2022-28226
20	SheerDNS Directory_lookup directory traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02

Campagne (1)

These are the campaigns that can be associated with the actor:

Spain

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Attore	Campagne	Identified	Genere	Fiducia
1	45.9.74.12	StrelaStealer		03/04/2024	verified	Alto
2	XX.XXX.XX.XXX	Xxxxxxxxxxxxx	Xxxxx	24/06/2023	verified	Alto
3	XXX.XXX.XX.XX	Xxxxxxxxxxxxx		25/08/2023	verified	Alto
4	XXX.XXX.XX.XXX	Xxxxxxxxxxxxx		02/04/2024	verified	Alto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classe	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Alto
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
10	TXXXX	CAPEC-50	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-464	CWE-XXX	Xxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxx	predictive	Alto
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	/uncpath/	predictive	Media
2	File	admin\posts\view_post.php	predictive	Alto
3	File	ajax/include.php	predictive	Alto
4	File	app/admin/custom-fields/filter-result.php	predictive	Alto
5	File	boafrm/formSysCmd	predictive	Alto
6	File	xxxx	predictive	Basso
7	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	predictive	Alto
8	File	xxxxx/xxxxxxx.xx	predictive	Alto
9	File	xxxxx.xxx	predictive	Media
10	File	xxxxx_xxxxxx.xxx	predictive	Alto
11	File	xxxxx.xxx	predictive	Media
12	File	xxxxx.xx	predictive	Media
13	File	xxxxx.xxx	predictive	Media
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	Alto
15	File	xxxxxxxxxxxxx.xxx	predictive	Alto
16	File	xxxx-xxxxxx.x	predictive	Alto
17	File	xxxx.xxx	predictive	Media
18	File	xxxx.xx	predictive	Basso
19	File	xxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxx	predictive	Alto
20	File	xxxxxx_xxx/xxxx	predictive	Alto
21	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Alto
22	Library	/xxxxx/xxxxxxxx/xxxxxxx.xxx	predictive	Alto
23	Library	xxxxxx.xxx	predictive	Media
24	Argument	xxxx	predictive	Basso
25	Argument	xxxxx[xxxxx][xx]	predictive	Alto
26	Argument	xxxx	predictive	Basso
27	Argument	xxxxxxxx	predictive	Media
28	Argument	xxxxxxxx	predictive	Media
29	Argument	xxxxxxx	predictive	Basso
30	Argument	xxx	predictive	Basso
31	Argument	xxxxxxxx	predictive	Media
32	Argument	xxxxxx	predictive	Basso
33	Argument	xxxxxx	predictive	Basso
34	Argument	xxxxx	predictive	Basso
35	Argument	xxx	predictive	Basso
36	Input Value	\x	predictive	Basso

Referenze (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!