WASP Stealer 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (178)

タイムライン

言語

en106
ru46
es14
de12

国・地域

us112
ru58
jp2
cn2

アクター

WASP Stealer8
RedLine Stealer6
Cobalt Strike3
Remcos2
Sliver2

アクティビティ

関心

タイムライン

タイプ

Not Defined70
Smartphone Operating System8
JavaScript Library6
WordPress Plugin6
Programming Language Software6

ベンダー

Not Defined52
Fortinet10
Oracle6
Apple6
Google6

製品

OpenSSH4
jQuery4
Microsoft Windows4
Fortinet FortiOS4
Joomla CMS4

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.19CVE-2020-12440
2AppServ Open Project サービス拒否7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.080730.00CVE-2005-4296
3Citrix Metaframe login.asp クロスサイトスクリプティング4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.008670.00CVE-2003-1157
4Cacti XML Template File templates_import.php クロスサイトスクリプティング4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000690.00CVE-2023-50569
5Moment.js ディレクトリトラバーサル6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.13CVE-2022-24785
6Cutephp CuteNews Protection Feature shows.inc.php サービス拒否7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.029460.00CVE-2005-3010
7Apache Tomcat JmxRemoteLifecycleListener 特権昇格9.89.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.251150.04CVE-2016-8735
8Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.07CVE-2022-27228
9Microsoft Windows Remote Desktop Protocol Remote Code Execution7.06.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.002540.03CVE-2023-35332
10myPHPCalendar admin.php 特権昇格7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.025760.04CVE-2006-6812
11Squitosoft Squito Gallery photolist.inc.php メモリ破損7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.013710.04CVE-2005-2258
12DUware DUdownload detail.asp SQLインジェクション7.37.1$0-$5k$0-$5kHighUnavailable0.002540.03CVE-2006-6367
13Trevor Hogan BNBT Util_DecodeHTTPAuth サービス拒否5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.102550.00CVE-2004-2029
14AWStats awstats.pl ディレクトリトラバーサル5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.05CVE-2020-35176
15Metertek pagelog.cgi ディレクトリトラバーサル6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.010470.02CVE-2000-0940
16Cutephp CuteNews show_archives.php ディレクトリトラバーサル5.35.0$0-$5k計算中Proof-of-ConceptNot Defined0.068460.00CVE-2005-3507
17GNU Mailman Admin Login Page/Pipermail Index Summary クロスサイトスクリプティング6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014800.03CVE-2002-0388
18Craig Patchett Fileseek FileSeek.cgi ディレクトリトラバーサル5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.049640.00CVE-2002-0611
19Import any XML or CSV File Plugin ZIP File 特権昇格5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001060.04CVE-2023-7082
20liveSite edit_designer_region.php Privilege Escalation8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.005560.04CVE-2024-22638

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Invisible Challenge

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
13.86.190.205ec2-3-86-190-205.compute-1.amazonaws.comWASP Stealer2023年06月21日verified
24.201.87.248WASP Stealer2023年06月21日verified
318.204.35.132ec2-18-204-35-132.compute-1.amazonaws.comWASP Stealer2023年06月21日verified
4XX.XXX.XX.XXXxxx Xxxxxxx2023年06月21日verified
5XX.XXX.X.XXXXxxx Xxxxxxx2023年06月21日verified
6XX.XXX.XXX.XXxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxx Xxxxxxx2023年06月21日verified
7XX.XX.XX.XXXXxxx Xxxxxxx2023年06月21日verified
8XX.XXX.XXX.XXXXxxx XxxxxxxXxxxxxxxx Xxxxxxxxx2022年12月06日verified
9XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxx Xxxxxxx2023年06月21日verified
10XX.XX.XXX.XXXxx-xx-xx-xxx-xxx-xxxxx.xxx.xxxxxx-xx-xxxx.xxxXxxx Xxxxxxx2023年06月21日verified
11XX.XXX.X.XXXxx.xxxxxxxXxxx Xxxxxxx2023年06月21日verified

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-21, CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3T1059CAPEC-242CWE-94Argument Injectionpredictive
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxxpredictive
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
8TXXXXCAPEC-0CWE-XXXXxxxxxxxxx Xxxxxxpredictive
9TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (137)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/admin/admin.phppredictive
2File/admin/index2.htmlpredictive
3File/api/baskets/{name}predictive
4File/application/index/controller/Databasesource.phppredictive
5File/livesite/edit_designer_region.phppredictive
6File/view-pass-detail.phppredictive
7File/wp-admin/options-general.phppredictive
8Fileadmin.color.phppredictive
9Fileadmin.cropcanvas.phppredictive
10Fileadmin.joomlaradiov5.phppredictive
11Fileadmin.phppredictive
12Fileadmin/addons/archive/archive.phppredictive
13Fileadministrator/components/com_media/helpers/media.phppredictive
14Fileadmin\model\catalog\download.phppredictive
15Fileakocomments.phppredictive
16Filealbum_portal.phppredictive
17Filexx_xxxxxxxxxx.xxxpredictive
18Filexxxxxxxxxxxxx.xxxpredictive
19Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictive
20Filexxxxx.xxxpredictive
21Filexxx_xxxxxxxxx.xxxpredictive
22Filexxx-xxx/xxxxxxx.xxpredictive
23Filexxxxxxx.xxx.xxxpredictive
24Filexxxxxx/xxxx.xxxpredictive
25Filexxxxxx.xxxpredictive
26Filexxxxxx_xxxxx.xxxpredictive
27Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictive
28Filexxxxxx.xxxpredictive
29Filexxxxxx.xxxpredictive
30Filexxxxxxxx.xxxpredictive
31Filexxxxxxx_xxxxxxx.xxpredictive
32Filexxxxxxxx.xxxpredictive
33Filexxxxxxxxxx.xxxpredictive
34Filexxxxxxxx.xxxpredictive
35Filexxx/xxxxx.xxx.xxxpredictive
36Filexxxxxxx.xxxpredictive
37Filexxxxx.xxxpredictive
38Filexxxxx.xxxpredictive
39Filexxxxxx/xxxxxx/xxxxx.xxxpredictive
40Filexxxxxx/xxxxxx/xxx_x.xxxpredictive
41Filexxxx_xxxx.xxxpredictive
42Filexxxxx.xxxpredictive
43Filexxxxx.xxxpredictive
44Filexxxxx/predictive
45Filexxxxxxx.xxxpredictive
46Filexxxxxxxx.xxxpredictive
47Filexxxx_xxxx.xxxpredictive
48Filexxxxxxx.xxxpredictive
49Filexxxxxxxxx.xxx.xxxpredictive
50Filexxxxxxxxxxx.xxxxpredictive
51Filexxxxxxxxxxxxxx.xxxpredictive
52Filexxxxxxx_xxxxxx_xxxxxxxxxx.xxxpredictive
53Filexxx.xpredictive
54Filexxxxxxx.xxxpredictive
55Filexxxxxxxxxxxxxxxx.xxxpredictive
56Filexxxxxxxxxxxxxxx.xxxpredictive
57Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictive
58Filexxxxxxxxxxx.xxxpredictive
59Filexxxx_xxxxxxxx.xxxpredictive
60Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictive
61Filexxxxxx.xxxpredictive
62Filexxxxxx_xxxxxx.xxxpredictive
63Filexxxxx_xxxxx.xxxpredictive
64Filexxxxxxxxx/xxxxxxxxxxpredictive
65Filexxxxxxxxx/xxxxxxxx.xxxpredictive
66Filexxxxxxxxx_xxxxxx.xxxpredictive
67Filexxxx_xxx_xxxx.xxxpredictive
68Filexxxxxxx-xxxxxx.xxxpredictive
69Filexxxx_xxxx.xxxpredictive
70Filexxxxxxx.xxxxpredictive
71Libraryxxxxxx[xxxxxx_xxxxpredictive
72Libraryxxxxxxxx-x.x/xxxxxxxx.xxxpredictive
73Argumentxxxxxxxxxxxpredictive
74Argumentxxxxxxpredictive
75Argumentxxxxxxxxxpredictive
76Argumentxxxx_xxxpredictive
77Argumentxxxxxxpredictive
78Argumentxxxxxx_xxxxxpredictive
79Argumentxxx_xxxpredictive
80Argumentxxxpredictive
81Argumentxxx_xxpredictive
82Argumentxxxx_xxpredictive
83Argumentxxxxxxxpredictive
84Argumentxxxxxxxxxxxxpredictive
85Argumentxxxxxxpredictive
86Argumentxxxxxxxxxxpredictive
87Argumentxxxxxx[xxxxxx_xxxx]predictive
88Argumentxxxxxxx_xxpredictive
89Argumentxxxxxxxxxxxxpredictive
90Argumentxxxxxxxxxxxpredictive
91Argumentxxxxpredictive
92Argumentxxxxxxxpredictive
93Argumentxxxxxx_xxxxx_xxxpredictive
94Argumentxxxxxxxxpredictive
95Argumentxxxx/xxxxpredictive
96Argumentxxxx_xxxx_xxxxxxxpredictive
97Argumentxxxx_xxxxxx_xxpredictive
98Argumentxxxx_xxxxxpredictive
99Argumentxxpredictive
100Argumentxxpredictive
101Argumentxxxxxxxxxpredictive
102Argumentxxxxpredictive
103Argumentxxxxxpredictive
104Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictive
105Argumentxxxxpredictive
106Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
107Argumentxxxxxxxxx_xxxx_xxxxpredictive
108Argumentxxxx/xxxxxxxpredictive
109Argumentxxxx_xxpredictive
110Argumentxxxxx_xxxxxxxpredictive
111Argumentxxxxx_xxxpredictive
112Argumentxxxxxxxxxpredictive
113Argumentxxxxx_xxxx_xxxxpredictive
114Argumentxxxxx_xxxxxxx_xxxxpredictive
115Argumentxxxxxxx_xxxpredictive
116Argumentxxxpredictive
117Argumentxxxxxpredictive
118Argumentxxxxxxpredictive
119Argumentxxxxxxxpredictive
120Argumentxxxx_xxxpredictive
121Argumentxxxxxxx_xxxxxx_xxxxx.xxxpredictive
122Argumentxxxxxx/xxxxxx_xxxxxxpredictive
123Argumentxxxxxxxxxxpredictive
124Argumentxxxxxxpredictive
125Argumentxxxxxxxxxpredictive
126Argumentxxxxxxpredictive
127Argumentxxxxxxxxpredictive
128Argumentxx_xxxxxxxxxxxpredictive
129Argumentxxxxxxxxxxxpredictive
130Argumentxxxxx/xxxxpredictive
131Argumentxxxxxxxpredictive
132Argumentxxxxxpredictive
133Argumentxxxxx_xxxpredictive
134Input Value../predictive
135Input Value</xxxxxx >predictive
136Input Valuex==predictive
137Input Value\xxx../../../../xxx/xxxxxxpredictive

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

概要

Want to stay up to date on a daily basis?

Enable the mail alert feature now!