Meduza Stealer Analiza
IOB - Indicator of Behavior (88)
Zajęcia
Wysiłek
Luki w zabezpieczeniach
IOC - Indicator of Compromise (156)
These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.
TTP - Tactics, Techniques, Procedures (10)
Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Klasa | Luki w zabezpieczeniach | Wektor dostępu | Rodzaj | Pewność siebie |
---|---|---|---|---|---|---|
1 | T1006 | CAPEC-126 | CWE-22 | Path Traversal | predictive | Wysoki |
2 | T1055 | CAPEC-10 | CWE-74 | Improper Neutralization of Data within XPath Expressions | predictive | Wysoki |
3 | TXXXX | CAPEC-242 | CWE-XX | Xxxxxxxx Xxxxxxxxx | predictive | Wysoki |
4 | TXXXX.XXX | CAPEC-209 | CWE-XX, CWE-XX | Xxxxx Xxxx Xxxxxxxxx | predictive | Wysoki |
5 | TXXXX | CAPEC-122 | CWE-XXX, CWE-XXX, CWE-XXX | Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx | predictive | Wysoki |
6 | TXXXX | CAPEC-136 | CWE-XX, CWE-XX | Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx | predictive | Wysoki |
7 | TXXXX | CAPEC-108 | CWE-XX | Xxx Xxxxxxxxx | predictive | Wysoki |
8 | TXXXX | CAPEC- | CWE-XXX | Xxxxxxxxxxx Xxxxxxxxxx | predictive | Wysoki |
9 | TXXXX | CAPEC-116 | CWE-XXX, CWE-XXX | Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx | predictive | Wysoki |
10 | TXXXX.XXX | CAPEC-1 | CWE-XXX | Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx | predictive | Wysoki |
IOA - Indicator of Attack (110)
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.
ID | Klasa | Indicator | Rodzaj | Pewność siebie |
---|---|---|---|---|
1 | File | /admin/delete_user.php | predictive | Wysoki |
2 | File | /film-rating.php | predictive | Wysoki |
3 | File | /index.php | predictive | Medium |
4 | File | /librarian/bookdetails.php | predictive | Wysoki |
5 | File | /oauth/idp/.well-known/openid-configuration | predictive | Wysoki |
6 | File | /student/bookdetails.php | predictive | Wysoki |
7 | File | account.asp | predictive | Medium |
8 | File | admin.php | predictive | Medium |
9 | File | admin/establishment/manage.php | predictive | Wysoki |
10 | File | admin/inquiries/view_details.php | predictive | Wysoki |
11 | File | album_portal.php | predictive | Wysoki |
12 | File | announce.php | predictive | Medium |
13 | File | bb_usage_stats.php | predictive | Wysoki |
14 | File | category.cfm | predictive | Medium |
15 | File | xxxxxxxx_xxxx.xxx | predictive | Wysoki |
16 | File | xxxxx.xxxxx.xxx | predictive | Wysoki |
17 | File | xxxxxx.xxx.xxx | predictive | Wysoki |
18 | File | xxxxxxx.xxx | predictive | Medium |
19 | File | xxxxxx.xxx | predictive | Medium |
20 | File | xxxxxxxxxxxxxxx.xxx | predictive | Wysoki |
21 | File | xxxxxxxx.xxx | predictive | Medium |
22 | File | xxxxxxxxx/xxxxxxxxx.xxx | predictive | Wysoki |
23 | File | xxxxxxx.xxx | predictive | Medium |
24 | File | xxxxxxxxxxxx_xxxx.xxx | predictive | Wysoki |
25 | File | xxxx_xxxxxxx.xxx.xxx | predictive | Wysoki |
26 | File | xxxxxx.xxx | predictive | Medium |
27 | File | xxxx.xxx | predictive | Medium |
28 | File | xxxxx_xxxxxx.xxx | predictive | Wysoki |
29 | File | xxx/xxxxxxxxx.xxx.xxx | predictive | Wysoki |
30 | File | xxxxxxx.xxx | predictive | Medium |
31 | File | xxxxx.xxx | predictive | Medium |
32 | File | xxxxxxx/xxxxxx.xxx | predictive | Wysoki |
33 | File | xxxx_xxxx.xxx | predictive | Wysoki |
34 | File | xxxx.xxx | predictive | Medium |
35 | File | xxxxx.xxx | predictive | Medium |
36 | File | xxxx/xxxxxxx_xxxx.x | predictive | Wysoki |
37 | File | xxx/xxx.xxx | predictive | Medium |
38 | File | xxxxxxx/xxx_xxxxxxxx.xxx | predictive | Wysoki |
39 | File | xxx_xxxxxxxx.xxx | predictive | Wysoki |
40 | File | xxxx-xxxxxx.xxx | predictive | Wysoki |
41 | File | xxxxxxxx.xxx | predictive | Medium |
42 | File | xxxxx.xxx | predictive | Medium |
43 | File | xxxxxxxx.xxx | predictive | Medium |
44 | File | xxxxx/xxxxxxx.xxx | predictive | Wysoki |
45 | File | xxxxx.xxx | predictive | Medium |
46 | File | xxxx.xxx | predictive | Medium |
47 | File | xxxx_xxxx_xxxxxx.xxx | predictive | Wysoki |
48 | File | xxxxxx_xxx_xxxxxx.xxx | predictive | Wysoki |
49 | File | xxxxx.xxx | predictive | Medium |
50 | File | xxxxx_xxxxx.xxx | predictive | Wysoki |
51 | File | xxxxxxxxx/xxxxx/xxxx/xxx_xxxxxxx/xxxxxxx/xxxxxxx.xxx | predictive | Wysoki |
52 | File | xxxxx-xxxx.xxx | predictive | Wysoki |
53 | File | xxxxxx.xxx | predictive | Medium |
54 | File | xxxx/xxx/xxxx-xxxxx.xxx | predictive | Wysoki |
55 | File | xxxx/xxxxxxxxxxxx.xxx | predictive | Wysoki |
56 | File | xxxx_xxxx.xxx | predictive | Wysoki |
57 | File | xxxx_xxxxxxx.xxx | predictive | Wysoki |
58 | File | xxx/xxxxxxx.xxx | predictive | Wysoki |
59 | File | xxxxxx.xxx | predictive | Medium |
60 | Library | xxxxxx[xxxxxx_xxxx | predictive | Wysoki |
61 | Library | xxxxxxx_xxxxxx_xxxxxxx | predictive | Wysoki |
62 | Argument | xxxxxxxx | predictive | Medium |
63 | Argument | xxxx_xxx | predictive | Medium |
64 | Argument | xxx_xxx | predictive | Niski |
65 | Argument | xxx | predictive | Niski |
66 | Argument | xxx_xx | predictive | Niski |
67 | Argument | xxx | predictive | Niski |
68 | Argument | xxxx_xx | predictive | Niski |
69 | Argument | xxxxxxx | predictive | Niski |
70 | Argument | xxxxxx | predictive | Niski |
71 | Argument | xxxxxxxxxx | predictive | Medium |
72 | Argument | xxxxxx[xxxxxx_xxxx] | predictive | Wysoki |
73 | Argument | xxxxxx[xxx_xxxx_xxxx] | predictive | Wysoki |
74 | Argument | xxxx_xxxxxxxx | predictive | Wysoki |
75 | Argument | xxxxx | predictive | Niski |
76 | Argument | xxxxx | predictive | Niski |
77 | Argument | xx_xxxx | predictive | Niski |
78 | Argument | xxxxxxx | predictive | Niski |
79 | Argument | xx | predictive | Niski |
80 | Argument | xxxxxxxx | predictive | Medium |
81 | Argument | xx | predictive | Niski |
82 | Argument | xx | predictive | Niski |
83 | Argument | xxxxx/xxxx | predictive | Medium |
84 | Argument | xxxxx.xxx?xxxxxx=xxx_xxxxxxx/xxxx=xxxxxxx/xx=x/xxxxxxxx=xxxxx | predictive | Wysoki |
85 | Argument | xxxx | predictive | Niski |
86 | Argument | xxxx | predictive | Niski |
87 | Argument | xxxx | predictive | Niski |
88 | Argument | xxxx_xxxx | predictive | Medium |
89 | Argument | xxxxx_xxxx | predictive | Medium |
90 | Argument | xxx_xxxxxxx_xxx | predictive | Wysoki |
91 | Argument | xx_xxxxxxxx | predictive | Medium |
92 | Argument | xxxxxxxxx_xxxxxxxx_xxxx | predictive | Wysoki |
93 | Argument | xxxxx | predictive | Niski |
94 | Argument | xxxx | predictive | Niski |
95 | Argument | xxxx_xx_xx_xxx | predictive | Wysoki |
96 | Argument | xxxxx_xxxx_xxxx | predictive | Wysoki |
97 | Argument | xxxxx | predictive | Niski |
98 | Argument | xxxxxxxx | predictive | Medium |
99 | Argument | xxxxxxx_xx | predictive | Medium |
100 | Argument | xxxxxxxx | predictive | Medium |
101 | Argument | xxx | predictive | Niski |
102 | Argument | xxx | predictive | Niski |
103 | Argument | xxxxxxxxxx | predictive | Medium |
104 | Argument | xxxx | predictive | Niski |
105 | Argument | xxxxxxxx/xxxxxxxx | predictive | Wysoki |
106 | Argument | xx | predictive | Niski |
107 | Input Value | ' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxx | predictive | Wysoki |
108 | Input Value | 'xx''=' | predictive | Niski |
109 | Input Value | \xxx../../../../xxx/xxxxxx | predictive | Wysoki |
110 | Network Port | xxx/xxxx | predictive | Medium |
Referencje (103)
The following list contains external sources which discuss the actor and the associated activities:
- https://github.com/vuldb/cyber_threat_intelligence/tree/main/actors/Meduza%20Stealer
- https://search.censys.io/hosts/2.56.109.134
- https://search.censys.io/hosts/5.42.73.251
- https://search.censys.io/hosts/5.42.94.65
- https://search.censys.io/hosts/5.42.106.164
- https://search.censys.io/hosts/5.182.86.32
- https://search.censys.io/hosts/5.182.86.194
- https://search.censys.io/hosts/5.182.86.229
- https://search.censys.io/hosts/5.182.87.145
- https://search.censys.io/hosts/37.110.19.55
- https://search.censys.io/hosts/37.221.93.9
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.x
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.x
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xx+xx.xxx.xx.xx.xxxxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xx+xx.xxx.xx.xx.xxxxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.x
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xx.xxx.xxx.xx+xxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xx.xxx.x
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xx.xxx
- xxxxx://xxxxxx.xxxxxx.xx/xxxxx/xxx.xxx.xxx.xxx
- xxxxx://xxxxxxxxx.xxxxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=x.xx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=x.xx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=x.xxx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=x.xxx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xx.xxx.xxx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xx.xx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xx.xx.xx
- xxxxx://xxxxxxx.xxxxxxxx.xxx/xxxxx.xxx?x=xxx.xxx.xxx.xxx
- xxxxx://xxxxxxx.xxx/xxxxxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxx