SocStealer Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Oś czasu

Język

en8
zh4
de4

Kraj

cn10
us6

Aktorzy

SocStealer3
Ponystealer1
DCRat1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined8
Mail Client Software2
Operating System2
WordPress Plugin2
SSH Server Software2

Sprzedawca

Not Defined8
Oracle2
Tenda2
Microsoft2
UMN2

Produkt

Oracle Web Applications Desktop Integrator2
Tenda AC232
Mutt2
NeoMutt2
Microsoft Windows2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.04CVE-2022-0349
2TestLink attachmentdownload.php privilege escalation6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.000860.04CVE-2022-35195
3UMN MapServer sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003760.00CVE-2011-2703
4SCMS privilege escalation7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001020.00CVE-2018-19654
5Oracle WebLogic Server Centralized Thirdparty Jars information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2020-8908
6Tenda AC23 httpd formGetSysToolDDNS memory corruption8.38.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001310.04CVE-2023-0782
7Oracle Web Applications Desktop Integrator Upload Remote Code Execution9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.973440.04CVE-2022-21587
8OpenSSH FIDO Authentication weak authentication5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002010.03CVE-2021-36368
9Dropbear Non-RFC-compliant Check weak authentication6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.04CVE-2021-36369
10Microsoft Windows EducatedScholar privilege escalation10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.742610.00CVE-2009-2532
11Jenkins Agent-to-Controller privilege escalation5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001920.02CVE-2021-21685
12Mutt/NeoMutt IMAP Server Response weak encryption5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.00CVE-2020-28896
13Devilz Clanportal File Upload nieznana luka5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.07CVE-2006-6338
14HoMaP index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001000.00CVE-2008-2989
15DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027331.10CVE-2007-1167
16Drupal Transliterate privilege escalation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001460.00CVE-2016-9452

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
145.76.142.14445.76.142.144.vultrusercontent.comSocStealer2022-04-08verifiedWysoki
2XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-08verifiedWysoki
3XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxxx2022-04-08verifiedWysoki
4XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx2022-04-08verifiedWysoki
5XXX.XXX.XX.XXxxxx-xxxx-xxxx-xxx-xx-xxxx.xxxxxxxx.xxxXxxxxxxxxx2022-04-08verifiedWysoki

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueKlasaLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveWysoki
2TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveWysoki
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveWysoki
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/bin/httpdpredictiveMedium
2Fileinc/filebrowser/browser.phppredictiveWysoki
3Filexxxxx.xxxpredictiveMedium
4Library/xxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveWysoki
5ArgumentxxxxpredictiveNiski
6ArgumentxxpredictiveNiski
7Argumentxx_xxpredictiveNiski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Do you know our Splunk app?

Download it now for free!