Stealth Soldier Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Język

en	46

Kraj

ru	24
us	22

Aktorzy

Exploit Kit	1
Eye on the Nile	1
Stealth Soldier	1
SystemBC	1

Wysiłek

Rodzaj

Not Defined	14
Operating System	4
Content Management System	2
Router Operating System	2
Forum Software	2

Sprzedawca

Not Defined	10
Linux	4
MGB	2
LogicBoard	2
TP-LINK	2

Produkt

Linux Kernel	4
MGB OpenSource Guestbook	2
LogicBoard CMS	2
TP-LINK TD-W9977v1	2
TP-LINK TL-WA801NDv5	2

Luki w zabezpieczeniach

#	Słaby punkt	Base	Temp	0day	Dzisiaj	Wyk	Prz	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure	5.3	5.2	$5k-$25k	Obliczenie	High	Workaround	0.02016	0.00	CVE-2007-1192
2	JForum Login privilege escalation	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00157	0.03	CVE-2012-5338
3	Linux Kernel UDP Packet udp.c privilege escalation	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04837	0.00	CVE-2016-10229
4	Linux Kernel memory corruption	10.0	9.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.07416	0.00	CVE-2008-1673
5	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00106	0.16	CVE-2018-6200
6	Linux Kernel nf_conntrack_h323_asn1.c decode_choice denial of service	7.5	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.06304	0.00	CVE-2007-3642
7	Netgear GC108P NSDP Packet sccd weak authentication	6.7	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00083	0.00	CVE-2021-40866
8	Google Android xt_qtaguid.c qtaguid_untag memory corruption	6.5	6.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00042	0.00	CVE-2021-0399
9	TP-LINK Archer C3150v2 dhcp.htm setDefaultHostname cross site scripting	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00536	0.03	CVE-2021-3275
10	Google Android ADSPRPC Heap Manager memory corruption	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00119	0.05	CVE-2018-3586
11	Apple macOS WebKit privilege escalation	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00230	0.00	CVE-2021-1801
12	Linux Kernel ptrace.c privilege escalation	7.8	7.6	$5k-$25k	$0-$5k	High	Official Fix	0.00052	0.04	CVE-2019-13272
13	Samsung Mobile Devices SEAndroid Protection Mechanism privilege escalation	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00066	0.00	CVE-2020-13829
14	My Link Trader out.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.07
15	PHP phpinfo cross site scripting	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.08985	0.08	CVE-2006-0996
16	phpMyAdmin phpinfo.php information disclosure	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00142	0.00	CVE-2016-9848
17	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.24	CVE-2015-4134
18	MGB OpenSource Guestbook email.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	0.77	CVE-2007-0354
19	Google Chrome TransportDIB SkBitmap Pixel Data render_widget_snapshot_taker.cc WidgetDidReceivePaintAtSizeAck privilege escalation	6.5	6.2	$100k i więcej	$0-$5k	Not Defined	Official Fix	0.00622	0.00	CVE-2013-2836
20	Pixelpost cross site request forgery	7.0	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01098	0.02	CVE-2010-3305

Kampanie (1)

These are the campaigns that can be associated with the actor:

North Africa

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adres IP	Hostname	Aktor	Kampanie	Identified	Rodzaj	Pewność siebie
1	94.156.33.228		Stealth Soldier	North Africa	2023-06-08	verified	Wysoki
2	94.156.33.229		Stealth Soldier	North Africa	2023-06-08	verified	Wysoki
3	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx	Xxxxxxx Xxxxxxx	Xxxxx Xxxxxx	2023-06-08	verified	Wysoki
4	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx	Xxxxxxx Xxxxxxx	Xxxxx Xxxxxx	2023-06-08	verified	Wysoki
5	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx	Xxxxxxx Xxxxxxx	Xxxxx Xxxxxx	2023-06-08	verified	Wysoki
6	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx	Xxxxxxx Xxxxxxx	Xxxxx Xxxxxx	2023-06-08	verified	Wysoki

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klasa	Luki w zabezpieczeniach	Wektor dostępu	Rodzaj	Pewność siebie
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Wysoki
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Wysoki
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Wysoki
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Wysoki
5	TXXXX	CAPEC-	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Wysoki
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Wysoki
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Wysoki

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klasa	Indicator	Rodzaj	Pewność siebie
1	File	/forum/away.php	predictive	Wysoki
2	File	/out.php	predictive	Medium
3	File	/sqfs/bin/sccd	predictive	Wysoki
4	File	admin/index.php	predictive	Wysoki
5	File	xxxxxxx/xxxxxxxxxx/xxxxxx_xxxxxx_xxxxxxxx_xxxxx.xx	predictive	Wysoki
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Wysoki
7	File	xxxx.xxx	predictive	Medium
8	File	xxxxx.xxx	predictive	Medium
9	File	xxxx.xxx	predictive	Medium
10	File	xxx/xxxxxx.xxx	predictive	Wysoki
11	File	xxxxxx/xxxxxx.x	predictive	Wysoki
12	File	xxx/xxxxxxxxx/xx_xxxxxxxxx_xxxx_xxxx.x	predictive	Wysoki
13	File	xxxxxxx.xxx	predictive	Medium
14	File	xxxx.xxx	predictive	Medium
15	File	xxxxxxxxxx.xxx	predictive	Wysoki
16	File	xxx.x	predictive	Niski
17	File	xx_xxxxxxx.x	predictive	Medium
18	Argument	xxxxxxxx	predictive	Medium
19	Argument	xx	predictive	Niski
20	Argument	xxxxxxxx	predictive	Medium
21	Argument	xxxxxxxxxx	predictive	Medium
22	Argument	xxxxxx_xx	predictive	Medium
23	Argument	xxx	predictive	Niski
24	Argument	xxx	predictive	Niski
25	Network Port	xxx	predictive	Niski

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PoprzedniPrzeglądKolejny ▸

Interested in the pricing of exploits?

See the underground prices here!