ObserverStealer Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (146)

Idioma

en	126
ru	16
de	2
zh	2

País

us	126
de	2

Actores

Stealc	3
RecordBreaker	3
RedLine Stealer	3
ObserverStealer	3
Raccoon	3

Interesse

Tipo

Not Defined	24
Programming Language Software	6
WordPress Plugin	6
Content Management System	4
Forum Software	4

Fabricante

Not Defined	18
DZCP	4
SourceCodester	4
Esoftpro	4
H3C	2

Produto

DZCP deV!L`z Clanportal	4
Esoftpro Online Guestbook Pro	4
SPIP	2
jforum	2
H3C GR-1100-P	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Indexu suggest_category.php Roteiro Cruzado de Sítios	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.09
2	Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed Excesso de tampão	8.3	8.2	$25k-$100k	$0-$5k	High	Official Fix	0.96869	0.00	CVE-2023-4966
3	TikiWiki tiki-register.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	1.36	CVE-2006-6168
4	Joomla CMS com_easyblog Injecção SQL	6.3	6.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00000	0.48
5	PHP Link Directory Administration Page index.html Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00374	1.01	CVE-2007-0529
6	DZCP deV!L`z Clanportal config.php direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.74	CVE-2010-0966
7	SPIP spip.php Roteiro Cruzado de Sítios	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.44	CVE-2022-28959
8	RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon Falsificação de Pedido Cross Site	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00206	0.08	CVE-2015-10116
9	Intelliants eSyndiCat suggest-category.php Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00228	0.02	CVE-2010-4504
10	LogicBoard CMS away.php Redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	2.23
11	PHP Scripts Mall Multi Language Olx Clone Script Roteiro Cruzado de Sítios	5.2	4.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00115	0.02	CVE-2018-6845
12	DZCP Witze Addon index.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00261	0.02	CVE-2012-5000
13	Storytlr Roteiro Cruzado de Sítios	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00129	0.09	CVE-2014-100037
14	Adobe ColdFusion Authentication direitos alargados	5.6	5.4	$0-$5k	$0-$5k	High	Official Fix	0.86185	0.13	CVE-2013-0625
15	TCL 30Z/10 direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.04	CVE-2023-38295
16	git-ecosystem git-credential-manager direitos alargados	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2024-32478
17	Linux Kernel hv_netvsc register_netdevice_notifier Privilege Escalation	5.5	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.04	CVE-2024-26820
18	Microsoft OLE DB Driver/SQL Server Excesso de tampão	8.8	7.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00091	0.05	CVE-2024-28913
19	WordPress XML-RPC class-wp-xmlrpc-server.php direitos alargados	8.0	7.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00731	0.05	CVE-2020-28036
20	NodeBB XML-RPC Request xmlrpc.php direitos alargados	8.0	7.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.11383	0.02	CVE-2023-43187

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Actor	Identified	Tipo	Aceitação
1	5.42.64.13	ObserverStealer	11/11/2023	verified	Alto
2	X.XX.XX.X	Xxxxxxxxxxxxxxx	06/04/2024	verified	Alto
3	X.XX.XX.XX	Xxxxxxxxxxxxxxx	10/02/2024	verified	Alto
4	XX.XXX.XXX.XX	Xxxxxxxxxxxxxxx	07/07/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-0	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (43)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/forum/away.php	predictive	Alto
2	File	/oauth/idp/.well-known/openid-configuration	predictive	Alto
3	File	/settings/account	predictive	Alto
4	File	/spip.php	predictive	Médio
5	File	/userLogin.asp	predictive	Alto
6	File	admin.php3	predictive	Médio
7	File	xxxxx/xxxxx-xxxxxxx-xx-xxxxxxxxxxxxxxxxxxxx-xxxxx.xxx	predictive	Alto
8	File	xxx_xxxxxxxxx.xxx	predictive	Alto
9	File	xxxxx.xxx	predictive	Médio
10	File	xxx/xxxxxx.xxx	predictive	Alto
11	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	Alto
12	File	xxxxx.xxxx	predictive	Médio
13	File	xxxxx.xxx	predictive	Médio
14	File	xxxxx.xxx/xxxxxxxxx_xxxx/xxx_xxxxxxx_xxxxxxxxxx/	predictive	Alto
15	File	xxxxxxxxxxxxx.xxx	predictive	Alto
16	File	xxxxx/xxxxx.xxx	predictive	Alto
17	File	xxx_xxxx.xxx	predictive	Médio
18	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	Alto
19	File	xxxxxxxxxx_xxxxx.xxxxxx	predictive	Alto
20	File	xxxxxxx-xxxxxxxx.xxx	predictive	Alto
21	File	xxxxxxx-xxxxxxx.xxx	predictive	Alto
22	File	xxxxxxx_xxxxxxxx.xxx	predictive	Alto
23	File	xxxx-xxxxx.xxx	predictive	Alto
24	File	xxxx-xxxxxxxx.xxx	predictive	Alto
25	File	xxxxx/xx_xxxx.x	predictive	Alto
26	File	xx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxx	predictive	Alto
27	File	xxxxxx.xxx	predictive	Médio
28	File	xxxxxxxxxxxx.xxx	predictive	Alto
29	Argument	xxx/xxx	predictive	Baixo
30	Argument	xxxxxxxx	predictive	Médio
31	Argument	xxxxxxx	predictive	Baixo
32	Argument	xxxxxxx	predictive	Baixo
33	Argument	xxxxx	predictive	Baixo
34	Argument	xxxxx_xxx	predictive	Médio
35	Argument	xxxx	predictive	Baixo
36	Argument	xxxxxxxx	predictive	Médio
37	Argument	xxxxxx_xxx	predictive	Médio
38	Argument	xx	predictive	Baixo
39	Argument	xxxxxxx_xx	predictive	Médio
40	Argument	xx_xxxx	predictive	Baixo
41	Argument	xxxxxx	predictive	Baixo
42	Argument	xxxxx	predictive	Baixo
43	Input Value	xxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!