Stealth Soldier Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (46)

Idioma

en	44
es	2

País

ru	28
us	18

Actores

Stealth Soldier	1
Eye on the Nile	1
SystemBC	1

Interesse

Tipo

Not Defined	10
Operating System	6
Forum Software	2
Programming Language Software	2
Database Administration Software	2

Fabricante

Not Defined	14
Linux	6
Thomas R. Pasawicz	2
Google	2
LogicBoard	2

Produto

Linux Kernel	6
JForum	2
VICIDIAL	2
PHP	2
PHPWind	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	High	Workaround	0.02016	0.02	CVE-2007-1192
2	JForum Login direitos alargados	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00151	0.06	CVE-2012-5338
3	Linux Kernel UDP Packet udp.c direitos alargados	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.04837	0.03	CVE-2016-10229
4	Linux Kernel Excesso de tampão	10.0	9.0	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.07416	0.00	CVE-2008-1673
5	vBulletin redirector.php Redirect	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00122	0.07	CVE-2018-6200
6	Linux Kernel nf_conntrack_h323_asn1.c decode_choice Negação de Serviço	7.5	6.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.08412	0.00	CVE-2007-3642
7	Netgear GC108P NSDP Packet sccd Fraca autenticação	6.7	6.7	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00073	0.00	CVE-2021-40866
8	Google Android xt_qtaguid.c qtaguid_untag Excesso de tampão	6.5	6.3	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00042	0.04	CVE-2021-0399
9	TP-LINK Archer C3150v2 dhcp.htm setDefaultHostname Roteiro Cruzado de Sítios	5.2	5.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00536	0.03	CVE-2021-3275
10	Google Android ADSPRPC Heap Manager Excesso de tampão	8.5	8.2	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00119	0.05	CVE-2018-3586
11	Apple macOS WebKit direitos alargados	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00230	0.00	CVE-2021-1801
12	Linux Kernel ptrace.c direitos alargados	7.8	7.6	$5k-$25k	$0-$5k	High	Official Fix	0.00052	0.00	CVE-2019-13272
13	Samsung Mobile Devices SEAndroid Protection Mechanism direitos alargados	7.4	7.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00066	0.00	CVE-2020-13829
14	My Link Trader out.php Injecção SQL	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.30
15	PHP phpinfo Roteiro Cruzado de Sítios	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.08985	0.04	CVE-2006-0996
16	phpMyAdmin phpinfo.php Divulgação de Informação	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00142	0.04	CVE-2016-9848
17	PHPWind goto.php Redirect	6.3	6.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00348	0.22	CVE-2015-4134
18	MGB OpenSource Guestbook email.php Injecção SQL	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01302	1.34	CVE-2007-0354
19	Google Chrome TransportDIB SkBitmap Pixel Data render_widget_snapshot_taker.cc WidgetDidReceivePaintAtSizeAck direitos alargados	6.5	6.2	$100k e mais	$0-$5k	Not Defined	Official Fix	0.00622	0.00	CVE-2013-2836
20	Pixelpost Falsificação de Pedido Cross Site	7.0	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01098	0.02	CVE-2010-3305

Campanhas (1)

These are the campaigns that can be associated with the actor:

North Africa

IOC - Indicator of Compromise (6)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	94.156.33.228		Stealth Soldier	North Africa	08/06/2023	verified	Alto
2	94.156.33.229		Stealth Soldier	North Africa	08/06/2023	verified	Alto
3	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx	Xxxxxxx Xxxxxxx	Xxxxx Xxxxxx	08/06/2023	verified	Alto
4	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx	Xxxxxxx Xxxxxxx	Xxxxx Xxxxxx	08/06/2023	verified	Alto
5	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx	Xxxxxxx Xxxxxxx	Xxxxx Xxxxxx	08/06/2023	verified	Alto
6	XXX.XXX.XXX.XXX	xxxxxx.xxx.xxx	Xxxxxxx Xxxxxxx	Xxxxx Xxxxxx	08/06/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Alto
2	T1059.007	CAPEC-209	CWE-79	Cross Site Scripting	predictive	Alto
3	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Alto
5	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (25)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/forum/away.php	predictive	Alto
2	File	/out.php	predictive	Médio
3	File	/sqfs/bin/sccd	predictive	Alto
4	File	admin/index.php	predictive	Alto
5	File	xxxxxxx/xxxxxxxxxx/xxxxxx_xxxxxx_xxxxxxxx_xxxxx.xx	predictive	Alto
6	File	xxxx/xxxxxxxxxxxxxxx.xxx	predictive	Alto
7	File	xxxx.xxx	predictive	Médio
8	File	xxxxx.xxx	predictive	Médio
9	File	xxxx.xxx	predictive	Médio
10	File	xxx/xxxxxx.xxx	predictive	Alto
11	File	xxxxxx/xxxxxx.x	predictive	Alto
12	File	xxx/xxxxxxxxx/xx_xxxxxxxxx_xxxx_xxxx.x	predictive	Alto
13	File	xxxxxxx.xxx	predictive	Médio
14	File	xxxx.xxx	predictive	Médio
15	File	xxxxxxxxxx.xxx	predictive	Alto
16	File	xxx.x	predictive	Baixo
17	File	xx_xxxxxxx.x	predictive	Médio
18	Argument	xxxxxxxx	predictive	Médio
19	Argument	xx	predictive	Baixo
20	Argument	xxxxxxxx	predictive	Médio
21	Argument	xxxxxxxxxx	predictive	Médio
22	Argument	xxxxxx_xx	predictive	Médio
23	Argument	xxx	predictive	Baixo
24	Argument	xxx	predictive	Baixo
25	Network Port	xxx	predictive	Baixo

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!