WASP Stealer Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (179)

Idioma

en	122
ru	34
de	12
es	8
ja	2

País

us	112
ru	48
jp	6
ly	4
ua	4

Actores

WASP Stealer	7
RedLine Stealer	5
Cobalt Strike	3
Remcos	2
Sliver	2

Interesse

Tipo

Not Defined	74
Programming Language Software	8
WordPress Plugin	8
Content Management System	6
Smartphone Operating System	6

Fabricante

Not Defined	64
Google	8
Joomla	4
DUware	4
Apple	4

Produto

Joomla CMS	4
e-Quick Cart	4
Google Android	4
safeurl-python	2
Apache Struts	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	nginx direitos alargados	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00241	3.84	CVE-2020-12440
2	AppServ Open Project Negação de Serviço	7.5	7.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.08073	0.00	CVE-2005-4296
3	Citrix Metaframe login.asp Roteiro Cruzado de Sítios	4.3	3.9	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00867	0.00	CVE-2003-1157
4	Cacti XML Template File templates_import.php Roteiro Cruzado de Sítios	4.8	4.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00069	0.00	CVE-2023-50569
5	Moment.js Directório Traversal	6.9	6.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00330	0.05	CVE-2022-24785
6	Cutephp CuteNews Protection Feature shows.inc.php Negação de Serviço	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02946	0.00	CVE-2005-3010
7	Apache Tomcat JmxRemoteLifecycleListener direitos alargados	9.8	9.6	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.25115	0.04	CVE-2016-8735
8	Bitrix Site Manager Vote Module Remote Code Execution	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00668	0.09	CVE-2022-27228
9	Microsoft Windows Remote Desktop Protocol Remote Code Execution	7.0	6.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00254	0.03	CVE-2023-35332
10	myPHPCalendar admin.php direitos alargados	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02576	0.04	CVE-2006-6812
11	Squitosoft Squito Gallery photolist.inc.php Excesso de tampão	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01371	0.04	CVE-2005-2258
12	DUware DUdownload detail.asp Injecção SQL	7.3	7.1	$0-$5k	$0-$5k	High	Unavailable	0.00254	0.03	CVE-2006-6367
13	Trevor Hogan BNBT Util_DecodeHTTPAuth Negação de Serviço	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.10255	0.00	CVE-2004-2029
14	AWStats awstats.pl Directório Traversal	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00499	0.05	CVE-2020-35176
15	Metertek pagelog.cgi Directório Traversal	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01047	0.02	CVE-2000-0940
16	Cutephp CuteNews show_archives.php Directório Traversal	5.3	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.06846	0.00	CVE-2005-3507
17	GNU Mailman Admin Login Page/Pipermail Index Summary Roteiro Cruzado de Sítios	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.01480	0.03	CVE-2002-0388
18	Craig Patchett Fileseek FileSeek.cgi Directório Traversal	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04964	0.00	CVE-2002-0611
19	JetBrains IntelliJ IDEA License Server Fraca autenticação	7.7	7.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.03	CVE-2020-11690
20	Import any XML or CSV File Plugin ZIP File direitos alargados	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00106	0.04	CVE-2023-7082

Campanhas (1)

These are the campaigns that can be associated with the actor:

Invisible Challenge

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	3.86.190.205	ec2-3-86-190-205.compute-1.amazonaws.com	WASP Stealer		21/06/2023	verified	Médio
2	4.201.87.248		WASP Stealer		21/06/2023	verified	Alto
3	18.204.35.132	ec2-18-204-35-132.compute-1.amazonaws.com	WASP Stealer		21/06/2023	verified	Médio
4	XX.XXX.XX.XX		Xxxx Xxxxxxx		21/06/2023	verified	Alto
5	XX.XXX.X.XXX		Xxxx Xxxxxxx		21/06/2023	verified	Alto
6	XX.XXX.XXX.XX	xx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxx	Xxxx Xxxxxxx		21/06/2023	verified	Médio
7	XX.XX.XX.XXX		Xxxx Xxxxxxx		21/06/2023	verified	Alto
8	XX.XXX.XXX.XXX		Xxxx Xxxxxxx	Xxxxxxxxx Xxxxxxxxx	06/12/2022	verified	Alto
9	XX.XXX.XXX.XX	xxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxx	Xxxx Xxxxxxx		21/06/2023	verified	Médio
10	XX.XX.XXX.XXX	xx-xx-xx-xxx-xxx-xxxxx.xxx.xxxxxx-xx-xxxx.xxx	Xxxx Xxxxxxx		21/06/2023	verified	Alto
11	XX.XXX.X.XXX	xx.xxxxxxx	Xxxx Xxxxxxx		21/06/2023	verified	Alto

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1		CAPEC-10	CWE-20, CWE-73, CWE-119, CWE-121, CWE-122, CWE-125, CWE-189, CWE-190, CWE-193, CWE-266, CWE-275, CWE-285, CWE-287, CWE-290, CWE-305, CWE-352, CWE-362, CWE-367, CWE-400, CWE-404, CWE-416, CWE-444, CWE-473, CWE-502, CWE-610, CWE-611, CWE-613, CWE-665, CWE-732, CWE-787, CWE-862, CWE-863, CWE-918	Unknown Vulnerability	predictive	Alto
2	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Alto
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Alto
4	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Alto
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
7	TXXXX	CAPEC-127	CWE-XXX, CWE-XXX	Xxxx Xxx Xxxxxxxxx Xxxxxxxxxxx Xxxxxxxx	predictive	Alto
8	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Alto
9	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Alto
10	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Alto
11	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto
12	TXXXX.XXX	CAPEC-112	CWE-XXX, CWE-XXX	Xxx Xxxxxxxxxx Xxxxx	predictive	Alto
13	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (137)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/admin/admin.php	predictive	Alto
2	File	/admin/index2.html	predictive	Alto
3	File	/api/baskets/{name}	predictive	Alto
4	File	/application/index/controller/Databasesource.php	predictive	Alto
5	File	/livesite/edit_designer_region.php	predictive	Alto
6	File	/view-pass-detail.php	predictive	Alto
7	File	/wp-admin/options-general.php	predictive	Alto
8	File	admin.color.php	predictive	Alto
9	File	admin.cropcanvas.php	predictive	Alto
10	File	admin.joomlaradiov5.php	predictive	Alto
11	File	admin.php	predictive	Médio
12	File	admin/addons/archive/archive.php	predictive	Alto
13	File	administrator/components/com_media/helpers/media.php	predictive	Alto
14	File	admin\model\catalog\download.php	predictive	Alto
15	File	akocomments.php	predictive	Alto
16	File	album_portal.php	predictive	Alto
17	File	xx_xxxxxxxxxx.xxx	predictive	Alto
18	File	xxxxxxxxxxxxx.xxx	predictive	Alto
19	File	xxxxxx/xxxxxxx/xxxx/xxxxx.xxx	predictive	Alto
20	File	xxxxx.xxx	predictive	Médio
21	File	xxx_xxxxxxxxx.xxx	predictive	Alto
22	File	xxx-xxx/xxxxxxx.xx	predictive	Alto
23	File	xxxxxxx.xxx.xxx	predictive	Alto
24	File	xxxxxx/xxxx.xxx	predictive	Alto
25	File	xxxxxx.xxx	predictive	Médio
26	File	xxxxxx_xxxxx.xxx	predictive	Alto
27	File	xxxxxxxxx/xx_xxxxx.xxxxx.xxx	predictive	Alto
28	File	xxxxxx.xxx	predictive	Médio
29	File	xxxxxx.xxx	predictive	Médio
30	File	xxxxxxxx.xxx	predictive	Médio
31	File	xxxxxxx_xxxxxxx.xx	predictive	Alto
32	File	xxxxxxxx.xxx	predictive	Médio
33	File	xxxxxxxxxx.xxx	predictive	Alto
34	File	xxxxxxxx.xxx	predictive	Médio
35	File	xxx/xxxxx.xxx.xxx	predictive	Alto
36	File	xxxxxxx.xxx	predictive	Médio
37	File	xxxxx.xxx	predictive	Médio
38	File	xxxxx.xxx	predictive	Médio
39	File	xxxxxx/xxxxxx/xxxxx.xxx	predictive	Alto
40	File	xxxxxx/xxxxxx/xxx_x.xxx	predictive	Alto
41	File	xxxx_xxxx.xxx	predictive	Alto
42	File	xxxxx.xxx	predictive	Médio
43	File	xxxxx.xxx	predictive	Médio
44	File	xxxxx/	predictive	Baixo
45	File	xxxxxxx.xxx	predictive	Médio
46	File	xxxxxxxx.xxx	predictive	Médio
47	File	xxxx_xxxx.xxx	predictive	Alto
48	File	xxxxxxx.xxx	predictive	Médio
49	File	xxxxxxxxx.xxx.xxx	predictive	Alto
50	File	xxxxxxxxxxx.xxxx	predictive	Alto
51	File	xxxxxxxxxxxxxx.xxx	predictive	Alto
52	File	xxxxxxx_xxxxxx_xxxxxxxxxx.xxx	predictive	Alto
53	File	xxx.x	predictive	Baixo
54	File	xxxxxxx.xxx	predictive	Médio
55	File	xxxxxxxxxxxxxxxx.xxx	predictive	Alto
56	File	xxxxxxxxxxxxxxx.xxx	predictive	Alto
57	File	xxxx_xxxxxxx_xxxxxxxx.xxx	predictive	Alto
58	File	xxxxxxxxxxx.xxx	predictive	Alto
59	File	xxxx_xxxxxxxx.xxx	predictive	Alto
60	File	xxxx_xxxxxxxx.xxx/xxxx_xxxx.xxx	predictive	Alto
61	File	xxxxxx.xxx	predictive	Médio
62	File	xxxxxx_xxxxxx.xxx	predictive	Alto
63	File	xxxxx_xxxxx.xxx	predictive	Alto
64	File	xxxxxxxxx/xxxxxxxxxx	predictive	Alto
65	File	xxxxxxxxx/xxxxxxxx.xxx	predictive	Alto
66	File	xxxxxxxxx_xxxxxx.xxx	predictive	Alto
67	File	xxxx_xxx_xxxx.xxx	predictive	Alto
68	File	xxxxxxx-xxxxxx.xxx	predictive	Alto
69	File	xxxx_xxxx.xxx	predictive	Alto
70	File	xxxxxxx.xxxx	predictive	Médio
71	Library	xxxxxx[xxxxxx_xxxx	predictive	Alto
72	Library	xxxxxxxx-x.x/xxxxxxxx.xxx	predictive	Alto
73	Argument	xxxxxxxxxxx	predictive	Médio
74	Argument	xxxxxx	predictive	Baixo
75	Argument	xxxxxxxxx	predictive	Médio
76	Argument	xxxx_xxx	predictive	Médio
77	Argument	xxxxxx	predictive	Baixo
78	Argument	xxxxxx_xxxxx	predictive	Médio
79	Argument	xxx_xxx	predictive	Baixo
80	Argument	xxx	predictive	Baixo
81	Argument	xxx_xx	predictive	Baixo
82	Argument	xxxx_xx	predictive	Baixo
83	Argument	xxxxxxx	predictive	Baixo
84	Argument	xxxxxxxxxxxx	predictive	Médio
85	Argument	xxxxxx	predictive	Baixo
86	Argument	xxxxxxxxxx	predictive	Médio
87	Argument	xxxxxx[xxxxxx_xxxx]	predictive	Alto
88	Argument	xxxxxxx_xx	predictive	Médio
89	Argument	xxxxxxxxxxxx	predictive	Médio
90	Argument	xxxxxxxxxxx	predictive	Médio
91	Argument	xxxx	predictive	Baixo
92	Argument	xxxxxxx	predictive	Baixo
93	Argument	xxxxxx_xxxxx_xxx	predictive	Alto
94	Argument	xxxxxxxx	predictive	Médio
95	Argument	xxxx/xxxx	predictive	Médio
96	Argument	xxxx_xxxx_xxxxxxx	predictive	Alto
97	Argument	xxxx_xxxxxx_xx	predictive	Alto
98	Argument	xxxx_xxxxx	predictive	Médio
99	Argument	xx	predictive	Baixo
100	Argument	xx	predictive	Baixo
101	Argument	xxxxxxxxx	predictive	Médio
102	Argument	xxxx	predictive	Baixo
103	Argument	xxxxx	predictive	Baixo
104	Argument	xxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxx	predictive	Alto
105	Argument	xxxx	predictive	Baixo
106	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Alto
107	Argument	xxxxxxxxx_xxxx_xxxx	predictive	Alto
108	Argument	xxxx/xxxxxxx	predictive	Médio
109	Argument	xxxx_xx	predictive	Baixo
110	Argument	xxxxx_xxxxxxx	predictive	Alto
111	Argument	xxxxx_xxx	predictive	Médio
112	Argument	xxxxxxxxx	predictive	Médio
113	Argument	xxxxx_xxxx_xxxx	predictive	Alto
114	Argument	xxxxx_xxxxxxx_xxxx	predictive	Alto
115	Argument	xxxxxxx_xxx	predictive	Médio
116	Argument	xxx	predictive	Baixo
117	Argument	xxxxx	predictive	Baixo
118	Argument	xxxxxx	predictive	Baixo
119	Argument	xxxxxxx	predictive	Baixo
120	Argument	xxxx_xxx	predictive	Médio
121	Argument	xxxxxxx_xxxxxx_xxxxx.xxx	predictive	Alto
122	Argument	xxxxxx/xxxxxx_xxxxxx	predictive	Alto
123	Argument	xxxxxxxxxx	predictive	Médio
124	Argument	xxxxxx	predictive	Baixo
125	Argument	xxxxxxxxx	predictive	Médio
126	Argument	xxxxxx	predictive	Baixo
127	Argument	xxxxxxxx	predictive	Médio
128	Argument	xx_xxxxxxxxxxx	predictive	Alto
129	Argument	xxxxxxxxxxx	predictive	Médio
130	Argument	xxxxx/xxxx	predictive	Médio
131	Argument	xxxxxxx	predictive	Baixo
132	Argument	xxxxx	predictive	Baixo
133	Argument	xxxxx_xxx	predictive	Médio
134	Input Value	../	predictive	Baixo
135	Input Value	</xxxxxx >	predictive	Médio
136	Input Value	x==	predictive	Baixo
137	Input Value	\xxx../../../../xxx/xxxxxx	predictive	Alto

Referências (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!