Xehook Stealer Análise

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (27)

Idioma

en	22
ru	6

País

us	28

Actores

Aurora Stealer	1
Ave Maria	1
RedLine Stealer	1
Zusy	1
Raccoon	1

Interesse

Tipo

Not Defined	10
Forum Software	4
Operating System	4
IP Phone Software	2
Auction Software	2

Fabricante

eXtropia	2
Way	2
Matt Tourtillott	2
Aastra	2
CGI Script Center	2

Produto

eXtropia BPS Forum	2
Way Way-Board	2
Matt Tourtillott nph-maillist	2
Aastra 6753i IP Phone	2
CGI Script Center Auction Weaver	2

Vulnerabilidades

#	Vulnerabilidade	Base	Temp	0day	Hoje	Exp	Mas	EPSS	CTI	CVE
1	Mozilla Firefox InstallVersion.compareTo Roteiro Cruzado de Sítios	6.3	5.7	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.04947	0.00	CVE-2005-2260
2	MIT Kerberos Key Distribution Center Excesso de tampão	7.3	6.6	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.74632	0.00	CVE-2005-1174
3	Novell eDirectory Modular Authentication Service Fraca autenticação	5.4	5.2	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00000	0.00
4	Microsoft IIS Frontpage Server Extensions shtml.dll Username Divulgação de Informação	5.3	5.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.15958	0.24	CVE-2000-0114
5	Apple Mac OS X Temporary Files Negação de Serviço	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.05953	0.00	CVE-2005-0524
6	Aastra 6753i IP Phone Authentication Fraca autenticação	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.00
7	Moreover.com Cached Feed.cgi Script cached_feed.cgi Directório Traversal	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01256	0.05	CVE-2000-0906
8	Ranson Johnson MailForm mailform.pl File Divulgação de Informação	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00472	0.00	CVE-2000-0877
9	Ranson Johnson Mailto CGI Script mailto.cgi direitos alargados	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00773	0.00	CVE-2000-0878
10	Way Way-Board way-board.cgi File Divulgação de Informação	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.01534	0.00	CVE-2001-0214
11	eXtropia BPS Forum bbs_forum.cgi Directório Traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01587	0.00	CVE-2001-0123
12	Ikonboard register.cgi direitos alargados	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00773	0.00	CVE-2001-0076
13	PCCS-Linux MySQLDatabase Admin Tool dbconnect.inc Password Divulgação de Informação	7.3	7.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00696	0.02	CVE-2000-0707
14	Matthew Redman Allmanage File Upload allmanageup.pl direitos alargados	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01221	0.00	CVE-2000-0435
15	Classifieds CGI Form classifieds.cgi direitos alargados	9.8	9.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.05470	0.00	CVE-1999-0935
16	Matt Tourtillott nph-maillist nph-maillist.pl direitos alargados	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01220	0.00	CVE-2001-0400
17	Microsoft FrontPage Extensions authors.pwd Divulgação de Informação	5.3	5.2	$5k-$25k	$0-$5k	Not Defined	Workaround	0.00000	0.00
18	Leif M. Wright ad.cgi direitos alargados	9.8	9.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.04848	0.05	CVE-2001-0025
19	CGI Script Center Auction Weaver auctionweaver.pl Directório Traversal	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00540	0.00	CVE-2000-0811
20	CGI Script Center Account Manager amadmin.pl direitos alargados	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03592	0.00	CVE-2000-0689

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	Endereço IP	Hostname	Actor	Campanhas	Identified	Tipo	Aceitação
1	45.15.156.174		Xehook Stealer		02/04/2024	verified	Alto

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Classificação	Vulnerabilidades	Tipo de acesso	Tipo	Aceitação
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Alto
2	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Alto
3	TXXXX	CAPEC-122	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (33)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Tipo	Aceitação
1	File	/+CSCOE+/logon.html	predictive	Alto
2	File	ad.cgi	predictive	Baixo
3	File	allmanageup.pl	predictive	Alto
4	File	amadmin.pl	predictive	Médio
5	File	xxxxxxxxxxxxx.xx	predictive	Alto
6	File	xxxxxxx.xxx	predictive	Médio
7	File	xxx_xxxxx.xxx	predictive	Alto
8	File	xxxxxx_xxxx.xxx	predictive	Alto
9	File	xxxxxxxxxxx.xxx	predictive	Alto
10	File	xxxxxxxxx.xxx	predictive	Alto
11	File	xxxxxxx.xx	predictive	Médio
12	File	xxxxxxx.xxx_	predictive	Médio
13	File	xxxxxxxx.xxx	predictive	Médio
14	File	xxxxxxxx.xx	predictive	Médio
15	File	xxxxxx.xxx	predictive	Médio
16	File	xxx-xxxxxxxx.xx	predictive	Alto
17	File	xxxxxxxx.xxx	predictive	Médio
18	File	xxxxxxxx.xxx	predictive	Médio
19	File	xxxxxxxxxx.xxx	predictive	Alto
20	File	xxx-xxxxx.xxx	predictive	Alto
21	Library	/_xxx_xxx/xxxxx.xxx	predictive	Alto
22	Argument	xxxxxxx	predictive	Baixo
23	Argument	xxxxxxxx/xxxxxx	predictive	Alto
24	Argument	xx	predictive	Baixo
25	Argument	xxxxx	predictive	Baixo
26	Argument	xxxxxxxx	predictive	Médio
27	Argument	xxxx	predictive	Baixo
28	Argument	xxxxx	predictive	Baixo
29	Argument	xxxx	predictive	Baixo
30	Argument	xxxx_xxxx	predictive	Médio
31	Argument	xxxxxxxxx	predictive	Médio
32	Argument	xx-xxxxxx_xxxx	predictive	Alto
33	Input Value	<xxxxxxxx>\x	predictive	Médio

Referências (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ VoltarVisão GeralPróximo ▸

Do you need the next level of professionalism?

Upgrade your account now!