DeathStalker Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (191)

Язык

en	182
es	2
fr	2
pl	2
zh	2

Страна

us	26
cn	8
ru	4
bg	2

Акторы

APT28	3
DeathStalker	3
RecordBreaker	2
Raccoon	2
Cobalt Strike	2

Интерес

Тип

Not Defined	86
WordPress Plugin	14
Operating System	14
Content Management System	10
Document Reader Software	6

Поставщик

Not Defined	58
Microsoft	14
Google	10
IBM	6
Adobe	6

Продукт

Microsoft Windows	12
Google Android	6
Adobe Acrobat Reader	4
Google Chrome	4
Hitachi Jp1-cm2-hierarchical Viewer	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	EPSS	CTI	CVE
1	Best Gallery Albums Plugin admin.php межсайтовый скриптинг	5.2	4.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00109	0.00	CVE-2014-8758
2	AXIS 2110 Network Camera getparam.cgi отказ в обслуживании	9.8	9.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03461	0.00	CVE-2004-2427
3	onnx ONNX_ASSERTM раскрытие информации	4.9	4.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.00	CVE-2024-27319
4	Google Android Codec2BufferUtils.cpp ConvertRGBToPlanarYUV повреждение памяти	5.3	5.1	$5k-$25k	$5k-$25k	Not Defined	Official Fix	0.00043	0.02	CVE-2024-0023
5	7-card Fakabao alipay_notify.php sql-инъекция	5.5	5.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00064	0.00	CVE-2023-7183
6	Scott Paterson Easy PayPal Shopping Cart Plugin межсайтовый скриптинг	5.1	5.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00045	0.00	CVE-2023-47239
7	AWeber Free Sign Up Form and Landing Page Builder for Lead Generation and Email Newsletter Growth Plugin неизвестная уязвимость	5.8	5.8	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2023-47757
8	Guillemant David WP Full Auto Tags Manager Plugin неизвестная уязвимость	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2023-34024
9	Os Commerce межсайтовый скриптинг	6.5	6.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00049	0.00	CVE-2023-43718
10	Dolibarr межсайтовый скриптинг	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00046	0.04	CVE-2023-5323
11	WordPress Password Reset wp-login.php mail эскалация привилегий	6.1	5.8	$5k-$25k	$0-$5k	Proof-of-Concept	Not Defined	0.02827	0.16	CVE-2017-8295
12	TOTOLINK Realtek SDK formSysCmd эскалация привилегий	7.5	7.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.96302	0.07	CVE-2019-19824
13	Samsung ScanPool MAC Address Information раскрытие информации	1.9	1.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2022-30728
14	Microsoft Windows Runtime Remote Code Execution	8.1	7.4	$100k и многое другое	$5k-$25k	Unproven	Official Fix	0.40028	0.05	CVE-2022-21971
15	TP-LINK TL-WR840N/TL-WR841N Session слабая аутентификация	8.5	7.5	$0-$5k	$0-$5k	Proof-of-Concept	Workaround	0.30057	0.07	CVE-2018-11714
16	Huawei HarmonyOS Audio Module раскрытие информации	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00221	0.00	CVE-2021-46786
17	Huawei HarmonyOS Frame Scheduling Module повреждение памяти	5.5	5.5	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00221	0.07	CVE-2022-29794
18	mySCADA myPRO эскалация привилегий	7.4	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00218	0.00	CVE-2021-33009
19	Puppet Enterprise CD4PE Deployment Definition Credentials раскрытие информации	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00044	0.00	CVE-2020-7945
20	Easy Cookies Policy Plugin Subscriber неизвестная уязвимость	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00149	0.00	CVE-2021-24405

Кампании (1)

These are the campaigns that can be associated with the actor:

Janicab

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Кампании	Identified	Тип	Уверенность
1	87.120.37.68	www.tubebg.com	DeathStalker	Janicab	17.12.2022	verified	Высокий
2	XX.XXX.XXX.XXX		Xxxxxxxxxxxx	Xxxxxxx	17.12.2022	verified	Высокий
3	XXX.XXX.XXX.XXX		Xxxxxxxxxxxx	Xxxxxxx	17.12.2022	verified	Высокий

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Класс	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1006	CAPEC-126	CWE-21, CWE-22	Path Traversal	predictive	Высокий
2	T1040	CAPEC-102	CWE-294, CWE-319	Authentication Bypass by Capture-replay	predictive	Высокий
3	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
4	T1059	CAPEC-137	CWE-88, CWE-94	Argument Injection	predictive	Высокий
5	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
7	TXXXX.XXX	CAPEC-191	CWE-XXX	Xxxx-xxxxx Xxxxxxxxxxx	predictive	Высокий
8	TXXXX	CAPEC-108	CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
9	TXXXX	CAPEC-0	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Высокий
10	TXXXX	CAPEC-1	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
11	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
12	TXXXX	CAPEC-102	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
13	TXXXX	CAPEC-38	CWE-XXX	Xxxxxxxxx Xxxxxx Xxxx	predictive	Высокий
14	TXXXX.XXX	CAPEC-459	CWE-XXX	Xxxxxxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
15	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
16	TXXXX	CAPEC-157	CWE-XXX, CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий
17	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (73)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/etc/postfix/sender_login	predictive	Высокий
2	File	/goform/openSchedWifi	predictive	Высокий
3	File	/services/details.asp	predictive	Высокий
4	File	admin/getparam.cgi	predictive	Высокий
5	File	aepx	predictive	Низкий
6	File	app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php	predictive	Высокий
7	File	boafrm/formSysCmd	predictive	Высокий
8	File	browser.php	predictive	Средний
9	File	xxxx/xxxxxx.x	predictive	Высокий
10	File	xxxxxxxxxxxxxxxxx.xxx	predictive	Высокий
11	File	xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
12	File	xxxxxx.xxx	predictive	Средний
13	File	xxxxxxxxxxxxxxxxxxxxxx.xxxx	predictive	Высокий
14	File	xxxxxxxxx.xxx	predictive	Высокий
15	File	xxxxxxx/xxx/xxxxxxxxxx/xxxxx.x	predictive	Высокий
16	File	xxxxxxx/xxx/xxxx/xxxxxx.x	predictive	Высокий
17	File	xxxxxxx.xxx	predictive	Средний
18	File	xxx/xxxx_xxxx.x	predictive	Высокий
19	File	xxx/xxxxxxxxxx.x	predictive	Высокий
20	File	xxxx/xxxxxx.x	predictive	Высокий
21	File	xxxxx.xxx	predictive	Средний
22	File	xxxxxxxx.xxx	predictive	Средний
23	File	xxxxxxxx.xxx	predictive	Средний
24	File	xxxxxxx.xxx	predictive	Средний
25	File	xxxxx/xxxxxxxx.xxx.xxx	predictive	Высокий
26	File	xxxxxxxxxx.x	predictive	Средний
27	File	xxxxxx/xxxxx/xxxxxxx/xxxxxxxxxx.xxx	predictive	Высокий
28	File	xxxxxxx.xxxx	predictive	Средний
29	File	xxxxxxxx.xxx	predictive	Средний
30	File	xxxxxxx.xx	predictive	Средний
31	File	xxxx/xxxxxx_xxxxxx.xxx	predictive	Высокий
32	File	xxxxxx.xxx	predictive	Средний
33	File	xxxxxxxxx.xxx	predictive	Высокий
34	File	xxxxxxxxxxxx.xxx	predictive	Высокий
35	File	xxxxx/xxxxx.xxx?xxxxxxxxxxx_xx=xxxx	predictive	Высокий
36	File	xx-xxxxx/xxxxx.xxx	predictive	Высокий
37	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Высокий
38	File	xx-xxxxx.xxx	predictive	Средний
39	Library	/xxx/xxx_xx-xxxxx-xxx/xxxx.xx.x	predictive	Высокий
40	Library	xxxxxxxx.xxx	predictive	Средний
41	Library	xxxxxx.xxx	predictive	Средний
42	Argument	xxxxxx	predictive	Низкий
43	Argument	xxxxxxxxxx	predictive	Средний
44	Argument	xxxxxxxxxxxx	predictive	Средний
45	Argument	xxxxxx	predictive	Низкий
46	Argument	xxxxxxxxx	predictive	Средний
47	Argument	xxxxx xxxxxxx xx xxxxxxx xxxxxxxxxxxx xx xxxx xxxxxxxxxx	predictive	Высокий
48	Argument	xxxxxxxx	predictive	Средний
49	Argument	xxxxxxxx	predictive	Средний
50	Argument	xxxx	predictive	Низкий
51	Argument	xx	predictive	Низкий
52	Argument	xxx[xxxx_xx]	predictive	Средний
53	Argument	xxxxxxx_xxxxxx_xxxxx[x]	predictive	Высокий
54	Argument	xxxxx_xxxxx[xxxxxxxxx_xxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxxxx_xxx]/xxxxx_xxxxx[xxxxxxxxx_xxxx]/xxxxx_xxxxx[xxxx_xxxxxx]	predictive	Высокий
55	Argument	xxxxx_xx	predictive	Средний
56	Argument	xxx_xxxxx_xx	predictive	Средний
57	Argument	xxxxxxxx	predictive	Средний
58	Argument	xxxxxx	predictive	Низкий
59	Argument	xxxxxxxxxxxxxx/xxxxxxxxxxxx	predictive	Высокий
60	Argument	xxxxxxx_xx	predictive	Средний
61	Argument	xxxxxxx	predictive	Низкий
62	Argument	xxxxxx	predictive	Низкий
63	Argument	xxxxxx	predictive	Низкий
64	Argument	xxxxx	predictive	Низкий
65	Argument	xxxxx	predictive	Низкий
66	Argument	_xxx_xxxxxxx_xxxxxx_xxxxx_xxx_xxxxxxx_xxxxxxxxxxxxxxxxx_xxxx	predictive	Высокий
67	Input Value	/../	predictive	Низкий
68	Input Value	xxxxxxxxxx	predictive	Средний
69	Input Value	x+xxxx (xxxxx xxxxxx xxxxxxx) xxx x+xxxx (xxxxx-xx-xxxx xxxxxxx)	predictive	Высокий
70	Input Value	\xxx../../../../xxx/xxxxxx	predictive	Высокий
71	Input Value	\xxx\xxx	predictive	Средний
72	Network Port	xxx/xxxx	predictive	Средний
73	Network Port	xxx/xxxx	predictive	Средний

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ ПредыдущийОбзорДалее ▸

Interested in the pricing of exploits?

See the underground prices here!