FickerStealer Анализ

IOB - Indicator of Behavior (351)

Временная шкала

Язык

en268
es58
de14
fr6
ru2

Страна

us162
ru88
cn44
fr16
ir4

Акторы

Деятельность

Интерес

Временная шкала

Тип

Поставщик

Продукт

Microsoft Edge10
Microsoft ChakraCore10
Linux Kernel8
Apache HTTP Server8
WordPress6

Уязвимости

#УязвимостиBaseTemp0dayСегодняЭ�RemCTIEPSSCVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash раскрытие информации5.35.2$5k-$25k$0-$5kHighWorkaround0.020.02016CVE-2007-1192
2D-Link DIR-865L register_send.php слабая аутентификация7.57.1$5k-$25k$5k-$25kProof-of-ConceptNot Defined0.000.00109CVE-2013-3096
3Genetechsolutions Pie-Register wp-login.php межсайтовый скриптинг4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00904CVE-2013-4954
4Linux Foundation Xen EFLAGS Register SYSENTER эскалация привилегий6.25.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00062CVE-2013-1917
5Atlassian Confluence Server Widget Connector Macro обход каталога8.58.4$0-$5kРасчетHighOfficial Fix0.000.97508CVE-2019-3396
6OpenSSH Authentication Username раскрытие информации5.34.8$5k-$25k$0-$5kHighOfficial Fix0.000.10737CVE-2016-6210
7Oracle MySQL Server InnoDB эскалация привилегий5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00098CVE-2018-3185
8ISC BIND named resolver.c эскалация привилегий8.68.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.62316CVE-2016-1286
9D-Link DIR-645 Authentication getcfg.php раскрытие информации8.68.2$5k-$25k$0-$5kHighOfficial Fix0.020.00000
10ALFA AWUS036ACH Driver Network Configuration эскалация привилегий6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.080.00159CVE-2020-26143
11Atlassian Confluence Workbox Notification Comment раскрытие информации5.45.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00149CVE-2017-9505
12BusyBox unlzma Applet раскрытие информации7.37.2$0-$5k$0-$5kNot DefinedOfficial Fix0.030.00123CVE-2021-42374
13Linux Kernel port.c mlx4_register_mac повреждение памяти6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00045CVE-2010-5332
14DT Register Extension sql-инъекция8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00169CVE-2016-1000271
15Apple M1 Register s3_5_c15_c10_1 M1RACLES эскалация привилегий8.88.8$5k-$25k$5k-$25kNot DefinedNot Defined0.030.00000CVE-2021-30747
16Qualcomm Snapdragon Automobile Register эскалация привилегий5.45.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.00044CVE-2017-11004
17XiongMai IP Camera/DVR NetSurveillance Web Interface повреждение памяти8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.060.00372CVE-2017-16725
18ONLYOFFICE Document Server WebSocket API sql-инъекция8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.000.00174CVE-2020-11537
19nginx ngx_http_mp4_module раскрытие информации5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.050.00198CVE-2018-16845
20GitLab межсайтовый скриптинг4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000.00067CVE-2020-13345

IOC - Indicator of Compromise (25)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-адресHostnameАкторКампанииIdentifiedТипУверенность
123.21.27.29ec2-23-21-27-29.compute-1.amazonaws.comFickerStealer11.05.2022verifiedСредний
223.21.42.25ec2-23-21-42-25.compute-1.amazonaws.comFickerStealer11.05.2022verifiedСредний
323.21.140.41ec2-23-21-140-41.compute-1.amazonaws.comFickerStealer11.05.2022verifiedСредний
450.19.243.236ec2-50-19-243-236.compute-1.amazonaws.comFickerStealer11.05.2022verifiedСредний
554.221.253.252ec2-54-221-253-252.compute-1.amazonaws.comFickerStealer11.05.2022verifiedСредний
6XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedСредний
7XX.XXX.XX.XXXxxx-xx-xxx-xx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedСредний
8XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedСредний
9XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedСредний
10XX.XXX.XXX.XXXxxx-xx-xxx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedСредний
11XX.XXX.XXX.XXxx-xxxxxxx-xxx.xxxxxXxxxxxxxxxxxx11.05.2022verifiedВысокий
12XX.XXX.XX.XXXXxxxxxxxxxxxx11.05.2022verifiedВысокий
13XXX.XX.XX.XXXxxxxxxxxxxxx11.05.2022verifiedВысокий
14XXX.XX.XX.XXXXxxxxxxxxxxxx11.05.2022verifiedВысокий
15XXX.XXX.XX.XXXxxxxxxxx-xx-xxx.xxxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedВысокий
16XXX.XXX.XX.XXXxxxxxxxxxxxx11.05.2022verifiedВысокий
17XXX.XXX.XXX.XXXxxxxxxxxxxxx11.05.2022verifiedВысокий
18XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedВысокий
19XXX.X.XX.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedВысокий
20XXX.XX.XX.XXXXxxxxxxxxxxxx11.05.2022verifiedВысокий
21XXX.X.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxx11.05.2022verifiedВысокий
22XXX.X.XX.XXXxxxx-xxx-x-xx-xxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxxxx11.05.2022verifiedВысокий
23XXX.X.XX.XXXXxxxxxxxxxxxx11.05.2022verifiedВысокий
24XXX.XX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedВысокий
25XXX.XXX.X.XXxxxxx.xxxx.xxxXxxxxxxxxxxxx11.05.2022verifiedВысокий

TTP - Tactics, Techniques, Procedures (18)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueУязвимостиВектор доступаТипУверенность
1T1006CWE-22Path TraversalpredictiveВысокий
2T1040CWE-319Authentication Bypass by Capture-replaypredictiveВысокий
3T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveВысокий
4T1059CWE-94Argument InjectionpredictiveВысокий
5TXXXX.XXXCWE-XXXxxxx Xxxx XxxxxxxxxpredictiveВысокий
6TXXXXCWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
7TXXXX.XXXCWE-XXX, CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveВысокий
8TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveВысокий
9TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveВысокий
10TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveВысокий
11TXXXXCWE-XXXXxxxxxxxxx XxxxxxpredictiveВысокий
12TXXXXCWE-XXXxx XxxxxxxxxpredictiveВысокий
13TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveВысокий
14TXXXX.XXXCWE-XXXXxxxxxxxpredictiveВысокий
15TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveВысокий
16TXXXXCWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveВысокий
17TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveВысокий
18TXXXXCWE-XXXXxxxxxxxxxx XxxxxxpredictiveВысокий

IOA - Indicator of Attack (117)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDКлассIndicatorТипУверенность
1File/.envpredictiveНизкий
2File/category.phppredictiveВысокий
3File/cgi-bin/delete_CApredictiveВысокий
4File/cgi-bin/luci;stok=/localepredictiveВысокий
5File/Config/SaveUploadedHotspotLogoFilepredictiveВысокий
6File/downloadpredictiveСредний
7File/general/email/outbox/delete.phppredictiveВысокий
8File/getcfg.phppredictiveСредний
9File/get_getnetworkconf.cgipredictiveВысокий
10File/GponForm/device_Form?script/predictiveВысокий
11File/includes/rrdtool.inc.phppredictiveВысокий
12File/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=eventspredictiveВысокий
13File/Main_AdmStatus_Content.asppredictiveВысокий
14File/xxxxxxxxxpredictiveСредний
15File/xxxx/xxxxxxxxxxxpredictiveВысокий
16File/xxxpredictiveНизкий
17File/xxxxxxx/predictiveСредний
18File/xxxxxx/xxxxxx.xxxpredictiveВысокий
19File/xxx/xxx/xxxxxpredictiveВысокий
20File/xx/xxxxx.xxxpredictiveВысокий
21Filexxxxx/xxxxxxx.xxxpredictiveВысокий
22Filexxxxx/xxxxxx/xxxxx-xxxxxx-xxxxxxxx.xxxpredictiveВысокий
23Filexxxxx/xxxx.xxxxxxx.xxxpredictiveВысокий
24Filexxxxx/xxxx.xxxx.xxxpredictiveВысокий
25Filexxxxx\xxxxxxxxxx\xxxxxxxxxx.xxxpredictiveВысокий
26Filexxx.xxxpredictiveНизкий
27Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveВысокий
28Filexxx_xxxxxxxx.xxxpredictiveВысокий
29Filexxxx_xx.xxpredictiveСредний
30Filexxxxx-xx-xxxx-xxxxx.xxxpredictiveВысокий
31Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveВысокий
32Filexx.x/xxxxxxxx.xpredictiveВысокий
33Filexxxxxxxxxxxxxxxx.xxxpredictiveВысокий
34Filexxxxxxx/xxxxxxxxx/xxx_xxxxx.xpredictiveВысокий
35Filexxxxxxx/xxxx/xxxx/xxxx_xxxxxxxxxx.xpredictiveВысокий
36Filexxxxxxx/xxx/xxxx/xxxx.xpredictiveВысокий
37Filexxxxx.xxxpredictiveСредний
38Filexxxxxxx.xxxxpredictiveСредний
39Filexxxxxxxx/xxxx_xxxxpredictiveВысокий
40Filexxxx_xxxx.xpredictiveСредний
41Filexxxxxxxx/xxxx_xxxxxxxx/xxxxxxxx_xxxxxxx.xxxpredictiveВысокий
42Filexxxxx.xxxpredictiveСредний
43Filexxxxxxxxx/xxxxxx.xxx.xxxpredictiveВысокий
44Filexxxxxxxx.xxxpredictiveСредний
45Filexxxxx/xxxx_xxxxxxx/xxxxxxxxx/xxxx.xxxpredictiveВысокий
46Filexxxxxxx.xxxpredictiveСредний
47Filexxx_xxxxxxxxx.xpredictiveВысокий
48Filexxxxxxx/xxxxxxxxxxxxxxxx/xxxxxxxxx/xxxxxxxx.xxxxpredictiveВысокий
49Filexxxxxxxx.xxpredictiveСредний
50Filexxxxx.xpredictiveНизкий
51Filexxxxxxxx.xxxpredictiveСредний
52Filexxxxxxx.xxpredictiveСредний
53Filexxxxxxxx_xxxx.xxxpredictiveВысокий
54Filexxxxxxxx.xxxpredictiveСредний
55Filexxxxxx_xxxxxxx.xxxpredictiveВысокий
56Filexxxx_xxxxxxxx.xxxpredictiveВысокий
57Filexxxxxxxxxxxxxxxxxxxxxxxxxx.xx/xxxxxxxxxx.xx/xxxxxxxxxxx.xxpredictiveВысокий
58Filexxxxxxxxxxx.xpredictiveВысокий
59Filexxx/xx_xxx.xpredictiveСредний
60Filexx.xxxpredictiveНизкий
61Filexxxxxxx.xxxpredictiveСредний
62Filexxxxxxx.xxxpredictiveСредний
63Filexxx_xxxxx.xxx?xxxx=xxxxxxxxpredictiveВысокий
64Filexxxxxxx.xxxpredictiveСредний
65Filexx-xxxxx/xxxx.xxx?xxxx_xxxx=xxxxxpredictiveВысокий
66Filexx-xxxxxxxx/xxxx-xxx/xxxxxxxxx/xxxxx-xx-xxxx-xxxxx-xxxxxxxxxx.xxxpredictiveВысокий
67Filexx-xxxxx.xxxpredictiveСредний
68Library/_xxx_xxx/xxxxx.xxxpredictiveВысокий
69Libraryxxx/xxxx/xxxxxx.xxpredictiveВысокий
70LibraryxxxxxxxxxpredictiveСредний
71Argument--xxxxxx/--xxxxxxxxpredictiveВысокий
72Argumentxxxxxxxxxx xxx xxxxxxxpredictiveВысокий
73Argumentxxxxxxxxxx_xxxxpredictiveВысокий
74ArgumentxxxpredictiveНизкий
75ArgumentxxxxxxxxpredictiveСредний
76ArgumentxxxxxxxpredictiveНизкий
77ArgumentxxxxxxxpredictiveНизкий
78Argumentxxxxxx_xxxpredictiveСредний
79Argumentxxxx_xxxxxx=xxxxpredictiveВысокий
80ArgumentxxxxxpredictiveНизкий
81ArgumentxxxxxxxxpredictiveСредний
82ArgumentxxxxxxxxpredictiveСредний
83ArgumentxxpredictiveНизкий
84ArgumentxxxxpredictiveНизкий
85ArgumentxxxxpredictiveНизкий
86Argumentxxxx_xxxxxxxpredictiveСредний
87ArgumentxxpredictiveНизкий
88ArgumentxxxxxxxxxxpredictiveСредний
89ArgumentxxpredictiveНизкий
90ArgumentxxxxpredictiveНизкий
91ArgumentxxxxxpredictiveНизкий
92ArgumentxxxxxxxxpredictiveСредний
93Argumentxxxxxxx/xxxxpredictiveСредний
94ArgumentxxpredictiveНизкий
95ArgumentxxxxxpredictiveНизкий
96ArgumentxxxxxxxxpredictiveСредний
97ArgumentxxxxxxxxpredictiveСредний
98ArgumentxxxxpredictiveНизкий
99ArgumentxxxxxxxpredictiveНизкий
100ArgumentxxxxxxxxxxxpredictiveСредний
101Argumentxxxxxx_xxxxpredictiveСредний
102ArgumentxxxxxxxpredictiveНизкий
103ArgumentxxxxxxxxpredictiveСредний
104ArgumentxxxpredictiveНизкий
105Argumentx_xxpredictiveНизкий
106ArgumentxxxxpredictiveНизкий
107Argumentxxxxxxxx/xxxxxxxxpredictiveВысокий
108ArgumentxxxxxpredictiveНизкий
109Argumentx-xxxxxxxxx-xxxpredictiveВысокий
110Input Value%xxxxxx+-x+x+xx.x.xx.xxx%xx%xxpredictiveВысокий
111Input Value-x+xxxxx+xxxxxx+x,x,xxxxxxx()predictiveВысокий
112Input Value../predictiveНизкий
113Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveВысокий
114Pattern|xx|xx|xx|predictiveСредний
115Network Portxxx/xxxxpredictiveСредний
116Network Portxxx/xxxx (xx-xxx)predictiveВысокий
117Network Portxxx xxxxxx xxxxpredictiveВысокий

Ссылки (2)

The following list contains external sources which discuss the actor and the associated activities:

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!