MetaStealer Анализ

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (71)

Язык

en	62
es	4
ru	4
it	2

Страна

us	34
ru	8
es	4
is	2
it	2

Акторы

MetaStealer	6
RedLine Stealer	2
Meterpreter	2
Redaman	1
BitRAT	1

Интерес

Тип

Not Defined	22
Hospitality Software	6
Groupware Software	4
E-Commerce Management Software	4
Web Server	4

Поставщик

Not Defined	24
Microsoft	8
SourceCodester	4
Loris	2
PHP-NUKE	2

Продукт

Microsoft Exchange Server	4
Microsoft IIS	4
E-commerce MLM Software	2
Hostel Searching Project	2
Loris Hotel Reservation System	2

Уязвимости

#	Уязвимости	Base	Temp	0day	Сегодня	Э�	Rem	CTI	EPSS	CVE
1	Red Lion HMI Panel URI эскалация привилегий	6.9	6.9	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00238	CVE-2017-14855
2	GNU Bash mod_cgi эскалация привилегий	9.8	8.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.03	0.97348	CVE-2014-7169
3	Hostel Searching Project view-property.php sql-инъекция	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.03	0.00223	CVE-2022-4051
4	Ovidentia CMS index.php sql-инъекция	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.07	0.00089	CVE-2021-29343
5	phpBB XS bb_usage_stats.php эскалация привилегий	7.3	6.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.07955	CVE-2006-4893
6	SourceCodester Online Student Admission System Student User Page edit-profile.php межсайтовый скриптинг	3.5	3.2	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00068	CVE-2022-2681
7	Microsoft Exchange Server Privilege Escalation	8.3	7.6	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.06	0.00080	CVE-2023-36745
8	Elementor Plugin Template Import эскалация привилегий	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00054	CVE-2023-48777
9	News & Blog Designer Pack Plugin эскалация привилегий	7.3	7.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.02	0.00322	CVE-2023-5815
10	LearnPress Plugin эскалация привилегий	7.8	7.7	$0-$5k	$0-$5k	Not Defined	Not Defined	0.03	0.16476	CVE-2023-6634
11	Likeshop HTTP POST Request File.php userFormImage эскалация привилегий	8.1	7.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.05	0.00727	CVE-2024-0352
12	Proxmox proxmox-widget-toolkit Edit Notes межсайтовый скриптинг	5.0	5.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.06	0.00052	CVE-2023-46854
13	GG18/GG20 ECDSA Private Key эскалация привилегий	7.7	7.5	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00070	CVE-2023-33241
14	Mozilla Firefox SPDY/HTTP/2 слабое шифрование	5.3	4.6	$5k-$25k	$0-$5k	Unproven	Official Fix	0.02	0.00411	CVE-2014-1584
15	Microsoft Exchange Server Privilege Escalation	8.8	7.7	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.02	0.01192	CVE-2023-21529
16	MetInfo URL Redirector login.php	6.6	6.6	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00	0.00107	CVE-2017-11718
17	SourceCodester Sanitization Management System Admin Login sql-инъекция	7.5	7.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.00120	CVE-2022-4726
18	Microsoft SharePoint Workflow эскалация привилегий	10.0	8.7	$25k-$100k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.91072	CVE-2013-1330
19	NdkAdvancedCustomizationFields createPdf.php межсайтовый скриптинг	4.8	4.6	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00	0.00063	CVE-2022-40840
20	Redis XAUTOCLAIM Command повреждение памяти	8.2	8.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00598	CVE-2022-31144

IOC - Indicator of Compromise (14)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-адрес	Hostname	Актор	Identified	Тип	Уверенность
1	4.224.60.120		MetaStealer	21.11.2023	verified	Высокий
2	13.114.196.60	ec2-13-114-196-60.ap-northeast-1.compute.amazonaws.com	MetaStealer	26.02.2024	verified	Средний
3	13.125.88.10	ec2-13-125-88-10.ap-northeast-2.compute.amazonaws.com	MetaStealer	26.02.2024	verified	Средний
4	XX.XXX.XXX.XX	xxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xx	Xxxxxxxxxxx	26.11.2023	verified	Высокий
5	XXX.XX.XX.XXX	xxx-xx-xx-xxx.xxxxxxx-xxx	Xxxxxxxxxxx	16.05.2023	verified	Высокий
6	XXX.XXX.XXX.XXX	xxxxxxxxx.xxxxxxxxx.xxxx	Xxxxxxxxxxx	16.05.2023	verified	Высокий
7	XXX.XXX.XXX.XXX	xxxxxx.xxx	Xxxxxxxxxxx	02.12.2022	verified	Высокий
8	XXX.XXX.XXX.XX		Xxxxxxxxxxx	16.05.2023	verified	Высокий
9	XXX.XXX.XXX.XX		Xxxxxxxxxxx	31.01.2023	verified	Высокий
10	XXX.XXX.XXX.XXX		Xxxxxxxxxxx	06.04.2022	verified	Высокий
11	XXX.XX.XX.XXX		Xxxxxxxxxxx	30.11.2023	verified	Высокий
12	XXX.XX.XX.XXX		Xxxxxxxxxxx	30.11.2023	verified	Высокий
13	XXX.XX.XXX.XXX	xxx.xxx	Xxxxxxxxxxx	30.11.2023	verified	Высокий
14	XXX.XX.XX.XXX		Xxxxxxxxxxx	29.12.2023	verified	Высокий

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Уязвимости	Вектор доступа	Тип	Уверенность
1	T1055	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	Высокий
2	T1059	CWE-94	Argument Injection	predictive	Высокий
3	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Высокий
4	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Высокий
5	TXXXX	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Высокий
6	TXXXX.XXX	CWE-XXX	Xxxx Xxxxxxxx	predictive	Высокий
7	TXXXX	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Высокий
8	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Высокий
9	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Высокий
10	TXXXX	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Высокий
11	TXXXX.XXX	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Высокий

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Класс	Indicator	Тип	Уверенность
1	File	/index.php	predictive	Средний
2	File	/uncpath/	predictive	Средний
3	File	about.php	predictive	Средний
4	File	admin.php	predictive	Средний
5	File	admin_feature.php	predictive	Высокий
6	File	aj.html	predictive	Низкий
7	File	akocomments.php	predictive	Высокий
8	File	archives.php	predictive	Средний
9	File	xxxxxxx.xxx	predictive	Средний
10	File	xxxx.xxx.xxx	predictive	Средний
11	File	xx_xxxxx_xxxxx.xxx	predictive	Высокий
12	File	xxx-xxxxxx-xxxxxxxxxx-xxxxxx/xxxxxxx.xxx	predictive	Высокий
13	File	xxx-xxx/xxxxxxxxxxx/xxxxxxxxx.xxx	predictive	Высокий
14	File	xxx-xxx/xxxxxx/xxxxx.xx	predictive	Высокий
15	File	xxxxxxxxxxx.xxx.xxx	predictive	Высокий
16	File	xxxxxxx.xxx	predictive	Средний
17	File	xxxxxxxxx.xxx	predictive	Высокий
18	File	xxxxxx.xxx	predictive	Средний
19	File	xxxxxx.xxx	predictive	Средний
20	File	xxxx-xxxxxxx.xxx	predictive	Высокий
21	File	xxxxxxxxx.xxx	predictive	Высокий
22	File	xxxxx.xxx	predictive	Средний
23	File	xxxxxx.xxx	predictive	Средний
24	File	xxxxx.xxx	predictive	Средний
25	File	xxxx.xxx	predictive	Средний
26	File	xxxxxx/xxxxx.xxx	predictive	Высокий
27	File	xxxxx.xxx	predictive	Средний
28	File	xxxx.xxx	predictive	Средний
29	File	xxxxxx/xxx/xx/xxx.xx	predictive	Высокий
30	File	xxxxxx.xxx	predictive	Средний
31	File	xxxxxx/xxxxxxxxxxx/xxx/xxxxxxxxxx/xxxx.xxx	predictive	Высокий
32	File	xxxxxxx_xxxxxx.xxx	predictive	Высокий
33	File	xxxx.xxx	predictive	Средний
34	File	xxxx-xxxxxxxx.xxx	predictive	Высокий
35	File	xxxx.xxxxxxxxx.xxx	predictive	Высокий
36	File	xxxxxxxxx.xxx	predictive	Высокий
37	Library	xxxxx/xxxxxxxxx/xxxx.xxxxxxxxx.xxx	predictive	Высокий
38	Argument	xxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:	predictive	Высокий
39	Argument	xxx_xx	predictive	Низкий
40	Argument	xxxxxx_xxxxx_xxxx	predictive	Высокий
41	Argument	xxxx	predictive	Низкий
42	Argument	xx_xxxx	predictive	Низкий
43	Argument	xxxxxxxx	predictive	Средний
44	Argument	xxxxxxx[xxxxxx]	predictive	Высокий
45	Argument	xxxxx	predictive	Низкий
46	Argument	xxxxx_xx	predictive	Средний
47	Argument	xxxxx_xxxx	predictive	Средний
48	Argument	xx	predictive	Низкий
49	Argument	xx	predictive	Низкий
50	Argument	xxxx_xx	predictive	Низкий
51	Argument	xxxxx	predictive	Низкий
52	Argument	xxxxxxxxx_xxxxxxxx_xxxx	predictive	Высокий
53	Argument	xxxx_xxxx	predictive	Средний
54	Argument	xxxxx_xxxx_xxxx	predictive	Высокий
55	Argument	xxx	predictive	Низкий
56	Argument	xxxxxxxx_xx	predictive	Средний
57	Argument	xxxxxxxx	predictive	Средний
58	Argument	xxx	predictive	Низкий
59	Argument	xxxx-xxxxx	predictive	Средний
60	Argument	xxxxxxxx	predictive	Средний
61	Argument	xxxxxxxx/xxxxxxxx	predictive	Высокий
62	Input Value	<xxxxxx>xxxxx(/xxx/)</xxxxxx>	predictive	Высокий
63	Input Value	xxxxxx_xxxxxxxx	predictive	Высокий

Ссылки (9)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

https://bazaar.abuse.ch/sample/d3da939964cbf347635dd39214d941dc4bd59c84060ae4465ee6e943bae79dc9/

◂ ПредыдущийОбзорДалее ▸

Interested in the pricing of exploits?

See the underground prices here!