SocStealer Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Tidslinje

Lang

en14
de2

Land

us8
cn6

Skådespelare

SocStealer3
Ponystealer1
DCRat1

Aktiviteter

Intressera

Tidslinje

Typ

Not Defined6
SSH Server Software2
Application Server Software2
Mail Client Software2
Continuous Integration Software2

Säljare

Not Defined14
Oracle2

Produkt

Devilz Clanportal2
Dropbear2
HoMaP2
Oracle WebLogic Server2
Mutt2

Sårbarheter

#SårbarhetBaseTemp0dayI dagUtnRemEPSSCTICVE
1NotificationX Plugin SQL Statement sql injektion5.65.4$0-$5kBeräknandeNot DefinedOfficial Fix0.024140.04CVE-2022-0349
2TestLink attachmentdownload.php privilegier eskalering6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.000860.04CVE-2022-35195
3UMN MapServer sql injektion7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003760.00CVE-2011-2703
4SCMS privilegier eskalering7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001020.00CVE-2018-19654
5Oracle WebLogic Server Centralized Thirdparty Jars informationsgivning3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2020-8908
6Tenda AC23 httpd formGetSysToolDDNS minneskorruption8.38.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001310.08CVE-2023-0782
7Oracle Web Applications Desktop Integrator Upload Remote Code Execution9.89.6$25k-$100k$5k-$25kNot DefinedOfficial Fix0.973440.04CVE-2022-21587
8OpenSSH FIDO Authentication svag autentisering5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002010.17CVE-2021-36368
9Dropbear Non-RFC-compliant Check svag autentisering6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000970.04CVE-2021-36369
10Microsoft Windows EducatedScholar privilegier eskalering10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.742610.00CVE-2009-2532
11Jenkins Agent-to-Controller privilegier eskalering5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001920.02CVE-2021-21685
12Mutt/NeoMutt IMAP Server Response svag kryptering5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.00CVE-2020-28896
13Devilz Clanportal File Upload okänd sårbarhet5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.04CVE-2006-6338
14HoMaP index.php sql injektion7.37.1$0-$5k$0-$5kHighUnavailable0.001000.00CVE-2008-2989
15DZCP deV!L`z Clanportal browser.php informationsgivning5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.30CVE-2007-1167
16Drupal Transliterate privilegier eskalering6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001460.00CVE-2016-9452

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-adressHostnameSkådespelareKampanjerIdentifiedTypFörtroende
145.76.142.14445.76.142.144.vultrusercontent.comSocStealer08/04/2022verifiedHög
2XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx08/04/2022verifiedHög
3XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxxx08/04/2022verifiedHög
4XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx08/04/2022verifiedHög
5XXX.XXX.XX.XXxxxx-xxxx-xxxx-xxx-xx-xxxx.xxxxxxxx.xxxXxxxxxxxxx08/04/2022verifiedHög

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSårbarheterÅtkomstvektorTypFörtroende
1T1040CWE-319Authentication Bypass by Capture-replaypredictiveHög
2TXXXXCWE-XXXxxxxxxx XxxxxxxxxpredictiveHög
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHög
4TXXXXCWE-XXXxx XxxxxxxxxpredictiveHög
5TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHög

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlassIndicatorTypFörtroende
1File/bin/httpdpredictiveMedium
2Fileinc/filebrowser/browser.phppredictiveHög
3Filexxxxx.xxxpredictiveMedium
4Library/xxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHög
5ArgumentxxxxpredictiveLåg
6ArgumentxxpredictiveLåg
7Argumentxx_xxpredictiveLåg

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

TidigareÖversiktNästa

Do you want to use VulDB in your project?

Use the official API to access entries easily!