StrelaStealer Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Lang

en	48
ru	10
ja	2
es	2
fr	2

Land

ru	24
us	18
pt	4
ca	4
kr	2

Skådespelare

Stealc	2
RedLine Stealer	2
StrelaStealer	2
Rhadamanthys	2
Quasar RAT	1

Intressera

Typ

Not Defined	32
Web Server	10
Content Management System	4
Operating System	2
Mail Client Software	2

Säljare

Not Defined	24
Microsoft	4
Asus	4
ZTE	2
Mamboxchange	2

Produkt

nginx	4
ZTE ZX297520V3	2
Mamboxchange Simpleboard	2
OkayCMS	2
Microsoft Windows	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Node.js privilegier eskalering	8.2	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00260	0.02	CVE-2020-8201
2	Email Subscribers / Newsletters File Download informationsgivning	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.21953	0.04	CVE-2019-19985
3	Google Android Privilege Escalation	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00061	0.01	CVE-2021-0877
4	Google Android minneskorruption	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-21042
5	Microsoft Windows Online Certificate Status Protocol SnapIn Remote Code Execution	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00120	0.02	CVE-2023-35313
6	GitHub Enterprise Server API informationsgivning	3.9	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00111	0.00	CVE-2022-46257
7	Pallets Werkzeug Debugger tbtools.py render_full cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00183	0.04	CVE-2016-10516
8	Zyxel ATP/USG FLEX/VPN CGI Program informationsgivning	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00064	0.00	CVE-2023-22918
9	Apache OpenOffice Calc privilegier eskalering	7.3	6.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00602	0.02	CVE-2014-3524
10	V3chat V3 Chat Profiles Dating Script svag autentisering	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01685	0.00	CVE-2008-5784
11	SourceCodester Online Discussion Forum Site view_post.php sql injektion	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00067	0.09	CVE-2023-3152
12	USAA Mobile Banking Screen Cache informationsgivning	3.3	3.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00116	0.00	CVE-2015-1314
13	Zoho ManageEngine ServiceDesk Plus MSP svag autentisering	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00343	0.00	CVE-2021-44675
14	Microsoft Exchange Outlook Web Access privilegier eskalering	5.3	4.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.01212	0.00	CVE-2014-6319
15	October CMS privilegier eskalering	5.3	5.1	$0-$5k	$0-$5k	High	Official Fix	0.01981	0.00	CVE-2021-32648
16	pyload privilegier eskalering	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.50964	0.02	CVE-2023-0297
17	cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar kataloggenomgång	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00067	0.14	CVE-2022-4065
18	Verizon Fios Actiontec Mi424wr-gen31 Router Administration index.cgi förfalskning på begäran över webbplatsen	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00356	0.01	CVE-2013-0126
19	Yandex Browser privilegier eskalering	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2022-28226
20	SheerDNS Directory_lookup kataloggenomgång	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02

Kampanjer (1)

These are the campaigns that can be associated with the actor:

Spain

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	45.9.74.12	StrelaStealer		03/04/2024	verified	Hög
2	XX.XXX.XX.XXX	Xxxxxxxxxxxxx	Xxxxx	24/06/2023	verified	Hög
3	XXX.XXX.XX.XX	Xxxxxxxxxxxxx		25/08/2023	verified	Hög
4	XXX.XXX.XX.XXX	Xxxxxxxxxxxxx		02/04/2024	verified	Hög

TTP - Tactics, Techniques, Procedures (14)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-20, CWE-119, CWE-120, CWE-189, CWE-190, CWE-287, CWE-352, CWE-377, CWE-400, CWE-404, CWE-416, CWE-444, CWE-476, CWE-787, CWE-862, CWE-863	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	T1055	CAPEC-10	CWE-74, CWE-707	Improper Neutralization of Data within XPath Expressions	predictive	Hög
4	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
5	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XX, CWE-XXX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	Hög
8	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	Hög
9	TXXXX	CAPEC-0	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	Hög
10	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
11	TXXXX	CAPEC-50	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
12	TXXXX	CAPEC-464	CWE-XXX	Xxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxx	predictive	Hög
13	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
14	TXXXX.XXX	CAPEC-19	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/uncpath/	predictive	Medium
2	File	admin\posts\view_post.php	predictive	Hög
3	File	ajax/include.php	predictive	Hög
4	File	app/admin/custom-fields/filter-result.php	predictive	Hög
5	File	boafrm/formSysCmd	predictive	Hög
6	File	xxxx	predictive	Låg
7	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	predictive	Hög
8	File	xxxxx/xxxxxxx.xx	predictive	Hög
9	File	xxxxx.xxx	predictive	Medium
10	File	xxxxx_xxxxxx.xxx	predictive	Hög
11	File	xxxxx.xxx	predictive	Medium
12	File	xxxxx.xx	predictive	Medium
13	File	xxxxx.xxx	predictive	Medium
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	Hög
15	File	xxxxxxxxxxxxx.xxx	predictive	Hög
16	File	xxxx-xxxxxx.x	predictive	Hög
17	File	xxxx.xxx	predictive	Medium
18	File	xxxx.xx	predictive	Låg
19	File	xxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxx	predictive	Hög
20	File	xxxxxx_xxx/xxxx	predictive	Hög
21	File	xxxx/xxxxxxxxxxxx.xxx	predictive	Hög
22	Library	/xxxxx/xxxxxxxx/xxxxxxx.xxx	predictive	Hög
23	Library	xxxxxx.xxx	predictive	Medium
24	Argument	xxxx	predictive	Låg
25	Argument	xxxxx[xxxxx][xx]	predictive	Hög
26	Argument	xxxx	predictive	Låg
27	Argument	xxxxxxxx	predictive	Medium
28	Argument	xxxxxxxx	predictive	Medium
29	Argument	xxxxxxx	predictive	Låg
30	Argument	xxx	predictive	Låg
31	Argument	xxxxxxxx	predictive	Medium
32	Argument	xxxxxx	predictive	Låg
33	Argument	xxxxxx	predictive	Låg
34	Argument	xxxxx	predictive	Låg
35	Argument	xxx	predictive	Låg
36	Input Value	\x	predictive	Låg

Referenser (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!