SWEED Agent Tesla Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (24)

Lang

en	24

Land

us	10

Skådespelare

Silence	1
Vjw0rm	1
AsyncRAT	1
Ave Maria	1
SWEED Agent Tesla	1

Intressera

Typ

Not Defined	10
WordPress Plugin	6
Banking Software	2
Artificial Intelligence Software	2
Smartphone Operating System	2

Säljare

Not Defined	16
Zscaler	2
Digital.ai	2
Apple	2

Produkt

PHPUnit	2
ThinkPHP	2
Zscaler Client Connector	2
Online Banking System	2
PhpIPAM	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Microsoft ASP.NET Cryptographic Padding Oracle svag kryptering	4.8	4.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.96929	0.04	CVE-2010-3332
2	PHPUnit HTTP POST eval-stdin.php privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	High	Official Fix	0.97487	0.00	CVE-2017-9841
3	PhpIPAM edit-bgp-mapping-search.php sql injektion	4.3	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04064	0.06	CVE-2022-23046
4	Zscaler Client Connector förnekande av tjänsten	4.2	4.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2024-23461
5	Online Banking System delete_customer.php sql injektion	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00212	0.03	CVE-2022-40117
6	Drag and Drop Multiple File Upload Contact Form 7 admin-ajax.php kataloggenomgång	6.4	6.3	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00231	0.04	CVE-2023-1112
7	WP-CopyProtect Plugin CopyProtect_options_page förfalskning på begäran över webbplatsen	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.04	CVE-2023-25025
8	Replace Word Plugin förfalskning på begäran över webbplatsen	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2023-37973
9	GitLab GraphQL API privilegier eskalering	5.4	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00069	0.04	CVE-2022-0152
10	Apple iOS/iPadOS informationsgivning	4.5	4.4	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00052	0.00	CVE-2023-32410
11	Digital.ai App Management Publisher Plugin förfalskning på begäran över webbplatsen	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00055	0.05	CVE-2023-35148
12	Tables Plugin error_msg cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00046	0.00	CVE-2023-25453
13	Splunk Enterprise Web URL informationsgivning	3.6	3.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00072	0.02	CVE-2023-32712
14	Collabora Online cross site scripting	5.9	5.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00045	0.04	CVE-2023-34088
15	Autolab TAR File kataloggenomgång	6.2	6.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00089	0.00	CVE-2023-32676
16	Multiple Page Generator Plugin sql injektion	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00068	0.00	CVE-2023-2607
17	Microsoft Windows NTLM Security Support Provider informationsgivning	5.2	4.8	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00138	0.02	CVE-2023-24900
18	Canon imageCLASS MF743Cdw IPP Sides minneskorruption	9.3	9.1	$0-$5k	Beräknande	Not Defined	Official Fix	0.00132	0.02	CVE-2023-0856
19	Modpagespeed Mod Pagespeed mod_pagespeed cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00220	0.02	CVE-2013-6111
20	ThinkPHP Language Pack pearcmd.php privilegier eskalering	8.5	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04153	0.05	CVE-2022-47945

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	84.38.134.121	ip-134-121.dataclub.info	SWEED Agent Tesla		16/07/2019	verified	Hög

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CAPEC-126	CWE-22, CWE-23	Path Traversal	predictive	Hög
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	Hög
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
4	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
6	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxxxx Xxxxxx	predictive	Hög

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/net-banking/delete_customer.php	predictive	Hög
2	File	admin-ajax.php	predictive	Hög
3	File	xxx/xxxxx/xxxxxxx/xxxx-xxx-xxxxxxx-xxxxxx.xxx	predictive	Hög
4	File	xxxxxxx.xxx	predictive	Medium
5	File	xxxx/xxx/xxxx-xxxxx.xxx	predictive	Hög
6	Argument	xxxx_xx	predictive	Låg
7	Argument	xxxx	predictive	Låg
8	Argument	xxxxxx	predictive	Låg
9	Argument	xxxxxx_xxxx	predictive	Medium

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!