Invicta Stealer 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (283)

时间轴

语言

en240
ja10
zh10
ar6
it6

国家/地区

us284

演员

Cobalt Strike1
DCRat1
Hook1
Rhadamanthys1
Ave Maria1

活动

利益

时间轴

类型

Not Defined76
Content Management System22
Forum Software6
Survey Software4
Programming Language Software4

供应商

Not Defined54
SourceCodester6
Esoftpro4
Oracle4
HP4

产品

SourceCodester Inventory Management System4
Esoftpro Online Guestbook Pro4
SQuery4
WordPress4
HP Integrated Lights-Out4

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000005.42
2esoftpro Online Guestbook Pro ogp_show.php SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.001350.20CVE-2010-4996
3Esoftpro Online Guestbook Pro ogp_show.php 跨网站脚本4.34.2$0-$5k$0-$5kHighUnavailable0.002090.04CVE-2009-2441
4Squitosoft Squito Gallery photolist.inc.php 内存损坏7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.013710.04CVE-2005-2258
5Esoftpro Online Guestbook Pro ogp_show.php 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001010.08CVE-2009-2448
6Esoftpro Online Guestbook Pro ogp_show.php 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001290.06CVE-2009-2447
7HP Integrated Lights-Out 信息公开9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.022860.00CVE-2012-3271
8htmltonuke htmltonuke.php 权限升级7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.018490.04CVE-2006-0308
9Storytlr 跨网站脚本4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001290.03CVE-2014-100037
10WordPress AdServe adclick.php SQL注入7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.07CVE-2008-0507
11Appindex MWChat start_lobby.php 权限升级7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.018950.00CVE-2005-1869
12Cisco BroadWorks Application Delivery Platform Single Sign-On Remote Code Execution9.99.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001430.00CVE-2023-20238
13Zentrack index.php 权限升级7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
14Jetbox One CMS 内存损坏5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.019990.05CVE-2004-1448
15Mambo Artlinks component artlinks.dispnew.php 权限升级8.17.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.017420.03CVE-2006-3949
16xoops Xoopsgallery Module mod_gallery SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.015200.08CVE-2008-0138
17MosXML mod_mainmenu.php 权限升级7.36.4$0-$5k$0-$5kUnprovenUnavailable0.004410.01CVE-2008-5206
18SourceCodester Best Courier Management System Manage Account Page 跨网站脚本4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000500.00CVE-2023-5302
19Comersus Open Technologies Comersus Cart comersus_optreviewreadexec.asp SQL注入7.37.1$0-$5k$0-$5kHighUnavailable0.003080.03CVE-2007-3323
20UBB.threads login.php 跨网站脚本3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
194.156.253.17Invicta Stealer2024-04-03verified

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique漏洞访问向量类型可信度
1T1006CWE-22, CWE-23Path Traversalpredictive
2T1059CWE-94Argument Injectionpredictive
3T1059.007CWE-79, CWE-80Cross Site Scriptingpredictive
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
9TXXXXCWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx Xxxxxxxxxxxpredictive
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive
11TXXXXCWE-XXXXxxxxxxxxxxxx Xxxxxxpredictive
12TXXXX.XXXCWE-XXXXxx Xxxxxxxxxx Xxxxxpredictive
13TXXXX.XXXCWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxxpredictive

IOA - Indicator of Attack (169)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/admin/list_addr_fwresource_ip.phppredictive
2File/DXR.axdpredictive
3File/forum/away.phppredictive
4File/importexport.phppredictive
5File/log/decodmail.phppredictive
6File/multi-vendor-shopping-script/product-list.phppredictive
7File/see_more_details.phppredictive
8File/servlet/webaccpredictive
9File/SysManage/AddUpdateRole.aspxpredictive
10File/textpattern/index.phppredictive
11Fileadclick.phppredictive
12FileadDetail.asppredictive
13Fileadmin.a6mambocredits.phppredictive
14Fileadmin.cropcanvas.phppredictive
15Fileadmin/theme-edit.phppredictive
16FileadminBanned.phppredictive
17FileadminBoards.phppredictive
18FileadminForums.phppredictive
19Fileallopass-error.phppredictive
20Fileallopass.phppredictive
21Fileannounce.phppredictive
22Fileapp/ajax/search_sell_paymen_report.phppredictive
23Filexxxxxxxx.xxxxxxx.xxxpredictive
24Filexxx.xxxpredictive
25Filexxxx_xxxxxxxx.xxxpredictive
26Filexx_xxxx.xxxpredictive
27Filexxxx_xxxxxxxx/xx.xxxpredictive
28Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictive
29Filexxxxx.xxxpredictive
30Filexxxxxxxx.xxpredictive
31Filexxxxxxxx.xxx.xxxpredictive
32Filexxxx_xxxxxxx.xxxpredictive
33Filexxx/xxxx/xxx_xxxx.xpredictive
34Filexxxxxxxxxxx.xxxxx.xxxpredictive
35Filexxxxxxxxxxxxxxxxxxxx.xxxpredictive
36Filexxxxxxxx.xxxx.xxxpredictive
37Filexxxxxxxxxxxx_xxxx.xxxpredictive
38Filexxxx_xxxxxxx.xxx.xxxpredictive
39Filexxxxxxxxxx.xxxpredictive
40Filexxxx.xxx.xxxpredictive
41Filexxxxxxxxxx.xxxpredictive
42Filexxxxx_xxxxxx.xxxpredictive
43Filexxxxxxxxx.xxxpredictive
44Filexxx/xxxxxx.xxxpredictive
45Filexxxxxxx.xxxpredictive
46Filexxxxxxx/xxxxx/xxxxxxx.xpredictive
47Filexxxxxxxx/xxxx.xxxpredictive
48Filexxxxxxxx/xxxxxxxxxxxx.xxx.xxxpredictive
49Filexxxxx.xxxpredictive
50Filexxxxxx.xxxpredictive
51Filexxxxxxx.xxxpredictive
52Filexxxxxx/xxxx/xxxxxx_xxx.xxxpredictive
53Filexxxxxxxx.xxx.xxxpredictive
54Filexxxxx.xxxpredictive
55Filexxx_xxxxxxxx.xxxpredictive
56Filexxxxx-x.xpredictive
57Filexxxxxxxx.xxxpredictive
58Filexxxxxxx/xxx_xxxxxxxx.xxxpredictive
59Filexxx_xxxxxxx.xxxpredictive
60Filexxx_xxxxxxx_xxxx.xxxpredictive
61Filexxx_xxxxxxx_xxxxxxxxxxx.xxxpredictive
62Filexxx_xxxxxxx_xxxxxxxxxx.xxxpredictive
63Filexxxx.xxxpredictive
64Filexxx_xxxx.xxxpredictive
65Filexxxxxxxxx.xxx.xxxpredictive
66Filexxxxxx.xxxxx.xxxpredictive
67Filexxxx.xxxpredictive
68Filexxxxxxx.xxxxxxx.xxxxxx.xxxpredictive
69Filexxx.xxxpredictive
70Filexxxxxxx_xxxxxx_xxxxxxxx.xxxpredictive
71Filexxxxxx_xxx_xxxxxx.xxxpredictive
72Filexxxx.xxxpredictive
73Filexxxxxxxxxxxxxxx.xxxpredictive
74Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictive
75Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictive
76Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictive
77Filexx_xxxx.xxxpredictive
78Filexxxxx_xxxx.xxxpredictive
79Filexxxxx_xxxxx.xxxpredictive
80Filexxxxxxxxxxxxx.xxxpredictive
81Filexxxxx/xxxx_xxxxxx_xxxxxx.xxxpredictive
82Filexxxx/xxx/xxxx-xxxxx.xxxpredictive
83Filexxxx.xxxpredictive
84Filexxxxxxxxx.xxxpredictive
85Filexxxx_xxxxxxx_xxxx.xxxpredictive
86Filexxxx/xxxx-x-xxxxxx.xpredictive
87Filexx-xxxxx.xxxpredictive
88Filexx-xxxxxxxxx.xxxpredictive
89Filexxxxxxxxxxxx.xxxpredictive
90File_xxxxxxxxx.xxxpredictive
91Libraryxxx.xxx/xxxxxxx.xxxxxxx/xxxx.xxx/xxxxxxx.xxxxxxx.xxxxxx.xxxpredictive
92Libraryxxxxxx[xxxxxx_xxxxpredictive
93Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictive
94Libraryxxxx.xxx.xxxpredictive
95Argumentxxxxxpredictive
96Argumentxxxxxxxx_xxxxpredictive
97Argumentxxxxxxxxpredictive
98Argumentxxxx_xxxpredictive
99Argumentxxxxxpredictive
100Argumentxxxxpredictive
101Argumentxxxpredictive
102Argumentxxx_xxpredictive
103Argumentxxxxxxx[x][xxxx]predictive
104Argumentxxxxxxpredictive
105Argumentxxxxxxxxxxpredictive
106Argumentxxxxxx[xxxxxx_xxxx]predictive
107Argumentxxxxxxxxxxxxpredictive
108Argumentxxxxxxxxpredictive
109Argumentxxxxxxxxpredictive
110Argumentxxxxxxxxpredictive
111Argumentxxxxxxxpredictive
112Argumentxxxxxx_xxxxpredictive
113Argumentxxxxxpredictive
114Argumentxxxxx_xxxx_xxxxpredictive
115Argumentxxxxxpredictive
116Argumentxxxxxxxxxpredictive
117Argumentxx_xxxxxxxpredictive
118Argumentxxxxpredictive
119Argumentxxxxxxxpredictive
120Argumentxxxxx xxxxpredictive
121Argumentxxxxxxx_xxxxxxxpredictive
122Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictive
123Argumentxxxx[xxxxxxx]predictive
124Argumentxxxxxxxxpredictive
125Argumentxxxxpredictive
126Argumentxxpredictive
127Argumentxxxxxxxxxpredictive
128Argumentxxxxx_xxxpredictive
129Argumentxxxxpredictive
130Argumentxxxxxxxpredictive
131Argumentxxx_xxxx_xxxxpredictive
132Argumentxxxpredictive
133Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictive
134Argumentxxxxxxxxx_xxxx_xxxxpredictive
135Argumentxxxxxxx_xxxxpredictive
136Argumentxxxxx_xxxpredictive
137Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictive
138Argumentxxxxpredictive
139Argumentxxxxxxpredictive
140Argumentxxxx_xxxxpredictive
141Argumentxxxxxxxxxpredictive
142Argumentxxxxx_xxxx_xxxpredictive
143Argumentxxxxx_xxxx_xxxxpredictive
144Argumentxxxxxxx_xxxpredictive
145Argumentxxpredictive
146Argumentxxxxxxxxxx[x]predictive
147Argumentxx_xxxxpredictive
148Argumentxxxxxxpredictive
149Argumentxxxxxpredictive
150Argumentxxxxxxxxxxpredictive
151Argumentxxxxxxxpredictive
152Argumentxxxx_xxxxpredictive
153Argumentxxxpredictive
154Argumentxxxxxxpredictive
155Argumentxxxxxx_xxxxxxpredictive
156Argumentxxx_xxxxxpredictive
157Argumentxxxx_xxxxpredictive
158Argumentxxxpredictive
159Argumentxx_xxpredictive
160Argumentxxxxxxxx_xxxpredictive
161Argumentxxx_xxxxxxxxxxxxpredictive
162Argumentxxxxxxxxxxpredictive
163Argumentxx_xxpredictive
164Argumentxxxxxxxxxxxpredictive
165Argument_xxxx[_xxx_xxxx_xxxxpredictive
166Input Valuexxxxpredictive
167Input Valuexxxxxxpredictive
168Input Value\xxx../../../../xxx/xxxxxxpredictive
169Network Portxxx xxxxxx xxxxpredictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!