W4SP Stealer 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (20)

时间轴

语言

en16
fr2
zh2

国家/地区

us14
fr2
br2

演员

Molerats1
BianLian1
W4SP Stealer1

活动

利益

时间轴

类型

Not Defined8
Programming Language Software2
Web Server2
Operating System2

供应商

Not Defined4
Microsoft2
Thomas R. Pasawicz2
Apple2
Sumeffect2

产品

MidiCart PHP Shopping Cart2
Microsoft IIS2
Thomas R. Pasawicz HyperBook Guestbook2
Apple Mac OS X2
LushiWarPlaner2

漏洞

#漏洞BaseTemp0day今天修正EPSSCTICVE
1jforum User 权限升级5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.002890.04CVE-2019-7550
2DZCP deV!L`z Clanportal config.php 权限升级7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.13CVE-2010-0966
3Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash 信息公开5.35.2$5k-$25k计算HighWorkaround0.020160.02CVE-2007-1192
4Hikvision IP Camera Web Server 内存损坏8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.004530.04CVE-2018-6414
5LushiWarPlaner register.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.008210.06CVE-2007-0864
6PHP-Proxy index.php 跨网站脚本5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001440.04CVE-2018-19785
7JForum Login 权限升级6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001570.06CVE-2012-5338
8Sumeffect digiSHOP cart.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000640.00CVE-2010-4633
9Apple Mac OS X UserAccountUpdater 信息公开5.34.6$5k-$25k$0-$5kUnprovenOfficial Fix0.000420.00CVE-2014-8834
10MidiCart PHP Shopping Cart item_show.php SQL注入6.36.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.05
11Clip-bucket ClipBucket ITEM view_item.php SQL注入7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.003950.03CVE-2015-2102
12Maran PHP Shop prod.php SQL注入7.37.3$0-$5k$0-$5kHighUnavailable0.001370.05CVE-2008-4879
13Microsoft IIS 跨网站脚本5.24.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005480.16CVE-2017-0055
14Affiliate Tracking Script adminlogin.asp SQL注入7.36.6$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP地址Hostname参与者活动Identified类型可信度
1204.152.203.78buzz-203078.buzzford.comW4SP Stealer2024-03-05verified

TTP - Tactics, Techniques, Procedures (4)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechnique分类漏洞访问向量类型可信度
1T1059CAPEC-242CWE-94Argument Injectionpredictive
2TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
3TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
4TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (20)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID分类Indicator类型可信度
1File/adminlogin.asppredictive
2File/uncpath/predictive
3Filecart.phppredictive
4Filexxxx/xxxxxxxxxxxxxxx.xxxpredictive
5Filexxx/xxxxxx.xxxpredictive
6Filexxxxx.xxxpredictive
7Filexxxx_xxxx.xxxpredictive
8Filexxxx.xxxpredictive
9Filexxxxxxxx.xxxpredictive
10Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictive
11Filexxxx_xxxx.xxxpredictive
12Argumentxxxxxxxxpredictive
13Argumentxxxpredictive
14Argumentxxxx_xxpredictive
15Argumentxxpredictive
16Argumentxxxxpredictive
17Argumentxxxxxxxxxxpredictive
18Argumentxxxpredictive
19Argumentxxxxxxxx/xxxxxxxxpredictive
20Input Value'xx''='predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

上一步一览下一步

Do you know our Splunk app?

Download it now for free!