CredStealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (219)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en200
ru20

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us30
cn24
ru4
gb2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

CredStealer2
Meterpreter2
TeamTNT1
BlackByte1
Tsunami1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined96
WordPress Plugin22
Operating System12
Content Management System12
Web Browser8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined80
Netgear8
Google6
Apache6
Apple6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Apple macOS6
Netgear D78006
Netgear R61006
Netgear R75006
Netgear R7500v26

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Dahua DHI-HCVR7216A-S3 SmartPSS Auto Login Hash access control6.76.7$0-$5k$0-$5kNot DefinedNot Defined0.003310.05CVE-2017-6342
2Cyr to Lat Plugin sql injection6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2022-4290
3HPE Onboard Administrator Reflected cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000500.04CVE-2020-7132
4xwikisas macro-pdfviewer PDF Viewer Macro information disclosure6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2024-30263
5Moises Heberle WooCommerce Bookings Calendar Plugin cross site scripting5.04.9$0-$5k$0-$5kNot DefinedNot Defined0.000430.00CVE-2024-31117
6Foxit PDF Reader AcroForm use after free7.06.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2024-30354
7Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow8.88.4$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.04CVE-2024-2581
8MediaTek MT8798 Lk memory corruption6.76.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.02CVE-2024-20022
9Kofax Power PDF PNG File Parser out-of-bounds4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000650.03CVE-2024-27336
10Linux Kernel ASPM pci_set_power_state_locked deadlock4.84.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.04CVE-2024-26605
11Elementor Plugin deserialization5.55.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.03CVE-2024-24934
12IBM Security Access Manager Container DSC Server resource consumption6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.02CVE-2023-31006
13WP Recipe Maker Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.02CVE-2024-0382
14Dahua IPC/SD/NVR/XVR Packet unknown vulnerability4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000630.05CVE-2022-30564
15PrestaShop blockwishlist sql injection7.77.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.007410.00CVE-2022-31101
16ThemePunch OHG Slider Revolution Plugin unrestricted upload7.27.1$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2023-47784
17OpenZeppelin openzeppelin-contracts Subcall control flow5.75.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000480.06CVE-2023-49798
18Brocade Fabric OS risky encryption6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000910.00CVE-2021-27795
19WPFactory Products, Order & Customers Export for WooCommerce Plugin cross site scripting5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-47547
20Bitrix24 MIME Type unrestricted upload8.38.3$0-$5k$0-$5kNot DefinedNot Defined0.000870.00CVE-2023-1720

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.9.148.108mx1.dendrite.networkCredStealer07/18/2023verifiedHigh
2XXX.XXX.XXX.XXXXxxxxxxxxxx07/18/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (20)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-425Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-1CWE-XXX, CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-112CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
15TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
17TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
18TXXXXCAPEC-20CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
19TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
20TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (81)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/ajax.php?action=read_msgpredictiveHigh
2File/debug/pprofpredictiveMedium
3File/desktop_app/file.ajax.php?action=uploadfilepredictiveHigh
4File/envpredictiveLow
5File/goform/SetNetControlListpredictiveHigh
6File/goform/SetStaticRouteCfgpredictiveHigh
7File/src/chatbotapp/chatWindow.javapredictiveHigh
8Fileadmin/categories_industry.phppredictiveHigh
9Fileadmin/class-woo-popup-admin.phppredictiveHigh
10Filexxxxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
11Filexxxxxxxxxxxx/xxxxx/xxxx/predictiveHigh
12Filexxxxx.xxxpredictiveMedium
13Filexxx_xx_xxx_xxx.xxxpredictiveHigh
14Filexxx.xpredictiveLow
15FilexxxpredictiveLow
16Filexxx/xxxxxxxx/xxxx/xxxxxxxx.xxpredictiveHigh
17Filexxxxxxx/xxx/xxx-xx.xpredictiveHigh
18Filexxx_xxxx.xpredictiveMedium
19Filexxx/xxxxx.xxxxxpredictiveHigh
20Filexxxx/xxxxxxxx/xxx&xx=xxxxxxxpredictiveHigh
21Filexxxxxxxxx.xxx.xxxpredictiveHigh
22Filexxxxxxxxxxxxxxxxxxxxxxxxx.xxpredictiveHigh
23Filexxxxxx.xxxpredictiveMedium
24Filexxxxxxx/xxxxx.xxx.xxxpredictiveHigh
25Filexx_xxxxx.xpredictiveMedium
26Filexxxxx_xxxxx.xpredictiveHigh
27Filexxxxxx/xxx/xxxxxxxx.xpredictiveHigh
28Filexxxx.xxxpredictiveMedium
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxx/xxxxxx/xxxxxx/xxxxxxxxx.xxx#xxxpredictiveHigh
32Filexxxxxxxxxxx-xxxx.xxpredictiveHigh
33Filexxxxxxxxx/xxxxx.xxxxxpredictiveHigh
34Filexxxxx/xxxxx.xxxxxpredictiveHigh
35Filexxxxxxx.xpredictiveMedium
36Filexxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxxx-xxxxxx.xxxpredictiveHigh
38Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
39Filexxx.xpredictiveLow
40FilexxxxxxxxxxxxxxxxpredictiveHigh
41Filexxx-xxxxxxx-xxx.xxpredictiveHigh
42Filexxxxxxx.xpredictiveMedium
43Filexxx.xxxpredictiveLow
44Filexx-xxxxx-xxxxxx.xxxpredictiveHigh
45File~/xxxxxxxx/xxxxx-xxx-xxxxxx-xxxxxxxxxxxx.xxxpredictiveHigh
46Libraryxx.xxxxxxxxxx.xxxxxxxxxxxxxxx.xxxpredictiveHigh
47Libraryxxx/xxxxxxxxx/xxxxxxxx.xxxxx.xxxpredictiveHigh
48Libraryxxxxxxx.xxxpredictiveMedium
49Libraryxxxxx.xxxpredictiveMedium
50Libraryxxxxxxxxxxxxx.xxx)predictiveHigh
51ArgumentxxxxxxpredictiveLow
52ArgumentxxxpredictiveLow
53Argumentxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxxxxxxxx/xxxxxxxxxxxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxpredictiveHigh
54ArgumentxxxxxxpredictiveLow
55Argumentx:\xxxxxxx\xpredictiveMedium
56Argumentxxxxx_xxxxpredictiveMedium
57Argumentxxxxx_xxpredictiveMedium
58ArgumentxxxxxxxxpredictiveMedium
59ArgumentxxxxxxxxxxxxxxxxxpredictiveHigh
60Argumentxxx_xxxpredictiveLow
61ArgumentxxxxpredictiveLow
62ArgumentxxxxpredictiveLow
63Argumentxxxx_xxxxxpredictiveMedium
64Argumentxxxxxx_xxxpredictiveMedium
65ArgumentxxxxpredictiveLow
66ArgumentxxpredictiveLow
67ArgumentxxxxxxxpredictiveLow
68ArgumentxxxxpredictiveLow
69ArgumentxxxxpredictiveLow
70ArgumentxxxxxxxxxxxxpredictiveMedium
71ArgumentxxxxxxxpredictiveLow
72Argumentx_xxxxpredictiveLow
73Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
74Argumentxxxx_xxxxxpredictiveMedium
75ArgumentxxxpredictiveLow
76ArgumentxxxxxpredictiveLow
77ArgumentxxxxxxxxxxxpredictiveMedium
78ArgumentxxpredictiveLow
79ArgumentxxxxxxpredictiveLow
80Argumentx-xxxxxxxxx-xxxxpredictiveHigh
81Input Value//xxx//xxxxxxx.xxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!