Invicta Stealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (283)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en238
zh16
ja8
de6
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us284

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Cobalt Strike1
DCRat1
Hook1
Rhadamanthys1
Ave Maria1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined72
Content Management System22
Forum Software8
Photo Gallery Software4
Survey Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined44
Esoftpro6
Mambo6
SourceCodester6
Novell4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Esoftpro Online Guestbook Pro6
phpShop6
SQuery4
Novell GroupWise4
SourceCodester Inventory Management System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1LogicBoard CMS away.php redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.26
2esoftpro Online Guestbook Pro ogp_show.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001350.00CVE-2010-4996
3Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002090.07CVE-2009-2441
4Squitosoft Squito Gallery photolist.inc.php memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.013710.04CVE-2005-2258
5Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001090.04CVE-2009-2448
6Esoftpro Online Guestbook Pro ogp_show.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001340.04CVE-2009-2447
7HP Integrated Lights-Out information disclosure9.88.5$5k-$25k$0-$5kUnprovenOfficial Fix0.022860.02CVE-2012-3271
8htmltonuke htmltonuke.php code injection7.36.7$0-$5k$0-$5kProof-of-ConceptUnavailable0.018490.04CVE-2006-0308
9Storytlr cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.001340.09CVE-2014-100037
10WordPress AdServe adclick.php sql injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000730.28CVE-2008-0507
11Appindex MWChat start_lobby.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.016100.00CVE-2005-1869
12Cisco BroadWorks Application Delivery Platform Single Sign-On Remote Code Execution9.99.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.001430.00CVE-2023-20238
13Zentrack index.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.03
14Jetbox One CMS memory corruption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.019990.05CVE-2004-1448
15Mambo Artlinks component artlinks.dispnew.php code injection8.17.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.017420.03CVE-2006-3949
16xoops Xoopsgallery Module mod_gallery sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.015200.00CVE-2008-0138
17MosXML mod_mainmenu.php code injection7.36.4$0-$5k$0-$5kUnprovenUnavailable0.004410.01CVE-2008-5206
18SourceCodester Best Courier Management System Manage Account Page cross site scripting4.14.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.000500.06CVE-2023-5302
19Comersus Open Technologies Comersus Cart comersus_optreviewreadexec.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003810.00CVE-2007-3323
20UBB.threads login.php cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
194.156.253.17Invicta Stealer04/03/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22, CWE-23Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (169)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/list_addr_fwresource_ip.phppredictiveHigh
2File/DXR.axdpredictiveMedium
3File/forum/away.phppredictiveHigh
4File/importexport.phppredictiveHigh
5File/log/decodmail.phppredictiveHigh
6File/multi-vendor-shopping-script/product-list.phppredictiveHigh
7File/see_more_details.phppredictiveHigh
8File/servlet/webaccpredictiveHigh
9File/SysManage/AddUpdateRole.aspxpredictiveHigh
10File/textpattern/index.phppredictiveHigh
11Fileadclick.phppredictiveMedium
12FileadDetail.asppredictiveMedium
13Fileadmin.a6mambocredits.phppredictiveHigh
14Fileadmin.cropcanvas.phppredictiveHigh
15Fileadmin/theme-edit.phppredictiveHigh
16FileadminBanned.phppredictiveHigh
17FileadminBoards.phppredictiveHigh
18FileadminForums.phppredictiveHigh
19Fileallopass-error.phppredictiveHigh
20Fileallopass.phppredictiveMedium
21Fileannounce.phppredictiveMedium
22Fileapp/ajax/search_sell_paymen_report.phppredictiveHigh
23Filexxxxxxxx.xxxxxxx.xxxpredictiveHigh
24Filexxx.xxxpredictiveLow
25Filexxxx_xxxxxxxx.xxxpredictiveHigh
26Filexx_xxxx.xxxpredictiveMedium
27Filexxxx_xxxxxxxx/xx.xxxpredictiveHigh
28Filexxxxxxxx_xxxxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxpredictiveMedium
31Filexxxxxxxx.xxx.xxxpredictiveHigh
32Filexxxx_xxxxxxx.xxxpredictiveHigh
33Filexxx/xxxx/xxx_xxxx.xpredictiveHigh
34Filexxxxxxxxxxx.xxxxx.xxxpredictiveHigh
35Filexxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
36Filexxxxxxxx.xxxx.xxxpredictiveHigh
37Filexxxxxxxxxxxx_xxxx.xxxpredictiveHigh
38Filexxxx_xxxxxxx.xxx.xxxpredictiveHigh
39Filexxxxxxxxxx.xxxpredictiveHigh
40Filexxxx.xxx.xxxpredictiveMedium
41Filexxxxxxxxxx.xxxpredictiveHigh
42Filexxxxx_xxxxxx.xxxpredictiveHigh
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxx/xxxxxx.xxxpredictiveHigh
45Filexxxxxxx.xxxpredictiveMedium
46Filexxxxxxx/xxxxx/xxxxxxx.xpredictiveHigh
47Filexxxxxxxx/xxxx.xxxpredictiveHigh
48Filexxxxxxxx/xxxxxxxxxxxx.xxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexxxxxx.xxxpredictiveMedium
51Filexxxxxxx.xxxpredictiveMedium
52Filexxxxxx/xxxx/xxxxxx_xxx.xxxpredictiveHigh
53Filexxxxxxxx.xxx.xxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexxx_xxxxxxxx.xxxpredictiveHigh
56Filexxxxx-x.xpredictiveMedium
57Filexxxxxxxx.xxxpredictiveMedium
58Filexxxxxxx/xxx_xxxxxxxx.xxxpredictiveHigh
59Filexxx_xxxxxxx.xxxpredictiveHigh
60Filexxx_xxxxxxx_xxxx.xxxpredictiveHigh
61Filexxx_xxxxxxx_xxxxxxxxxxx.xxxpredictiveHigh
62Filexxx_xxxxxxx_xxxxxxxxxx.xxxpredictiveHigh
63Filexxxx.xxxpredictiveMedium
64Filexxx_xxxx.xxxpredictiveMedium
65Filexxxxxxxxx.xxx.xxxpredictiveHigh
66Filexxxxxx.xxxxx.xxxpredictiveHigh
67Filexxxx.xxxpredictiveMedium
68Filexxxxxxx.xxxxxxx.xxxxxx.xxxpredictiveHigh
69Filexxx.xxxpredictiveLow
70Filexxxxxxx_xxxxxx_xxxxxxxx.xxxpredictiveHigh
71Filexxxxxx_xxx_xxxxxx.xxxpredictiveHigh
72Filexxxx.xxxpredictiveMedium
73Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
74Filexxxxxxxx.xxx/xxxxxx.xxx/xxxxxxxx.xxxpredictiveHigh
75Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
76Filexxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
77Filexx_xxxx.xxxpredictiveMedium
78Filexxxxx_xxxx.xxxpredictiveHigh
79Filexxxxx_xxxxx.xxxpredictiveHigh
80Filexxxxxxxxxxxxx.xxxpredictiveHigh
81Filexxxxx/xxxx_xxxxxx_xxxxxx.xxxpredictiveHigh
82Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
83Filexxxx.xxxpredictiveMedium
84Filexxxxxxxxx.xxxpredictiveHigh
85Filexxxx_xxxxxxx_xxxx.xxxpredictiveHigh
86Filexxxx/xxxx-x-xxxxxx.xpredictiveHigh
87Filexx-xxxxx.xxxpredictiveMedium
88Filexx-xxxxxxxxx.xxxpredictiveHigh
89Filexxxxxxxxxxxx.xxxpredictiveHigh
90File_xxxxxxxxx.xxxpredictiveHigh
91Libraryxxx.xxx/xxxxxxx.xxxxxxx/xxxx.xxx/xxxxxxx.xxxxxxx.xxxxxx.xxxpredictiveHigh
92Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
93Libraryxxxxxxx/xxx.xxx.xxx.xxxpredictiveHigh
94Libraryxxxx.xxx.xxxpredictiveMedium
95ArgumentxxxxxpredictiveLow
96Argumentxxxxxxxx_xxxxpredictiveHigh
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxx_xxxpredictiveMedium
99ArgumentxxxxxpredictiveLow
100ArgumentxxxxpredictiveLow
101ArgumentxxxpredictiveLow
102Argumentxxx_xxpredictiveLow
103Argumentxxxxxxx[x][xxxx]predictiveHigh
104ArgumentxxxxxxpredictiveLow
105ArgumentxxxxxxxxxxpredictiveMedium
106Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
107ArgumentxxxxxxxxxxxxpredictiveMedium
108ArgumentxxxxxxxxpredictiveMedium
109ArgumentxxxxxxxxpredictiveMedium
110ArgumentxxxxxxxxpredictiveMedium
111ArgumentxxxxxxxpredictiveLow
112Argumentxxxxxx_xxxxpredictiveMedium
113ArgumentxxxxxpredictiveLow
114Argumentxxxxx_xxxx_xxxxpredictiveHigh
115ArgumentxxxxxpredictiveLow
116ArgumentxxxxxxxxxpredictiveMedium
117Argumentxx_xxxxxxxpredictiveMedium
118ArgumentxxxxpredictiveLow
119ArgumentxxxxxxxpredictiveLow
120Argumentxxxxx xxxxpredictiveMedium
121Argumentxxxxxxx_xxxxxxxpredictiveHigh
122Argumentxxxxxxxxxxxxxx[xxxxxxxxxxxxxxxxxx]predictiveHigh
123Argumentxxxx[xxxxxxx]predictiveHigh
124ArgumentxxxxxxxxpredictiveMedium
125ArgumentxxxxpredictiveLow
126ArgumentxxpredictiveLow
127ArgumentxxxxxxxxxpredictiveMedium
128Argumentxxxxx_xxxpredictiveMedium
129ArgumentxxxxpredictiveLow
130ArgumentxxxxxxxpredictiveLow
131Argumentxxx_xxxx_xxxxpredictiveHigh
132ArgumentxxxpredictiveLow
133Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
134Argumentxxxxxxxxx_xxxx_xxxxpredictiveHigh
135Argumentxxxxxxx_xxxxpredictiveMedium
136Argumentxxxxx_xxxpredictiveMedium
137Argumentxxxxxx_xxxxxx[xxxxxx_xxxx]predictiveHigh
138ArgumentxxxxpredictiveLow
139ArgumentxxxxxxpredictiveLow
140Argumentxxxx_xxxxpredictiveMedium
141ArgumentxxxxxxxxxpredictiveMedium
142Argumentxxxxx_xxxx_xxxpredictiveHigh
143Argumentxxxxx_xxxx_xxxxpredictiveHigh
144Argumentxxxxxxx_xxxpredictiveMedium
145ArgumentxxpredictiveLow
146Argumentxxxxxxxxxx[x]predictiveHigh
147Argumentxx_xxxxpredictiveLow
148ArgumentxxxxxxpredictiveLow
149ArgumentxxxxxpredictiveLow
150ArgumentxxxxxxxxxxpredictiveMedium
151ArgumentxxxxxxxpredictiveLow
152Argumentxxxx_xxxxpredictiveMedium
153ArgumentxxxpredictiveLow
154ArgumentxxxxxxpredictiveLow
155Argumentxxxxxx_xxxxxxpredictiveHigh
156Argumentxxx_xxxxxpredictiveMedium
157Argumentxxxx_xxxxpredictiveMedium
158ArgumentxxxpredictiveLow
159Argumentxx_xxpredictiveLow
160Argumentxxxxxxxx_xxxpredictiveMedium
161Argumentxxx_xxxxxxxxxxxxpredictiveHigh
162ArgumentxxxxxxxxxxpredictiveMedium
163Argumentxx_xxpredictiveLow
164ArgumentxxxxxxxxxxxpredictiveMedium
165Argument_xxxx[_xxx_xxxx_xxxxpredictiveHigh
166Input ValuexxxxpredictiveLow
167Input ValuexxxxxxpredictiveLow
168Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh
169Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!