MintStealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (40)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en36
fr2
ar2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us18
ps8
fr2
af2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

MintStealer3
RisePro2
Cobalt Strike2
Mirai2
Stealc2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Router Operating System6
Smartphone Operating System4
Operating System4
Asset Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined6
Google4
MikroTik4
Dreaxteam2
Thomas R. Pasawicz2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android4
MikroTik RouterOS4
PBC2
Dreaxteam Xt-News2
Thomas R. Pasawicz HyperBook Guestbook2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1T&W WIFI Repeater BE126 Upgrade Process improper authentication6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000910.04CVE-2018-9232
2Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
3SourceCodester Alphaware Simple E-Commerce System admin_index.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.001710.04CVE-2023-1503
4DD-WRT Web Interface cross-site request forgery7.56.9$0-$5k$0-$5kUnprovenNot Defined0.003120.04CVE-2012-6297
5Dreaxteam Xt-News show_news.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002020.00CVE-2006-6747
6Google Android Transcode Permission Controller getAvailabilityStatus permission5.35.1$5k-$25k$5k-$25kNot DefinedOfficial Fix0.000420.00CVE-2023-21005
7sudo neutralization for logs5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.04CVE-2023-28486
8Simple Art Gallery adminHome.php sql injection7.57.3$0-$5kCalculatingProof-of-ConceptNot Defined0.001440.00CVE-2023-1416
9obs-service-go_modules exceptional condition5.04.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-45155
10SourceCodester Design and Implementation of Covid-19 Directory on Vaccination System login.php sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.005310.00CVE-2023-1352
11PMB restaure_act.php Privilege Escalation8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.005280.00CVE-2023-24736
12Heimdal Fix CVE-2022-3437 integrity check5.05.0$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2022-45142
13IBM Maximo Asset Management/Maximo Application Suite Web UI cross site scripting5.15.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000580.00CVE-2022-35645
14Shenzhen Zhiboton ZBT WE1626 SPI Bus Interface information disclosure5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001510.00CVE-2022-45552
15Mozilla Firefox libaudio use after free5.04.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000460.00CVE-2023-25747
16Linux Kernel memory-tiers.c memory_tier_init return value5.55.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2023-23005
17Medtronic InsterStim Applications unverified password change5.85.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.00CVE-2023-25931
18CodeIgniter cross-site request forgery5.35.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001360.00CVE-2022-24712
19DrayTek Vigor/Vigor3910 wlogin.cgi buffer overflow9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.001820.10CVE-2022-32548
20Microsoft Windows Kernel unknown vulnerability2.92.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.000430.00CVE-2022-38022

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
185.114.96.2MintStealer03/03/2024verifiedHigh
295.214.25.207MintStealer08/30/2023verifiedHigh
3XXX.XX.XX.XXXxxxxxxxxxx03/03/2024verifiedHigh
4XXX.XX.XX.XXXxxxxxxxxxx10/29/2023verifiedHigh
5XXX.XX.XX.XXXxxxxxxxxxx04/10/2024verifiedHigh
6XXX.XX.XXX.XXXxxxxxxxxxx10/29/2023verifiedHigh
7XXX.XX.XXX.XXXXxxxxxxxxxx03/03/2024verifiedHigh
8XXX.XX.XXX.XXXXxxxxxxxxxx10/29/2023verifiedHigh
9XXX.XXX.XX.XXXXxxxxxxxxxx10/31/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
3TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (23)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/login.phppredictiveHigh
2File/cgi-bin/wlogin.cgipredictiveHigh
3File/htmlcode/html/system_reboot.asppredictiveHigh
4File/xxxxxxxxxx/xxxxxxxx_xxx.xxxpredictiveHigh
5Filexxxxx/xxxxx_xxxxx.xxxpredictiveHigh
6Filexxxxxxxxx.xxxpredictiveHigh
7Filexxxxxxxxx.xpredictiveMedium
8Filexxxxxxx.xxxpredictiveMedium
9Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxx.xxxpredictiveHigh
11Filexx/xxxxxx-xxxxx.xpredictiveHigh
12Filexxxx_xxxx.xxxpredictiveHigh
13Argumentxx/xxpredictiveLow
14Argumentxxxxx_xxxxxx_xxxxpredictiveHigh
15Argumentxxx_xxpredictiveLow
16ArgumentxxxpredictiveLow
17Argumentxx_xxxxpredictiveLow
18ArgumentxxxxxxxxxxxpredictiveMedium
19Argumentxxxxxx_xxxxxxxxpredictiveHigh
20ArgumentxxxxxxxpredictiveLow
21Argumentxxxxxxxxxxx/xxxxxxxxxxxpredictiveHigh
22Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
23Input Valuexxxxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!