NodeStealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (21)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en18
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

tt8
es4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

NodeStealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined10
Operating System2
Automation Software2
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined8
Linux2
Apache2
Discuz!2
Rockwell Automation2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

FreeRDP2
Linux Kernel2
LibEtPan2
Apache Spark2
Discuz! DiscuzX2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1FreeRDP ZGFX Decoder out-of-bounds4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.001220.00CVE-2022-39316
2Apache Spark UI command injection7.17.0$5k-$25k$0-$5kHighOfficial Fix0.972900.00CVE-2022-33891
3Cisco Email Security Appliance Antispam Protection Mechanism input validation6.66.3$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001290.00CVE-2020-3368
4Joomla sql injection6.36.3$5k-$25k$5k-$25kNot DefinedNot Defined0.001420.05CVE-2022-23797
5nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.98CVE-2020-12440
6Crayon Syntax Highlighter Plugin cross-site request forgery4.34.2$0-$5k$0-$5kNot DefinedNot Defined0.000580.07CVE-2022-47167
7Html5 Audio Player Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2023-0170
8WP Blog and Widget Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2022-4824
9jQuery Countdown Widget Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.02CVE-2023-0171
10Leaflet Maps Marker Plugin Shortcode cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2022-4677
11LibEtPan mailimap_types.c mailimap_mailbox_data_status_free null pointer dereference4.94.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000570.00CVE-2022-4121
12Linux Kernel Slip Driver slip.c sl_tx_timeout use after free6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.08CVE-2022-41858
13Rockwell Automation MicroLogix 1100/MicroLogix 1400 Embedded Webserver cross site scripting5.85.8$0-$5k$0-$5kNot DefinedNot Defined0.000610.02CVE-2022-46670
14BigBlueButton Webcams Lock Setting insertion of sensitive information into sent data6.16.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001200.00CVE-2022-23488
15LibVNCServer rfbproto.c allocation of resources9.89.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001330.00CVE-2020-14405
16Discuz! DiscuzX WeChat Login plugin.php 7pk security7.77.7$0-$5k$0-$5kNot DefinedNot Defined0.004560.00CVE-2018-20423

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
134.82.20.8484.20.82.34.bc.googleusercontent.comNodeStealer11/09/2023verifiedMedium

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
2TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-12CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (5)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1Filedrivers/net/slip/slip.cpredictiveHigh
2Filelibvncclient/rfbproto.cpredictiveHigh
3Filexxx-xxxxx/xxxx/xxxxxxxx_xxxxx.xpredictiveHigh
4Filexxxxxx.xxxpredictiveMedium
5ArgumentxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!