ObserverStealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (155)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	132
ru	14
it	4
zh	2
pl	2

Country

us	132
it	2

Actors

RecordBreaker	3
Raccoon	3
RedLine Stealer	3
Stealc	3
ObserverStealer	3

Activities

Interest

Timeline

Type

Not Defined	28
WordPress Plugin	6
Content Management System	4
Programming Language Software	4
Forum Software	4

Vendor

Not Defined	22
DZCP	4
Reality	2
Francisco Burzi	2
PHP Scripts Mall	2

Product

Reality Medias Phpizabi	2
WordPress	2
Francisco Burzi PHP-Nuke	2
PHP Scripts Mall Multi Language Olx Clone Script	2
RealFaviconGenerator Favicon Plugin	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Indexu suggest_category.php cross site scripting	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00000	0.06
2	Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption	8.3	8.2	$25k-$100k	$0-$5k	High	Official Fix	0.96668	0.04	CVE-2023-4966
3	Joomla CMS com_easyblog sql injection	6.3	6.1	$5k-$25k	$5k-$25k	Not Defined	Not Defined	0.00000	0.37
4	TikiWiki tiki-register.php input validation	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01075	8.76	CVE-2006-6168
5	DZCP deV!L`z Clanportal config.php code injection	7.3	6.6	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00943	0.49	CVE-2010-0966
6	PHP Link Directory Administration Page index.html cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00374	0.25	CVE-2007-0529
7	PHPizabi index.php path traversal	6.5	5.7	$0-$5k	$0-$5k	Unproven	Unavailable	0.00826	0.12	CVE-2008-3723
8	SPIP spip.php cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00132	0.46	CVE-2022-28959
9	RealFaviconGenerator Favicon Plugin class-favicon-by-realfavicongenerator-admin.php install_new_favicon cross-site request forgery	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00236	0.18	CVE-2015-10116
10	Intelliants eSyndiCat suggest-category.php cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00257	0.04	CVE-2010-4504
11	LogicBoard CMS away.php redirect	6.3	6.1	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00000	1.84
12	PHP Scripts Mall Multi Language Olx Clone Script cross site scripting	5.2	4.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00115	0.02	CVE-2018-6845
13	DZCP Witze Addon index.php sql injection	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.00261	0.05	CVE-2012-5000
14	Storytlr cross site scripting	4.3	4.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00134	0.09	CVE-2014-100037
15	YaBB cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00172	0.04	CVE-2005-4426
16	YaBB yabb.pl cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01240	0.04	CVE-2004-2402
17	Reality Medias Phpizabi File Upload image.php access control	10.0	9.4	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01894	0.08	CVE-2008-0805
18	Adobe ColdFusion Authentication credentials management	5.6	5.4	$0-$5k	$0-$5k	High	Official Fix	0.86185	0.00	CVE-2013-0625
19	TCL 30Z/10 access control	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00043	0.05	CVE-2023-38295
20	git-ecosystem git-credential-manager permission assignment	5.3	5.3	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00043	0.00	CVE-2024-32478

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Actor	Identified	Type	Confidence
1	5.42.64.13	ObserverStealer	11/11/2023	verified	High
2	X.XX.XX.X	Xxxxxxxxxxxxxxx	04/06/2024	verified	High
3	X.XX.XX.XX	Xxxxxxxxxxxxxxx	02/10/2024	verified	High
4	XX.XXX.XXX.XX	Xxxxxxxxxxxxxxx	07/07/2023	verified	High

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
6	TXXXX	CAPEC-108	CWE-XX, CWE-XX	Xxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxx Xxxxxxxxxxxxx	predictive	High
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
9	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
10	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (46)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/forum/away.php	predictive	High
2	File	/oauth/idp/.well-known/openid-configuration	predictive	High
3	File	/settings/account	predictive	High
4	File	/spip.php	predictive	Medium
5	File	/userLogin.asp	predictive	High
6	File	admin.php3	predictive	Medium
7	File	xxxxx/xxxxx-xxxxxxx-xx-xxxxxxxxxxxxxxxxxxxx-xxxxx.xxx	predictive	High
8	File	xxx_xxxxxxxxx.xxx	predictive	High
9	File	xxxxx.xxx	predictive	Medium
10	File	xxxxx.xxx	predictive	Medium
11	File	xxx/xxxxxx.xxx	predictive	High
12	File	xxx/xxxxxxxxxxx/xxxxxxx.xxx	predictive	High
13	File	xxxxx.xxxx	predictive	Medium
14	File	xxxxx.xxx	predictive	Medium
15	File	xxxxx.xxx/xxxxxxxxx_xxxx/xxx_xxxxxxx_xxxxxxxxxx/	predictive	High
16	File	xxxxxxxxxxxxx.xxx	predictive	High
17	File	xxxxx/xxxxx.xxx	predictive	High
18	File	xxx_xxxx.xxx	predictive	Medium
19	File	xxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxx	predictive	High
20	File	xxxxxxxxxx_xxxxx.xxxxxx	predictive	High
21	File	xxxxxxx-xxxxxxxx.xxx	predictive	High
22	File	xxxxxxx-xxxxxxx.xxx	predictive	High
23	File	xxxxxxx_xxxxxxxx.xxx	predictive	High
24	File	xxxx-xxxxx.xxx	predictive	High
25	File	xxxx-xxxxxxxx.xxx	predictive	High
26	File	xxxxx/xx_xxxx.x	predictive	High
27	File	xx-xxxxxxxx/xxxxx-xx-xxxxxx-xxxxxx.xxx	predictive	High
28	File	xxxxxx.xxx	predictive	Medium
29	File	xxxx.xx	predictive	Low
30	File	xxxxxxxxxxxx.xxx	predictive	High
31	Argument	xxx/xxx	predictive	Low
32	Argument	xxxxxxxx	predictive	Medium
33	Argument	xxxxx	predictive	Low
34	Argument	xxxxxxx	predictive	Low
35	Argument	xxxxxxx	predictive	Low
36	Argument	xxxxx	predictive	Low
37	Argument	xxxxx_xxx	predictive	Medium
38	Argument	xxxx	predictive	Low
39	Argument	xxxxxxxx	predictive	Medium
40	Argument	xxxxxx_xxx	predictive	Medium
41	Argument	xx	predictive	Low
42	Argument	xxxxxxx_xx	predictive	Medium
43	Argument	xx_xxxx	predictive	Low
44	Argument	xxxxxx	predictive	Low
45	Argument	xxxxx	predictive	Low
46	Input Value	xxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+	predictive	High

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!