Oski Stealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (42)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en40
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de14
us8
gr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Oski Stealer5
RedLine Stealer4
Nanocore RAT4
Mirai3
Ave Maria3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined30
Content Management System4
Server Management Software2
Cloud Software2
Log Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined24
Powerdev2
Huawei2
VMware2
Baltimore Technologies2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Powerdev EncapsBB2
Grav2
eNvoice2
Huawei Vicky-AL00A2
PHPWind2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1JetElements Plugin Privilege Escalation6.36.1$0-$5k$0-$5kNot DefinedNot Defined0.000490.03CVE-2023-39157
2ConsoleTVs Noxen users.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000680.09CVE-2022-2956
3SourceCodester Online Pizza Ordering System Login Page sql injection7.06.8$0-$5k$0-$5kProof-of-ConceptNot Defined0.002040.08CVE-2023-1455
4AWStats Config awstats.pl cross site scripting4.34.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.005870.08CVE-2006-3681
5Powerdev EncapsBB index_header.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.008200.00CVE-2005-0917
6TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010759.57CVE-2006-6168
7OpenBB read.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.002480.04CVE-2005-1612
8SourceCodester Online Computer and Laptop Store view_product.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000890.04CVE-2023-2659
9Prozilla Cheats view_reviews.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001370.00CVE-2008-1863
10SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.53CVE-2022-28959
11Responsive Menus Configuration Setting responsive_menus.module responsive_menus_admin_form_submit cross site scripting3.23.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.03CVE-2018-25085
12Oracle WebLogic Server Core information disclosure7.57.2$5k-$25k$0-$5kHighOfficial Fix0.958250.00CVE-2023-21839
13IBM Engineering Lifecycle Optimization Network Traffic access control5.04.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000500.00CVE-2021-39016
14codecov popen Privilege Escalation6.05.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000700.00CVE-2019-10800
15Navetti PricePoint cross-site request forgery7.36.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002010.04CVE-2017-20045
16Navetti PricePoint Reflected cross site scripting4.34.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000800.04CVE-2017-20044
17eNvoice information disclosure4.74.6$0-$5k$0-$5kNot DefinedNot Defined0.001500.00CVE-2021-36723
18CWP command injection8.48.2$0-$5k$0-$5kNot DefinedNot Defined0.005160.00CVE-2022-25048
19Northern.tech Mender Client improper authentication5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000510.04CVE-2022-32290
20MediaTek MT8797 WLAN Driver out-of-bounds write6.76.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-21785

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
12.56.57.108montoyalozano.imatee.comOski Stealer12/21/2023verifiedHigh
22.56.59.226Oski Stealer12/21/2023verifiedHigh
3X.XX.XXX.XXXxxx-x-xx-xxx-xxx.xxxxxxx-x.xxxxxxxxx.xxxXxxx Xxxxxxx04/02/2022verifiedMedium
4XX.X.XX.XXXXxxx Xxxxxxx12/21/2023verifiedHigh
5XX.XXX.XX.XXXxx.xxx.xx.xxx.xxxxxx.xxxxxxxxx.xxxXxxx Xxxxxxx12/21/2023verifiedHigh
6XX.XXX.XXX.XXxxxxxx.xx.xxx.xxx.xx.xxxxxxx.xxxx-xxxxxx.xxXxxx Xxxxxxx04/05/2023verifiedHigh
7XXX.XXX.XXX.XXXxxx Xxxxxxx12/21/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
2T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
3TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (29)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/Noxen-master/users.phppredictiveHigh
2File/product.phppredictiveMedium
3File/spip.phppredictiveMedium
4Fileadmin.phppredictiveMedium
5Filexxxxx/xxxx.xxx?xxxxxx=xxxxxxpredictiveHigh
6Filexxxxxxx.xxpredictiveMedium
7Filexxxxxx/xxxx.xxxpredictiveHigh
8Filexxxxxx_xxxxxxx.xxxpredictiveHigh
9Filexxxx.xxxpredictiveMedium
10Filexxxxx_xxxxxx.xxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxx.xxxpredictiveMedium
13Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
14Filexxxx-xxxxxxxx.xxxpredictiveHigh
15Filexxxx_xxxxxxx.xxxpredictiveHigh
16Filexxxx_xxxxxxx.xxxpredictiveHigh
17ArgumentxxxxxxxpredictiveLow
18ArgumentxxxxxxpredictiveLow
19Argumentxxxxxx_xxxx_xxxxxxxxpredictiveHigh
20ArgumentxxxxxpredictiveLow
21ArgumentxxpredictiveLow
22ArgumentxxxxxxxxxxxxpredictiveMedium
23Argumentxxxxxxxx-xxxxxpredictiveHigh
24ArgumentxxxxpredictiveLow
25ArgumentxxxpredictiveLow
26ArgumentxxxpredictiveLow
27Input Value"><xxxxxx>xxxxx(/xxx/)</xxxxxx>predictiveHigh
28Input Valuexxx%xxxx.xxx' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx) xxx 'xxxx'='xxxxpredictiveHigh
29Network PortxxxxpredictiveLow

References (4)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!