Statc Stealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (94)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en90
ja2
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

de94

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Statc Stealer1
RisePro1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined50
Operating System8
Web Browser8
Remote Access Software2
Anti-Malware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined22
Google8
Apple4
Linux4
Azure RTOS2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Chrome6
Linux Kernel4
Azure RTOS USBX2
Backdoor.Win32.Pazus.182
Microsoft Windows2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Intelbras TIP200/TIP200LITE/TIP300 cgiServer.exx pathname traversal5.45.4$0-$5k$0-$5kNot DefinedNot Defined0.001890.00CVE-2020-13886
2cym1102 nginxWebUI upload unrestricted upload4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.35CVE-2024-3736
3Campcodes Complete Online Student Management System courses_view.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.26CVE-2024-3531
4Campcodes House Rental Management System view_payment.php sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.26CVE-2024-3696
5SourceCodester Kortex Lite Advocate Office Management System deactivate_case.php sql injection4.74.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.18CVE-2024-3617
6Campcodes Church Management System admin_user.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.18CVE-2024-3541
7SMI SMI-EX-5414W Web Interface cross-site request forgery4.33.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000450.26CVE-2024-3873
8TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010757.25CVE-2006-6168
9DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.70CVE-2010-0966
10Genetechsolutions Pie Register User Account pie-register.php access control5.34.8$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.088230.04CVE-2014-8802
11MediaTek EN7528/EN7580 Boa command injection8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.003260.03CVE-2022-32665
12V-SFT/TELLUS Image File out-of-bounds write7.06.9$0-$5k$0-$5kNot DefinedNot Defined0.000650.00CVE-2022-43448
13Sage XRT Business Exchange Add Currencies/Payment Order/Transfer History sql injection7.17.1$0-$5k$0-$5kNot DefinedNot Defined0.000710.00CVE-2022-34324
14w3c Unicorn ValidatorNuMessage.java ValidatorNuMessage cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.03CVE-2021-4296
15jerryhanjj ERP Commodity Management inventory.php uploadImages unrestricted upload7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000800.06CVE-2022-3944
16oretnom23 Food Ordering Management System place-order.php cross site scripting3.63.5$0-$5k$0-$5kProof-of-ConceptNot Defined0.000560.09CVE-2022-43046
17GitLab Community Edition/Enterprise Edition External Status Check cross site scripting5.05.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001570.39CVE-2022-2904
18Metabase Malicious Request information disclosure5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000620.00CVE-2022-39358
19Linux Kernel nftables nft_osf_eval information disclosure4.74.5$5k-$25k$0-$5kNot DefinedOfficial Fix0.000450.08CVE-2022-42432

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
195.217.5.87static.87.5.217.95.clients.your-server.deStatc Stealer08/20/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-23Path TraversalpredictiveHigh
2T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
3T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
4TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-102CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (39)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/admin_user.phppredictiveHigh
2File/adminPage/main/uploadpredictiveHigh
3File/control/deactivate_case.phppredictiveHigh
4File/foms/place-order.phppredictiveHigh
5Fileadclick.phppredictiveMedium
6Filexxxxx/predictiveLow
7Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
8Filexxx-xxx/xxxxxxxxx.xxxpredictiveHigh
9Filexxx_xxxx.xpredictiveMedium
10Filexxxxxxx_xxxx.xxxpredictiveHigh
11Filexxx.xxxpredictiveLow
12Filexxxxxxx/xxxxx/xxx-xxxxxxx/xxxxxxx.xpredictiveHigh
13Filexxx/xxxxxx.xxxpredictiveHigh
14Filexxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxxxxxxxxx.xxxpredictiveHigh
16Filexxxxxxxxxx/xxxxxxx.xpredictiveHigh
17Filexxxxxxxxxx.xxxpredictiveHigh
18Filexxx/xxx_xxxxx/xx_xxxxx.xpredictiveHigh
19Filexx/xxxxpredictiveLow
20Filexxx-xxxxxxxx.xxxpredictiveHigh
21Filexxxxxxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxxxx.xxxpredictiveMedium
23Filexxxxxx.xxxpredictiveMedium
24Filexxx/xxx/xxx/xxxxxxx/xxxxxxxx/xxxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
25Filexxxx-xxxxxxxx.xxxpredictiveHigh
26Filexxxxxxxxxxx.xxxpredictiveHigh
27Filexx_xxxx_xxxxx_xxxx_xxxx.xpredictiveHigh
28Filexxxx_xxxxxxx.xxxpredictiveHigh
29Filexxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
30ArgumentxxxxxxxxpredictiveMedium
31ArgumentxxxxxxxxxpredictiveMedium
32ArgumentxxxxxxxxxxxpredictiveMedium
33Argumentxxxx/xxpredictiveLow
34ArgumentxxpredictiveLow
35ArgumentxxxxxxxxxxxpredictiveMedium
36ArgumentxxxxxxxpredictiveLow
37ArgumentxxxxpredictiveLow
38Argumentxxxx_xxxxpredictiveMedium
39Argumentxxxx xxxx/xxxxxxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!