StealthWorker Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (49)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38
ru4
pl4
de2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us26
ru12

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

StealthWorker3
Cobalt Strike2
Sality1
SmokeLoader1
RisePro1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined16
Content Management System6
Document Reader Software4
Programming Tool Software2
Connectivity Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined22
Adobe4
Icinga2
b3log2
Microsoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

WordPress4
Adobe Acrobat Reader4
libming2
Icinga Core2
OpenSSH2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Internet Solutions Professionals Site Man Login admin_login.asp sql injection7.36.7$0-$5k$0-$5kProof-of-ConceptWorkaround0.006700.00CVE-2006-1586
2WordPress wp-trackback.php mb_convert_encoding cryptographic issues5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.033580.00CVE-2009-3622
3Imperva SecureSphere Login Page secsphLogin.jsp credentials management7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.004320.00CVE-2013-4091
4AccessAlly Plugin product-shortcode.php information disclosure5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.030580.00CVE-2021-24226
5Emefa Emefa Guestbook sign.asp cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.006240.00CVE-2005-2650
6Dragon Path Bharti Airtel Routers Hardware BDT-121 Admin Page cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000530.04CVE-2022-28507
7nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.025420.00CVE-2018-16844
8Stock Management System manage_bo.php sql injection8.07.9$0-$5k$0-$5kNot DefinedNot Defined0.000910.05CVE-2023-51951
9CODESYS V2 Runtime Toolkit/PLCWinNT Request memory corruption7.27.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000810.02CVE-2021-34595
10MaxBoard File Upload unrestricted upload8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001880.00CVE-2021-26634
11YaPiG view.php cross site scripting4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.013350.00CVE-2005-1886
12WordPress wp-register.php cross site scripting4.34.2$5k-$25k$0-$5kHighUnavailable0.003220.00CVE-2007-5105
13MetInfo URL Redirector login.php redirect6.66.6$0-$5k$0-$5kNot DefinedNot Defined0.001070.00CVE-2017-11718
14phpRaid register.php privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.04
15vu Mass Mailer Login Page redir.asp sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.002380.03CVE-2007-6138
16DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.48CVE-2010-0966
17probe.cgi privileges management7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.057560.04CVE-2005-2178
18Ibrow News Desk newsdesk.cgi privileges management5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.019080.00CVE-2001-0232
19Interguias NetHoteles CHAP ficha.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000870.00CVE-2009-1346
20nginx ngx_http_mp4_module information disclosure5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001980.05CVE-2018-16845

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
15.45.69.149northgarden.ruStealthWorker03/07/2019verifiedHigh
2X.XXX.X.XXXxxxxxxxxxxxx03/07/2019verifiedHigh
3X.XX.XX.XXXxxxxxxxxxxxx03/07/2019verifiedHigh
4XXX.XXX.XXX.XXXXxxxxxxxxxxxx03/07/2019verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (42)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/settings/avatarpredictiveHigh
2Fileadmin_login.asppredictiveHigh
3Filebin/icingapredictiveMedium
4Filecustom/run.cgipredictiveHigh
5Fileficha.phppredictiveMedium
6Filexxx/xxxxxx.xxxpredictiveHigh
7Filexxxxx.xxxpredictiveMedium
8Filexxxxxx_xx.xxxpredictiveHigh
9Filexxxxxx/xxxxx.xxxpredictiveHigh
10Filexxxxxx.xxpredictiveMedium
11Filexxxxxxxx.xxxpredictiveMedium
12Filexxx.xxxpredictiveLow
13Filexxx/xxxxx.xxxxpredictiveHigh
14Filexxxxx.xxxpredictiveMedium
15Filexxxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxxxxxxx/xxxxxxxx/xxxxxxx/xxxxxxx-xxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxx.xxxpredictiveHigh
19Filexxxx.xxxpredictiveMedium
20Filexxxx/xxxxxxxxxxxx.xpredictiveHigh
21Filexxxx.xxxpredictiveMedium
22Filexx-xxxxxxxx.xxxpredictiveHigh
23Filexx-xxxxxxxxx.xxxpredictiveHigh
24Argumentxxxxxxxxxx_xxxxx_xxxxpredictiveHigh
25ArgumentxxxxxxxxpredictiveMedium
26ArgumentxxxxxxxxxpredictiveMedium
27ArgumentxxxxxxxpredictiveLow
28ArgumentxxxxxxxxxxxpredictiveMedium
29ArgumentxxxxxxxxxxxpredictiveMedium
30ArgumentxxxxxpredictiveLow
31ArgumentxxpredictiveLow
32Argumentxx_xxxxxxxxxxxxxxxpredictiveHigh
33ArgumentxxxxxxpredictiveLow
34ArgumentxxxxxxpredictiveLow
35ArgumentxxxxpredictiveLow
36ArgumentxxxxxxxxpredictiveMedium
37ArgumentxxxxxxxxpredictiveMedium
38ArgumentxxxxpredictiveLow
39Argumentxxxxxxx_xxxpredictiveMedium
40ArgumentxxxpredictiveLow
41ArgumentxxxxxxxxxxxxxpredictiveHigh
42Argumentxxxx_xxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!