Vector Stealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (10)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	10

Country

us	10

Actors

Tofsee	1
LokiBot	1
Mirai	1
STRRAT	1
Remcos	1

Activities

Interest

Timeline

Type

Not Defined	8

Vendor

Franklin Fueling Systems	2
Hirschmann	2
Not Defined	2
Fortinet	2

Product

Franklin Fueling Systems Colibri Controller Module	2
Hirschmann BAT-C2	2
pdfkit	2
Fortinet FortiADC	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Franklin Fueling Systems Colibri Controller Module path traversal	8.0	8.0	$0-$5k	$0-$5k	Not Defined	Not Defined	0.64772	0.07	CVE-2021-46417
2	Fortinet FortiADC cross site scripting	6.4	6.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00070	0.04	CVE-2022-38374
3	pdfkit URL command injection	8.1	8.1	$0-$5k	$0-$5k	Not Defined	Not Defined	0.38667	0.00	CVE-2022-25765
4	Hirschmann BAT-C2 Web Server FsCreateDir command injection	7.1	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00129	0.00	CVE-2022-40282
5	perfSONAR Search cross-site request forgery	4.3	4.2	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00074	0.00	CVE-2022-41413
6	vsftpd Service Port 6200 os command injection	8.5	8.4	$25k-$100k	$25k-$100k	Not Defined	Workaround	0.85861	0.05	CVE-2011-2523
7	Apache Airflow Pig Provider os command injection	8.0	7.9	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00469	0.00	CVE-2022-40189
8	gl-inet GL-MT300N-V2 Mango/GL-AX1800 Flint command injection	6.1	5.9	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00045	0.02	CVE-2022-31898

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Campaigns	Identified	Type	Confidence
1	185.246.220.65		Vector Stealer		04/02/2024	verified	High

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
3	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (4)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	Argument	dir	predictive	Low
2	Argument	xxxx_xxxx/xxxxx_xxxx	predictive	High
3	Argument	xxxx	predictive	Low
4	Network Port	xxx/xxxx	predictive	Medium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!