WASP Stealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (179)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en122
ru36
de10
es10
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us106
ru58
ua4
ly2
jp2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

WASP Stealer7
RedLine Stealer6
Cobalt Strike3
Remcos2
Sliver2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined74
WordPress Plugin8
Operating System8
Programming Language Software6
Smartphone Operating System6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined68
Microsoft6
Apple6
Fortinet6
Google6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows6
jQuery4
Google Android4
Pingkon HMS-PHP2
SimpleSAMLphp simplesamlphp-module-openid2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.65CVE-2020-12440
2AppServ Open Project denial of service7.57.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.095990.00CVE-2005-4296
3Citrix Metaframe login.asp cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.008670.00CVE-2003-1157
4Cacti XML Template File templates_import.php cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000690.00CVE-2023-50569
5Moment.js path traversal6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.003300.09CVE-2022-24785
6Cutephp CuteNews Protection Feature shows.inc.php denial of service7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.029460.00CVE-2005-3010
7Apache Tomcat JmxRemoteLifecycleListener access control9.89.6$5k-$25k$0-$5kHighOfficial Fix0.251150.08CVE-2016-8735
8Bitrix Site Manager Vote Module Remote Code Execution7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.006680.04CVE-2022-27228
9Microsoft Windows Remote Desktop Protocol Remote Code Execution7.06.4$25k-$100k$5k-$25kUnprovenOfficial Fix0.002540.03CVE-2023-35332
10myPHPCalendar admin.php file inclusion7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.025760.04CVE-2006-6812
11Squitosoft Squito Gallery photolist.inc.php memory corruption7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.013710.04CVE-2005-2258
12DUware DUdownload detail.asp sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.002540.03CVE-2006-6367
13Trevor Hogan BNBT Util_DecodeHTTPAuth denial of service5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.102550.00CVE-2004-2029
14AWStats awstats.pl pathname traversal5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.004990.03CVE-2020-35176
15Metertek pagelog.cgi path traversal6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.010470.00CVE-2000-0940
16Cutephp CuteNews show_archives.php path traversal5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.068460.00CVE-2005-3507
17GNU Mailman Admin Login Page/Pipermail Index Summary cross site scripting6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014800.03CVE-2002-0388
18Craig Patchett Fileseek FileSeek.cgi path traversal5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.049640.00CVE-2002-0611
19JetBrains IntelliJ IDEA License Server authentication spoofing7.77.4$0-$5k$0-$5kNot DefinedOfficial Fix0.002220.03CVE-2020-11690
20Import any XML or CSV File Plugin ZIP File unrestricted upload5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001060.04CVE-2023-7082

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Invisible Challenge

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.86.190.205ec2-3-86-190-205.compute-1.amazonaws.comWASP Stealer06/21/2023verifiedMedium
24.201.87.248WASP Stealer06/21/2023verifiedHigh
318.204.35.132ec2-18-204-35-132.compute-1.amazonaws.comWASP Stealer06/21/2023verifiedMedium
4XX.XXX.XX.XXXxxx Xxxxxxx06/21/2023verifiedHigh
5XX.XXX.X.XXXXxxx Xxxxxxx06/21/2023verifiedHigh
6XX.XXX.XXX.XXxx.xxx.xxx.xx.xx.xxxxxxxxxxxxxxxxx.xxxXxxx Xxxxxxx06/21/2023verifiedMedium
7XX.XX.XX.XXXXxxx Xxxxxxx06/21/2023verifiedHigh
8XX.XXX.XXX.XXXXxxx XxxxxxxXxxxxxxxx Xxxxxxxxx12/06/2022verifiedHigh
9XX.XXX.XXX.XXxxx-xx-xxx-xxx-xx.xxxxxxx-x.xxxxxxxxx.xxxXxxx Xxxxxxx06/21/2023verifiedMedium
10XX.XX.XXX.XXXxx-xx-xx-xxx-xxx-xxxxx.xxx.xxxxxx-xx-xxxx.xxxXxxx Xxxxxxx06/21/2023verifiedHigh
11XX.XXX.X.XXXxx.xxxxxxxXxxx Xxxxxxx06/21/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (12)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-150CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
9TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-112CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
12TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (137)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/admin.phppredictiveHigh
2File/admin/index2.htmlpredictiveHigh
3File/api/baskets/{name}predictiveHigh
4File/application/index/controller/Databasesource.phppredictiveHigh
5File/livesite/edit_designer_region.phppredictiveHigh
6File/view-pass-detail.phppredictiveHigh
7File/wp-admin/options-general.phppredictiveHigh
8Fileadmin.color.phppredictiveHigh
9Fileadmin.cropcanvas.phppredictiveHigh
10Fileadmin.joomlaradiov5.phppredictiveHigh
11Fileadmin.phppredictiveMedium
12Fileadmin/addons/archive/archive.phppredictiveHigh
13Fileadministrator/components/com_media/helpers/media.phppredictiveHigh
14Fileadmin\model\catalog\download.phppredictiveHigh
15Fileakocomments.phppredictiveHigh
16Filealbum_portal.phppredictiveHigh
17Filexx_xxxxxxxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxx/xxxxxxx/xxxx/xxxxx.xxxpredictiveHigh
20Filexxxxx.xxxpredictiveMedium
21Filexxx_xxxxxxxxx.xxxpredictiveHigh
22Filexxx-xxx/xxxxxxx.xxpredictiveHigh
23Filexxxxxxx.xxx.xxxpredictiveHigh
24Filexxxxxx/xxxx.xxxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxxxxx_xxxxx.xxxpredictiveHigh
27Filexxxxxxxxx/xx_xxxxx.xxxxx.xxxpredictiveHigh
28Filexxxxxx.xxxpredictiveMedium
29Filexxxxxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxxxx_xxxxxxx.xxpredictiveHigh
32Filexxxxxxxx.xxxpredictiveMedium
33Filexxxxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxx.xxxpredictiveMedium
35Filexxx/xxxxx.xxx.xxxpredictiveHigh
36Filexxxxxxx.xxxpredictiveMedium
37Filexxxxx.xxxpredictiveMedium
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxx/xxxxxx/xxxxx.xxxpredictiveHigh
40Filexxxxxx/xxxxxx/xxx_x.xxxpredictiveHigh
41Filexxxx_xxxx.xxxpredictiveHigh
42Filexxxxx.xxxpredictiveMedium
43Filexxxxx.xxxpredictiveMedium
44Filexxxxx/predictiveLow
45Filexxxxxxx.xxxpredictiveMedium
46Filexxxxxxxx.xxxpredictiveMedium
47Filexxxx_xxxx.xxxpredictiveHigh
48Filexxxxxxx.xxxpredictiveMedium
49Filexxxxxxxxx.xxx.xxxpredictiveHigh
50Filexxxxxxxxxxx.xxxxpredictiveHigh
51Filexxxxxxxxxxxxxx.xxxpredictiveHigh
52Filexxxxxxx_xxxxxx_xxxxxxxxxx.xxxpredictiveHigh
53Filexxx.xpredictiveLow
54Filexxxxxxx.xxxpredictiveMedium
55Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
56Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
57Filexxxx_xxxxxxx_xxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxxxxx.xxxpredictiveHigh
59Filexxxx_xxxxxxxx.xxxpredictiveHigh
60Filexxxx_xxxxxxxx.xxx/xxxx_xxxx.xxxpredictiveHigh
61Filexxxxxx.xxxpredictiveMedium
62Filexxxxxx_xxxxxx.xxxpredictiveHigh
63Filexxxxx_xxxxx.xxxpredictiveHigh
64Filexxxxxxxxx/xxxxxxxxxxpredictiveHigh
65Filexxxxxxxxx/xxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxxx_xxxxxx.xxxpredictiveHigh
67Filexxxx_xxx_xxxx.xxxpredictiveHigh
68Filexxxxxxx-xxxxxx.xxxpredictiveHigh
69Filexxxx_xxxx.xxxpredictiveHigh
70Filexxxxxxx.xxxxpredictiveMedium
71Libraryxxxxxx[xxxxxx_xxxxpredictiveHigh
72Libraryxxxxxxxx-x.x/xxxxxxxx.xxxpredictiveHigh
73ArgumentxxxxxxxxxxxpredictiveMedium
74ArgumentxxxxxxpredictiveLow
75ArgumentxxxxxxxxxpredictiveMedium
76Argumentxxxx_xxxpredictiveMedium
77ArgumentxxxxxxpredictiveLow
78Argumentxxxxxx_xxxxxpredictiveMedium
79Argumentxxx_xxxpredictiveLow
80ArgumentxxxpredictiveLow
81Argumentxxx_xxpredictiveLow
82Argumentxxxx_xxpredictiveLow
83ArgumentxxxxxxxpredictiveLow
84ArgumentxxxxxxxxxxxxpredictiveMedium
85ArgumentxxxxxxpredictiveLow
86ArgumentxxxxxxxxxxpredictiveMedium
87Argumentxxxxxx[xxxxxx_xxxx]predictiveHigh
88Argumentxxxxxxx_xxpredictiveMedium
89ArgumentxxxxxxxxxxxxpredictiveMedium
90ArgumentxxxxxxxxxxxpredictiveMedium
91ArgumentxxxxpredictiveLow
92ArgumentxxxxxxxpredictiveLow
93Argumentxxxxxx_xxxxx_xxxpredictiveHigh
94ArgumentxxxxxxxxpredictiveMedium
95Argumentxxxx/xxxxpredictiveMedium
96Argumentxxxx_xxxx_xxxxxxxpredictiveHigh
97Argumentxxxx_xxxxxx_xxpredictiveHigh
98Argumentxxxx_xxxxxpredictiveMedium
99ArgumentxxpredictiveLow
100ArgumentxxpredictiveLow
101ArgumentxxxxxxxxxpredictiveMedium
102ArgumentxxxxpredictiveLow
103ArgumentxxxxxpredictiveLow
104Argumentxxxxx_xxxxxx_xxx/xxxxx_xxxx_xxxxxxxxpredictiveHigh
105ArgumentxxxxpredictiveLow
106Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
107Argumentxxxxxxxxx_xxxx_xxxxpredictiveHigh
108Argumentxxxx/xxxxxxxpredictiveMedium
109Argumentxxxx_xxpredictiveLow
110Argumentxxxxx_xxxxxxxpredictiveHigh
111Argumentxxxxx_xxxpredictiveMedium
112ArgumentxxxxxxxxxpredictiveMedium
113Argumentxxxxx_xxxx_xxxxpredictiveHigh
114Argumentxxxxx_xxxxxxx_xxxxpredictiveHigh
115Argumentxxxxxxx_xxxpredictiveMedium
116ArgumentxxxpredictiveLow
117ArgumentxxxxxpredictiveLow
118ArgumentxxxxxxpredictiveLow
119ArgumentxxxxxxxpredictiveLow
120Argumentxxxx_xxxpredictiveMedium
121Argumentxxxxxxx_xxxxxx_xxxxx.xxxpredictiveHigh
122Argumentxxxxxx/xxxxxx_xxxxxxpredictiveHigh
123ArgumentxxxxxxxxxxpredictiveMedium
124ArgumentxxxxxxpredictiveLow
125ArgumentxxxxxxxxxpredictiveMedium
126ArgumentxxxxxxpredictiveLow
127ArgumentxxxxxxxxpredictiveMedium
128Argumentxx_xxxxxxxxxxxpredictiveHigh
129ArgumentxxxxxxxxxxxpredictiveMedium
130Argumentxxxxx/xxxxpredictiveMedium
131ArgumentxxxxxxxpredictiveLow
132ArgumentxxxxxpredictiveLow
133Argumentxxxxx_xxxpredictiveMedium
134Input Value../predictiveLow
135Input Value</xxxxxx >predictiveMedium
136Input Valuex==predictiveLow
137Input Value\xxx../../../../xxx/xxxxxxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!