ModernLoader Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (56)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en54
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru6
us2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine Stealer3
ModernLoader3
Stealc3
Cobalt Strike3
Rhadamanthys3

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined28
Content Management System6
Health Information Software4
Game Console4
Banking Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined20
SourceCodester10
OpenMRS4
Sterc2
Little Apps2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Sterc Google Analytics Dashboard for MODX2
SourceCodester Lead Management System2
SourceCodester Blood Bank Management System2
ampleShop2
Com Casino2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SourceCodester Medical Certificate Generator App action.php sql injection8.17.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001160.03CVE-2023-0774
2Microsoft Exchange Server Remote Code Execution7.67.1$25k-$100k$0-$5kFunctionalOfficial Fix0.234410.06CVE-2021-31206
3SmarterTools SmarterMail Service Port 17001 uninitialized pointer8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.803500.07CVE-2019-7214
4Sony Playstation 3 Save Game PARAM.SFO privileges management7.47.0$25k-$100k$0-$5kProof-of-ConceptNot Defined0.000000.00
5VUBB usercp.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
6WordPress sql injection6.86.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.004670.04CVE-2022-21664
7PowerDNS Authoritative Server/PowerDNS Recursor Zone Transfer Privilege Escalation5.55.3$0-$5k$0-$5kNot DefinedOfficial Fix0.002600.04CVE-2022-27227
8SourceCodester Online School Fees System GET Parameter ajx.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000770.06CVE-2023-3340
9SourceCodester Theme Park Ticketing System GET Parameter print_ticket.php sql injection7.57.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000730.09CVE-2023-2865
10ampleShop youraccount.cfm sql injection7.37.3$0-$5k$0-$5kNot DefinedUnavailable0.006210.00CVE-2006-2038
11X-Man sql injection6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.001400.00CVE-2022-46021
12Ebay Feeds Plugin magpie_slashbox.php cross site scripting5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.001450.04CVE-2014-4525
13SourceCodester Music Gallery Site view_category.php sql injection6.46.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001320.04CVE-2023-1053
14SourceCodester Simple Payroll System POST Parameter cross site scripting3.23.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000600.07CVE-2023-1113
15Netgear WNDR3700v2 Web Management Interface denial of service6.05.8$5k-$25k$0-$5kProof-of-ConceptWorkaround0.001140.05CVE-2023-0848
16Netgear WNDR3700v2 Web Interface denial of service4.34.2$5k-$25k$0-$5kProof-of-ConceptNot Defined0.001350.00CVE-2023-0850
17Xoslab Easy File Locker xlkfs.sys MessageNotifyCallback denial of service6.36.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000420.03CVE-2023-0908
18SourceCodester Simple Food Ordering System process_order.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.001280.03CVE-2023-0902
19tinymighty WikiSEO Meta Property Tag WikiSEO.body.php modifyHTML cross site scripting5.55.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001520.18CVE-2015-10073
20NYUCCL psiTurk experiment.py special elements used in a template engine6.66.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.000880.04CVE-2021-4315

IOC - Indicator of Compromise (9)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
131.41.244.231ModernLoader12/21/2022verifiedHigh
231.41.244.235ModernLoader12/21/2022verifiedHigh
3XX.XXX.XX.XXXxxxxxxxxxxx05/06/2023verifiedHigh
4XX.XXX.XX.XXXxxxxxxxxxxx04/07/2023verifiedHigh
5XX.XXX.XX.XXXxxxxxxxxxxx12/21/2022verifiedHigh
6XX.XXX.XX.XXXXxxxxxxxxxxx12/21/2022verifiedHigh
7XX.XXX.XX.XXXXxxxxxxxxxxx01/03/2023verifiedHigh
8XX.XXX.XX.XXXXxxxxxxxxxxx12/27/2022verifiedHigh
9XXX.XXX.XX.XXXxxxxxxxxxxx04/20/2023verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXXXxxx Xxx Xxxxxxxxx Xxxxxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXXxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxx Xx X Xxxxxxxx XxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (72)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/ajax.php?action=save_windowpredictiveHigh
2File/admin/api/theme-edit/predictiveHigh
3File/face-recognition-php/facepay-master/camera.phppredictiveHigh
4File/forum/PostPrivateMessagepredictiveHigh
5File/home/masterConsolepredictiveHigh
6File/hrm/employeeadd.phppredictiveHigh
7File/hrm/employeeview.phppredictiveHigh
8Fileaction.phppredictiveMedium
9Fileadmin.php&r=article/AdminContent/editpredictiveHigh
10Filexxxxx/?xxxx=xxxxxpredictiveHigh
11Filexxxx/xx_*.xxxpredictiveHigh
12Filexxx.xxxpredictiveLow
13Filexxxxxxxxxxx/xxxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxx/xxxxxxxx/xxx/xxxxxx.xxxxxxxxx.xxxpredictiveHigh
15Filexxxxxx.xxxxpredictiveMedium
16Filexxxxx_xxxx.xpredictiveMedium
17Filexxxx_xxxxxxxxx.xxxxxpredictiveHigh
18Filexxx/xxxxx.xxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxx.xxxpredictiveMedium
20Filexxxxx.xxx?xxxx=xxxxxpredictiveHigh
21Filexxxxxx.xxxxxxxxxx.xxpredictiveHigh
22Filexxx/xxxxxxx/xxxxxx.xxpredictiveHigh
23Filexxx/xxxxxx.xxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxxx/xxxxxxx/xxxxxx_xxxxxxxx.xxxpredictiveHigh
26Filexxxx/xxx/xxxx/xxxx/xxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxxxxxxxxx/xxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
27Filexxxx/xxx/xxxx/xxxxxx/xxxxx/xxxxxxxx/xxxxxxxxxx/xxxxxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexxxxx_xxxxxx.xxxpredictiveHigh
30Filexxxxx.xpredictiveLow
31Filexxxxxxx_xxxxx.xxxpredictiveHigh
32Filexxxxxxx/xxxxxxxxxx.xxpredictiveHigh
33Filexxxxxx-xxxxxxxx.xxxpredictiveHigh
34Filexxxxxxxxx/xxxx/xxxxxxxx+xxxxxxxxx.xpredictiveHigh
35Filexxx/xxxx/xxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxx.xxxxpredictiveHigh
36Filexxx/xxxx/xxxx/xxx/xxxxxx/xxxxxx/xxx/xxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
37Filexxx/xxxxxxxxx.xpredictiveHigh
38Filexxxxxx-xxxxxx.xxxpredictiveHigh
39Filexxx/xxx.xxxxx.xxxpredictiveHigh
40Filexxxxxx.xxxpredictiveMedium
41Filexxxx_xxxxxxxx.xxxpredictiveHigh
42Filexxxxxxx.xxxx.xxxpredictiveHigh
43Filexxxxxxxxxxx.xxxpredictiveHigh
44Libraryxxxxx.xxxpredictiveMedium
45ArgumentxxxxxpredictiveLow
46ArgumentxxpredictiveLow
47ArgumentxxxxxxxpredictiveLow
48ArgumentxxxxxxxpredictiveLow
49ArgumentxxxxxpredictiveLow
50ArgumentxxxxxxxxpredictiveMedium
51ArgumentxxpredictiveLow
52Argumentxx_xxxxxpredictiveMedium
53ArgumentxxxxxxxxpredictiveMedium
54Argumentxxxxx/xxxxxxpredictiveMedium
55ArgumentxxxxpredictiveLow
56Argumentxxx_xxxxpredictiveMedium
57ArgumentxxxxpredictiveLow
58Argumentxxxx_xxxxxxxxxxpredictiveHigh
59ArgumentxxxxxpredictiveLow
60ArgumentxxxxxxxxpredictiveMedium
61Argumentxxx_xxxpredictiveLow
62ArgumentxxxxxxpredictiveLow
63Argumentxxxxxx_xxxxxxxxpredictiveHigh
64Argumentxxxxxxx/xxxxxxxpredictiveHigh
65Argumentxxxx/xxxxxx xxxxpredictiveHigh
66Argumentxxxx_xxxpredictiveMedium
67ArgumentxxxpredictiveLow
68ArgumentxxxxxxpredictiveLow
69ArgumentxxxxxxxxpredictiveMedium
70ArgumentxxxxxpredictiveLow
71ArgumentxxxxpredictiveLow
72Network PortxxxxxpredictiveLow

References (7)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!