SocStealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (16)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en10
zh4
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

cn12
us4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

SocStealer3
Ponystealer1
DCRat1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined8
WordPress Plugin2
Mail Client Software2
Continuous Integration Software2
Operating System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined10
UMN2
Tenda2
Microsoft2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SCMS2
NotificationX Plugin2
Mutt2
NeoMutt2
UMN MapServer2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1NotificationX Plugin SQL Statement sql injection5.65.4$0-$5k$0-$5kNot DefinedOfficial Fix0.024140.04CVE-2022-0349
2TestLink attachmentdownload.php access control6.36.2$0-$5k$0-$5kNot DefinedNot Defined0.000860.04CVE-2022-35195
3UMN MapServer sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.003760.00CVE-2011-2703
4SCMS access control7.47.4$0-$5k$0-$5kNot DefinedNot Defined0.001020.00CVE-2018-19654
5Oracle WebLogic Server Centralized Thirdparty Jars information disclosure3.33.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000600.00CVE-2020-8908
6Tenda AC23 httpd formGetSysToolDDNS out-of-bounds write8.38.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.001310.00CVE-2023-0782
7Oracle Web Applications Desktop Integrator Upload Remote Code Execution9.89.6$25k-$100k$5k-$25kHighOfficial Fix0.973640.04CVE-2022-21587
8OpenSSH FIDO Authentication improper authentication5.65.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.002010.04CVE-2021-36368
9Dropbear Non-RFC-compliant Check improper authentication6.96.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000940.08CVE-2021-36369
10Microsoft Windows EducatedScholar code injection10.09.5$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.742610.04CVE-2009-2532
11Jenkins Agent-to-Controller authorization5.55.5$0-$5k$0-$5kNot DefinedNot Defined0.001920.04CVE-2021-21685
12Mutt/NeoMutt IMAP Server Response cleartext transmission5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.003120.00CVE-2020-28896
13Devilz Clanportal File Upload unknown vulnerability5.34.4$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.053620.04CVE-2006-6338
14HoMaP index.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001000.00CVE-2008-2989
15DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.45CVE-2007-1167
16Drupal Transliterate input validation6.56.2$0-$5k$0-$5kNot DefinedOfficial Fix0.001460.00CVE-2016-9452

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.76.142.14445.76.142.144.vultrusercontent.comSocStealer04/08/2022verifiedHigh
2XX.XX.XXX.XXXxx.xx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx04/08/2022verifiedHigh
3XX.XX.XXX.XXxxxxxx-xx-xx-xxx-xx.xxxxx.x.xxxxxxxxxx.xxxXxxxxxxxxx04/08/2022verifiedHigh
4XXX.XXX.XXX.XXXxxx.xxx.xxx.xxx.xxxxxxxxxxxxxxxx.xxxXxxxxxxxxx04/08/2022verifiedHigh
5XXX.XXX.XX.XXxxxx-xxxx-xxxx-xxx-xx-xxxx.xxxxxxxx.xxxXxxxxxxxxx04/08/2022verifiedHigh

TTP - Tactics, Techniques, Procedures (5)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1040CAPEC-102CWE-319Authentication Bypass by Capture-replaypredictiveHigh
2TXXXXCAPEC-242CWE-XXXxxxxxxx XxxxxxxxxpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (7)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/bin/httpdpredictiveMedium
2Fileinc/filebrowser/browser.phppredictiveHigh
3Filexxxxx.xxxpredictiveMedium
4Library/xxx/xxxxxxxxxxx/xxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
5ArgumentxxxxpredictiveLow
6ArgumentxxpredictiveLow
7Argumentxx_xxpredictiveLow

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!