Stealth Falcon Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (50)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en42
de6
zh2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us24
cn10
se4
tr4
ru4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Stealth Falcon3
TraderTraitor1
Storm-05581
APT281
Carbanak1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined14
Operating System6
Content Management System4
Mail Server Software2
WordPress Plugin2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
Microsoft6
Linux4
Apache2
Wowza2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Linux Kernel4
Apache Mod Fcgid2
Procmail2
Wowza Streaming Engine2
Thales SafeNet Authentication Service2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Archive_Tar Tar.php pathname traversal6.56.5$0-$5k$0-$5kHighNot Defined0.923680.00CVE-2020-36193
2Umbraco CMS File Upload unrestricted upload6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.000770.09CVE-2020-9472
3ILIAS password recovery8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.001480.00CVE-2023-36487
4JCK Editor links.php sql injection8.58.3$0-$5k$0-$5kHighNot Defined0.816230.03CVE-2018-17254
5ILIAS Email Verification integrity check8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.003140.00CVE-2022-31266
6Microsoft Word wwlib Remote Code Execution8.07.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.453520.00CVE-2023-21716
7Joomla CMS LDAP Authentication Password ldap injection7.57.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.010390.04CVE-2017-14596
8Microsoft Exchange Server Privilege Escalation8.87.7$25k-$100k$5k-$25kUnprovenOfficial Fix0.011920.02CVE-2023-21529
9Thales SafeNet Authentication Service prng seed8.38.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.04CVE-2021-42810
10DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.73CVE-2010-0966
11ZeroShell kerbynet os command injection8.08.0$0-$5k$0-$5kNot DefinedNot Defined0.956230.00CVE-2020-29390
12Backdoor.Win32.Hupigon.acio unquoted search path6.35.7$0-$5kCalculatingProof-of-ConceptNot Defined0.000000.00
13Yoast SEO Plugin Term Description input validation9.08.9$0-$5k$0-$5kNot DefinedOfficial Fix0.002440.02CVE-2019-13478
14phpMyAdmin Navigation Tree cross site scripting5.25.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.197610.02CVE-2018-19970
15Palo Alto PAN-OS SAML Authentication signature verification10.09.8$25k-$100k$5k-$25kHighOfficial Fix0.004510.05CVE-2020-2021
16Wowza Streaming Engine MBeans Server access control8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.015330.03CVE-2018-7047
17PHPOffice PhpSpreadsheet XML Data std_table.php xml external entity reference7.56.6$0-$5k$0-$5kNot DefinedOfficial Fix0.002340.02CVE-2019-12331
18OpenSSL Bleichenbacher missing encryption4.74.6$5k-$25k$0-$5kNot DefinedOfficial Fix0.015080.02CVE-2019-1563
19Apache Mod Fcgid mod_fcgid fcgid_bucket.c fcgid_header_bucket_read memory corruption5.35.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.006390.04CVE-2013-4365
20Oracle HTTP Server Web Listener use after free7.57.4$5k-$25k$0-$5kHighOfficial Fix0.972400.05CVE-2017-9798

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
145.14.227.55static.pwxs.netStealth Falcon03/05/2024verifiedHigh
2XX.XXX.XX.XXXxxxxxx Xxxxxx12/20/2020verifiedHigh
3XXX.XXX.XX.XXXXxxxxxx Xxxxxx03/05/2024verifiedHigh
4XXX.XX.XX.XXxxxxx-xxxxx.xxxxxxx.xxxxXxxxxxx Xxxxxx03/05/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-21Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-108CWE-XX, CWE-XXXxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-157CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (19)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.procmailrcpredictiveMedium
2File/cgi-bin/kerbynetpredictiveHigh
3File/uncpath/predictiveMedium
4Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
5Filexxx.xxx?xxx=xxxxx_xxxxpredictiveHigh
6Filexxxxx_xxxxxx.xpredictiveHigh
7Filexxx/xxxxxx.xxxpredictiveHigh
8Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
9Filexxxxxx-xxxxxx/xxxxx/xxxxxxxxx/xxxxxxx/xxx_xxxxx.xxxpredictiveHigh
10Filexxx.xxxpredictiveLow
11ArgumentxxxxxxxxpredictiveMedium
12ArgumentxxxxxxxxxpredictiveMedium
13ArgumentxxxxxxpredictiveLow
14Argumentxxxxxx_xxpredictiveMedium
15ArgumentxxxpredictiveLow
16ArgumentxxxxxxxxxxxxxxxxxxpredictiveHigh
17Input Value?<!xxxxxx?predictiveMedium
18Pattern|xx|xx|xx|predictiveMedium
19Network Portxxx/xx (xxxxxx)predictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!