Stolen Pencil Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (178)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en154
de8
fr6
es4
it4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us122
fr6
gb2
es2
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

Stolen Pencil6
Ave Maria1
AsyncRAT1
Vjw0rm1
RedLine Stealer1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined66
Content Management System14
Groupware Software8
Enterprise Resource Planning Software4
Smartphone Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
Oracle10
Microsoft10
Apache6
SourceCodester6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Google Android4
Microsoft Exchange Server4
Oracle PeopleSoft Enterprise FSCM2
Edgewall Software Trac2
Wuzhicms2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.02CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009431.14CVE-2010-0966
3Revive Adserver lg.php redirect5.85.5$0-$5k$0-$5kNot DefinedOfficial Fix0.009220.05CVE-2021-22873
4DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027331.36CVE-2007-1167
5Wuzhicms group.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.001720.00CVE-2022-27431
6phpPgAds/phpAdsNew lib-sessions.inc.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
7LionWiki index.php file inclusion6.96.6$0-$5k$0-$5kNot DefinedOfficial Fix0.021080.00CVE-2020-27191
8E-theni URL aff_liste_langue.php privileges management7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.040010.00CVE-2003-1256
9PHPSurveyor dumplabel.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.00
10PHP-Nuke Kleinanzeigen module modules.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001000.00CVE-2008-3512
11ZeeBuddy editadgroup.php sql injection8.58.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.002850.00CVE-2017-15976
12DCP-Portal golink.php sql injection7.37.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.02
13baigo CMS opt_base.inc.php code injection8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.013100.00CVE-2019-9227
14SourceCodester Online Boat Reservation System POST Parameter login.php cross site scripting4.44.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.001310.05CVE-2023-1030
15Xoops userinfo.php sql injection5.35.3$0-$5k$0-$5kNot DefinedNot Defined0.003160.00CVE-2002-0216
16VMware ESXi VMX improper authorization7.26.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000440.03CVE-2021-22042
17Apache Log4j Lookup infinite loop6.46.1$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.966250.04CVE-2021-45105
18Fast C++ CSV Parser csv.h trim_chars memory corruption8.58.4$0-$5k$0-$5kNot DefinedOfficial Fix0.006590.00CVE-2018-13421
19October CMS cross-site request forgery6.56.3$0-$5k$0-$5kFunctionalOfficial Fix0.001960.00CVE-2017-16244
20automad FileController.php import server-side request forgery7.16.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.000610.04CVE-2023-7037

IOC - Indicator of Compromise (11)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
11.3.4.1Stolen Pencil12/09/2018verifiedHigh
22.2.6.5Stolen Pencil12/09/2018verifiedHigh
35.196.169.223ip223.ip-5-196-169.euStolen Pencil12/20/2020verifiedHigh
4XX.XXX.XXX.XXXxxxxxxxxxxxxxxxxxxxxx.xxxXxxxxx Xxxxxx12/20/2020verifiedHigh
5XX.XXX.XXX.XXxxxxx Xxxxxx12/20/2020verifiedHigh
6XXX.XXX.XXX.XXxxxxxxxxxxxxxxxxxxxxxx.xxXxxxxx Xxxxxx12/20/2020verifiedHigh
7XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxx Xxxxxx12/20/2020verifiedHigh
8XXX.XXX.XXX.XXXxx-xxx-xxx-xxx-xxx.xx.xxxxxxxxxxxx.xxxXxxxxx Xxxxxx12/20/2020verifiedHigh
9XXX.XX.XX.XXXXxxxxx Xxxxxx12/20/2020verifiedHigh
10XXX.XX.XXX.XXXxx-xxx-xx-xxx-xxx.xxxx.xxxxxxxxx.xxxXxxxxx Xxxxxx12/20/2020verifiedHigh
11XXX.XXX.XXX.XXXXxxxxx Xxxxxx12/20/2020verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-136CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-1CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxpredictiveHigh

IOA - Indicator of Attack (135)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/api/admin/articles/predictiveHigh
2File/admin/photo.phppredictiveHigh
3File/admin/transactions/track_shipment.phppredictiveHigh
4File/api/browserextension/UpdatePassword/predictiveHigh
5File/boat/login.phppredictiveHigh
6File/book-services.phppredictiveHigh
7File/coreframe/app/member/admin/group.phppredictiveHigh
8File/forum/away.phppredictiveHigh
9File/home/coursespredictiveHigh
10File/horde/util/go.phppredictiveHigh
11File/owa/auth/logon.aspxpredictiveHigh
12File/secure/EditSubscription.jspapredictiveHigh
13File/systemrw/predictiveMedium
14File/tmp/supp_logpredictiveHigh
15File?r=recruit/bgchecks/export&checkids=xpredictiveHigh
16Fileaccount.phppredictiveMedium
17FileActivityStarter.javapredictiveHigh
18Fileadmin/content.phppredictiveHigh
19Filexxxxx/xxxxxxxxxxx.xxxpredictiveHigh
20Filexxxxx/xxxxx.xxxpredictiveHigh
21Filexxxxx/xxxx.xxxpredictiveHigh
22Filexxxxx\xxxxxxx\xxxxx.xxx#xxxx_xxxxpredictiveHigh
23Filexxxxxxxx_xxx_xxxxxxx.xxxpredictiveHigh
24Filexxxxxxxx_xxxxxx_xxxxxxx.xxxpredictiveHigh
25Filexxx_xxxxx_xxxxxx.xxxpredictiveHigh
26Filexxx-xxxxx/xxxxxxxx-xxxpredictiveHigh
27Filexx_xxxxxxxxxx.xxxpredictiveHigh
28Filexxxxxxx.xxxpredictiveMedium
29Filexxx/xxx.xxxpredictiveMedium
30Filexxxxxxxx.xxxpredictiveMedium
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxx.xxxpredictiveMedium
33Filexxxxx_xxxxxx.xxxpredictiveHigh
34Filexxxxxxx_xxx.xxxpredictiveHigh
35Filexxx.xpredictiveLow
36Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxx.xxxpredictiveMedium
39Filexxxxxx.xxxpredictiveMedium
40Filexxxxxx.xxxpredictiveMedium
41Filexxxxxxx.xxxpredictiveMedium
42Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
43Filexxxxxxxxx.xxxpredictiveHigh
44Filexxxxxxxxxxxxxx.xxxpredictiveHigh
45Filexxxx.xxxpredictiveMedium
46Filexxxxxx.xxxpredictiveMedium
47Filexxx/xxxxxx.xxxpredictiveHigh
48Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
49Filexxxxx.xxxpredictiveMedium
50Filexxx/xxx_xxx_xx.xxxxpredictiveHigh
51Filexxxxxxxxx/xxxxxxx/xxxxx.xxxpredictiveHigh
52Filexxxxx.xxxpredictiveMedium
53Filexxxxx/xxx/xxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxxpredictiveHigh
54Filexxxxx.xxxpredictiveMedium
55Filexx.xxxpredictiveLow
56Filexxxxxx.xxxpredictiveMedium
57Filexxxx/xxxx_x_xxxxxx/xxxx.xxxpredictiveHigh
58Filexxxxxxx.xxxpredictiveMedium
59Filexxxxxxx/xxxxxxx/xxxxx/xxxxxxx.xxxpredictiveHigh
60Filexxx_xxxx.xxxpredictiveMedium
61Filexxx_xxxx.xxx.xxxpredictiveHigh
62Filexxx-xxx/xxxxxxxxx.xxxpredictiveHigh
63Filexxxxx.xxxpredictiveMedium
64Filexxxxxxx/xxxx.xxxpredictiveHigh
65Filexxxxxxxx.xxxpredictiveMedium
66Filexxxxxxx_xxxxxxx.xxxpredictiveHigh
67Filexxxxxxxxxxxxx.xxxpredictiveHigh
68Filexxxxxxxx.xxxpredictiveMedium
69Filexxxxxxxxxx.xxxpredictiveHigh
70Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
71Filexxx/xxxx/xxxxxxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
72Filexxxx/xxxx.xxxpredictiveHigh
73Filexxxxxxxx.xxxpredictiveMedium
74Filexxxx_xxxx_xxxxxxx.xxxpredictiveHigh
75Filexxxx/xxx/xxxx-xxxxx.xxxpredictiveHigh
76Filexxx.xxxpredictiveLow
77Filexxxxxxxxxxx-xxxxxx/xxx/xxxxxxxxxx/xxxx.xxxpredictiveHigh
78Filexxxxxxxx/xxxxxxx.xxxxpredictiveHigh
79Filexx-xxxxx/xxxxx.xxxpredictiveHigh
80Filexxxxxxx.xxxxpredictiveMedium
81Libraryxxxxx.xxxpredictiveMedium
82Libraryxxx-xxxxxxxx.xxx.xxxpredictiveHigh
83Argument/xxx/xxxxxxxxxxx/xxxxxx/xx_xxxxxxxxxx.xxx?xxx=<xxxxx-xxx>/xxxxxxxx=x/xxxxxxxpredictiveHigh
84Argumentxxxxxx:/xxxxxxxx:/xxxxxxxxxxxxxx:predictiveHigh
85ArgumentxxxxxxxxpredictiveMedium
86ArgumentxxxxxxxxxpredictiveMedium
87Argumentxx_xxxxxpredictiveMedium
88Argumentxx_xxxx_xxxxpredictiveMedium
89Argumentxxxxx_xxxpredictiveMedium
90ArgumentxxxxxxxxpredictiveMedium
91ArgumentxxxxxxxpredictiveLow
92ArgumentxxxxpredictiveLow
93ArgumentxxxxxxxxxxxxpredictiveMedium
94Argumentxxxx/xxxxxx/xxxpredictiveHigh
95ArgumentxxxxxxxpredictiveLow
96Argumentxxxxxxx xxxxpredictiveMedium
97ArgumentxxxxxxxxpredictiveMedium
98Argumentxxxxx_xxpredictiveMedium
99ArgumentxxpredictiveLow
100ArgumentxxxxpredictiveLow
101Argumentxx_xxpredictiveLow
102ArgumentxxpredictiveLow
103ArgumentxxxxxxxpredictiveLow
104ArgumentxxxxxxxpredictiveLow
105ArgumentxxpredictiveLow
106ArgumentxxpredictiveLow
107ArgumentxxxxxxxxxpredictiveMedium
108Argumentxxxx_xxxxpredictiveMedium
109ArgumentxxxxxxpredictiveLow
110Argumentxxx_xxxx_x/xxx_xxxx_xpredictiveHigh
111ArgumentxxxpredictiveLow
112Argumentxx_xxxxpredictiveLow
113ArgumentxxxxxxxpredictiveLow
114Argumentxxx_xxpredictiveLow
115Argumentxxxxx[x][xxx]predictiveHigh
116ArgumentxxxpredictiveLow
117ArgumentxxxxxxpredictiveLow
118ArgumentxxxxxxxxxxpredictiveMedium
119ArgumentxxxxxxxxxpredictiveMedium
120ArgumentxxxpredictiveLow
121Argumentxxx_xxxxpredictiveMedium
122Argumentxxx_xxxxxxxpredictiveMedium
123ArgumentxxxxxxxxxpredictiveMedium
124ArgumentxxxpredictiveLow
125ArgumentxxxxxpredictiveLow
126Argumentxxxx_xxpredictiveLow
127Argumentxxxxxx_xxpredictiveMedium
128ArgumentxxxxxpredictiveLow
129ArgumentxxxxxpredictiveLow
130ArgumentxxxpredictiveLow
131ArgumentxxpredictiveLow
132ArgumentxxxpredictiveLow
133ArgumentxxxxxxxxpredictiveMedium
134Argument_xxxxxxxpredictiveMedium
135Input Value%xxpredictiveLow

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!