StrelaStealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (64)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	50
ru	10
ja	2
de	2

Country

ru	24
us	18
pt	4
tr	2
ca	2

Actors

Stealc	2
RedLine Stealer	2
StrelaStealer	2
Rhadamanthys	2
Quasar RAT	1

Activities

Interest

Timeline

Type

Not Defined	20
Web Server	8
Router Operating System	6
Connectivity Software	4
Groupware Software	4

Vendor

Not Defined	24
Microsoft	6
Hassan Consulting	2
Google	2
V3chat	2

Product

nginx	6
OpenSSH	4
marscode	2
Hassan Consulting Shopping Cart	2
Google Android	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Node.js request smuggling	8.2	7.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00260	0.00	CVE-2020-8201
2	Email Subscribers / Newsletters File Download information disclosure	5.8	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.21953	0.06	CVE-2019-19985
3	Google Android Privilege Escalation	7.6	7.5	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.00061	0.01	CVE-2021-0877
4	Google Android use after free	5.4	5.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00042	0.00	CVE-2023-21042
5	Microsoft Windows Online Certificate Status Protocol SnapIn Remote Code Execution	8.1	7.4	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00120	0.02	CVE-2023-35313
6	GitHub Enterprise Server API information disclosure	3.9	3.8	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00111	0.00	CVE-2022-46257
7	Pallets Werkzeug Debugger tbtools.py render_full cross site scripting	5.2	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00183	0.04	CVE-2016-10516
8	Zyxel ATP/USG FLEX/VPN CGI Program unknown vulnerability	5.4	5.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00077	0.00	CVE-2023-22918
9	Apache OpenOffice Calc command injection	7.3	6.4	$5k-$25k	$0-$5k	Unproven	Official Fix	0.00602	0.02	CVE-2014-3524
10	V3chat V3 Chat Profiles Dating Script improper authentication	7.3	7.3	$0-$5k	$0-$5k	High	Unavailable	0.01685	0.00	CVE-2008-5784
11	SourceCodester Online Discussion Forum Site view_post.php sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00067	0.18	CVE-2023-3152
12	USAA Mobile Banking Screen Cache information disclosure	3.3	3.0	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00116	0.00	CVE-2015-1314
13	Zoho ManageEngine ServiceDesk Plus MSP improper authentication	7.3	7.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00343	0.00	CVE-2021-44675
14	Microsoft Exchange Outlook Web Access access control	5.3	4.6	$25k-$100k	$0-$5k	Unproven	Official Fix	0.01212	0.00	CVE-2014-6319
15	October CMS password recovery	5.3	5.1	$0-$5k	$0-$5k	High	Official Fix	0.01981	0.00	CVE-2021-32648
16	pyload code injection	9.0	8.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.50964	0.00	CVE-2023-0297
17	cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar path traversal	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00079	0.18	CVE-2022-4065
18	Verizon Fios Actiontec Mi424wr-gen31 Router Administration index.cgi cross-site request forgery	6.3	6.0	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00348	0.01	CVE-2013-0126
19	Yandex Browser temp file	8.8	8.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00042	0.04	CVE-2022-28226
20	SheerDNS Directory_lookup path traversal	5.3	4.8	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00000	0.02

Campaigns (1)

These are the campaigns that can be associated with the actor:

Spain

IOC - Indicator of Compromise (4)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Actor	Campaigns	Identified	Type	Confidence
1	45.9.74.12	StrelaStealer		04/03/2024	verified	High
2	XX.XXX.XX.XXX	Xxxxxxxxxxxxx	Xxxxx	06/24/2023	verified	High
3	XXX.XXX.XX.XX	Xxxxxxxxxxxxx		08/25/2023	verified	High
4	XXX.XXX.XX.XXX	Xxxxxxxxxxxxx		04/02/2024	verified	High

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1055	CAPEC-10	CWE-74	Improper Neutralization of Data within XPath Expressions	predictive	High
3	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
4	TXXXX.XXX	CAPEC-209	CWE-XX, CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
5	TXXXX	CAPEC-122	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
6	TXXXX	CAPEC-136	CWE-XX, CWE-XX	Xxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxx	predictive	High
7	TXXXX.XXX	CAPEC-178	CWE-XXX	Xxxx Xxxxxxxx	predictive	High
8	TXXXX	CAPEC-	CWE-XXX	Xxxxxxxxxx Xxxxxx	predictive	High
9	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
10	TXXXX	CAPEC-50	CWE-XXX, CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
11	TXXXX	CAPEC-464	CWE-XXX	Xxxxxxxx Xx Xxxxxxx Xxxxxxxx Xxxxxxxxxxx Xx Xx Xxxxxxxxxxxx Xxxxx	predictive	High
12	TXXXX	CAPEC-116	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High
13	TXXXX.XXX	CAPEC-1	CWE-XXX	Xxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx Xxxxxxxxx	predictive	High

IOA - Indicator of Attack (36)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/uncpath/	predictive	Medium
2	File	admin\posts\view_post.php	predictive	High
3	File	ajax/include.php	predictive	High
4	File	app/admin/custom-fields/filter-result.php	predictive	High
5	File	boafrm/formSysCmd	predictive	High
6	File	xxxx	predictive	Low
7	File	xxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxx/xxxx.xxx/	predictive	High
8	File	xxxxx/xxxxxxx.xx	predictive	High
9	File	xxxxx.xxx	predictive	Medium
10	File	xxxxx_xxxxxx.xxx	predictive	High
11	File	xxxxx.xxx	predictive	Medium
12	File	xxxxx.xx	predictive	Medium
13	File	xxxxx.xxx	predictive	Medium
14	File	xxx_xxxx_xxx_xxxxxxxxxx.x	predictive	High
15	File	xxxxxxxxxxxxx.xxx	predictive	High
16	File	xxxx-xxxxxx.x	predictive	High
17	File	xxxx.xxx	predictive	Medium
18	File	xxxx.xx	predictive	Low
19	File	xxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxx	predictive	High
20	File	xxxxxx_xxx/xxxx	predictive	High
21	File	xxxx/xxxxxxxxxxxx.xxx	predictive	High
22	Library	/xxxxx/xxxxxxxx/xxxxxxx.xxx	predictive	High
23	Library	xxxxxx.xxx	predictive	Medium
24	Argument	xxxx	predictive	Low
25	Argument	xxxxx[xxxxx][xx]	predictive	High
26	Argument	xxxx	predictive	Low
27	Argument	xxxxxxxx	predictive	Medium
28	Argument	xxxxxxxx	predictive	Medium
29	Argument	xxxxxxx	predictive	Low
30	Argument	xxx	predictive	Low
31	Argument	xxxxxxxx	predictive	Medium
32	Argument	xxxxxx	predictive	Low
33	Argument	xxxxxx	predictive	Low
34	Argument	xxxxx	predictive	Low
35	Argument	xxx	predictive	Low
36	Input Value	\x	predictive	Low

References (5)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!