AgentTesla Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en666
de80
sv72
pl38
zh28

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us972
ru8
cn4
nl4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AgentTesla4
Mirai3
Cobalt Strike2
RedLine Stealer2
Conti1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined86
Content Management System22
Programming Language Software4
Social Network Software4
Groupware Software4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined50
SourceCodester12
Pligg6
DZCP6
Esoftpro6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Pligg CMS6
Esoftpro Online Guestbook Pro6
Edgewall Software Trac4
TikiWiki4
Advanced Guestbook4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.010758.36CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.009362.03CVE-2020-15906
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.81CVE-2010-0966
4Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.85
5SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001321.18CVE-2022-28959
6Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.28
7WP-ViperGB Plugin remove_query_arg cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.04CVE-2015-9356
8MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.69CVE-2007-0354
9DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.37CVE-2007-1167
10Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.966680.04CVE-2023-4966
11Qt-cute QuickTalk guestbook qtg_msg_view.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003060.00CVE-2007-3538
12Advisto Peel SHOPPING caddie_ajout.php cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001180.04CVE-2018-20848
13V-EVA Press Release Script page.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001870.04CVE-2010-5047
14Avatic Aardvark Topsites PHP lostpw.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.038420.07CVE-2006-2149
15ReVou Micro Blogging Twitter clone Logging sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.02CVE-2008-7083
16Arthmoor QSF-Portal index.php path traversal5.45.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.08CVE-2019-25099
17TikiWiki tiki-index.php path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.32CVE-2007-5684
18eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000000.11
19Remote Clinic register.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2021-30044
20Advanced Guestbook htaccess path traversal5.65.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.041620.08CVE-2007-0609

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.4.1.4AgentTesla04/20/2020verifiedHigh
223.94.239.8923-94-239-89-host.colocrossing.comAgentTesla04/03/2024verifiedHigh
345.67.228.51vm1700022.stark-industries.solutionsAgentTesla10/23/2023verifiedHigh
482.115.209.180AgentTesla04/03/2024verifiedHigh
589.47.1.10AgentTesla10/23/2023verifiedHigh
6XX.XXX.XX.XXXXxxxxxxxxx01/19/2024verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxxxxx01/19/2024verifiedHigh
8XXX.XX.XX.XXXxxxxxxxxx10/23/2023verifiedHigh
9XXX.XX.XX.XXXxxxxxxxxx10/23/2023verifiedHigh
10XXX.XXX.XX.XXxxx-xxx-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx04/03/2024verifiedHigh
11XXX.XXX.X.XXXXxxxxxxxxx10/23/2023verifiedHigh
12XXX.XXX.XXX.XXXXxxxxxxxxx10/23/2023verifiedHigh
13XXX.XXX.XX.XXXXxxxxxxxxx10/23/2023verifiedHigh
14XXX.XXX.XXX.XXXxxxxxxxxxx-x.xxx-xxxxxxx.xxxXxxxxxxxxx10/23/2023verifiedHigh
15XXX.XX.XX.XXXxxxxxxxxx10/23/2023verifiedHigh
16XXX.XX.XXX.XXXxxxxxxxxx10/23/2023verifiedHigh
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxxxxxxxxx10/23/2023verifiedHigh
18XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx04/03/2024verifiedHigh
19XXX.XXX.XXX.Xxxx-xxx-xxx-x-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx04/03/2024verifiedHigh
20XXX.XXX.X.XXXXxxxxxxxxx10/23/2023verifiedHigh
21XXX.XXX.XXX.XXxxxxxxxxx10/23/2023verifiedHigh
22XXX.XXX.XXX.XXXxxxxxxxxx04/03/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (124)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/admin/save_teacher.phppredictiveHigh
3File/backend/register.phppredictiveHigh
4File/cgi-bin/login.cgipredictiveHigh
5File/cgi-bin/nas_sharing.cgipredictiveHigh
6File/cgi-bin/vitogate.cgipredictiveHigh
7File/control/register_case.phppredictiveHigh
8File/netflow/servlet/CReportPDFServletpredictiveHigh
9File/oauth/idp/.well-known/openid-configurationpredictiveHigh
10File/Setting/change_password_savepredictiveHigh
11File/show_news.phppredictiveHigh
12File/spip.phppredictiveMedium
13Fileadclick.phppredictiveMedium
14Fileaddentry.phppredictiveMedium
15Fileadmin.php3predictiveMedium
16Fileadmin/conf_users_edit.phppredictiveHigh
17Fileapp/controllers/oauth.jspredictiveHigh
18Filexxxx.xpredictiveLow
19Filexxx.xxxpredictiveLow
20Filexxx-xxxxxxx.xxxxpredictiveHigh
21Filexxxxxxx/xxxxxx.xxxpredictiveHigh
22Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
23Filexxxxx.xxxpredictiveMedium
24Filexxxxx-xxxxxxx.xxxpredictiveHigh
25Filexxxxxx.xxxpredictiveMedium
26Filexxxxxxx.xxxpredictiveMedium
27Filexxxxxxxxx.xxxpredictiveHigh
28Filexxxxx.xxxpredictiveMedium
29Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
30Filexxxxxxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxxxxx.xxxpredictiveHigh
33Filexx/xxx/xxxx_xxxxx.xpredictiveHigh
34Filexxx/xxxxxx.xxxpredictiveHigh
35Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
36Filexxxxx.xxxpredictiveMedium
37Filexxxxxxxxx/xxxxxx_xxxx_xxxxx/xxxx_xxxxx.xxxpredictiveHigh
38Filexxxxx/xxxxx.xxxpredictiveHigh
39Filexxxxx.xxxxpredictiveMedium
40Filexxxxx.xxxpredictiveMedium
41Filexxxxxxxx.xxxpredictiveMedium
42Filexxxxx/xxxxxxxx.xxxpredictiveHigh
43Filexxxxxx.xxxpredictiveMedium
44Filexxx/xxxxxxxxx/xxxxx/xx_xxx_xxxx_xxxxxxxxxx.xpredictiveHigh
45Filexxx_xxxx.xxxpredictiveMedium
46Filexxxxxxx_xxx.xxxpredictiveHigh
47Filexxxx.xxxpredictiveMedium
48Filexxx-xxxxxxxx.xxxpredictiveHigh
49Filexxx_xxx_xxxx.xxxpredictiveHigh
50Filexxxxxxxx.xxxpredictiveMedium
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
53Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
54Filexxxxxxx/xxxxxx.xxxpredictiveHigh
55Filexxxxx/xxxxxxxx.xxxpredictiveHigh
56Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
57Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
58Filexxxxxxxx.xxxxx.xxxpredictiveHigh
59Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
60Filexxxx-xxxxx.xxxpredictiveHigh
61Filexxxx-xxxxxxxx.xxxpredictiveHigh
62Filexxxx-xxxxx.xxxpredictiveHigh
63Filexxxx-xxxxxxxx.xxxpredictiveHigh
64Filexxxxxxxxxx.xxxpredictiveHigh
65Filexxxxx/xxxxxxxxxx/xxxxxxxxxx_xxxxx_xxxxxxxxxxpredictiveHigh
66Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
67Filexxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
68Filexxxx/xxxxxxxx.xxxpredictiveHigh
69Filexxxx_xxxxxx.xxxpredictiveHigh
70Filexxxxxxx/xxxxpredictiveMedium
71Filexx-xxxxx.xxxpredictiveMedium
72Filexx-xxxxxxxxx.xxxpredictiveHigh
73Argumentxxxxxxxx_xxxxpredictiveHigh
74Argumentxxx/xxxpredictiveLow
75Argumentxxxxxxx_xxpredictiveMedium
76ArgumentxxxxxxxxpredictiveMedium
77ArgumentxxxxxxxpredictiveLow
78ArgumentxxxxxxxxxxpredictiveMedium
79Argumentxxxxxx[xxxx]predictiveMedium
80ArgumentxxxxxxpredictiveLow
81Argumentxxxxxxxxx[x]predictiveMedium
82ArgumentxxxxxxxpredictiveLow
83ArgumentxxxxpredictiveLow
84ArgumentxxxxxpredictiveLow
85Argumentxxxxxxx[]predictiveMedium
86ArgumentxxxxxpredictiveLow
87Argumentxxxxx_xxxpredictiveMedium
88Argumentxxxxx_xx/xxxx_xxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxpredictiveHigh
89ArgumentxxxxpredictiveLow
90Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
91ArgumentxxxxxpredictiveLow
92ArgumentxxxxxxpredictiveLow
93Argumentxx_xxpredictiveLow
94ArgumentxxxxpredictiveLow
95ArgumentxxpredictiveLow
96Argumentxxx_xxxxxxxxpredictiveMedium
97ArgumentxxxxpredictiveLow
98ArgumentxxxxxxxxpredictiveMedium
99Argumentxxxxxxxx_xxxpredictiveMedium
100ArgumentxxxxpredictiveLow
101ArgumentxxxxxxxxpredictiveMedium
102ArgumentxxxxpredictiveLow
103Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
104ArgumentxxxxpredictiveLow
105ArgumentxxxxxxxxxxxxxpredictiveHigh
106ArgumentxxxxxxxxxxxxxxpredictiveHigh
107ArgumentxxxxxxxxxxxpredictiveMedium
108ArgumentxxxxxxpredictiveLow
109Argumentxxxxxx_xxxxxxpredictiveHigh
110ArgumentxxxxxxpredictiveLow
111Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
112ArgumentxxxxxxpredictiveLow
113ArgumentxxxpredictiveLow
114ArgumentxxxxxxxxxxxpredictiveMedium
115Argumentxx_xxpredictiveLow
116ArgumentxxxxxpredictiveLow
117Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictiveHigh
118ArgumentxxxxpredictiveLow
119ArgumentxxxxxpredictiveLow
120Argument_xx_xxxx[xxxx_xxxx]predictiveHigh
121Input Value/%xxpredictiveLow
122Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh
123Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveHigh
124Input Valuex:\xxxx.xxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!