StealthWorker Go Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (298)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en284
jp8
es4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us238
jp8
es4
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

StealthWorker Go3
Cobalt Strike2
Wizard Spider1
Amadey1
BianLian1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined80
Operating System20
Content Management System14
Web Browser10
Programming Language Software8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined50
Microsoft44
Oracle12
Adobe6
Cisco6

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows20
ESET NOD32 Antivirus6
ESET Smart Security Premium4
ESET Internet Security4
ESET Cyber Security Pro4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1LavaLite team cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000580.03CVE-2020-36395
2Oracle MySQL Server Logging denial of service4.03.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000470.00CVE-2017-3317
3Oracle Retail Order Broker Order Broker Foundation xml external entity reference6.56.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.059480.06CVE-2015-0250
4Oracle Enterprise Manager deserialization9.89.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003740.02CVE-2016-5019
5Oracle Enterprise Manager Application Testing Suite deserialization9.89.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.003740.00CVE-2016-5019
6Moodle Assignment Submission Page cross site scripting5.24.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.000760.00CVE-2017-2578
7Viprinet Multichannel VPN Router 300 cross site scripting5.24.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.004700.02CVE-2014-2045
8Oracle Communications Network Intelligence deserialization9.19.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.018860.00CVE-2015-7501
9Image Sharing Script followBoard.php Error sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
10Oracle Applications Manager OAM Client information disclosure4.94.8$5k-$25k$0-$5kNot DefinedOfficial Fix0.000820.00CVE-2017-3277
11Totemo Email Encryption Gateway JSONP Callback Key information disclosure6.45.7$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.002110.03CVE-2018-6562
12ISC BIND named name.c assertion6.96.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.953220.05CVE-2018-5740
13Portable UPnP SDK SSDP Message service_table.c FindServiceEventURLPath null pointer dereference6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.032620.00CVE-2020-13848
14Easy Testimonials Plugin post.php cross site scripting4.84.6$0-$5k$0-$5kNot DefinedOfficial Fix0.000720.00CVE-2020-14959
15Xiao5uCompany Protection Mechanism Feedback.asp cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000830.04CVE-2018-14527
16OnePlug CMS details.asp cross site scripting3.53.3$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
17Veeam Backup & Replication Service Port 9401 Veeam.Backup.Service.exe missing authentication5.95.8$0-$5k$0-$5kHighOfficial Fix0.027030.00CVE-2023-27532
18PHP Scripts Mall PHP Multivendor Ecommerce my_wishlist.php cross site scripting5.24.8$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2017-17958
19Image Sharing Script categorypage.php Reflected cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
20Business Networking Script home.php cross site scripting3.53.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.02

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
162.122.184.95StealthWorker Go03/06/2024verifiedHigh
2XXX.XXX.XX.XXXXxxxxxxxxxxxx Xx08/13/2021verifiedHigh
3XXX.XX.XX.XXXXxxxxxxxxxxxx Xx08/21/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CAPEC-122CWE-264, CWE-266, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-102CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-38CWE-XXX, CWE-XXXXxxxxxxxx Xxxxxx XxxxpredictiveHigh
12TXXXX.XXXCAPEC-CWE-XXXXxxxxxxx Xxxxxx XxxxpredictiveHigh
13TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-20CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-112CWE-XXX, CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (99)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/user/teampredictiveHigh
2File/ajax-files/followBoard.phppredictiveHigh
3File/ajax-files/postComment.phppredictiveHigh
4File/categorypage.phppredictiveHigh
5File/home.phppredictiveMedium
6File/products/details.asppredictiveHigh
7File/searchpin.phppredictiveHigh
8File/soap/server_sapredictiveHigh
9File/TemplateManager/indexExternalLocation.jsppredictiveHigh
10File/web/entry/en/address/adrsSetUserWizard.cgipredictiveHigh
11Fileadmin/traveller_details.phppredictiveHigh
12Filexxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxxxxx.xxx?xxx=xxxx&xx=xxxpredictiveHigh
14Filexxxxxx/xxxxxxxx_xxxxxxx_xxxxxxxx_xxxxxx_xxxxxxxxxxpredictiveHigh
15Filexxxxxx/xxx/xxx.xxxpredictiveHigh
16Filexxxx.xpredictiveLow
17Filexxxx/xxxxx.xxxpredictiveHigh
18Filexxxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxx/xxxxxxxxxxx.xxxpredictiveHigh
19Filexxxxxxxx.xxxpredictiveMedium
20Filexxxxxxx/xxxxxx.xxxpredictiveHigh
21Filexxxxxx_x_x.xxxpredictiveHigh
22Filexxxxxxx/xxxxxxxx.xxxpredictiveHigh
23Filexxxxx/xxxxxxxxxx.xxx?xxxxxx=xxxxxxpredictiveHigh
24Filexxx/xxxx/xxxx.xpredictiveHigh
25Filexxx/xxxx/xxxx.xpredictiveHigh
26Filexxx/xxx_xxxxx.xxxpredictiveHigh
27Filexxxxxxxx.xxxpredictiveMedium
28Filexxxxxxxx/xxxxxxx.xxxpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxx/xxxx/xxxxx.xx.xxxx.xxxpredictiveHigh
31Filexxxxx.xxx?x=xxxx&x=xxx&x=xxxxxxxxpredictiveHigh
32Filexxxxx.xxx?x=xxxxxxxx&x=xxxxx&x=xxxxxxxpredictiveHigh
33Filexxxxxxx.xxxpredictiveMedium
34Filexxxxxxxxx/xx_xxxxxxxxxxxxxx_xxxxx/xxxx_xxxx_xxxxx.xxxpredictiveHigh
35Filexxxxxxxxxx/xxxxxx.xpredictiveHigh
36Filexxxxxx.xxxpredictiveMedium
37Filexxxx_xxxxxxxx_xxxxxxx.xxxpredictiveHigh
38Filexxxxxxx/xxxxxxx/xxxxxxx_xxx_xxxxxx.xxxpredictiveHigh
39Filexxxxxxx/xxxxxxxxxx/xxxx_xxxxxxxx.xxxxxxxxx.xxxpredictiveHigh
40Filexxxxxxxxx/xxxx_xxxxxxx.xxxpredictiveHigh
41Filexx_xxxxxxxx.xxxpredictiveHigh
42Filexxxx.xpredictiveLow
43Filexxxx.xxxpredictiveMedium
44Filexxx/xxxxxxxxxx.xxxpredictiveHigh
45Filexxxxxxxxxxxxxxxx.xxxpredictiveHigh
46Filexxx_xxxxxxxx.xpredictiveHigh
47Filexxxx-xxxxxx.xxxpredictiveHigh
48Filexxxxx.xxxxxx.xxxxxxx.xxxpredictiveHigh
49Filexxxx-xxxxxxx.xxxpredictiveHigh
50Filexxxxxx.xxxpredictiveMedium
51Filexx-xxxxx/xxxxx-xxxx.xxxpredictiveHigh
52Filexx-xxxxx/xxxx.xxxpredictiveHigh
53Filexx-xxxxxxxxxxxx.xxxpredictiveHigh
54Libraryxxxxx.xxxpredictiveMedium
55Libraryxxxxxx/xxxxxxx_xxxxx/xxxxxxx_xxxxx.xpredictiveHigh
56Libraryxxxxx.xxxpredictiveMedium
57Libraryxxxxx.xxxpredictiveMedium
58ArgumentxxxxxxxpredictiveLow
59Argumentxxx_xxx/xxxxxxx_xxxx_xxx/xxxxxxxx_xx/xxx_xxx/xxxxxxxxpredictiveHigh
60ArgumentxxxxxpredictiveLow
61Argumentxxxxxx xxxx/xxxxxxxx/xxx xxxxxxx/xxxxx/xxxxxxxx xxxxxxxx/xxxxxxx xxxxxxxx/xxxx xxxxxxxx/xxxxxxpredictiveHigh
62ArgumentxxxxxxxpredictiveLow
63Argumentxxxxxxx_xxxxxxxxx_xxxpredictiveHigh
64ArgumentxxxxxxxxxxxpredictiveMedium
65ArgumentxxxpredictiveLow
66ArgumentxxxxxxxxpredictiveMedium
67Argumentxxxxx xxxx/xxxxxx xxxx/xxxx xxxpredictiveHigh
68Argumentxxxxx_xxxxpredictiveMedium
69Argumentxxxx[xxxxxxx]predictiveHigh
70Argumentxxxx[xxxxxxxx]predictiveHigh
71ArgumentxxxpredictiveLow
72ArgumentxxpredictiveLow
73ArgumentxxxxpredictiveLow
74ArgumentxxpredictiveLow
75ArgumentxxxxxxxpredictiveLow
76ArgumentxxxxpredictiveLow
77Argumentxxx(xxxxxxxx_xxxx)predictiveHigh
78Argumentxxx_xxpredictiveLow
79ArgumentxxxxpredictiveLow
80Argumentxxxx_xxxxxx/xxxxxxxx_xxxxxx/xxxxxxxxxx_xxxxxxpredictiveHigh
81Argumentxxxxxxx_xxpredictiveMedium
82Argumentxxxxxxx xxxx/xxxxxpredictiveHigh
83ArgumentxxxxxxxxxxpredictiveMedium
84Argumentxxxxxx_xxxxpredictiveMedium
85Argumentxxxx xxxxpredictiveMedium
86Argumentxxxxxxxx/xxxxxxxxxxxxxpredictiveHigh
87ArgumentxxxxxxxxxpredictiveMedium
88ArgumentxxxxpredictiveLow
89ArgumentxxxxxpredictiveLow
90ArgumentxxxxxxxxpredictiveMedium
91Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
92Argumentxxxx_xxxx/xxxpredictiveHigh
93Argumentxx_xxxxxxxxxxxx_xxxxpredictiveHigh
94Argumentx-xxxxxxxxx-xxxpredictiveHigh
95Argument_xxxxxxxxxpredictiveMedium
96Input Value"><xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh
97Input Value'"--></xxxxx></xxxxxx><xxxxxx>xxxxx(x)</xxxxxx>predictiveHigh
98Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
99Input Value<xxx xxx=x xxxxxxx=xxxxxx(x)>predictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you want to use VulDB in your project?

Use the official API to access entries easily!