AgentTesla Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (1000)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en640
de90
sv60
pl42
it38

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us976
ru6
cn4
nl2
ir2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AgentTesla5
Mirai4
Cobalt Strike3
RedLine Stealer3
Nanocore RAT2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined76
Content Management System28
Operating System6
Jenkins Plugin4
Router Operating System4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined52
SourceCodester10
Esoftpro8
Pligg4
Microsoft4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Esoftpro Online Guestbook Pro8
PHP-Fusion4
Active Directory Plugin4
Pligg CMS4
Microsoft Windows4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1TikiWiki tiki-register.php input validation7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.0107510.00CVE-2006-6168
2Tiki Admin Password tiki-login.php improper authentication8.07.7$0-$5k$0-$5kNot DefinedOfficial Fix0.0093610.00CVE-2020-15906
3DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.95CVE-2010-0966
4Pligg cloud.php sql injection6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000000.58
5SPIP spip.php cross site scripting3.53.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.33CVE-2022-28959
6Joomla CMS com_easyblog sql injection6.36.1$5k-$25k$5k-$25kNot DefinedNot Defined0.000000.36
7WP-ViperGB Plugin remove_query_arg cross site scripting5.25.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000660.04CVE-2015-9356
8MGB OpenSource Guestbook email.php sql injection7.37.3$0-$5k$0-$5kHighUnavailable0.013020.76CVE-2007-0354
9DZCP deV!L`z Clanportal browser.php information disclosure5.35.0$0-$5k$0-$5kProof-of-ConceptNot Defined0.027330.73CVE-2007-1167
10Citrix NetScaler ADC/NetScaler Gateway OpenID openid-configuration ns_aaa_oauthrp_send_openid_config CitrixBleed memory corruption8.38.2$25k-$100k$0-$5kHighOfficial Fix0.967100.00CVE-2023-4966
11Advisto Peel SHOPPING caddie_ajout.php cross-site request forgery6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.001180.04CVE-2018-20848
12V-EVA Press Release Script page.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.001870.15CVE-2010-5047
13Qt-cute QuickTalk guestbook qtg_msg_view.php sql injection7.37.1$0-$5k$0-$5kHighUnavailable0.003060.00CVE-2007-3538
14ReVou Micro Blogging Twitter clone Logging sql injection7.37.0$0-$5k$0-$5kHighOfficial Fix0.000640.02CVE-2008-7083
15eSyndicat Directory Software suggest-listing.php cross site scripting3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000002.30
16Arthmoor QSF-Portal index.php path traversal5.45.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000730.07CVE-2019-25099
17TikiWiki tiki-index.php path traversal7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.014140.44CVE-2007-5684
18OxWall cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.036380.08CVE-2012-0872
19Remote Clinic register.php cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000780.00CVE-2021-30044
20Avatic Aardvark Topsites PHP lostpw.php file inclusion6.56.2$0-$5k$0-$5kProof-of-ConceptNot Defined0.038420.07CVE-2006-2149

IOC - Indicator of Compromise (22)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
13.4.1.4AgentTesla04/20/2020verifiedHigh
223.94.239.8923-94-239-89-host.colocrossing.comAgentTesla04/03/2024verifiedHigh
345.67.228.51vm1700022.stark-industries.solutionsAgentTesla10/23/2023verifiedHigh
482.115.209.180AgentTesla04/03/2024verifiedHigh
589.47.1.10AgentTesla10/23/2023verifiedHigh
6XX.XXX.XX.XXXXxxxxxxxxx01/19/2024verifiedHigh
7XXX.XXX.XXX.XXXXxxxxxxxxx01/19/2024verifiedHigh
8XXX.XX.XX.XXXxxxxxxxxx10/23/2023verifiedHigh
9XXX.XX.XX.XXXxxxxxxxxx10/23/2023verifiedHigh
10XXX.XXX.XX.XXxxx-xxx-xx-xx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx04/03/2024verifiedHigh
11XXX.XXX.X.XXXXxxxxxxxxx10/23/2023verifiedHigh
12XXX.XXX.XXX.XXXXxxxxxxxxx10/23/2023verifiedHigh
13XXX.XXX.XX.XXXXxxxxxxxxx10/23/2023verifiedHigh
14XXX.XXX.XXX.XXXxxxxxxxxxx-x.xxx-xxxxxxx.xxxXxxxxxxxxx10/23/2023verifiedHigh
15XXX.XX.XX.XXXxxxxxxxxx10/23/2023verifiedHigh
16XXX.XX.XXX.XXXxxxxxxxxx10/23/2023verifiedHigh
17XXX.XXX.XXX.XXXxxx-xxx-xxx-xxx-xxx.xxxxxx.xxxXxxxxxxxxx10/23/2023verifiedHigh
18XXX.X.XX.XXXxxx-x-xx-xxx-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx04/03/2024verifiedHigh
19XXX.XXX.XXX.Xxxx-xxx-xxx-x-xxxx.xxxxxxxxxxxx.xxxXxxxxxxxxx04/03/2024verifiedHigh
20XXX.XXX.X.XXXXxxxxxxxxx10/23/2023verifiedHigh
21XXX.XXX.XXX.XXxxxxxxxxx10/23/2023verifiedHigh
22XXX.XXX.XXX.XXXxxxxxxxxx04/03/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (13)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
5TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-50CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
12TXXXXCAPEC-CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (125)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/maintenance/view_designation.phppredictiveHigh
2File/admin/save_teacher.phppredictiveHigh
3File/backend/register.phppredictiveHigh
4File/cgi-bin/login.cgipredictiveHigh
5File/cgi-bin/nas_sharing.cgipredictiveHigh
6File/cgi-bin/vitogate.cgipredictiveHigh
7File/control/register_case.phppredictiveHigh
8File/netflow/servlet/CReportPDFServletpredictiveHigh
9File/oauth/idp/.well-known/openid-configurationpredictiveHigh
10File/Setting/change_password_savepredictiveHigh
11File/show_news.phppredictiveHigh
12File/spip.phppredictiveMedium
13File/userLogin.asppredictiveHigh
14Fileadclick.phppredictiveMedium
15Fileaddentry.phppredictiveMedium
16Fileadmin.php3predictiveMedium
17Fileadmin/conf_users_edit.phppredictiveHigh
18Filexxx/xxxxxxxxxxx/xxxxx.xxpredictiveHigh
19Filexxxx.xpredictiveLow
20Filexxx.xxxpredictiveLow
21Filexxx-xxxxxxx.xxxxpredictiveHigh
22Filexxxxxxx/xxxxxx.xxxpredictiveHigh
23Filexxxxxxxxxx_xxxxx.xxxpredictiveHigh
24Filexxxxx.xxxpredictiveMedium
25Filexxxxx-xxxxxxx.xxxpredictiveHigh
26Filexxxxxx.xxxpredictiveMedium
27Filexxxxxxx.xxxpredictiveMedium
28Filexxxxxxxxx.xxxpredictiveHigh
29Filexxxxx.xxxpredictiveMedium
30Filexx/xxxxx/xxxxxx_xxxxx.xxxpredictiveHigh
31Filexxxxxxxx-xxxxxx-xxxxxx.xxxpredictiveHigh
32Filexxxxx.xxxpredictiveMedium
33Filexxxxxxxxx.xxxpredictiveHigh
34Filexx/xxx/xxxx_xxxxx.xpredictiveHigh
35Filexxx/xxxxxx.xxxpredictiveHigh
36Filexxx/xxxxxxxxxxx/xxxxxxx.xxxpredictiveHigh
37Filexxxxx.xxxpredictiveMedium
38Filexxxxxxxxx/xxxxxx_xxxx_xxxxx/xxxx_xxxxx.xxxpredictiveHigh
39Filexxxxx/xxxxx.xxxpredictiveHigh
40Filexxxxx.xxxxpredictiveMedium
41Filexxxxx.xxxpredictiveMedium
42Filexxxxxxxx.xxxpredictiveMedium
43Filexxxxx/xxxxxxxx.xxxpredictiveHigh
44Filexxxxxx.xxxpredictiveMedium
45Filexxx/xxxxxxxxx/xxxxx/xx_xxx_xxxx_xxxxxxxxxx.xpredictiveHigh
46Filexxx_xxxx.xxxpredictiveMedium
47Filexxxxxxx_xxx.xxxpredictiveHigh
48Filexxxx.xxxpredictiveMedium
49Filexxx-xxxxxxxx.xxxpredictiveHigh
50Filexxx_xxx_xxxx.xxxpredictiveHigh
51Filexxxxxxxx.xxxpredictiveMedium
52Filexxxxxxxx.xxxpredictiveMedium
53Filexxxxxxxx/xxxxx/xxxxxxxx?xxxxxxxxpredictiveHigh
54Filexxxxxxxx_xxxx.xxxpredictiveHigh
55Filexxxxxxxxxx_xxxxx.xxxxxxpredictiveHigh
56Filexxxxxxx/xxxxxx.xxxpredictiveHigh
57Filexxxxx/xxxxxxxx.xxxpredictiveHigh
58Filexxxxxxx-xxxxxxx.xxxpredictiveHigh
59Filexxxxxxx_xxxxxxxx.xxxpredictiveHigh
60Filexxxxxxxx.xxxxx.xxxpredictiveHigh
61Filexxxx-xxxx_xxxx_xxxxxxx.xxxpredictiveHigh
62Filexxxx-xxxxx.xxxpredictiveHigh
63Filexxxx-xxxxxxxx.xxxpredictiveHigh
64Filexxxx-xxxxx.xxxpredictiveHigh
65Filexxxx-xxxxxxxx.xxxpredictiveHigh
66Filexxxxxxxxxx.xxxpredictiveHigh
67Filexxxxx/xxxxxxxxxx/xxxxxxxxxx_xxxxx_xxxxxxxxxxpredictiveHigh
68Filexxxxx/xxxxxxxx-xxxxxxxxx.xxxpredictiveHigh
69Filexxxx-xxxxxxx-xxxxxx.xxxpredictiveHigh
70Filexxxx/xxxxxxxx.xxxpredictiveHigh
71Filexxxx_xxxxxx.xxxpredictiveHigh
72Filexx-xxxxx.xxxpredictiveMedium
73Filexx-xxxxxxxxx.xxxpredictiveHigh
74Argumentxxxxxxxx_xxxxpredictiveHigh
75Argumentxxx/xxxpredictiveLow
76Argumentxxxxxxx_xxpredictiveMedium
77ArgumentxxxxxxxxpredictiveMedium
78ArgumentxxxxxxxpredictiveLow
79ArgumentxxxxxxxxxxpredictiveMedium
80Argumentxxxxxx[xxxx]predictiveMedium
81ArgumentxxxxxxpredictiveLow
82Argumentxxxxxxxxx[x]predictiveMedium
83ArgumentxxxxxxxpredictiveLow
84ArgumentxxxxpredictiveLow
85ArgumentxxxxxpredictiveLow
86Argumentxxxxxxx[]predictiveMedium
87ArgumentxxxxxpredictiveLow
88Argumentxxxxx_xxxpredictiveMedium
89Argumentxxxxx_xx/xxxx_xxxx/xxxxx/xxxxxx/xxxxxxx/xxxxxxpredictiveHigh
90ArgumentxxxxpredictiveLow
91Argumentxxxxx xxxx/xxxx xxxxpredictiveHigh
92ArgumentxxxxxpredictiveLow
93ArgumentxxxxxxpredictiveLow
94Argumentxx_xxpredictiveLow
95ArgumentxxxxpredictiveLow
96ArgumentxxpredictiveLow
97Argumentxxx_xxxxxxxxpredictiveMedium
98ArgumentxxxxpredictiveLow
99ArgumentxxxxxxxxpredictiveMedium
100Argumentxxxxxxxx_xxxpredictiveMedium
101ArgumentxxxxpredictiveLow
102ArgumentxxxxxxxxpredictiveMedium
103ArgumentxxxxpredictiveLow
104Argumentxxxxxxxxx_xxxxxxxx_xxxxpredictiveHigh
105ArgumentxxxxpredictiveLow
106ArgumentxxxxxxxxxxxxxpredictiveHigh
107ArgumentxxxxxxxxxxxxxxpredictiveHigh
108ArgumentxxxxxxxxxxxpredictiveMedium
109ArgumentxxxxxxpredictiveLow
110Argumentxxxxxx_xxxxxxpredictiveHigh
111ArgumentxxxxxxpredictiveLow
112Argumentxxxxxxxx/xxxxxxxxpredictiveHigh
113ArgumentxxxxxxpredictiveLow
114ArgumentxxxpredictiveLow
115ArgumentxxxxxxxxxxxpredictiveMedium
116Argumentxx_xxpredictiveLow
117ArgumentxxxxxpredictiveLow
118Argumentxxxxx/xxxx_xx/xxxxxx_xxxx/xxxxx/xxxx_xxxx/xxxx_xxxxx/xxxxx_xxxx/xxxxxxxxxxx/xxxxxxx_xxxx/xxxxxxx_xxxx/xxxxxxxx_xxxxxx/xxxxx_xxxx/xxxxxxpredictiveHigh
119ArgumentxxxxpredictiveLow
120ArgumentxxxxxpredictiveLow
121Argument_xx_xxxx[xxxx_xxxx]predictiveHigh
122Input Value/%xxpredictiveLow
123Input Valuexxxxxxxxxxxxxxxxxxxxxxxxxxxx+xxxxx+xxxxxx+x,x,xxxx,xxx,x,x+xxxx+xxx_xxxxx+xxxxx+xx=x--+predictiveHigh
124Input Valuexxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x)predictiveHigh
125Input Valuex:\xxxx.xxxpredictiveMedium

References (6)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!