DynamicStealer Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (200)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en122
pl10
sv10
zh10
de10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us18
pl10
sv10
pt8
de8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

BitRAT1
Quasar RAT1
DarkGate1
AsyncRAT1
RisePro1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined76
Operating System14
WordPress Plugin12
Web Browser12
Content Management System10

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined70
SourceCodester10
Tenda10
Microsoft8
Cisco8

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Microsoft Windows8
Google Chrome6
Mozilla Firefox6
Linux Kernel6
Samsung Smart Phone4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Hitachi Energy UNEM R16A inadequate encryption6.76.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.001270.00CVE-2021-40342
2Artifex MuJS jsdate.c MakeDay integer overflow6.56.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001330.00CVE-2017-5628
3Centreon Poller sql injection4.74.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001700.00CVE-2022-41142
4Compuware ISPW Operations Plugin Configuration authorization3.53.5$0-$5k$0-$5kNot DefinedNot Defined0.000540.00CVE-2022-36898
5Qualcomm WSA8835 Boot stack-based overflow8.07.9$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2022-40517
6eprintsug ulcc-core toolbox command injection7.57.4$0-$5k$0-$5kNot DefinedOfficial Fix0.001030.03CVE-2021-4304
7web-cyradm search.php sql injection4.84.8$0-$5k$0-$5kNot DefinedOfficial Fix0.001050.12CVE-2007-10001
8Google Chrome Paint cross-domain policy5.35.2$25k-$100k$5k-$25kNot DefinedOfficial Fix0.001190.00CVE-2022-4025
9Google Chrome Exosphere use after free7.57.4$25k-$100k$5k-$25kNot DefinedOfficial Fix0.013270.00CVE-2022-2742
10Synacor Zimbra Collaboration Suite Classic UI Login Page cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.000680.07CVE-2022-45911
11nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.75CVE-2020-12440
12MediaTek MT8797 meta wifi out-of-bounds4.54.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.00CVE-2022-32641
13b2evolution unrestricted upload5.95.9$0-$5k$0-$5kNot DefinedWorkaround0.000980.00CVE-2022-44036
14Custom Field Template Plugin Imported File code injection5.95.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000850.00CVE-2022-4324
15froxlor argument injection5.45.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000510.00CVE-2022-4864
16TRENDnet TEW755AP do_graph_auth stack-based overflow7.67.6$0-$5k$0-$5kNot DefinedNot Defined0.001900.00CVE-2022-46582
17Google Android information disclosure3.53.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.000000.03CVE-2018-9426
18Photocrati NextGEN Gallery File Upload post-new.php unrestricted upload7.57.5$0-$5k$0-$5kNot DefinedNot Defined0.005830.00CVE-2015-9228
19retra-system cross site scripting4.44.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000540.08CVE-2022-4593
20Kwayy HTML Sitemap Plugin Setting cross site scripting3.63.5$0-$5k$0-$5kNot DefinedOfficial Fix0.000560.00CVE-2022-3835

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
1193.142.146.181DynamicStealer05/01/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (17)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-21, CWE-22, CWE-36Path TraversalpredictiveHigh
2T1059CAPEC-137CWE-88, CWE-94, CWE-1321Argument InjectionpredictiveHigh
3T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
4T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
5TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
6TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxx XxxxxxxxxxxxxpredictiveHigh
10TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
11TXXXXCAPEC-466CWE-XXXXxxxxxx Xxxxxxxxxx Xx Xxx-xxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
14TXXXXCAPEC-116CWE-XXX, CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
15TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
16TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
17TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (76)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/action/ipcamSetParamPostpredictiveHigh
2File/admin/?page=orders/view_orderpredictiveHigh
3File/admin/add_exercises.phppredictiveHigh
4File/admin/baojia_list.phppredictiveHigh
5File/adminui/history_log.phppredictiveHigh
6File/ajax/remove_sniffer_raw_log/predictiveHigh
7File/bin/httpdpredictiveMedium
8File/goform/AddSysLogRulepredictiveHigh
9File/goform/delDhcpRules/predictiveHigh
10File/xxxxxx/xxxxxxxxxxxxxpredictiveHigh
11File/x/xxxxxx?xxxxxxpredictiveHigh
12File/xxxxx/xxxx/xx.xxxpredictiveHigh
13File/xxxxx.xxx?xxxxxx=xxxxxxxx/xxxxxxxxpredictiveHigh
14File/xxxxxxxx/xxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxxxxx.xxxpredictiveMedium
16Filexxxxx.xxxxpredictiveMedium
17Filexxxxx.xxxpredictiveMedium
18Filexxxxx/xxxxxx.xxxpredictiveHigh
19Filexxxx/xxxxxxxxxxxxxxxx.xxxpredictiveHigh
20Filexx_xxxxx_xxxxx.xxxpredictiveHigh
21Filexxxxxxxx/xxxxx.xxxpredictiveHigh
22Filexxx/xxxxxxx/xxxxxxxpredictiveHigh
23Filexxxxxxxxxxx_xxxxpredictiveHigh
24Filexxxxxx.xxpredictiveMedium
25Filexxxx_xxxx.xpredictiveMedium
26Filexxxxxxx/xxxxx/xxx-xxxx/xxx_xxx.xpredictiveHigh
27Filexxxx-xxxxx.xxxpredictiveHigh
28Filexxxxxxxxxxxxxxxxx.xxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
29Filexxxxxxx.xxxpredictiveMedium
30Filexxxxxxxxxxx.xxxpredictiveHigh
31Filexxxxx.xxxpredictiveMedium
32Filexxxxxx.xpredictiveMedium
33Filexx/xxx.xpredictiveMedium
34Filexxx/xxxxxxx/xxxxxxxxxxxxpredictiveHigh
35Filexxx.xxxpredictiveLow
36Filexxxx-xxx.xxxpredictiveMedium
37Filexxxxxxxxxxxxxx.xxxpredictiveHigh
38Filexxxxx.xxxpredictiveMedium
39Filexxxxxx.xxxpredictiveMedium
40Filexxxxxx.xxxpredictiveMedium
41Filexxx_xxxxxxxx.xxxpredictiveHigh
42Filexxx/xxxxxxxxx/xxxxx/xxxxxxx/predictiveHigh
43Filexxx/xxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
44Filexx-xxxxxxxxx.xxxpredictiveHigh
45Libraryxxx/xxxxxxx/xxx.xxpredictiveHigh
46Argumentxxx_xxxpredictiveLow
47ArgumentxxxxxxxxpredictiveMedium
48Argumentxxxx_xxxpredictiveMedium
49ArgumentxxxxpredictiveLow
50ArgumentxxxxpredictiveLow
51Argumentxxxxxx_xxxxxxxxpredictiveHigh
52Argumentxxxx_xxxpredictiveMedium
53Argumentxxxxx/xxxxx/xxxxxxpredictiveHigh
54Argumentxxxxxxxx_xxxxxpredictiveHigh
55Argumentxxxx/xxpredictiveLow
56ArgumentxxxxpredictiveLow
57ArgumentxxpredictiveLow
58ArgumentxxxxxxxpredictiveLow
59Argumentxxxxx_xxxxpredictiveMedium
60ArgumentxxxxpredictiveLow
61ArgumentxxxxpredictiveLow
62ArgumentxxxxxxxxpredictiveMedium
63ArgumentxxxxpredictiveLow
64Argumentxxxxx_xxxx_xxxxpredictiveHigh
65ArgumentxxxxxxxxpredictiveMedium
66ArgumentxxxxxxxxxxxxpredictiveMedium
67ArgumentxxxxxxxxxxxxxxpredictiveHigh
68Argumentxx_xxpredictiveLow
69Argumentxxxx_xxxxpredictiveMedium
70ArgumentxxxpredictiveLow
71Argumentxxxx-xxxxxpredictiveMedium
72ArgumentxxxxxxxxpredictiveMedium
73Argumentxxxxxxxx/xxxxpredictiveHigh
74Argumentxxxx_xxpredictiveLow
75ArgumentxxxxxxxxxxxxxpredictiveHigh
76Input Value%xxpredictiveLow

References (1)

The following list contains external sources which discuss the actor and the associated activities:

Samples (1)

The following list contains associated samples:

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!