Stealc
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:38
- Modified
- 25/06/2026 17:33
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 76 attack patterns (mitre), 1 intrusion sets (apt), 7 sectors, 12 countries, 99 indicators, 5 vulnerabilities (cve), 34 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (76)
-
T1557.001 usesLLMNR/NBT-NS Poisoning and SMB Relay MITRE
-
T1497 usesVirtualization/Sandbox Evasion MITRE
-
T1562.004 usesDisable or Modify System Firewall MITRE
-
T1203 usesExploitation for Client Execution MITRE
-
T1195 usesSupply Chain Compromise MITRE
-
T1137 usesOffice Application Startup MITRE
-
T1566.001 usesSpearphishing Attachment MITRE
-
T1105 usesIngress Tool Transfer MITRE
-
T1528 usesSteal Application Access Token MITRE
-
T1106 usesNative API MITRE
-
T1608.001 usesUpload Malware MITRE
-
T1444 MITRE
Intrusion sets (APT) (1)
-
Marko Polo usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (7)
-
Entertainment industry targets
-
Hospitality targets
-
Retail targets
-
Energy targets
-
Government targets
-
Transportation targets
-
Insurance services targets
Countries (12)
-
Bangladesh targets
-
Germany targets
-
United Arab Emirates targets
-
Poland targets
-
Iran, Islamic Republic of targets
-
Tunisia targets
-
Italy targets
-
Serbia targets
-
Peru targets
-
Bahrain targets
-
United States of America targets
-
Dominican Republic targets
Indicators (99)
-
stix 100/100· Valid until 15/02/2027 · Source: AlienVault
-
stix 100/100· Valid until 15/02/2027 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 26/04/2026 · Source: AlienVault
-
http://fidmcjejlilflg.top/indicatesstix 100/100 Revoked· Valid until 15/06/2025 · Source: AlienVault -
stix 100/100 Revoked· Valid until 08/04/2023 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 25/12/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 08/04/2023 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 09/12/2025 · Source: AlienVault
Vulnerabilities (CVE) (5)
Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code …
- Published
- 02/06/2022
- Modified
- 27/05/2026
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An …
- Published
- 14/06/2022
- Modified
- 27/05/2026
Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to …
- Attack vector
- Network
- Published
- 05/10/2023
- Modified
- 21/12/2025
Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.
- Published
- 06/02/2025
- Modified
- 21/12/2025
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code …
- Published
- 03/11/2021
- Modified
- 27/05/2026
Reports (34)
-
10 MITREs 4 Malwares 3 Observables
-
8 MITREs 2 Malwares 12 Observables 1 APT
-
24 MITREs 3 Malwares 147 Observables 1 APT
-
16 MITREs 1 Malware 9 Observables
-
9 MITREs 5 Malwares 9 Observables
-
7 CVEs 7 MITREs 10 Malwares 5 Observables 1 APT
-
10 MITREs 10 Malwares 39 Observables
-
16 MITREs 7 Malwares
-
12 MITREs 1 Malware
-
14 MITREs 1 Malware 17 Observables
-
5 Malwares 1 APT
-
18 MITREs 7 Malwares