STOP 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

言語

en	20

国・地域

de	10
us	2

アクター

STOP	3
Mirai	2
Cobalt Strike	2
Remcos	2
AsyncRAT	2

関心

タイプ

Not Defined	12
WordPress Plugin	2
Operating System	2
Automation Software	2

ベンダー

Not Defined	8
Microsoft	4
Lesterchan	2
IBM	2
Vmware	2

製品

Lesterchan wp-postratings	2
IBM i2 Analyze	2
Microsoft Windows	2
Microsoft Xamarin.Forms	2
Paid Memberships Pro	2

脆弱性

#	脆弱性	Base	Temp	0day	本日	悪	修復	EPSS	CTI	CVE
1	Vmware Workspace ONE Access 特権昇格	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2022-22973
2	Microsoft Windows DNS Server 競合状態	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00628	0.00	CVE-2023-28305
3	VMware vCenter Server/Cloud Foundation URL Request 特権昇格	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00119	0.02	CVE-2022-22982
4	PCRE2 Regular Expression pcre2_jit_compile.c compile_xclass_matchingpath 情報の漏洩	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00353	0.02	CVE-2022-1586
5	Guzzle Set-Cookie Header 特権昇格	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00228	0.02	CVE-2022-29248
6	vim 情報の漏洩	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00122	0.00	CVE-2022-1851
7	Microsoft Xamarin.Forms Android WebView 特権昇格	6.1	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00128	0.00	CVE-2020-16873
8	Adobe Acrobat Reader AcroForms メモリ破損	7.0	6.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01348	0.00	CVE-2021-40726
9	Corero SecureWatch Managed Services HTTP API Endpoint get_snapshot ディレクトリトラバーサル	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.00	CVE-2021-38136
10	Post Grid Plugin Slider Import Search クロスサイトスクリプティング	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00297	0.00	CVE-2021-24488
11	IBM i2 Analyze 情報の漏洩	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2021-29784
12	Apple watchOS WebKit メモリ破損	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00417	0.00	CVE-2021-30795
13	Lesterchan wp-postratings wp-postratings.php 特権昇格	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00181	0.02	CVE-2011-4646
14	phpList Bounce Rules クロスサイトスクリプティング	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2020-36399
15	phpwcms setup.php 特権昇格	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00446	0.00	CVE-2020-21784
16	Paid Memberships Pro SQLインジェクション	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00254	0.00	CVE-2021-20678
17	GENIVI dlt-daemon Config File サービス拒否	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00107	0.00	CVE-2021-29507
18	ampleShop category.cfm SQLインジェクション	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00621	0.02	CVE-2006-2038

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IPアドレス	Hostname	アクター	Identified	タイプ	信頼度
1	45.133.1.107		STOP	2024年03月18日	verified	高
2	49.12.226.201	static.201.226.12.49.clients.your-server.de	STOP	2024年03月18日	verified	高
3	XXX.XXX.XX.XXX		Xxxx	2024年03月18日	verified	高
4	XXX.XXX.XX.XXX		Xxxx	2024年03月18日	verified	高
5	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xx	Xxxx	2023年11月09日	verified	高
6	XXX.XXX.XX.XX		Xxxx	2023年11月09日	verified	高
7	XXX.XX.XXX.XX		Xxxx	2023年11月09日	verified	高

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	クラス	脆弱性	アクセスベクター	タイプ	信頼度
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	高
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	高
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	高
4	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CAPEC-215	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	クラス	Indicator	タイプ	信頼度
1	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	高
2	File	/phpwcms/setup/setup.php	predictive	高
3	File	xxxxxxxx.xxx	predictive	中
4	File	xxxxx_xxx_xxxxxxx.x	predictive	高
5	File	xx-xxxxxxxxxxx.xxx	predictive	高
6	Argument	xxx	predictive	低
7	Argument	xxxxx	predictive	低
8	Argument	xxxx_xxxx	predictive	中
9	Argument	xxx	predictive	低

参考 (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ 前概要次 ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!