Stowaway 解析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (51)

タイムライン

言語

en36
es8
zh4
it2
fr2

国・地域

us28
ir8
fr6
pt4
cn2

アクター

Stowaway2
Responder1

アクティビティ

関心

タイムライン

タイプ

Not Defined16
Content Management System8
Groupware Software6
Operating System6
Application Server Software2

ベンダー

Not Defined20
Microsoft6
Linux4
UAEPD2
Apache2

製品

Linux Kernel4
Grafana2
UAEPD Shopping Cart Script2
Apache Tomcat2
WordPress2

脆弱性

#脆弱性BaseTemp0day本日修復EPSSCTICVE
1zhenfeng13 My-Blog Blog Management Page クロスサイトスクリプティング4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000530.03CVE-2023-29636
2Apache HTTP Server mod_proxy_ftp Remote Code Execution8.08.0$25k-$100k$5k-$25kNot DefinedNot Defined0.001730.00CVE-2020-1934
3nginx 特権昇格6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002413.60CVE-2020-12440
4Apache Tomcat Application Listener 特権昇格8.28.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003560.06CVE-2017-5648
5jQuery Property extend Pollution クロスサイトスクリプティング6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.07CVE-2019-11358
6Twig Template ディレクトリトラバーサル6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003290.02CVE-2022-39261
7LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.00
8WP Rocket Plugin ディレクトリトラバーサル6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001540.03CVE-2017-11658
9Joomla CMS com_contact 特権昇格6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000770.00CVE-2019-15028
10Microsoft Outlook サービス拒否5.95.1$5k-$25k$0-$5kUnprovenOfficial Fix0.000670.00CVE-2022-35742
11WordPress Installation functions.php is_blog_installed 特権昇格8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.024210.04CVE-2020-28037
12PHP-Fusion register.php SQLインジェクション7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007250.00CVE-2005-3161
13fileNice Search Box index.php クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002200.00CVE-2010-5031
14OpenSSH scp scp.c 特権昇格6.46.4$25k-$100k$5k-$25kNot DefinedUnavailable0.002890.18CVE-2020-15778
15Adobe Connect Server AMF Message 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.014360.02CVE-2021-40719
16WordPress URL 特権昇格8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015300.02CVE-2019-17669
17mod_ssl SSLVerifyClient Remote Code Execution9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002140.02CVE-2005-2700
18PHP Link Directory Administration Page index.html クロスサイトスクリプティング4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.29CVE-2007-0529
19Laravel PendingBroadcast.php dispatch 特権昇格6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.02CVE-2022-30778
20Microsoft Windows LSA Remote Code Execution8.17.4$100k 以上$5k-$25kUnprovenOfficial Fix0.906170.00CVE-2022-26925

キャンペーン (1)

These are the campaigns that can be associated with the actor:

  • Ukraine Government

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIPアドレスHostnameアクターキャンペーンIdentifiedタイプ信頼度
191.205.230.66StowawayUkraine Government2022年12月20日verified
2XXX.XXX.XX.XXXXxxxxxxxXxxxxxx Xxxxxxxxxx2022年12月20日verified

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueクラス脆弱性アクセスベクタータイプ信頼度
1T1006CAPEC-126CWE-22Path Traversalpredictive
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath Expressionspredictive
3TXXXX.XXXCAPEC-209CWE-XX, CWE-XXXxxxx Xxxx Xxxxxxxxxpredictive
4TXXXXCAPEC-122CWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
5TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx Xxxxxxxxxpredictive
6TXXXX.XXXCAPEC-178CWE-XXXXxxx Xxxxxxxxpredictive
7TXXXXCAPEC-108CWE-XXXxx Xxxxxxxxxpredictive
8TXXXXCAPEC-50CWE-XXX, CWE-XXXXxxxxxxxxxx Xxxxxxxxxxpredictive
9TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx Xxxxxxxxxxpredictive
10TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxxpredictive

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDクラスIndicatorタイプ信頼度
1File/etc/skyring/skyring.confpredictive
2File/forum/away.phppredictive
3File/public/plugins/predictive
4Fileapi/v1/registrypredictive
5Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictive
6Filexxxxxxx/xxxxx.xxxxx.xxxpredictive
7Filexxx.xxxpredictive
8Filexxxxxxx/xxxx/xxxxxxxxx/xxxxxxxxx_xxxxx.xpredictive
9Filexx/xxxxx.xpredictive
10Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictive
11Filexxxxx.xxxxpredictive
12Filexxxxx.xxxpredictive
13Filexxx/xxxx.xxxpredictive
14Filexxxxxxxx.xxxx.xxpredictive
15Filexxxxxxxx.xxxpredictive
16Filexxxxxxxx.xxxpredictive
17Filexxx.xpredictive
18Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictive
19Argumentxxx_xxpredictive
20Argumentxxxxxxxxpredictive
21Argumentxxxxxxxxxxxpredictive
22Argumentxxpredictive
23Argumentxxxxxxxpredictive
24Argumentxxxxxpredictive
25Argumentxxxpredictive
26Argumentxxxxxxxpredictive
27Input Value.%xx.../.%xx.../predictive

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

概要

Might our Artificial Intelligence support you?

Check our Alexa App!