STTEAM Analysis

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en32
de6
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

QNAP QTS4
Apache HTTP Server2
Joomla CMS2
OTManager CMS2
D-Link DIR-6452

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTIEPSSCVE
1WordPress sql injection7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.000.01018CVE-2011-3130
2Apache Tomcat CORS Filter 7pk security8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.07767CVE-2018-8014
3Apache HTTP Server suEXEC Feature .htaccess information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.020.00000
4Microsoft Office Object data processing7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.020.90147CVE-2017-8570
5TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00000
6nginx HTTP2 resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01537CVE-2018-16844
7Qualcomm Snapdragon Auto out-of-bounds6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000.01086CVE-2020-3700
8Microsoft IIS FTP Server memory corruption7.57.2$25k-$100k$0-$5kHighOfficial Fix0.060.83715CVE-2010-3972
9OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.110.49183CVE-2016-6210
10QNAP QTS memory corruption8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.02166CVE-2017-17032
11QNAP QTS input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.020.01055CVE-2019-7193
12Dovecot link following5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.040.01547CVE-2008-1199
13Dovecot Access Restriction access control4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.01232CVE-2010-3779
14Redmine Redmine.pm 7pk security6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.020.01136CVE-2017-15575
15Image Sharing Script followBoard.php Error sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.050.00000
16Synology Photo Station synophoto_csPhotoDB.php sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.010.01055CVE-2019-11821
17e107 CMS clock_menu.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.010.05649CVE-2004-2040
18OTManager CMS index.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.020.01213CVE-2008-5202
19DragonByte vBShout Module vbshout.php cross site scripting5.24.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.020.02173CVE-2012-6667
20OTManager CMS index.php path traversal7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.060.01213CVE-2008-5201

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsTypeConfidence
146.165.220.223STTEAMverifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorTypeConfidence
1T1006CWE-22Pathname TraversalpredictiveHigh
2T1059.007CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCWE-XXXXxx.xxx Xxxxxxxxxxxxxxxx: Xxxxxxxx Xx Xxxxxxxxxxxxx XxxxpredictiveHigh
7TXXXX.XXXCWE-XXXXxxxxxxxpredictiveHigh
8TXXXXCWE-XXXXxxxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/ajax-files/followBoard.phppredictiveHigh
3File/etc/gsissh/sshd_configpredictiveHigh
4File/getcfg.phppredictiveMedium
5Filexxxxx_xxxx.xxxpredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxx.xxpredictiveMedium
8Filexxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxx/xx_xxxxxxx.xxxpredictiveHigh
14Filexxxxx/xxxxx.xxpredictiveHigh
15Filexxxxxx.xxxpredictiveMedium
16Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
17ArgumentxxxxxpredictiveLow
18ArgumentxxxxxxxxpredictiveMedium
19ArgumentxxxxxxxxxpredictiveMedium
20Argumentxxx_xxxpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium
22ArgumentxxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxxpredictiveLow
25ArgumentxxxxpredictiveLow
26ArgumentxxxpredictiveLow
27Argumentxxxx->xxxxxxxpredictiveHigh
28Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
29Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
30Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Might our Artificial Intelligence support you?

Check our Alexa App!