STTEAM Analysis

Activities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Lang

en28
de9
fr1
es1

Country

Actors

Activities

Interest

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemCTICVE
1WordPress sql injection7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.05CVE-2011-3130
2Apache Tomcat CORS Filter 7pk security8.58.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2018-8014
3Apache HTTP Server suEXEC Feature .htaccess information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.03
4Microsoft Office Object data processing7.06.3$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2017-8570
5TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.03
6nginx HTTP2 resource consumption6.46.1$0-$5k$0-$5kNot DefinedOfficial Fix0.05CVE-2018-16844
7Qualcomm Snapdragon Auto out-of-bounds read6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-3700
8Microsoft IIS FTP Server memory corruption7.57.2$25k-$100k$0-$5kHighOfficial Fix0.09CVE-2010-3972
9OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.58CVE-2016-6210
10QNAP QTS memory corruption8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.07CVE-2017-17032
11QNAP QTS input validation8.58.5$0-$5k$0-$5kNot DefinedNot Defined0.03CVE-2019-7193
12Dovecot link following5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.04CVE-2008-1199
13Dovecot Access Restriction access control4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.03CVE-2010-3779
14Redmine Redmine.pm 7pk security6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.06CVE-2017-15575
15Image Sharing Script followBoard.php Error sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.04
16Synology Photo Station synophoto_csPhotoDB.php sql injection8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.03CVE-2019-11821
17e107 CMS clock_menu.php cross site scriting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.00CVE-2004-2040
18OTManager CMS index.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.06CVE-2008-5202
19DragonByte vBShout Module vbshout.php cross site scripting5.24.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.06CVE-2012-6667
20OTManager CMS index.php path traversal7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.06CVE-2008-5201

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsConfidence
146.165.220.223STTEAMHigh

TTP - Tactics, Techniques, Procedures (3)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueVulnerabilitiesAccess VectorConfidence
1T1059.007CWE-79, CWE-80Cross Site ScriptingHigh
2TXXXXCWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxHigh
3TXXXXCWE-XXX7xx Xxxxxxxx XxxxxxxxHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorConfidence
1File.htaccessMedium
2File/ajax-files/followBoard.phpHigh
3File/etc/gsissh/sshd_configHigh
4File/getcfg.phpMedium
5Filexxxxx_xxxx.xxxHigh
6Filexxxxx.xxxMedium
7Filexxxxxxx.xxMedium
8Filexxxxxxxxxxx.xxxHigh
9Filexxxxxxxxx_xxxxxxxxx.xxxHigh
10Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxHigh
11Filexxxxxxx.xxxMedium
12Filexxxxxxxxxxxxxxx.xxxHigh
13Filexxxx/xx_xxxxxxx.xxxHigh
14Filexxxxx/xxxxx.xxHigh
15Filexxxxxx.xxxMedium
16Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxHigh
17ArgumentxxxxxLow
18ArgumentxxxxxxxxMedium
19ArgumentxxxxxxxxxMedium
20Argumentxxx_xxxLow
21ArgumentxxxxxxxxMedium
22ArgumentxxxLow
23ArgumentxxxxxxxxMedium
24ArgumentxxxxxLow
25ArgumentxxxxLow
26ArgumentxxxLow
27Argumentxxxx->xxxxxxxHigh
28Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxHigh
29Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxHigh
30Network Portxxx xxxxxx xxxxHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

Do you want to use VulDB in your project?

Use the official API to access entries easily!