STTEAM تحليل

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

اللغة

en	26
de	10
fr	2
es	2

البلد

us	28
ir	4
es	2
cz	2
fr	2

الفاعلين

STTEAM	1
Ramnit	1
Expiro	1

الاهتمام

النوع

Content Management System	10
Web Server	6
Router Operating System	4
Not Defined	4
Application Server Software	2

المجهز

Not Defined	12
Apache	6
TP-LINK	4
OTManager	2
Apptha	2

منتج

Apache HTTP Server	4
nginx	2
OTManager CMS	2
Apache Tomcat	2
TP-LINK TL-WR740N	2

الثغرات

#	الثغرة	Base	Temp	0day	اليوم	ق�	معالجة	CTI	EPSS	CVE
1	WordPress حقن إس كيو إل	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00175	CVE-2011-3130
2	Apache Tomcat CORS Filter تجاوز الصلاحيات	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.02	0.07849	CVE-2018-8014
3	Apache HTTP Server suEXEC Feature .htaccess الكشف عن المعلومات	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.03	0.00000
4	Microsoft Office Object Remote Code Execution	7.0	6.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.02	0.97339	CVE-2017-8570
5	TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.00000
6	nginx HTTP/2 الحرمان من الخدمة	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.02974	CVE-2018-16844
7	Qualcomm Snapdragon Auto الكشف عن المعلومات	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00	0.00153	CVE-2020-3700
8	Microsoft IIS FTP Server تلف الذاكرة	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.07	0.96872	CVE-2010-3972
9	OpenSSH Authentication Username الكشف عن المعلومات	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.00	0.10737	CVE-2016-6210
10	QNAP QTS تلف الذاكرة	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.04	0.03118	CVE-2017-17032
11	QNAP QTS تجاوز الصلاحيات	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.06	0.12427	CVE-2019-7193
12	Dovecot تجاوز الصلاحيات	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00	0.00044	CVE-2008-1199
13	Dovecot Access Restriction تجاوز الصلاحيات	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.00223	CVE-2010-3779
14	Redmine Redmine.pm تجاوز الصلاحيات	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03	0.00397	CVE-2017-15575
15	Image Sharing Script followBoard.php Error حقن إس كيو إل	6.3	5.7	$0-$5k	جاري الحساب	Proof-of-Concept	Not Defined	0.02	0.00000
16	Synology Photo Station synophoto_csPhotoDB.php حقن إس كيو إل	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02	0.00074	CVE-2019-11821
17	e107 CMS clock_menu.php سكربتات مشتركة	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.02	0.01706	CVE-2004-2040
18	OTManager CMS index.php سكربتات مشتركة	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00	0.00220	CVE-2008-5202
19	DragonByte vBShout Module vbshout.php سكربتات مشتركة	5.2	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00	0.01440	CVE-2012-6667
20	OTManager CMS index.php اجتياز الدليل	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00	0.00788	CVE-2008-5201

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	عنوان بروتوكول الإنترنت	Hostname	ممثل	حملات	Identified	النوع	الثقة
1	46.165.220.223		STTEAM		01/01/2021	verified	عالي

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	الثغرات	متجه الوصول	النوع	الثقة
1	T1006	CWE-22	Path Traversal	predictive	عالي
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	عالي
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	عالي
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	عالي
6	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	عالي
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	عالي
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	عالي

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	الفئة	Indicator	النوع	الثقة
1	File	.htaccess	predictive	متوسط
2	File	/ajax-files/followBoard.php	predictive	عالي
3	File	/etc/gsissh/sshd_config	predictive	عالي
4	File	/getcfg.php	predictive	متوسط
5	File	xxxxx_xxxx.xxx	predictive	عالي
6	File	xxxxx.xxx	predictive	متوسط
7	File	xxxxxxx.xx	predictive	متوسط
8	File	xxxxxxxxxxx.xxx	predictive	عالي
9	File	xxxxxxxxx_xxxxxxxxx.xxx	predictive	عالي
10	File	xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxx	predictive	عالي
11	File	xxxxxxx.xxx	predictive	متوسط
12	File	xxxxxxxxxxxxxxx.xxx	predictive	عالي
13	File	xxxx/xx_xxxxxxx.xxx	predictive	عالي
14	File	xxxxx/xxxxx.xx	predictive	عالي
15	File	xxxxxx.xxx	predictive	متوسط
16	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	عالي
17	Argument	xxxxx	predictive	واطئ
18	Argument	xxxxxxxx	predictive	متوسط
19	Argument	xxxxxxxxx	predictive	متوسط
20	Argument	xxx_xxx	predictive	واطئ
21	Argument	xxxxxxxx	predictive	متوسط
22	Argument	xxx	predictive	واطئ
23	Argument	xxxxxxxx	predictive	متوسط
24	Argument	xxxxx	predictive	واطئ
25	Argument	xxxx	predictive	واطئ
26	Argument	xxx	predictive	واطئ
27	Argument	xxxx->xxxxxxx	predictive	عالي
28	Input Value	' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxx	predictive	عالي
29	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	عالي
30	Network Port	xxx xxxxxx xxxx	predictive	عالي

المصادر (2)

The following list contains external sources which discuss the actor and the associated activities:

التالي ▸نظرة عامة◂ السابق

Do you know our Splunk app?

Download it now for free!