Stowaway Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (51)

Zeitverlauf

Sprache

en28
es12
fr4
zh4
ru2

Land

us30
fr10
ir4
es4
pt2

Akteure

Stowaway2
Responder1

Aktivitäten

Interesse

Zeitverlauf

Typ

Not Defined16
Content Management System10
Application Server Software4
Operating System4
Groupware Software2

Hersteller

Not Defined20
Microsoft6
Apache4
LogicBoard2
Adobe2

Produkt

Microsoft Outlook2
mod_ssl2
Grafana2
Joomla!2
Apache HTTP Server2

Schwachstellen

#SchwachstelleBaseTemp0dayHeuteAusMasCTIEPSSCVE
1zhenfeng13 My-Blog Blog Management Page Cross Site Scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.030.00053CVE-2023-29636
2Apache HTTP Server mod_proxy_ftp Remote Code Execution8.08.0$25k-$100k$5k-$25kNot DefinedNot Defined0.000.00173CVE-2020-1934
3nginx erweiterte Rechte6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.090.00241CVE-2020-12440
4Apache Tomcat Application Listener erweiterte Rechte8.28.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.060.00356CVE-2017-5648
5jQuery Property extend Pollution Cross Site Scripting6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.030.03625CVE-2019-11358
6Twig Template Directory Traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.020.00337CVE-2022-39261
7LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable3.820.00000
8WP Rocket Plugin Directory Traversal6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.040.00154CVE-2017-11658
9Joomla CMS com_contact erweiterte Rechte6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.040.00077CVE-2019-15028
10Microsoft Outlook Denial of Service5.95.1$5k-$25k$0-$5kUnprovenOfficial Fix0.000.00067CVE-2022-35742
11WordPress Installation functions.php is_blog_installed erweiterte Rechte8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.02421CVE-2020-28037
12PHP-Fusion register.php SQL Injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000.00725CVE-2005-3161
13fileNice Search Box index.php Cross Site Scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.000.00220CVE-2010-5031
14OpenSSH scp scp.c erweiterte Rechte6.46.4$25k-$100k$25k-$100kNot DefinedUnavailable0.030.00289CVE-2020-15778
15Adobe Connect Server AMF Message erweiterte Rechte8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.020.01436CVE-2021-40719
16WordPress URL erweiterte Rechte8.58.4$5k-$25kWird berechnetNot DefinedOfficial Fix0.020.01530CVE-2019-17669
17mod_ssl bis 2.8.24 SSLVerifyClient optional erweiterte Rechte9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.020.00214CVE-2005-2700
18PHP Link Directory Administration Page index.html Cross Site Scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.480.00374CVE-2007-0529
19Laravel PendingBroadcast.php dispatch erweiterte Rechte6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.020.00049CVE-2022-30778
20Microsoft Windows LSA Remote Code Execution8.17.4$100k und mehr$5k-$25kUnprovenOfficial Fix0.000.90617CVE-2022-26925

Kampagnen (1)

These are the campaigns that can be associated with the actor:

  • Ukraine Government

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP-AdresseHostnameAkteurKampagnenIdentifiziertTypAkzeptanz
191.205.230.66StowawayUkraine Government20.12.2022verifiziertHigh
2XXX.XXX.XX.XXXXxxxxxxxXxxxxxx Xxxxxxxxxx20.12.2022verifiziertHigh

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueSchwachstellenZugriffsartTypAkzeptanz
1T1006CWE-22Path TraversalprädiktivHigh
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionsprädiktivHigh
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxprädiktivHigh
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxprädiktivHigh
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxprädiktivHigh
7TXXXXCWE-XXXxx XxxxxxxxxprädiktivHigh
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxprädiktivHigh
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxprädiktivHigh
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxprädiktivHigh

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasseIndicatorTypAkzeptanz
1File/etc/skyring/skyring.confprädiktivHigh
2File/forum/away.phpprädiktivHigh
3File/public/plugins/prädiktivHigh
4Fileapi/v1/registryprädiktivHigh
5Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxprädiktivHigh
6Filexxxxxxx/xxxxx.xxxxx.xxxprädiktivHigh
7Filexxx.xxxprädiktivLow
8Filexxxxxxx/xxxx/xxxxxxxxx/xxxxxxxxx_xxxxx.xprädiktivHigh
9Filexx/xxxxx.xprädiktivMedium
10Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxprädiktivHigh
11Filexxxxx.xxxxprädiktivMedium
12Filexxxxx.xxxprädiktivMedium
13Filexxx/xxxx.xxxprädiktivMedium
14Filexxxxxxxx.xxxx.xxprädiktivHigh
15Filexxxxxxxx.xxxprädiktivMedium
16Filexxxxxxxx.xxxprädiktivMedium
17Filexxx.xprädiktivLow
18Filexx-xxxxxxxx/xxxxxxxxx.xxxprädiktivHigh
19Argumentxxx_xxprädiktivLow
20ArgumentxxxxxxxxprädiktivMedium
21ArgumentxxxxxxxxxxxprädiktivMedium
22ArgumentxxprädiktivLow
23ArgumentxxxxxxxprädiktivLow
24ArgumentxxxxxprädiktivLow
25ArgumentxxxprädiktivLow
26ArgumentxxxxxxxprädiktivLow
27Input Value.%xx.../.%xx.../prädiktivHigh

Referenzen (2)

The following list contains external sources which discuss the actor and the associated activities:

ZurückÜbersichtWeiter

Do you want to use VulDB in your project?

Use the official API to access entries easily!