STTEAM Analyse

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Langue

en	26
de	12
fr	2

De campagne

us	28
ir	4
cz	2
fr	2
ru	2

Acteurs

STTEAM	1
Ramnit	1
Expiro	1

Intérêt

Taper

Web Server	8
Content Management System	6
Not Defined	4
Network Attached Storage Software	4
Router Operating System	4

Fournisseur

Not Defined	8
Apache	6
OTManager	4
Microsoft	4
QNAP	4

Produit

OTManager CMS	4
Apache HTTP Server	4
QNAP QTS	4
Apache Tomcat	2
DragonByte vBShout Module	2

Vulnérabilités

#	Vulnérabilité	Base	Temp	0day	Aujourd'hui	Exp	Con	EPSS	CTI	CVE
1	WordPress sql injection	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00175	0.00	CVE-2011-3130
2	Apache Tomcat CORS Filter elévation de privilèges	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07849	0.02	CVE-2018-8014
3	Apache HTTP Server suEXEC Feature .htaccess divulgation de l'information	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.03
4	Microsoft Office Object Remote Code Execution	7.0	6.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97339	0.02	CVE-2017-8570
5	TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.04
6	nginx HTTP/2 dénie de service	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02974	0.04	CVE-2018-16844
7	Qualcomm Snapdragon Auto divulgation de l'information	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00153	0.00	CVE-2020-3700
8	Microsoft IIS FTP Server buffer overflow	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.96843	0.00	CVE-2010-3972
9	OpenSSH Authentication Username divulgation de l'information	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.39	CVE-2016-6210
10	QNAP QTS buffer overflow	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03118	0.04	CVE-2017-17032
11	QNAP QTS elévation de privilèges	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.12427	0.06	CVE-2019-7193
12	Dovecot elévation de privilèges	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2008-1199
13	Dovecot Access Restriction elévation de privilèges	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00223	0.00	CVE-2010-3779
14	Redmine Redmine.pm elévation de privilèges	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00397	0.03	CVE-2017-15575
15	Image Sharing Script followBoard.php Error sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
16	Synology Photo Station synophoto_csPhotoDB.php sql injection	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.02	CVE-2019-11821
17	e107 CMS clock_menu.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01973	0.00	CVE-2004-2040
18	OTManager CMS index.php cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00220	0.00	CVE-2008-5202
19	DragonByte vBShout Module vbshout.php cross site scripting	5.2	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01440	0.00	CVE-2012-6667
20	OTManager CMS index.php directory traversal	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00788	0.00	CVE-2008-5201

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	adresse IP	Hostname	Acteur	Campagnes	Identified	Taper	Confiance
1	46.165.220.223		STTEAM		01/01/2021	verified	Élevé

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnérabilités	Vecteur d'accès	Taper	Confiance
1	T1006	CWE-22	Path Traversal	predictive	Élevé
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Élevé
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Élevé
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Élevé
6	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Élevé
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Élevé
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Élevé

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Taper	Confiance
1	File	.htaccess	predictive	Moyen
2	File	/ajax-files/followBoard.php	predictive	Élevé
3	File	/etc/gsissh/sshd_config	predictive	Élevé
4	File	/getcfg.php	predictive	Moyen
5	File	xxxxx_xxxx.xxx	predictive	Élevé
6	File	xxxxx.xxx	predictive	Moyen
7	File	xxxxxxx.xx	predictive	Moyen
8	File	xxxxxxxxxxx.xxx	predictive	Élevé
9	File	xxxxxxxxx_xxxxxxxxx.xxx	predictive	Élevé
10	File	xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxx	predictive	Élevé
11	File	xxxxxxx.xxx	predictive	Moyen
12	File	xxxxxxxxxxxxxxx.xxx	predictive	Élevé
13	File	xxxx/xx_xxxxxxx.xxx	predictive	Élevé
14	File	xxxxx/xxxxx.xx	predictive	Élevé
15	File	xxxxxx.xxx	predictive	Moyen
16	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Élevé
17	Argument	xxxxx	predictive	Faible
18	Argument	xxxxxxxx	predictive	Moyen
19	Argument	xxxxxxxxx	predictive	Moyen
20	Argument	xxx_xxx	predictive	Faible
21	Argument	xxxxxxxx	predictive	Moyen
22	Argument	xxx	predictive	Faible
23	Argument	xxxxxxxx	predictive	Moyen
24	Argument	xxxxx	predictive	Faible
25	Argument	xxxx	predictive	Faible
26	Argument	xxx	predictive	Faible
27	Argument	xxxx->xxxxxxx	predictive	Élevé
28	Input Value	' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxx	predictive	Élevé
29	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	Élevé
30	Network Port	xxx xxxxxx xxxx	predictive	Élevé

Références (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrécédentAperçuSuivant ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!