STTEAM Analisi

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Linguaggio

en	28
de	12

Nazione

us	32
ir	2
cz	2
fr	2

Attori

STTEAM	1
Ramnit	1
Expiro	1

Interesse

Genere

Web Server	6
Content Management System	6
Not Defined	4
Network Attached Storage Software	4
Mail Server Software	4

Fornitore

Not Defined	12
TP-LINK	4
OTManager	4
DragonByte	2
Microsoft	2

Prodotto

OTManager CMS	4
DragonByte vBShout Module	2
Microsoft IIS	2
nginx	2
Simple Chatting System	2

Vulnerabilità

#	Vulnerabilità	Base	Temp	0day	Oggi	Sfr	Con	EPSS	CTI	CVE
1	WordPress sql injection	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00175	0.00	CVE-2011-3130
2	Apache Tomcat CORS Filter escalazione di privilegi	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07849	0.02	CVE-2018-8014
3	Apache HTTP Server suEXEC Feature .htaccess rivelazione di un 'informazione	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.03
4	Microsoft Office Object Remote Code Execution	7.0	6.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97339	0.02	CVE-2017-8570
5	TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.04
6	nginx HTTP/2 denial of service	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02974	0.00	CVE-2018-16844
7	Qualcomm Snapdragon Auto rivelazione di un 'informazione	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00153	0.00	CVE-2020-3700
8	Microsoft IIS FTP Server buffer overflow	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.96843	0.03	CVE-2010-3972
9	OpenSSH Authentication Username rivelazione di un 'informazione	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.29	CVE-2016-6210
10	QNAP QTS buffer overflow	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03118	0.04	CVE-2017-17032
11	QNAP QTS escalazione di privilegi	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.12427	0.06	CVE-2019-7193
12	Dovecot escalazione di privilegi	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2008-1199
13	Dovecot Access Restriction escalazione di privilegi	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00223	0.00	CVE-2010-3779
14	Redmine Redmine.pm escalazione di privilegi	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00397	0.03	CVE-2017-15575
15	Image Sharing Script followBoard.php Error sql injection	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
16	Synology Photo Station synophoto_csPhotoDB.php sql injection	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.02	CVE-2019-11821
17	e107 CMS clock_menu.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01973	0.02	CVE-2004-2040
18	OTManager CMS index.php cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00220	0.00	CVE-2008-5202
19	DragonByte vBShout Module vbshout.php cross site scripting	5.2	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01440	0.00	CVE-2012-6667
20	OTManager CMS index.php directory traversal	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00788	0.00	CVE-2008-5201

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	indirizzo IP	Hostname	Attore	Campagne	Identified	Genere	Fiducia
1	46.165.220.223		STTEAM		01/01/2021	verified	Alto

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Vulnerabilità	Accesso al vettore	Genere	Fiducia
1	T1006	CWE-22	Path Traversal	predictive	Alto
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Alto
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Alto
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Alto
6	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Alto
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Alto
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Alto

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Classe	Indicator	Genere	Fiducia
1	File	.htaccess	predictive	Media
2	File	/ajax-files/followBoard.php	predictive	Alto
3	File	/etc/gsissh/sshd_config	predictive	Alto
4	File	/getcfg.php	predictive	Media
5	File	xxxxx_xxxx.xxx	predictive	Alto
6	File	xxxxx.xxx	predictive	Media
7	File	xxxxxxx.xx	predictive	Media
8	File	xxxxxxxxxxx.xxx	predictive	Alto
9	File	xxxxxxxxx_xxxxxxxxx.xxx	predictive	Alto
10	File	xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxx	predictive	Alto
11	File	xxxxxxx.xxx	predictive	Media
12	File	xxxxxxxxxxxxxxx.xxx	predictive	Alto
13	File	xxxx/xx_xxxxxxx.xxx	predictive	Alto
14	File	xxxxx/xxxxx.xx	predictive	Alto
15	File	xxxxxx.xxx	predictive	Media
16	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Alto
17	Argument	xxxxx	predictive	Basso
18	Argument	xxxxxxxx	predictive	Media
19	Argument	xxxxxxxxx	predictive	Media
20	Argument	xxx_xxx	predictive	Basso
21	Argument	xxxxxxxx	predictive	Media
22	Argument	xxx	predictive	Basso
23	Argument	xxxxxxxx	predictive	Media
24	Argument	xxxxx	predictive	Basso
25	Argument	xxxx	predictive	Basso
26	Argument	xxx	predictive	Basso
27	Argument	xxxx->xxxxxxx	predictive	Alto
28	Input Value	' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxx	predictive	Alto
29	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	Alto
30	Network Port	xxx xxxxxx xxxx	predictive	Alto

Referenze (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ PrecedenteVisione D'insiemeIl prossimo ▸

Might our Artificial Intelligence support you?

Check our Alexa App!