Stowaway Analiza

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (51)

Oś czasu

Język

en44
es4
zh2
fr2

Kraj

us32
fr12
ir6
pt2

Aktorzy

Stowaway2
Responder1

Zajęcia

Wysiłek

Oś czasu

Rodzaj

Not Defined10
Content Management System8
Operating System8
Web Server4
Groupware Software4

Sprzedawca

Not Defined20
Microsoft6
Linux6
LogicBoard2
Dundas2

Produkt

Linux Kernel6
MongoDB Skyring Database2
LogicBoard CMS2
Dundas BI Server2
PHP-Fusion2

Luki w zabezpieczeniach

#Słaby punktBaseTemp0dayDzisiajWykPrzEPSSCTICVE
1zhenfeng13 My-Blog Blog Management Page cross site scripting4.44.4$0-$5k$0-$5kNot DefinedNot Defined0.000530.03CVE-2023-29636
2Apache HTTP Server mod_proxy_ftp Remote Code Execution8.08.0$25k-$100k$5k-$25kNot DefinedNot Defined0.001730.00CVE-2020-1934
3nginx privilege escalation6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002412.69CVE-2020-12440
4Apache Tomcat Application Listener privilege escalation8.28.0$5k-$25k$0-$5kNot DefinedOfficial Fix0.003560.06CVE-2017-5648
5jQuery Property extend Pollution cross site scripting6.66.3$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.035350.17CVE-2019-11358
6Twig Template directory traversal6.46.3$0-$5k$0-$5kNot DefinedOfficial Fix0.003370.02CVE-2022-39261
7LogicBoard CMS away.php Redirect6.36.1$0-$5k$0-$5kNot DefinedUnavailable0.000002.51
8WP Rocket Plugin directory traversal6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.001540.04CVE-2017-11658
9Joomla CMS com_contact privilege escalation6.36.2$5k-$25k$0-$5kNot DefinedOfficial Fix0.000770.00CVE-2019-15028
10Microsoft Outlook denial of service5.95.1$5k-$25k$0-$5kUnprovenOfficial Fix0.000670.00CVE-2022-35742
11WordPress Installation functions.php is_blog_installed privilege escalation8.07.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.024210.04CVE-2020-28037
12PHP-Fusion register.php sql injection7.37.0$0-$5k$0-$5kNot DefinedOfficial Fix0.007250.00CVE-2005-3161
13fileNice Search Box index.php cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.002200.00CVE-2010-5031
14OpenSSH scp scp.c privilege escalation6.46.4$25k-$100k$5k-$25kNot DefinedUnavailable0.002890.09CVE-2020-15778
15Adobe Connect Server AMF Message privilege escalation8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.014360.02CVE-2021-40719
16WordPress URL privilege escalation8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.015300.02CVE-2019-17669
17mod_ssl SSLVerifyClient Remote Code Execution9.88.8$25k-$100k$0-$5kProof-of-ConceptOfficial Fix0.002140.02CVE-2005-2700
18PHP Link Directory Administration Page index.html cross site scripting4.34.3$0-$5k$0-$5kNot DefinedNot Defined0.003740.55CVE-2007-0529
19Laravel PendingBroadcast.php dispatch privilege escalation6.36.3$0-$5k$0-$5kNot DefinedNot Defined0.000490.02CVE-2022-30778
20Microsoft Windows LSA Remote Code Execution8.17.4$100k i więcej$5k-$25kUnprovenOfficial Fix0.906170.00CVE-2022-26925

Kampanie (1)

These are the campaigns that can be associated with the actor:

  • Ukraine Government

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDadres IPHostnameAktorKampanieIdentifiedRodzajPewność siebie
191.205.230.66StowawayUkraine Government2022-12-20verifiedWysoki
2XXX.XXX.XX.XXXXxxxxxxxXxxxxxx Xxxxxxxxxx2022-12-20verifiedWysoki

TTP - Tactics, Techniques, Procedures (10)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueLuki w zabezpieczeniachWektor dostępuRodzajPewność siebie
1T1006CWE-22Path TraversalpredictiveWysoki
2T1055CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveWysoki
3TXXXX.XXXCWE-XX, CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveWysoki
4TXXXXCWE-XXX, CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
5TXXXXCWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveWysoki
6TXXXX.XXXCWE-XXXXxxx XxxxxxxxpredictiveWysoki
7TXXXXCWE-XXXxx XxxxxxxxxpredictiveWysoki
8TXXXXCWE-XXX, CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
9TXXXX.XXXCWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveWysoki
10TXXXXCWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveWysoki

IOA - Indicator of Attack (27)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDKlasaIndicatorRodzajPewność siebie
1File/etc/skyring/skyring.confpredictiveWysoki
2File/forum/away.phppredictiveWysoki
3File/public/plugins/predictiveWysoki
4Fileapi/v1/registrypredictiveWysoki
5Filexxxx/xxxxxxxxxx/xxxxxxxxxxxxxxxxxxxxxxxxx.xxxxpredictiveWysoki
6Filexxxxxxx/xxxxx.xxxxx.xxxpredictiveWysoki
7Filexxx.xxxpredictiveNiski
8Filexxxxxxx/xxxx/xxxxxxxxx/xxxxxxxxx_xxxxx.xpredictiveWysoki
9Filexx/xxxxx.xpredictiveMedium
10Filexxxxxxxxxx\xxxxxxxxxxxx\xxxxxxxxxxxxxxxx.xxxpredictiveWysoki
11Filexxxxx.xxxxpredictiveMedium
12Filexxxxx.xxxpredictiveMedium
13Filexxx/xxxx.xxxpredictiveMedium
14Filexxxxxxxx.xxxx.xxpredictiveWysoki
15Filexxxxxxxx.xxxpredictiveMedium
16Filexxxxxxxx.xxxpredictiveMedium
17Filexxx.xpredictiveNiski
18Filexx-xxxxxxxx/xxxxxxxxx.xxxpredictiveWysoki
19Argumentxxx_xxpredictiveNiski
20ArgumentxxxxxxxxpredictiveMedium
21ArgumentxxxxxxxxxxxpredictiveMedium
22ArgumentxxpredictiveNiski
23ArgumentxxxxxxxpredictiveNiski
24ArgumentxxxxxpredictiveNiski
25ArgumentxxxpredictiveNiski
26ArgumentxxxxxxxpredictiveNiski
27Input Value.%xx.../.%xx.../predictiveWysoki

Referencje (2)

The following list contains external sources which discuss the actor and the associated activities:

PoprzedniPrzeglądKolejny

Want to stay up to date on a daily basis?

Enable the mail alert feature now!