STOP Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Lang

en	14
ru	4
zh	2

Land

de	10
us	2

Skådespelare

STOP	2
BlackNET RAT	1
Mirai	1
LokiBot	1
Cobalt Strike	1

Intressera

Typ

Not Defined	10
Mailing List Software	2
Operating System	2
Programming Tool Software	2
Server Management Software	2

Säljare

Not Defined	8
IBM	2
GENIVI	2
Corero	2
Microsoft	2

Produkt

IBM i2 Analyze	2
phpList	2
Guzzle	2
GENIVI dlt-daemon	2
Paid Memberships Pro	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	Vmware Workspace ONE Access privilegier eskalering	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2022-22973
2	Microsoft Windows DNS Server tävlingsvillkor	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00628	0.00	CVE-2023-28305
3	VMware vCenter Server/Cloud Foundation URL Request privilegier eskalering	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00119	0.02	CVE-2022-22982
4	PCRE2 Regular Expression pcre2_jit_compile.c compile_xclass_matchingpath informationsgivning	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00353	0.02	CVE-2022-1586
5	Guzzle Set-Cookie Header privilegier eskalering	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00228	0.02	CVE-2022-29248
6	vim informationsgivning	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00122	0.00	CVE-2022-1851
7	Microsoft Xamarin.Forms Android WebView privilegier eskalering	6.1	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00128	0.00	CVE-2020-16873
8	Adobe Acrobat Reader AcroForms minneskorruption	7.0	6.9	$25k-$100k	$0-$5k	Not Defined	Official Fix	0.01348	0.00	CVE-2021-40726
9	Corero SecureWatch Managed Services HTTP API Endpoint get_snapshot kataloggenomgång	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.00	CVE-2021-38136
10	Post Grid Plugin Slider Import Search cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00297	0.00	CVE-2021-24488
11	IBM i2 Analyze informationsgivning	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2021-29784
12	Apple watchOS WebKit minneskorruption	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00417	0.00	CVE-2021-30795
13	Lesterchan wp-postratings wp-postratings.php privilegier eskalering	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00181	0.02	CVE-2011-4646
14	phpList Bounce Rules cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2020-36399
15	phpwcms setup.php privilegier eskalering	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00446	0.00	CVE-2020-21784
16	Paid Memberships Pro sql injektion	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00254	0.00	CVE-2021-20678
17	GENIVI dlt-daemon Config File förnekande av tjänsten	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00107	0.00	CVE-2021-29507
18	ampleShop category.cfm sql injektion	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00621	0.02	CVE-2006-2038

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Identified	Typ	Förtroende
1	45.133.1.107		STOP	18/03/2024	verified	Hög
2	49.12.226.201	static.201.226.12.49.clients.your-server.de	STOP	18/03/2024	verified	Hög
3	XXX.XXX.XX.XXX		Xxxx	18/03/2024	verified	Hög
4	XXX.XXX.XX.XXX		Xxxx	18/03/2024	verified	Hög
5	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xx	Xxxx	09/11/2023	verified	Hög
6	XXX.XXX.XX.XX		Xxxx	09/11/2023	verified	Hög
7	XXX.XX.XXX.XX		Xxxx	09/11/2023	verified	Hög

TTP - Tactics, Techniques, Procedures (7)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Klass	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1		CAPEC-10	CWE-119, CWE-125, CWE-345, CWE-346, CWE-362, CWE-404, CWE-416, CWE-918, CWE-942, CWE-1188	Unknown Vulnerability	predictive	Hög
2	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	Hög
3	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxxxxx Xxxxxxxxx	predictive	Hög
4	TXXXX.XXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxxxx Xxxx Xxxxxxxxx	predictive	Hög
5	TXXXX	CAPEC-19	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
6	TXXXX	CAPEC-10	CWE-XX, CWE-XX, CWE-XXX	Xxx Xxxxxxxxx	predictive	Hög
7	TXXXX	CAPEC-116	CWE-XXX, CWE-XXX, CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	Hög
2	File	/phpwcms/setup/setup.php	predictive	Hög
3	File	xxxxxxxx.xxx	predictive	Medium
4	File	xxxxx_xxx_xxxxxxx.x	predictive	Hög
5	File	xx-xxxxxxxxxxx.xxx	predictive	Hög
6	Argument	xxx	predictive	Låg
7	Argument	xxxxx	predictive	Låg
8	Argument	xxxx_xxxx	predictive	Medium
9	Argument	xxx	predictive	Låg

Referenser (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!