STTEAM Analys

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Lang

en	26
de	10
fr	2
es	2

Land

us	32
ir	2
ru	2
es	2

Skådespelare

STTEAM	1
Ramnit	1
Expiro	1

Intressera

Typ

Content Management System	12
Mail Server Software	4
Application Server Software	2
Connectivity Software	2
Web Server	2

Säljare

Not Defined	14
Microsoft	4
Joomla	2
Apache	2
e107	2

Produkt

Dovecot	4
WordPress	4
Joomla CMS	2
Apache Tomcat	2
gsi-openssh-server	2

Sårbarheter

#	Sårbarhet	Base	Temp	0day	I dag	Utn	Rem	EPSS	CTI	CVE
1	WordPress sql injektion	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00175	0.00	CVE-2011-3130
2	Apache Tomcat CORS Filter privilegier eskalering	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07849	0.02	CVE-2018-8014
3	Apache HTTP Server suEXEC Feature .htaccess informationsgivning	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.03
4	Microsoft Office Object Remote Code Execution	7.0	6.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97339	0.02	CVE-2017-8570
5	TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.04
6	nginx HTTP/2 förnekande av tjänsten	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02974	0.02	CVE-2018-16844
7	Qualcomm Snapdragon Auto informationsgivning	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00153	0.00	CVE-2020-3700
8	Microsoft IIS FTP Server minneskorruption	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.96843	0.03	CVE-2010-3972
9	OpenSSH Authentication Username informationsgivning	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.30	CVE-2016-6210
10	QNAP QTS minneskorruption	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03118	0.04	CVE-2017-17032
11	QNAP QTS privilegier eskalering	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.12427	0.06	CVE-2019-7193
12	Dovecot privilegier eskalering	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2008-1199
13	Dovecot Access Restriction privilegier eskalering	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00223	0.00	CVE-2010-3779
14	Redmine Redmine.pm privilegier eskalering	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00397	0.03	CVE-2017-15575
15	Image Sharing Script followBoard.php Error sql injektion	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
16	Synology Photo Station synophoto_csPhotoDB.php sql injektion	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.02	CVE-2019-11821
17	e107 CMS clock_menu.php cross site scripting	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01706	0.02	CVE-2004-2040
18	OTManager CMS index.php cross site scripting	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00220	0.00	CVE-2008-5202
19	DragonByte vBShout Module vbshout.php cross site scripting	5.2	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01440	0.00	CVE-2012-6667
20	OTManager CMS index.php kataloggenomgång	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00788	0.00	CVE-2008-5201

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP-adress	Hostname	Skådespelare	Kampanjer	Identified	Typ	Förtroende
1	46.165.220.223		STTEAM		01/01/2021	verified	Hög

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Sårbarheter	Åtkomstvektor	Typ	Förtroende
1	T1006	CWE-22	Path Traversal	predictive	Hög
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	Hög
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	Hög
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	Hög
6	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	Hög
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	Hög
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	Hög

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Klass	Indicator	Typ	Förtroende
1	File	.htaccess	predictive	Medium
2	File	/ajax-files/followBoard.php	predictive	Hög
3	File	/etc/gsissh/sshd_config	predictive	Hög
4	File	/getcfg.php	predictive	Medium
5	File	xxxxx_xxxx.xxx	predictive	Hög
6	File	xxxxx.xxx	predictive	Medium
7	File	xxxxxxx.xx	predictive	Medium
8	File	xxxxxxxxxxx.xxx	predictive	Hög
9	File	xxxxxxxxx_xxxxxxxxx.xxx	predictive	Hög
10	File	xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxx	predictive	Hög
11	File	xxxxxxx.xxx	predictive	Medium
12	File	xxxxxxxxxxxxxxx.xxx	predictive	Hög
13	File	xxxx/xx_xxxxxxx.xxx	predictive	Hög
14	File	xxxxx/xxxxx.xx	predictive	Hög
15	File	xxxxxx.xxx	predictive	Medium
16	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	Hög
17	Argument	xxxxx	predictive	Låg
18	Argument	xxxxxxxx	predictive	Medium
19	Argument	xxxxxxxxx	predictive	Medium
20	Argument	xxx_xxx	predictive	Låg
21	Argument	xxxxxxxx	predictive	Medium
22	Argument	xxx	predictive	Låg
23	Argument	xxxxxxxx	predictive	Medium
24	Argument	xxxxx	predictive	Låg
25	Argument	xxxx	predictive	Låg
26	Argument	xxx	predictive	Låg
27	Argument	xxxx->xxxxxxx	predictive	Hög
28	Input Value	' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxx	predictive	Hög
29	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	Hög
30	Network Port	xxx xxxxxx xxxx	predictive	Hög

Referenser (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ TidigareÖversiktNästa ▸

Do you need the next level of professionalism?

Upgrade your account now!