STTEAM 分析

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

语言

en	28
de	8
es	2
fr	2

国家/地区

us	24
ru	4
es	2
fr	2
cz	2

演员

STTEAM	1
Ramnit	1
Expiro	1

利益

类型

Content Management System	10
Router Operating System	6
Not Defined	4
Web Server	4
Mail Server Software	4

供应商

Not Defined	10
OTManager	4
TP-LINK	4
Apache	4
Qualcomm	2

产品

OTManager CMS	4
Image Sharing Script	2
Qualcomm Snapdragon Auto	2
Qualcomm Snapdragon Compute	2
Qualcomm Snapdragon Connectivity	2

漏洞

#	漏洞	Base	Temp	0day	今天	易	修正	EPSS	CTI	CVE
1	WordPress SQL注入	7.3	6.6	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.00175	0.00	CVE-2011-3130
2	Apache Tomcat CORS Filter 权限升级	8.5	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.07849	0.02	CVE-2018-8014
3	Apache HTTP Server suEXEC Feature .htaccess 信息公开	5.3	5.0	$5k-$25k	$0-$5k	Proof-of-Concept	Workaround	0.00000	0.03
4	Microsoft Office Object Remote Code Execution	7.0	6.3	$5k-$25k	$0-$5k	Proof-of-Concept	Official Fix	0.97339	0.02	CVE-2017-8570
5	TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00000	0.04
6	nginx HTTP/2 拒绝服务	6.0	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.02974	0.04	CVE-2018-16844
7	Qualcomm Snapdragon Auto 信息公开	6.4	6.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00153	0.00	CVE-2020-3700
8	Microsoft IIS FTP Server 内存损坏	7.5	7.2	$25k-$100k	$0-$5k	High	Official Fix	0.96843	0.00	CVE-2010-3972
9	OpenSSH Authentication Username 信息公开	5.3	4.8	$5k-$25k	$0-$5k	High	Official Fix	0.10737	0.21	CVE-2016-6210
10	QNAP QTS 内存损坏	8.5	8.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.03118	0.04	CVE-2017-17032
11	QNAP QTS 权限升级	8.5	8.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.12427	0.06	CVE-2019-7193
12	Dovecot 权限升级	5.9	5.7	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2008-1199
13	Dovecot Access Restriction 权限升级	4.3	3.9	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.00223	0.00	CVE-2010-3779
14	Redmine Redmine.pm 权限升级	6.3	6.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00397	0.03	CVE-2017-15575
15	Image Sharing Script followBoard.php Error SQL注入	6.3	5.7	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.00000	0.02
16	Synology Photo Station synophoto_csPhotoDB.php SQL注入	8.1	8.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00074	0.02	CVE-2019-11821
17	e107 CMS clock_menu.php 跨网站脚本	4.3	4.1	$0-$5k	$0-$5k	Proof-of-Concept	Not Defined	0.01973	0.00	CVE-2004-2040
18	OTManager CMS index.php 跨网站脚本	4.3	4.2	$0-$5k	$0-$5k	High	Unavailable	0.00220	0.00	CVE-2008-5202
19	DragonByte vBShout Module vbshout.php 跨网站脚本	5.2	4.5	$0-$5k	$0-$5k	Proof-of-Concept	Official Fix	0.01440	0.00	CVE-2012-6667
20	OTManager CMS index.php 目录遍历	7.3	6.4	$0-$5k	$0-$5k	Proof-of-Concept	Unavailable	0.00788	0.00	CVE-2008-5201

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP地址	Hostname	参与者	活动	Identified	类型	可信度
1	46.165.220.223		STTEAM		2021-01-01	verified	高

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	漏洞	访问向量	类型	可信度
1	T1006	CWE-22	Path Traversal	predictive	高
2	T1059.007	CWE-79, CWE-80	Cross Site Scripting	predictive	高
3	TXXXX	CWE-XXX, CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
4	TXXXX	CWE-XXX	7xx Xxxxxxxx Xxxxxxxx	predictive	高
5	TXXXX	CWE-XX	Xxx Xxxxxxxxx	predictive	高
6	TXXXX	CWE-XXX	Xxxxxxxxxxx Xxxxxxxxxx	predictive	高
7	TXXXX.XXX	CWE-XXX	Xxxxxxxx	predictive	高
8	TXXXX	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	高

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	分类	Indicator	类型	可信度
1	File	.htaccess	predictive	中
2	File	/ajax-files/followBoard.php	predictive	高
3	File	/etc/gsissh/sshd_config	predictive	高
4	File	/getcfg.php	predictive	中
5	File	xxxxx_xxxx.xxx	predictive	高
6	File	xxxxx.xxx	predictive	中
7	File	xxxxxxx.xx	predictive	中
8	File	xxxxxxxxxxx.xxx	predictive	高
9	File	xxxxxxxxx_xxxxxxxxx.xxx	predictive	高
10	File	xxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxx	predictive	高
11	File	xxxxxxx.xxx	predictive	中
12	File	xxxxxxxxxxxxxxx.xxx	predictive	高
13	File	xxxx/xx_xxxxxxx.xxx	predictive	高
14	File	xxxxx/xxxxx.xx	predictive	高
15	File	xxxxxx.xxx	predictive	中
16	File	xx-xxxxxxxx/xxxxx-xx-xxxxx.xxx	predictive	高
17	Argument	xxxxx	predictive	低
18	Argument	xxxxxxxx	predictive	中
19	Argument	xxxxxxxxx	predictive	中
20	Argument	xxx_xxx	predictive	低
21	Argument	xxxxxxxx	predictive	中
22	Argument	xxx	predictive	低
23	Argument	xxxxxxxx	predictive	中
24	Argument	xxxxx	predictive	低
25	Argument	xxxx	predictive	低
26	Argument	xxx	predictive	低
27	Argument	xxxx->xxxxxxx	predictive	高
28	Input Value	' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxx	predictive	高
29	Input Value	xxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxx	predictive	高
30	Network Port	xxx xxxxxx xxxx	predictive	高

参考 (2)

The following list contains external sources which discuss the actor and the associated activities:

◂ 上一步一览下一步 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!