STOP Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (19)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en	16
zh	2
ru	2

Country

de	8
us	2

Actors

STOP	2
BlackNET RAT	1
Mirai	1
LokiBot	1
Cobalt Strike	1

Activities

Interest

Timeline

Type

Not Defined	6
Programming Tool Software	2
Smartwatch Operating System	2
Document Reader Software	2
Word Processing Software	2

Vendor

Not Defined	10
Apple	2
Adobe	2
GENIVI	2
Microsoft	2

Product

PCRE2	2
Apple watchOS	2
Adobe Acrobat Reader	2
GENIVI dlt-daemon	2
vim	2

Vulnerabilities

#	Vulnerability	Base	Temp	0day	Today	Exp	Rem	EPSS	CTI	CVE
1	Vmware Workspace ONE Access access control	8.8	8.4	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00044	0.00	CVE-2022-22973
2	Microsoft Windows DNS Server race condition	6.6	6.1	$25k-$100k	$5k-$25k	Unproven	Official Fix	0.00628	0.00	CVE-2023-28305
3	VMware vCenter Server/Cloud Foundation URL Request server-side request forgery	6.4	6.3	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00119	0.06	CVE-2022-22982
4	PCRE2 Regular Expression pcre2_jit_compile.c compile_xclass_matchingpath out-of-bounds	5.3	5.1	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00353	0.05	CVE-2022-1586
5	Guzzle Set-Cookie Header cross-domain policy	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00228	0.02	CVE-2022-29248
6	vim out-of-bounds	7.0	6.9	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00122	0.00	CVE-2022-1851
7	Microsoft Xamarin.Forms Android WebView insecure default initialization of resource	6.1	5.8	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00128	0.00	CVE-2020-16873
8	Adobe Acrobat Reader AcroForms use after free	7.0	6.9	$25k-$100k	$5k-$25k	Not Defined	Official Fix	0.01348	0.00	CVE-2021-40726
9	Corero SecureWatch Managed Services HTTP API Endpoint get_snapshot path traversal	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00088	0.00	CVE-2021-38136
10	Post Grid Plugin Slider Import Search cross site scripting	3.5	3.4	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00297	0.00	CVE-2021-24488
11	IBM i2 Analyze information exposure	4.3	4.1	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00076	0.00	CVE-2021-29784
12	Apple watchOS WebKit use after free	6.3	6.0	$5k-$25k	$0-$5k	Not Defined	Official Fix	0.00417	0.00	CVE-2021-30795
13	Lesterchan wp-postratings wp-postratings.php code injection	6.3	6.0	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00222	0.00	CVE-2011-4646
14	phpList Bounce Rules cross site scripting	4.4	4.4	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00058	0.00	CVE-2020-36399
15	phpwcms setup.php code injection	5.5	5.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00446	0.00	CVE-2020-21784
16	Paid Memberships Pro sql injection	7.5	7.2	$0-$5k	$0-$5k	Not Defined	Official Fix	0.00254	0.00	CVE-2021-20678
17	GENIVI dlt-daemon Config File denial of service	3.5	3.5	$0-$5k	$0-$5k	Not Defined	Not Defined	0.00107	0.00	CVE-2021-29507
18	ampleShop category.cfm sql injection	7.3	7.3	$0-$5k	$0-$5k	Not Defined	Unavailable	0.00621	0.02	CVE-2006-2038

IOC - Indicator of Compromise (7)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

ID	IP address	Hostname	Actor	Identified	Type	Confidence
1	45.133.1.107		STOP	03/18/2024	verified	High
2	49.12.226.201	static.201.226.12.49.clients.your-server.de	STOP	03/18/2024	verified	High
3	XXX.XXX.XX.XXX		Xxxx	03/18/2024	verified	High
4	XXX.XXX.XX.XXX		Xxxx	03/18/2024	verified	High
5	XXX.XXX.XX.XXX	xxx-xxx-xxx-xx-xxx-xxx.xxxx-xxxxxxxxx.xxx.xx	Xxxx	11/09/2023	verified	High
6	XXX.XXX.XX.XX		Xxxx	11/09/2023	verified	High
7	XXX.XX.XXX.XX		Xxxx	11/09/2023	verified	High

TTP - Tactics, Techniques, Procedures (6)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

ID	Technique	Class	Vulnerabilities	Access Vector	Type	Confidence
1	T1006	CAPEC-126	CWE-22	Path Traversal	predictive	High
2	T1059	CAPEC-242	CWE-94	Argument Injection	predictive	High
3	TXXXX.XXX	CAPEC-209	CWE-XX	Xxxxx Xxxx Xxxxxxxxx	predictive	High
4	TXXXX	CAPEC-19	CWE-XXX	Xxxxxxxxx Xxxx Xxxxxxxxxxx Xxxxxxxxxx	predictive	High
5	TXXXX	CAPEC-108	CWE-XX	Xxx Xxxxxxxxx	predictive	High
6	TXXXX	CAPEC-215	CWE-XXX	Xxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx Xxxxxxxxxxx	predictive	High

IOA - Indicator of Attack (9)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

ID	Class	Indicator	Type	Confidence
1	File	/it-IT/splunkd/__raw/services/get_snapshot	predictive	High
2	File	/phpwcms/setup/setup.php	predictive	High
3	File	xxxxxxxx.xxx	predictive	Medium
4	File	xxxxx_xxx_xxxxxxx.x	predictive	High
5	File	xx-xxxxxxxxxxx.xxx	predictive	High
6	Argument	xxx	predictive	Low
7	Argument	xxxxx	predictive	Low
8	Argument	xxxx_xxxx	predictive	Medium
9	Argument	xxx	predictive	Low

References (3)

The following list contains external sources which discuss the actor and the associated activities:

◂ PreviousOverviewNext ▸

Do you need the next level of professionalism?

Upgrade your account now!