STTEAM Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (39)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en20
de16
es2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us30
es2
cz2
ru2
fr2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

STTEAM1
Ramnit1
Expiro1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Content Management System8
Web Server6
Mail Server Software6
Not Defined4
Project Management Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined16
OTManager4
Apache2
GE Fanuc2
QNAP2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Dovecot4
OTManager CMS4
WordPress2
Apache HTTP Server2
Image Sharing Script2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1WordPress sql injection7.36.6$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.001750.00CVE-2011-3130
2Apache Tomcat CORS Filter 7pk security8.58.4$5k-$25k$0-$5kNot DefinedOfficial Fix0.078490.04CVE-2018-8014
3Apache HTTP Server suEXEC Feature .htaccess information disclosure5.35.0$5k-$25k$0-$5kProof-of-ConceptWorkaround0.000000.03
4Microsoft Office Object data processing7.06.9$5k-$25k$0-$5kHighOfficial Fix0.973390.07CVE-2017-8570
5TP-LINK TL-WR740N/TL-WR741N Firmware Local Privilege Escalation5.35.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000000.00
6nginx HTTP/2 resource consumption6.06.0$0-$5k$0-$5kNot DefinedOfficial Fix0.029740.09CVE-2018-16844
7Qualcomm Snapdragon Auto out-of-bounds6.46.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.001530.00CVE-2020-3700
8Microsoft IIS FTP Server memory corruption7.57.2$25k-$100k$0-$5kHighOfficial Fix0.968430.00CVE-2010-3972
9OpenSSH Authentication Username information disclosure5.34.8$5k-$25k$0-$5kHighOfficial Fix0.107370.20CVE-2016-6210
10QNAP QTS memory corruption8.58.2$0-$5k$0-$5kNot DefinedOfficial Fix0.031180.00CVE-2017-17032
11QNAP QTS input validation8.58.5$0-$5k$0-$5kHighNot Defined0.124270.00CVE-2019-7193
12Dovecot link following5.95.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2008-1199
13Dovecot Access Restriction access control4.33.9$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.002230.00CVE-2010-3779
14Redmine Redmine.pm 7pk security6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.003970.03CVE-2017-15575
15Image Sharing Script followBoard.php Error sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.000000.00
16Synology Photo Station synophoto_csPhotoDB.php sql injection8.18.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000740.02CVE-2019-11821
17e107 CMS clock_menu.php cross site scripting4.34.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.019730.00CVE-2004-2040
18OTManager CMS index.php cross site scripting4.34.2$0-$5k$0-$5kHighUnavailable0.002200.00CVE-2008-5202
19DragonByte vBShout Module vbshout.php cross site scripting5.24.5$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.014400.00CVE-2012-6667
20OTManager CMS index.php path traversal7.36.4$0-$5k$0-$5kProof-of-ConceptUnavailable0.007880.00CVE-2008-5201

IOC - Indicator of Compromise (1)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
146.165.220.223STTEAM01/01/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (8)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
3TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
4TXXXXCAPEC-CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
5TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
6TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-133CWE-XXXXxxxxxxxpredictiveHigh
8TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (30)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File.htaccesspredictiveMedium
2File/ajax-files/followBoard.phppredictiveHigh
3File/etc/gsissh/sshd_configpredictiveHigh
4File/getcfg.phppredictiveMedium
5Filexxxxx_xxxx.xxxpredictiveHigh
6Filexxxxx.xxxpredictiveMedium
7Filexxxxxxx.xxpredictiveMedium
8Filexxxxxxxxxxx.xxxpredictiveHigh
9Filexxxxxxxxx_xxxxxxxxx.xxxpredictiveHigh
10Filexxxxxxxxxxxxxxxxxxxxxxxxxx/xxxxx_xxx.xxxxpredictiveHigh
11Filexxxxxxx.xxxpredictiveMedium
12Filexxxxxxxxxxxxxxx.xxxpredictiveHigh
13Filexxxx/xx_xxxxxxx.xxxpredictiveHigh
14Filexxxxx/xxxxx.xxpredictiveHigh
15Filexxxxxx.xxxpredictiveMedium
16Filexx-xxxxxxxx/xxxxx-xx-xxxxx.xxxpredictiveHigh
17ArgumentxxxxxpredictiveLow
18ArgumentxxxxxxxxpredictiveMedium
19ArgumentxxxxxxxxxpredictiveMedium
20Argumentxxx_xxxpredictiveLow
21ArgumentxxxxxxxxpredictiveMedium
22ArgumentxxxpredictiveLow
23ArgumentxxxxxxxxpredictiveMedium
24ArgumentxxxxxpredictiveLow
25ArgumentxxxxpredictiveLow
26ArgumentxxxpredictiveLow
27Argumentxxxx->xxxxxxxpredictiveHigh
28Input Value' xxx (xxxxxx xxxx xxxx(xxxxxx xxxxx(*),xxxxxx(xxxxxxxxxxxx,(xxxxxx (xxx(xxxx=xxxx,x))),xxxxxxxxxxxx,xxxxx(xxxx(x)*x))x xxxx xxxxxxxxxxx_xxxxxx.xxxxxxxxx_xxxx xxxxx xx x)x) xxx 'xxxx'='xxxxpredictiveHigh
29Input Valuexxxx -x xxxxxxxx=xxxxxx.xxxxxxx xxxx://xxx.xxx.x.x/xxxxxx.xxxpredictiveHigh
30Network Portxxx xxxxxx xxxxpredictiveHigh

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!