STOCKSTAY
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 29/01/2026 22:18
- Modified
- 29/01/2026 22:18
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 23 attack patterns (mitre), 2 intrusion sets (apt), 4 sectors, 2 countries, 98 indicators, 4 vulnerabilities (cve), 2 reports
Description
No description.
Marking (TLP)
TLP:CLEAR
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (23)
-
T1176 usesSoftware Extensions MITRE
-
T1090 usesProxy MITRE
-
T1133 usesExternal Remote Services MITRE
-
T1566.001 usesSpearphishing Attachment MITRE
-
T1204.002 usesMalicious File MITRE
-
T1082 usesSystem Information Discovery MITRE
-
T1041 usesExfiltration Over C2 Channel MITRE
-
T1113 usesScreen Capture MITRE
-
T1071.001 usesWeb Protocols MITRE
-
T1547.001 usesRegistry Run Keys / Startup Folder MITRE
-
T1566 usesPhishing MITRE
-
T1055 usesProcess Injection MITRE
Intrusion sets (APT) (2)
-
UNC4895 usesAlienVault Confidence 100First seen 01/01/1970 · Last seen 16/11/5138 ·
-
The MITRE Corporation Confidence 100
[Turla](https://attack.mitre.org/groups/G0010) is a cyber espionage threat group that has been attributed to Russia's Federal Security Service (FSB). They have compromised victims in over 50 countries since at least…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (4)
-
Defense targets
-
Defense ministries (including the military) targets
-
Technology targets
-
Government targets
Countries (2)
-
Ukraine targets
-
Italy targets
Indicators (98)
-
stix 100/100· Valid until 26/01/2027 · Source: AlienVault
-
https://basecon.com.ua/calculator.rarindicatesstix 100/100· Valid until 25/07/2026 · Source: AlienVault -
stix 100/100· Valid until 25/07/2026 · Source: AlienVault
-
stix 100/100· Valid until 26/01/2027 · Source: AlienVault
-
stix 100/100· Valid until 22/06/2027 · Source: AlienVault
-
stix 100/100· Valid until 26/01/2027 · Source: AlienVault
-
stix 100/100· Valid until 22/06/2027 · Source: AlienVault
-
stix 100/100· Valid until 26/01/2027 · Source: AlienVault
-
stix 100/100· Valid until 26/01/2027 · Source: AlienVault
-
stix 100/100· Valid until 22/06/2027 · Source: AlienVault
-
stix 100/100· Valid until 26/01/2027 · Source: AlienVault
Vulnerabilities (CVE) (4)
RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file …
- Attack vector
- Local
- Published
- 24/08/2023
- Modified
- 27/05/2026
RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary …
- Attack vector
- Network
- Published
- 12/08/2025
- Modified
- 27/05/2026
A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary …
- Attack vector
- LOCAL
- Complexity
- LOW
- Published
- 05/06/2026
- Modified
- 25/06/2026
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, …
- Attack vector
- Network
- Published
- 05/12/2025
- Modified
- 29/05/2026
Reports (2)
-
3 CVEs 2 Malwares 44 Observables 1 APT
-
AlienVault Confidence 100 2 CVEs 19 MITREs 8 Malwares 57 IOCs 6 Observables 1 APT