2021-09-30 09:58:16 +00:00
# Simda - Cyber Threat Intelligence
2022-04-01 10:05:45 +00:00
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis ](https://vuldb.com/?kb.cti ) of the actor known as [Simda ](https://vuldb.com/?actor.simda ). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
2021-09-30 09:58:16 +00:00
2022-04-01 10:05:45 +00:00
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.simda ](https://vuldb.com/?actor.simda )
2021-09-30 09:58:16 +00:00
## IOC - Indicator of Compromise
2022-04-01 10:05:45 +00:00
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Simda.
ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.157.84.170 ](https://vuldb.com/?ip.5.157.84.170 ) | redirect.server43.firstfind.nl | - | High
2 | [14.128.136.68 ](https://vuldb.com/?ip.14.128.136.68 ) | - | - | High
3 | [23.89.102.127 ](https://vuldb.com/?ip.23.89.102.127 ) | - | - | High
4 | [23.236.62.147 ](https://vuldb.com/?ip.23.236.62.147 ) | 147.62.236.23.bc.googleusercontent.com | - | Medium
5 | [31.11.32.144 ](https://vuldb.com/?ip.31.11.32.144 ) | websn1s134.aruba.it | - | High
6 | [31.186.169.41 ](https://vuldb.com/?ip.31.186.169.41 ) | redirect.totaalholding.nl | - | High
7 | [31.217.192.121 ](https://vuldb.com/?ip.31.217.192.121 ) | cloud34.hostingpalvelu.fi | - | High
8 | [34.98.99.30 ](https://vuldb.com/?ip.34.98.99.30 ) | 30.99.98.34.bc.googleusercontent.com | - | Medium
9 | [34.102.136.180 ](https://vuldb.com/?ip.34.102.136.180 ) | 180.136.102.34.bc.googleusercontent.com | - | Medium
10 | [45.82.253.244 ](https://vuldb.com/?ip.45.82.253.244 ) | - | - | High
11 | [46.28.105.107 ](https://vuldb.com/?ip.46.28.105.107 ) | hc1-wd246.wedos.net | - | High
12 | [46.30.215.127 ](https://vuldb.com/?ip.46.30.215.127 ) | webcluster2.webpod6-cph3.one.com | - | High
13 | [46.30.215.202 ](https://vuldb.com/?ip.46.30.215.202 ) | webcluster1.webpod8-cph3.one.com | - | High
14 | [46.242.242.252 ](https://vuldb.com/?ip.46.242.242.252 ) | cloudserver3219609-3219640.home.pl | - | High
15 | [46.249.43.105 ](https://vuldb.com/?ip.46.249.43.105 ) | web02.pruim.eu | - | High
16 | [52.25.92.0 ](https://vuldb.com/?ip.52.25.92.0 ) | ec2-52-25-92-0.us-west-2.compute.amazonaws.com | - | Medium
17 | [52.58.78.16 ](https://vuldb.com/?ip.52.58.78.16 ) | ec2-52-58-78-16.eu-central-1.compute.amazonaws.com | - | Medium
18 | [54.65.172.3 ](https://vuldb.com/?ip.54.65.172.3 ) | ec2-54-65-172-3.ap-northeast-1.compute.amazonaws.com | - | Medium
19 | [62.97.115.37 ](https://vuldb.com/?ip.62.97.115.37 ) | lnx-ppa-php53-01.microblau.net | - | High
20 | [62.129.200.14 ](https://vuldb.com/?ip.62.129.200.14 ) | cloudserver010174.home.pl | - | High
21 | [62.149.128.72 ](https://vuldb.com/?ip.62.149.128.72 ) | mxd4.aruba.it | - | High
22 | [62.149.128.74 ](https://vuldb.com/?ip.62.149.128.74 ) | mxd5.aruba.it | - | High
23 | [62.149.128.151 ](https://vuldb.com/?ip.62.149.128.151 ) | mxd6.aruba.it | - | High
24 | [62.149.128.154 ](https://vuldb.com/?ip.62.149.128.154 ) | mxd7.aruba.it | - | High
25 | [62.149.128.157 ](https://vuldb.com/?ip.62.149.128.157 ) | mxd8.aruba.it | - | High
26 | [62.149.128.160 ](https://vuldb.com/?ip.62.149.128.160 ) | mxd1.aruba.it | - | High
27 | ... | ... | ... | ...
2021-09-30 09:58:16 +00:00
2022-02-05 07:47:58 +00:00
There are 105 more IOC items available. Please use our online service to access the data.
2021-09-30 09:58:16 +00:00
## References
2022-04-01 10:05:45 +00:00
The following list contains _external sources_ which discuss the actor and the associated activities:
2021-09-30 09:58:16 +00:00
* https://github.com/firehol/blocklist-ipsets/blob/master/bambenek_simda.ipset
## Literature
2022-04-01 10:05:45 +00:00
The following _articles_ explain our unique predictive cyber threat intelligence:
2021-09-30 09:58:16 +00:00
2022-02-05 07:47:58 +00:00
* [VulDB Cyber Threat Intelligence Documentation ](https://vuldb.com/?kb.cti )
2021-09-30 09:58:16 +00:00
* [Cyber Threat Intelligence - Early Anticipation of Attacks ](https://www.scip.ch/en/?labs.20201022 )
## License
2022-02-05 07:47:58 +00:00
(c) [1997-2022 ](https://vuldb.com/?kb.changelog ) by [vuldb.com ](https://vuldb.com/?kb.about ). All data on this page is shared under the license [CC BY-NC-SA 4.0 ](https://creativecommons.org/licenses/by-nc-sa/4.0/ ). Questions? Check the [FAQ ](https://vuldb.com/?kb.faq ), read the [documentation ](https://vuldb.com/?kb ) or [contact us ](https://vuldb.com/?contact )!