cyber_threat_intelligence/actors/Simda/README.md

# Simda - Cyber Threat Intelligence

These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Simda](https://vuldb.com/?actor.simda). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.simda](https://vuldb.com/?actor.simda)

## IOC - Indicator of Compromise

These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Simda.

ID | IP address | Hostname | Campaign | Confidence
-- | ---------- | -------- | -------- | ----------
1 | [5.157.84.170](https://vuldb.com/?ip.5.157.84.170) | redirect.server43.firstfind.nl | - | High
2 | [14.128.136.68](https://vuldb.com/?ip.14.128.136.68) | - | - | High
3 | [23.89.102.127](https://vuldb.com/?ip.23.89.102.127) | - | - | High
4 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
5 | [31.11.32.144](https://vuldb.com/?ip.31.11.32.144) | websn1s134.aruba.it | - | High
6 | [31.186.169.41](https://vuldb.com/?ip.31.186.169.41) | redirect.totaalholding.nl | - | High
7 | [31.217.192.121](https://vuldb.com/?ip.31.217.192.121) | cloud34.hostingpalvelu.fi | - | High
8 | [34.98.99.30](https://vuldb.com/?ip.34.98.99.30) | 30.99.98.34.bc.googleusercontent.com | - | Medium
9 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
10 | [45.82.253.244](https://vuldb.com/?ip.45.82.253.244) | - | - | High
11 | [46.28.105.107](https://vuldb.com/?ip.46.28.105.107) | hc1-wd246.wedos.net | - | High
12 | [46.30.215.127](https://vuldb.com/?ip.46.30.215.127) | webcluster2.webpod6-cph3.one.com | - | High
13 | [46.30.215.202](https://vuldb.com/?ip.46.30.215.202) | webcluster1.webpod8-cph3.one.com | - | High
14 | [46.242.242.252](https://vuldb.com/?ip.46.242.242.252) | cloudserver3219609-3219640.home.pl | - | High
15 | [46.249.43.105](https://vuldb.com/?ip.46.249.43.105) | web02.pruim.eu | - | High
16 | [52.25.92.0](https://vuldb.com/?ip.52.25.92.0) | ec2-52-25-92-0.us-west-2.compute.amazonaws.com | - | Medium
17 | [52.58.78.16](https://vuldb.com/?ip.52.58.78.16) | ec2-52-58-78-16.eu-central-1.compute.amazonaws.com | - | Medium
18 | [54.65.172.3](https://vuldb.com/?ip.54.65.172.3) | ec2-54-65-172-3.ap-northeast-1.compute.amazonaws.com | - | Medium
19 | [62.97.115.37](https://vuldb.com/?ip.62.97.115.37) | lnx-ppa-php53-01.microblau.net | - | High
20 | [62.129.200.14](https://vuldb.com/?ip.62.129.200.14) | cloudserver010174.home.pl | - | High
21 | [62.149.128.72](https://vuldb.com/?ip.62.149.128.72) | mxd4.aruba.it | - | High
22 | [62.149.128.74](https://vuldb.com/?ip.62.149.128.74) | mxd5.aruba.it | - | High
23 | [62.149.128.151](https://vuldb.com/?ip.62.149.128.151) | mxd6.aruba.it | - | High
24 | [62.149.128.154](https://vuldb.com/?ip.62.149.128.154) | mxd7.aruba.it | - | High
25 | [62.149.128.157](https://vuldb.com/?ip.62.149.128.157) | mxd8.aruba.it | - | High
26 | [62.149.128.160](https://vuldb.com/?ip.62.149.128.160) | mxd1.aruba.it | - | High
27 | ... | ... | ... | ...

There are 105 more IOC items available. Please use our online service to access the data.

## References

The following list contains _external sources_ which discuss the actor and the associated activities:

* https://github.com/firehol/blocklist-ipsets/blob/master/bambenek_simda.ipset

## Literature

The following _articles_ explain our unique predictive cyber threat intelligence:

* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)

## License

(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
Converted from AsciiDoc to Markdown 2021-09-30 09:58:16 +00:00			`# Simda - Cyber Threat Intelligence`

Update 2022-04-01 10:05:45 +00:00			These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Simda](https://vuldb.com/?actor.simda). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
Converted from AsciiDoc to Markdown 2021-09-30 09:58:16 +00:00
Update 2022-04-01 10:05:45 +00:00			`_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.simda](https://vuldb.com/?actor.simda)`
Converted from AsciiDoc to Markdown 2021-09-30 09:58:16 +00:00
			`## IOC - Indicator of Compromise`

Update 2022-04-01 10:05:45 +00:00			`These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Simda.`

			`ID \| IP address \| Hostname \| Campaign \| Confidence`
			`-- \| ---------- \| -------- \| -------- \| ----------`
			`1 \| [5.157.84.170](https://vuldb.com/?ip.5.157.84.170) \| redirect.server43.firstfind.nl \| - \| High`
			`2 \| [14.128.136.68](https://vuldb.com/?ip.14.128.136.68) \| - \| - \| High`
			`3 \| [23.89.102.127](https://vuldb.com/?ip.23.89.102.127) \| - \| - \| High`
			`4 \| [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) \| 147.62.236.23.bc.googleusercontent.com \| - \| Medium`
			`5 \| [31.11.32.144](https://vuldb.com/?ip.31.11.32.144) \| websn1s134.aruba.it \| - \| High`
			`6 \| [31.186.169.41](https://vuldb.com/?ip.31.186.169.41) \| redirect.totaalholding.nl \| - \| High`
			`7 \| [31.217.192.121](https://vuldb.com/?ip.31.217.192.121) \| cloud34.hostingpalvelu.fi \| - \| High`
			`8 \| [34.98.99.30](https://vuldb.com/?ip.34.98.99.30) \| 30.99.98.34.bc.googleusercontent.com \| - \| Medium`
			`9 \| [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) \| 180.136.102.34.bc.googleusercontent.com \| - \| Medium`
			`10 \| [45.82.253.244](https://vuldb.com/?ip.45.82.253.244) \| - \| - \| High`
			`11 \| [46.28.105.107](https://vuldb.com/?ip.46.28.105.107) \| hc1-wd246.wedos.net \| - \| High`
			`12 \| [46.30.215.127](https://vuldb.com/?ip.46.30.215.127) \| webcluster2.webpod6-cph3.one.com \| - \| High`
			`13 \| [46.30.215.202](https://vuldb.com/?ip.46.30.215.202) \| webcluster1.webpod8-cph3.one.com \| - \| High`
			`14 \| [46.242.242.252](https://vuldb.com/?ip.46.242.242.252) \| cloudserver3219609-3219640.home.pl \| - \| High`
			`15 \| [46.249.43.105](https://vuldb.com/?ip.46.249.43.105) \| web02.pruim.eu \| - \| High`
			`16 \| [52.25.92.0](https://vuldb.com/?ip.52.25.92.0) \| ec2-52-25-92-0.us-west-2.compute.amazonaws.com \| - \| Medium`
			`17 \| [52.58.78.16](https://vuldb.com/?ip.52.58.78.16) \| ec2-52-58-78-16.eu-central-1.compute.amazonaws.com \| - \| Medium`
			`18 \| [54.65.172.3](https://vuldb.com/?ip.54.65.172.3) \| ec2-54-65-172-3.ap-northeast-1.compute.amazonaws.com \| - \| Medium`
			`19 \| [62.97.115.37](https://vuldb.com/?ip.62.97.115.37) \| lnx-ppa-php53-01.microblau.net \| - \| High`
			`20 \| [62.129.200.14](https://vuldb.com/?ip.62.129.200.14) \| cloudserver010174.home.pl \| - \| High`
			`21 \| [62.149.128.72](https://vuldb.com/?ip.62.149.128.72) \| mxd4.aruba.it \| - \| High`
			`22 \| [62.149.128.74](https://vuldb.com/?ip.62.149.128.74) \| mxd5.aruba.it \| - \| High`
			`23 \| [62.149.128.151](https://vuldb.com/?ip.62.149.128.151) \| mxd6.aruba.it \| - \| High`
			`24 \| [62.149.128.154](https://vuldb.com/?ip.62.149.128.154) \| mxd7.aruba.it \| - \| High`
			`25 \| [62.149.128.157](https://vuldb.com/?ip.62.149.128.157) \| mxd8.aruba.it \| - \| High`
			`26 \| [62.149.128.160](https://vuldb.com/?ip.62.149.128.160) \| mxd1.aruba.it \| - \| High`
			`27 \| ... \| ... \| ... \| ...`
Converted from AsciiDoc to Markdown 2021-09-30 09:58:16 +00:00
Update 2022-02-05 07:47:58 +00:00			`There are 105 more IOC items available. Please use our online service to access the data.`
Converted from AsciiDoc to Markdown 2021-09-30 09:58:16 +00:00
			`## References`

Update 2022-04-01 10:05:45 +00:00			`The following list contains _external sources_ which discuss the actor and the associated activities:`
Converted from AsciiDoc to Markdown 2021-09-30 09:58:16 +00:00
			`* https://github.com/firehol/blocklist-ipsets/blob/master/bambenek_simda.ipset`

			`## Literature`

Update 2022-04-01 10:05:45 +00:00			`The following _articles_ explain our unique predictive cyber threat intelligence:`
Converted from AsciiDoc to Markdown 2021-09-30 09:58:16 +00:00
Update 2022-02-05 07:47:58 +00:00			`* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)`
Converted from AsciiDoc to Markdown 2021-09-30 09:58:16 +00:00			`* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)`

			`## License`

Update 2022-02-05 07:47:58 +00:00			`(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!`