mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-03 00:43:58 +00:00
403 lines
21 KiB
Markdown
403 lines
21 KiB
Markdown
![]() |
# FritzFrog - Cyber Threat Intelligence
|
||
|
|
||
|
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FritzFrog](https://vuldb.com/?actor.fritzfrog). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||
|
|
||
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fritzfrog](https://vuldb.com/?actor.fritzfrog)
|
||
|
|
||
|
## Countries
|
||
|
|
||
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:
|
||
|
|
||
|
* US
|
||
|
* CN
|
||
|
* ES
|
||
|
* ...
|
||
|
|
||
|
There are 5 more country items available. Please use our online service to access the data.
|
||
|
|
||
|
## IOC - Indicator of Compromise
|
||
|
|
||
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of FritzFrog.
|
||
|
|
||
|
ID | IP address | Hostname | Campaign | Confidence
|
||
|
-- | ---------- | -------- | -------- | ----------
|
||
|
1 | 1.6.80.1 | - | - | High
|
||
|
2 | 1.12.223.203 | - | - | High
|
||
|
3 | 1.12.243.168 | - | - | High
|
||
|
4 | 1.14.95.58 | - | - | High
|
||
|
5 | 1.14.166.163 | - | - | High
|
||
|
6 | 1.14.226.88 | - | - | High
|
||
|
7 | 1.14.253.207 | - | - | High
|
||
|
8 | 1.116.55.237 | - | - | High
|
||
|
9 | 1.116.206.188 | - | - | High
|
||
|
10 | 1.117.3.72 | - | - | High
|
||
|
11 | 1.117.16.119 | - | - | High
|
||
|
12 | 1.117.58.108 | - | - | High
|
||
|
13 | 1.117.160.142 | - | - | High
|
||
|
14 | 1.117.229.94 | - | - | High
|
||
|
15 | 1.165.115.76 | 1-165-115-76.dynamic-ip.hinet.net | - | High
|
||
|
16 | 1.165.118.93 | 1-165-118-93.dynamic-ip.hinet.net | - | High
|
||
|
17 | 1.165.143.43 | 1-165-143-43.dynamic-ip.hinet.net | - | High
|
||
|
18 | 1.165.211.196 | 1-165-211-196.dynamic-ip.hinet.net | - | High
|
||
|
19 | 1.192.94.61 | - | - | High
|
||
|
20 | 1.220.98.197 | - | - | High
|
||
|
21 | 2.58.113.123 | tube-hosting.de | - | High
|
||
|
22 | 2.59.92.14 | - | - | High
|
||
|
23 | 2.78.61.194 | 2-78-61-194.kcell.kz | - | High
|
||
|
24 | 2.80.12.140 | bl19-12-140.dsl.telepac.pt | - | High
|
||
|
25 | 2.227.254.144 | - | - | High
|
||
|
26 | 3.0.206.162 | ec2-3-0-206-162.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||
|
27 | 3.6.71.245 | ec2-3-6-71-245.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
28 | 3.9.188.69 | ec2-3-9-188-69.eu-west-2.compute.amazonaws.com | - | Medium
|
||
|
29 | 3.14.13.27 | ec2-3-14-13-27.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
30 | 3.14.153.3 | ec2-3-14-153-3.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
31 | 3.17.11.48 | ec2-3-17-11-48.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
32 | 3.17.152.26 | ec2-3-17-152-26.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
33 | 3.17.188.16 | ec2-3-17-188-16.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
34 | 3.35.185.49 | ec2-3-35-185-49.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||
|
35 | 3.38.209.200 | ec2-3-38-209-200.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||
|
36 | 3.70.67.35 | ec2-3-70-67-35.eu-central-1.compute.amazonaws.com | - | Medium
|
||
|
37 | 3.82.227.46 | ec2-3-82-227-46.compute-1.amazonaws.com | - | Medium
|
||
|
38 | 3.86.230.210 | ec2-3-86-230-210.compute-1.amazonaws.com | - | Medium
|
||
|
39 | 3.88.203.1 | ec2-3-88-203-1.compute-1.amazonaws.com | - | Medium
|
||
|
40 | 3.91.21.110 | ec2-3-91-21-110.compute-1.amazonaws.com | - | Medium
|
||
|
41 | 3.112.16.145 | ec2-3-112-16-145.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||
|
42 | 3.112.27.236 | ec2-3-112-27-236.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||
|
43 | 3.112.52.252 | ec2-3-112-52-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||
|
44 | 3.113.28.245 | ec2-3-113-28-245.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||
|
45 | 3.115.18.133 | ec2-3-115-18-133.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||
|
46 | 3.122.60.196 | ec2-3-122-60-196.eu-central-1.compute.amazonaws.com | - | Medium
|
||
|
47 | 3.127.114.41 | ec2-3-127-114-41.eu-central-1.compute.amazonaws.com | - | Medium
|
||
|
48 | 3.127.255.82 | ec2-3-127-255-82.eu-central-1.compute.amazonaws.com | - | Medium
|
||
|
49 | 3.133.59.250 | ec2-3-133-59-250.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
50 | 3.138.162.152 | ec2-3-138-162-152.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
51 | 3.219.216.198 | ec2-3-219-216-198.compute-1.amazonaws.com | - | Medium
|
||
|
52 | 3.236.39.46 | ec2-3-236-39-46.compute-1.amazonaws.com | - | Medium
|
||
|
53 | 3.236.44.195 | ec2-3-236-44-195.compute-1.amazonaws.com | - | Medium
|
||
|
54 | 5.25.247.205 | - | - | High
|
||
|
55 | 5.26.221.186 | - | - | High
|
||
|
56 | 5.26.250.165 | - | - | High
|
||
|
57 | 5.26.251.165 | - | - | High
|
||
|
58 | 5.26.254.49 | - | - | High
|
||
|
59 | 5.26.254.72 | - | - | High
|
||
|
60 | 5.26.254.73 | - | - | High
|
||
|
61 | 5.28.139.161 | - | - | High
|
||
|
62 | 5.34.181.108 | unallocated.layer6.net | - | High
|
||
|
63 | 5.34.181.109 | unallocated.layer6.net | - | High
|
||
|
64 | 5.35.10.81 | - | - | High
|
||
|
65 | 5.39.113.106 | ip106.ip-5-39-113.eu | - | High
|
||
|
66 | 5.42.158.38 | - | - | High
|
||
|
67 | 5.42.158.71 | - | - | High
|
||
|
68 | 5.61.57.196 | - | - | High
|
||
|
69 | 5.182.17.252 | vmi726193.contaboserver.net | - | High
|
||
|
70 | 5.231.205.137 | certo-237-205-231-5.efeitocerto.com.br | - | High
|
||
|
71 | 5.253.86.211 | - | - | High
|
||
|
72 | 8.17.89.11 | 8-17-89-11.paxio.net | - | High
|
||
|
73 | 8.208.89.230 | - | - | High
|
||
|
74 | 8.215.31.94 | - | - | High
|
||
|
75 | 8.218.100.52 | - | - | High
|
||
|
76 | 12.36.229.193 | - | - | High
|
||
|
77 | 12.160.25.98 | - | - | High
|
||
|
78 | 12.173.254.230 | - | - | High
|
||
|
79 | 12.176.121.170 | - | - | High
|
||
|
80 | 12.222.12.26 | - | - | High
|
||
|
81 | 12.234.91.165 | - | - | High
|
||
|
82 | 13.37.158.253 | ec2-13-37-158-253.eu-west-3.compute.amazonaws.com | - | Medium
|
||
|
83 | 13.52.74.242 | ec2-13-52-74-242.us-west-1.compute.amazonaws.com | - | Medium
|
||
|
84 | 13.53.127.223 | ec2-13-53-127-223.eu-north-1.compute.amazonaws.com | - | Medium
|
||
|
85 | 13.53.149.216 | ec2-13-53-149-216.eu-north-1.compute.amazonaws.com | - | Medium
|
||
|
86 | 13.57.226.95 | ec2-13-57-226-95.us-west-1.compute.amazonaws.com | - | Medium
|
||
|
87 | 13.59.13.98 | ec2-13-59-13-98.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
88 | 13.59.67.195 | ec2-13-59-67-195.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
89 | 13.72.247.133 | - | - | High
|
||
|
90 | 13.77.163.87 | - | - | High
|
||
|
91 | 13.78.143.45 | - | - | High
|
||
|
92 | 13.79.246.35 | - | - | High
|
||
|
93 | 13.80.144.47 | - | - | High
|
||
|
94 | 13.80.148.182 | - | - | High
|
||
|
95 | 13.90.45.216 | - | - | High
|
||
|
96 | 13.92.247.241 | - | - | High
|
||
|
97 | 13.113.129.210 | ec2-13-113-129-210.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||
|
98 | 13.114.10.152 | ec2-13-114-10-152.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||
|
99 | 13.124.214.6 | ec2-13-124-214-6.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||
|
100 | 13.124.217.127 | ec2-13-124-217-127.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||
|
101 | 13.126.18.196 | ec2-13-126-18-196.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
102 | 13.126.244.38 | ec2-13-126-244-38.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
103 | 13.209.39.176 | ec2-13-209-39-176.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||
|
104 | 13.211.180.165 | ec2-13-211-180-165.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||
|
105 | 13.211.234.149 | ec2-13-211-234-149.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||
|
106 | 13.232.213.134 | ec2-13-232-213-134.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
107 | 13.233.60.246 | ec2-13-233-60-246.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
108 | 13.233.98.125 | ec2-13-233-98-125.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
109 | 13.234.76.179 | ec2-13-234-76-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
110 | 13.235.82.69 | ec2-13-235-82-69.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
111 | 13.235.253.205 | ec2-13-235-253-205.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
112 | 13.238.218.177 | ec2-13-238-218-177.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||
|
113 | 13.251.26.201 | ec2-13-251-26-201.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||
|
114 | 13.251.89.210 | ec2-13-251-89-210.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||
|
115 | 13.251.166.37 | ec2-13-251-166-37.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||
|
116 | 14.37.111.114 | - | - | High
|
||
|
117 | 14.43.135.243 | - | - | High
|
||
|
118 | 14.46.100.84 | - | - | High
|
||
|
119 | 14.54.245.109 | - | - | High
|
||
|
120 | 14.54.245.220 | - | - | High
|
||
|
121 | 14.118.208.75 | - | - | High
|
||
|
122 | 14.118.208.86 | - | - | High
|
||
|
123 | 14.118.211.158 | - | - | High
|
||
|
124 | 14.139.122.146 | - | - | High
|
||
|
125 | 15.206.70.23 | ec2-15-206-70-23.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
126 | 15.235.13.210 | ns5009092.ip-15-235-13.net | - | High
|
||
|
127 | 15.235.13.211 | ns5009085.ip-15-235-13.net | - | High
|
||
|
128 | 15.235.30.194 | ip194.ip-15-235-30.net | - | High
|
||
|
129 | 18.27.197.252 | - | - | High
|
||
|
130 | 18.130.29.105 | ec2-18-130-29-105.eu-west-2.compute.amazonaws.com | - | Medium
|
||
|
131 | 18.136.203.250 | ec2-18-136-203-250.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||
|
132 | 18.138.238.88 | ec2-18-138-238-88.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||
|
133 | 18.141.93.110 | ec2-18-141-93-110.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||
|
134 | 18.142.77.220 | ec2-18-142-77-220.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||
|
135 | 18.162.109.213 | ec2-18-162-109-213.ap-east-1.compute.amazonaws.com | - | Medium
|
||
|
136 | 18.162.120.237 | ec2-18-162-120-237.ap-east-1.compute.amazonaws.com | - | Medium
|
||
|
137 | 18.162.123.240 | ec2-18-162-123-240.ap-east-1.compute.amazonaws.com | - | Medium
|
||
|
138 | 18.162.200.166 | ec2-18-162-200-166.ap-east-1.compute.amazonaws.com | - | Medium
|
||
|
139 | 18.182.6.172 | ec2-18-182-6-172.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||
|
140 | 18.191.113.196 | ec2-18-191-113-196.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
141 | 18.202.242.7 | ec2-18-202-242-7.eu-west-1.compute.amazonaws.com | - | Medium
|
||
|
142 | 18.204.247.146 | ec2-18-204-247-146.compute-1.amazonaws.com | - | Medium
|
||
|
143 | 18.208.7.231 | ec2-18-208-7-231.compute-1.amazonaws.com | - | Medium
|
||
|
144 | 18.212.26.134 | ec2-18-212-26-134.compute-1.amazonaws.com | - | Medium
|
||
|
145 | 18.218.135.210 | ec2-18-218-135-210.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
146 | 18.219.191.219 | ec2-18-219-191-219.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
147 | 18.220.148.98 | ec2-18-220-148-98.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
148 | 18.222.214.151 | ec2-18-222-214-151.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
149 | 18.228.44.254 | ec2-18-228-44-254.sa-east-1.compute.amazonaws.com | - | Medium
|
||
|
150 | 18.231.36.105 | ec2-18-231-36-105.sa-east-1.compute.amazonaws.com | - | Medium
|
||
|
151 | 18.231.122.117 | ec2-18-231-122-117.sa-east-1.compute.amazonaws.com | - | Medium
|
||
|
152 | 18.231.178.172 | ec2-18-231-178-172.sa-east-1.compute.amazonaws.com | - | Medium
|
||
|
153 | 20.39.226.165 | - | - | High
|
||
|
154 | 20.39.240.101 | - | - | High
|
||
|
155 | 20.49.51.59 | - | - | High
|
||
|
156 | 20.69.176.137 | - | - | High
|
||
|
157 | 20.126.58.208 | - | - | High
|
||
|
158 | 20.127.105.82 | - | - | High
|
||
|
159 | 20.141.185.205 | - | - | High
|
||
|
160 | 20.195.193.241 | - | - | High
|
||
|
161 | 20.205.0.49 | - | - | High
|
||
|
162 | 23.92.25.109 | 23-92-25-109.ip.linodeusercontent.com | - | High
|
||
|
163 | 23.94.56.185 | 23-94-56-185-host.colocrossing.com | - | High
|
||
|
164 | 23.100.81.44 | - | - | High
|
||
|
165 | 23.148.146.118 | - | - | High
|
||
|
166 | 23.148.146.122 | - | - | High
|
||
|
167 | 23.234.197.173 | 173-197-234-23-dedicated.multacom.com | - | High
|
||
|
168 | 23.234.209.234 | host-23-234-209-234-by.multacom.com | - | High
|
||
|
169 | 23.237.228.74 | - | - | High
|
||
|
170 | 23.237.228.90 | - | - | High
|
||
|
171 | 23.254.217.214 | hwsrv-905596.hostwindsdns.com | - | High
|
||
|
172 | 24.8.141.118 | c-24-8-141-118.hsd1.co.comcast.net | - | High
|
||
|
173 | 24.65.42.248 | - | - | High
|
||
|
174 | 24.152.38.22 | - | - | High
|
||
|
175 | 24.152.38.152 | - | - | High
|
||
|
176 | 24.158.63.182 | 024-158-063-182.biz.spectrum.com | - | High
|
||
|
177 | 24.213.210.198 | rrcs-24-213-210-198.nys.biz.rr.com | - | High
|
||
|
178 | 27.16.238.184 | - | - | High
|
||
|
179 | 27.54.170.52 | - | - | High
|
||
|
180 | 27.129.128.235 | - | - | High
|
||
|
181 | 27.158.196.219 | 219.196.158.27.broad.zz.fj.dynamic.163data.com.cn | - | High
|
||
|
182 | 27.191.107.92 | - | - | High
|
||
|
183 | 31.15.241.181 | cpe-31-15-241-181.cable.telemach.net | - | High
|
||
|
184 | 31.19.126.157 | ip1f137e9d.dynamic.kabel-deutschland.de | - | High
|
||
|
185 | 31.19.237.46 | ip1f13ed2e.dynamic.kabel-deutschland.de | - | High
|
||
|
186 | 31.19.237.170 | ip1f13edaa.dynamic.kabel-deutschland.de | - | High
|
||
|
187 | 31.169.25.190 | - | - | High
|
||
|
188 | 31.206.240.54 | - | - | High
|
||
|
189 | 34.80.27.207 | 207.27.80.34.bc.googleusercontent.com | - | Medium
|
||
|
190 | 34.80.39.155 | 155.39.80.34.bc.googleusercontent.com | - | Medium
|
||
|
191 | 34.84.213.136 | 136.213.84.34.bc.googleusercontent.com | - | Medium
|
||
|
192 | 34.92.90.235 | 235.90.92.34.bc.googleusercontent.com | - | Medium
|
||
|
193 | 34.125.101.168 | 168.101.125.34.bc.googleusercontent.com | - | Medium
|
||
|
194 | 34.130.214.198 | 198.214.130.34.bc.googleusercontent.com | - | Medium
|
||
|
195 | 34.209.193.171 | ec2-34-209-193-171.us-west-2.compute.amazonaws.com | - | Medium
|
||
|
196 | 34.218.227.40 | ec2-34-218-227-40.us-west-2.compute.amazonaws.com | - | Medium
|
||
|
197 | 34.220.197.12 | ec2-34-220-197-12.us-west-2.compute.amazonaws.com | - | Medium
|
||
|
198 | 34.228.43.200 | ec2-34-228-43-200.compute-1.amazonaws.com | - | Medium
|
||
|
199 | 34.238.28.208 | ec2-34-238-28-208.compute-1.amazonaws.com | - | Medium
|
||
|
200 | 34.239.121.245 | ec2-34-239-121-245.compute-1.amazonaws.com | - | Medium
|
||
|
201 | 35.84.195.246 | ec2-35-84-195-246.us-west-2.compute.amazonaws.com | - | Medium
|
||
|
202 | 35.154.250.210 | ec2-35-154-250-210.ap-south-1.compute.amazonaws.com | - | Medium
|
||
|
203 | 35.176.154.160 | ec2-35-176-154-160.eu-west-2.compute.amazonaws.com | - | Medium
|
||
|
204 | 35.178.109.174 | ec2-35-178-109-174.eu-west-2.compute.amazonaws.com | - | Medium
|
||
|
205 | 35.181.9.94 | ec2-35-181-9-94.eu-west-3.compute.amazonaws.com | - | Medium
|
||
|
206 | 35.182.238.155 | ec2-35-182-238-155.ca-central-1.compute.amazonaws.com | - | Medium
|
||
|
207 | 35.183.109.60 | ec2-35-183-109-60.ca-central-1.compute.amazonaws.com | - | Medium
|
||
|
208 | 35.192.122.245 | 245.122.192.35.bc.googleusercontent.com | - | Medium
|
||
|
209 | 35.194.155.97 | 97.155.194.35.bc.googleusercontent.com | - | Medium
|
||
|
210 | 35.229.239.179 | 179.239.229.35.bc.googleusercontent.com | - | Medium
|
||
|
211 | 36.22.249.39 | - | - | High
|
||
|
212 | 36.92.125.163 | - | - | High
|
||
|
213 | 36.137.217.5 | - | - | High
|
||
|
214 | 37.25.54.162 | - | - | High
|
||
|
215 | 37.44.244.231 | - | - | High
|
||
|
216 | 37.97.206.223 | 37-97-206-223.colo.transip.net | - | High
|
||
|
217 | 37.156.28.213 | 213.mobinnet.net | - | High
|
||
|
218 | 37.182.153.172 | - | - | High
|
||
|
219 | 37.186.217.20 | 37-186-217-20.ip270.fastwebnet.it | - | High
|
||
|
220 | 37.187.148.130 | ns345129.ip-37-187-148.eu | - | High
|
||
|
221 | 37.230.137.180 | ds1-client.elegacy.ru | - | High
|
||
|
222 | 39.86.114.252 | - | - | High
|
||
|
223 | 39.105.123.135 | - | - | High
|
||
|
224 | 39.106.111.11 | - | - | High
|
||
|
225 | 40.77.57.4 | - | - | High
|
||
|
226 | 41.193.68.46 | mail.udwc.co.za | - | High
|
||
|
227 | 41.226.18.128 | - | - | High
|
||
|
228 | 41.231.127.5 | - | - | High
|
||
|
229 | 42.192.82.25 | - | - | High
|
||
|
230 | 42.192.141.133 | - | - | High
|
||
|
231 | 42.192.155.41 | - | - | High
|
||
|
232 | 42.192.157.181 | - | - | High
|
||
|
233 | 42.193.55.4 | - | - | High
|
||
|
234 | 42.193.252.69 | - | - | High
|
||
|
235 | 42.194.187.28 | - | - | High
|
||
|
236 | 43.129.181.67 | - | - | High
|
||
|
237 | 43.129.253.181 | - | - | High
|
||
|
238 | 43.132.208.88 | - | - | High
|
||
|
239 | 43.136.128.67 | - | - | High
|
||
|
240 | 43.154.20.234 | - | - | High
|
||
|
241 | 43.242.247.139 | - | - | High
|
||
|
242 | 43.249.206.97 | - | - | High
|
||
|
243 | 44.201.98.58 | ec2-44-201-98-58.compute-1.amazonaws.com | - | Medium
|
||
|
244 | 45.6.96.34 | - | - | High
|
||
|
245 | 45.22.199.195 | 45-22-199-195.lightspeed.sndgca.sbcglobal.net | - | High
|
||
|
246 | 45.32.122.40 | 45.32.122.40.vultr.com | - | Medium
|
||
|
247 | 45.32.128.117 | 45.32.128.117.vultr.com | - | Medium
|
||
|
248 | 45.84.196.108 | - | - | High
|
||
|
249 | 45.87.207.8 | - | - | High
|
||
|
250 | 45.119.86.214 | - | - | High
|
||
|
251 | 45.131.1.72 | ip.serverscity.net | - | High
|
||
|
252 | 45.137.181.238 | - | - | High
|
||
|
253 | 45.138.157.66 | vm326778.pq.hosting | - | High
|
||
|
254 | 45.140.164.177 | - | - | High
|
||
|
255 | 45.142.122.107 | merry-coach.aeza.network | - | High
|
||
|
256 | 45.142.122.169 | dirty-magic.aeza.network | - | High
|
||
|
257 | 45.143.136.213 | andreybaksalyar.example.com | - | High
|
||
|
258 | 45.153.229.238 | vm346100.pq.hosting | - | High
|
||
|
259 | 45.154.215.172 | - | - | High
|
||
|
260 | 45.182.118.100 | - | - | High
|
||
|
261 | 45.222.204.98 | - | - | High
|
||
|
262 | 45.229.34.30 | - | - | High
|
||
|
263 | 45.231.132.133 | generated-loan.cursorspec.com | - | High
|
||
|
264 | 45.238.23.157 | - | - | High
|
||
|
265 | 45.249.92.58 | - | - | High
|
||
|
266 | 46.3.142.226 | - | - | High
|
||
|
267 | 46.3.197.32 | - | - | High
|
||
|
268 | 46.3.199.4 | - | - | High
|
||
|
269 | 46.3.199.5 | - | - | High
|
||
|
270 | 46.37.77.214 | 214.red.77.37.46.procono.es | - | High
|
||
|
271 | 46.80.25.30 | p2e50191e.dip0.t-ipconnect.de | - | High
|
||
|
272 | 46.97.44.18 | - | - | High
|
||
|
273 | 46.101.2.179 | - | - | High
|
||
|
274 | 46.101.18.240 | - | - | High
|
||
|
275 | 46.109.34.247 | - | - | High
|
||
|
276 | 46.148.227.125 | cd16.micsotmaster.art | - | High
|
||
|
277 | 46.210.111.163 | - | - | High
|
||
|
278 | 46.217.167.96 | - | - | High
|
||
|
279 | 46.219.116.22 | - | - | High
|
||
|
280 | 46.223.163.220 | ip-046-223-163-220.um13.pools.vodafone-ip.de | - | High
|
||
|
281 | 47.16.155.222 | ool-2f109bde.dyn.optonline.net | - | High
|
||
|
282 | 47.19.20.130 | - | - | High
|
||
|
283 | 47.37.138.79 | 047-037-138-079.res.spectrum.com | - | High
|
||
|
284 | 47.74.65.36 | - | - | High
|
||
|
285 | 47.88.244.157 | - | - | High
|
||
|
286 | 47.91.87.67 | - | - | High
|
||
|
287 | 47.100.108.185 | - | - | High
|
||
|
288 | 47.100.139.58 | - | - | High
|
||
|
289 | 47.106.180.166 | - | - | High
|
||
|
290 | 47.240.81.242 | - | - | High
|
||
|
291 | 47.243.181.71 | - | - | High
|
||
|
292 | 47.243.181.238 | - | - | High
|
||
|
293 | 47.245.14.45 | - | - | High
|
||
|
294 | 49.7.132.22 | - | - | High
|
||
|
295 | 49.50.106.73 | - | - | High
|
||
|
296 | 49.69.36.214 | - | - | High
|
||
|
297 | 49.204.124.253 | broadband.actcorp.in | - | High
|
||
|
298 | 49.232.80.64 | - | - | High
|
||
|
299 | 49.232.104.199 | - | - | High
|
||
|
300 | 49.232.122.130 | - | - | High
|
||
|
301 | ... | ... | ... | ...
|
||
|
|
||
|
There are 1200 more IOC items available. Please use our online service to access the data.
|
||
|
|
||
|
## TTP - Tactics, Techniques, Procedures
|
||
|
|
||
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techniques used by FritzFrog. This data is unique as it uses our predictive model for actor profiling.
|
||
|
|
||
|
ID | Technique | Weakness | Description | Confidence
|
||
|
-- | --------- | -------- | ----------- | ----------
|
||
|
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||
|
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||
|
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||
|
4 | ... | ... | ... | ...
|
||
|
|
||
|
There are 9 more TTP items available. Please use our online service to access the data.
|
||
|
|
||
|
## IOA - Indicator of Attack
|
||
|
|
||
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FritzFrog. This data is unique as it uses our predictive model for actor profiling.
|
||
|
|
||
|
ID | Type | Indicator | Confidence
|
||
|
-- | ---- | --------- | ----------
|
||
|
1 | File | `.well-known` | Medium
|
||
|
2 | File | `/administration/settings_registration.php` | High
|
||
|
3 | File | `/bin/false` | Medium
|
||
|
4 | File | `/cgi-bin/` | Medium
|
||
|
5 | File | `/coreframe/app/order/admin/index.php` | High
|
||
|
6 | File | `/if.cgi` | Low
|
||
|
7 | File | `/info.asp` | Medium
|
||
|
8 | File | `/messages/messages_listing.asp` | High
|
||
|
9 | File | `/moddable/xs/sources/xsDebug.c` | High
|
||
|
10 | File | `/Monitoring-History.php` | High
|
||
|
11 | File | `/Nodes-Traffic.php` | High
|
||
|
12 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||
|
13 | File | `/public/admin.php` | High
|
||
|
14 | File | `/public/login.htm` | High
|
||
|
15 | File | `/tools/network-trace` | High
|
||
|
16 | File | `/trigger` | Medium
|
||
|
17 | File | `/uncpath/` | Medium
|
||
|
18 | File | `/usr/sbin/DM` | Medium
|
||
|
19 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||
|
20 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||
|
21 | File | `/weibo/comment` | High
|
||
|
22 | File | `/ws.php` | Low
|
||
|
23 | File | `/_up` | Low
|
||
|
24 | File | `AccountManager.java` | High
|
||
|
25 | File | `action=main:search:simpleSearch` | High
|
||
|
26 | File | `add_cars.php` | Medium
|
||
|
27 | File | `add_headers.php` | High
|
||
|
28 | File | `add_ons.php` | Medium
|
||
|
29 | File | `admin.cgi?action=config_save` | High
|
||
|
30 | File | `admin.php` | Medium
|
||
|
31 | File | `admin.php?action=files` | High
|
||
|
32 | File | `admin/admin/dump/` | High
|
||
|
33 | File | `admin/backupstart.php` | High
|
||
|
34 | File | `admin/list_user` | High
|
||
|
35 | File | `admin/themes` | Medium
|
||
|
36 | File | `admin/view:modules/load_module:users#edit-user=1` | High
|
||
|
37 | ... | ... | ...
|
||
|
|
||
|
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||
|
|
||
|
## References
|
||
|
|
||
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||
|
|
||
|
* https://github.com/guardicore/labs_campaigns/tree/master/FritzFrog
|
||
|
|
||
|
## Literature
|
||
|
|
||
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||
|
|
||
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||
|
|
||
|
## License
|
||
|
|
||
|
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|