mirror of
https://github.com/vuldb/cyber_threat_intelligence
synced 2024-07-05 18:01:41 +00:00
288 lines
15 KiB
Markdown
288 lines
15 KiB
Markdown
|
# Deimos - Cyber Threat Intelligence
|
||
|
|
||
|
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Deimos](https://vuldb.com/?actor.deimos). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||
|
|
||
|
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.deimos](https://vuldb.com/?actor.deimos)
|
||
|
|
||
|
## Countries
|
||
|
|
||
|
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Deimos:
|
||
|
|
||
|
* [CN](https://vuldb.com/?country.cn)
|
||
|
|
||
|
## IOC - Indicator of Compromise
|
||
|
|
||
|
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Deimos.
|
||
|
|
||
|
ID | IP address | Hostname | Campaign | Confidence
|
||
|
-- | ---------- | -------- | -------- | ----------
|
||
|
1 | [3.139.182.36](https://vuldb.com/?ip.3.139.182.36) | ec2-3-139-182-36.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
2 | [3.140.170.199](https://vuldb.com/?ip.3.140.170.199) | ec2-3-140-170-199.us-east-2.compute.amazonaws.com | - | Medium
|
||
|
3 | [3.209.12.178](https://vuldb.com/?ip.3.209.12.178) | ec2-3-209-12-178.compute-1.amazonaws.com | - | Medium
|
||
|
4 | [8.218.26.114](https://vuldb.com/?ip.8.218.26.114) | - | - | High
|
||
|
5 | [14.29.118.239](https://vuldb.com/?ip.14.29.118.239) | - | - | High
|
||
|
6 | [18.162.155.202](https://vuldb.com/?ip.18.162.155.202) | ec2-18-162-155-202.ap-east-1.compute.amazonaws.com | - | Medium
|
||
|
7 | [18.162.193.120](https://vuldb.com/?ip.18.162.193.120) | ec2-18-162-193-120.ap-east-1.compute.amazonaws.com | - | Medium
|
||
|
8 | [34.91.254.205](https://vuldb.com/?ip.34.91.254.205) | 205.254.91.34.bc.googleusercontent.com | - | Medium
|
||
|
9 | [34.147.114.77](https://vuldb.com/?ip.34.147.114.77) | 77.114.147.34.bc.googleusercontent.com | - | Medium
|
||
|
10 | [36.95.131.171](https://vuldb.com/?ip.36.95.131.171) | - | - | High
|
||
|
11 | [39.106.36.96](https://vuldb.com/?ip.39.106.36.96) | - | - | High
|
||
|
12 | [43.198.73.212](https://vuldb.com/?ip.43.198.73.212) | ec2-43-198-73-212.ap-east-1.compute.amazonaws.com | - | Medium
|
||
|
13 | [44.230.201.248](https://vuldb.com/?ip.44.230.201.248) | ec2-44-230-201-248.us-west-2.compute.amazonaws.com | - | Medium
|
||
|
14 | [45.77.7.58](https://vuldb.com/?ip.45.77.7.58) | 45.77.7.58.vultrusercontent.com | - | High
|
||
|
15 | [54.151.143.251](https://vuldb.com/?ip.54.151.143.251) | ec2-54-151-143-251.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||
|
16 | [58.250.32.16](https://vuldb.com/?ip.58.250.32.16) | - | - | High
|
||
|
17 | [59.46.210.116](https://vuldb.com/?ip.59.46.210.116) | - | - | High
|
||
|
18 | [61.216.149.32](https://vuldb.com/?ip.61.216.149.32) | 61-216-149-32.hinet-ip.hinet.net | - | High
|
||
|
19 | [64.254.19.142](https://vuldb.com/?ip.64.254.19.142) | 142-19-254-64.cognicase.net | - | High
|
||
|
20 | [64.254.28.121](https://vuldb.com/?ip.64.254.28.121) | 121-28-254-64.cgitmsmdc.ca | - | High
|
||
|
21 | [64.254.28.122](https://vuldb.com/?ip.64.254.28.122) | 122-28-254-64.cgitmsmdc.ca | - | High
|
||
|
22 | [79.137.203.70](https://vuldb.com/?ip.79.137.203.70) | Fuck-strot.aeza.network | - | High
|
||
|
23 | [81.70.24.179](https://vuldb.com/?ip.81.70.24.179) | - | - | High
|
||
|
24 | [88.99.17.2](https://vuldb.com/?ip.88.99.17.2) | ns20.mizbandp.com | - | High
|
||
|
25 | [88.99.17.3](https://vuldb.com/?ip.88.99.17.3) | static.3.17.99.88.clients.your-server.de | - | High
|
||
|
26 | [88.99.17.5](https://vuldb.com/?ip.88.99.17.5) | static.5.17.99.88.clients.your-server.de | - | High
|
||
|
27 | [92.116.24.76](https://vuldb.com/?ip.92.116.24.76) | i5C74184C.versanet.de | - | High
|
||
|
28 | [103.44.253.115](https://vuldb.com/?ip.103.44.253.115) | - | - | High
|
||
|
29 | [104.196.56.239](https://vuldb.com/?ip.104.196.56.239) | 239.56.196.104.bc.googleusercontent.com | - | Medium
|
||
|
30 | [106.75.229.132](https://vuldb.com/?ip.106.75.229.132) | - | - | High
|
||
|
31 | [112.29.177.3](https://vuldb.com/?ip.112.29.177.3) | - | - | High
|
||
|
32 | [112.29.177.4](https://vuldb.com/?ip.112.29.177.4) | - | - | High
|
||
|
33 | [112.29.177.5](https://vuldb.com/?ip.112.29.177.5) | - | - | High
|
||
|
34 | [112.29.177.6](https://vuldb.com/?ip.112.29.177.6) | - | - | High
|
||
|
35 | [112.29.177.7](https://vuldb.com/?ip.112.29.177.7) | - | - | High
|
||
|
36 | [112.29.177.8](https://vuldb.com/?ip.112.29.177.8) | - | - | High
|
||
|
37 | [112.29.177.9](https://vuldb.com/?ip.112.29.177.9) | - | - | High
|
||
|
38 | [112.29.177.10](https://vuldb.com/?ip.112.29.177.10) | - | - | High
|
||
|
39 | [112.29.177.11](https://vuldb.com/?ip.112.29.177.11) | - | - | High
|
||
|
40 | ... | ... | ... | ...
|
||
|
|
||
|
There are 156 more IOC items available. Please use our online service to access the data.
|
||
|
|
||
|
## TTP - Tactics, Techniques, Procedures
|
||
|
|
||
|
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Deimos_. This data is unique as it uses our predictive model for actor profiling.
|
||
|
|
||
|
ID | Technique | Weakness | Description | Confidence
|
||
|
-- | --------- | -------- | ----------- | ----------
|
||
|
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||
|
|
||
|
## IOA - Indicator of Attack
|
||
|
|
||
|
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Deimos. This data is unique as it uses our predictive model for actor profiling.
|
||
|
|
||
|
ID | Type | Indicator | Confidence
|
||
|
-- | ---- | --------- | ----------
|
||
|
1 | File | `ftp.pl` | Low
|
||
|
|
||
|
## References
|
||
|
|
||
|
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||
|
|
||
|
* https://search.censys.io/hosts/3.139.182.36
|
||
|
* https://search.censys.io/hosts/3.140.170.199
|
||
|
* https://search.censys.io/hosts/3.209.12.178
|
||
|
* https://search.censys.io/hosts/8.218.26.114
|
||
|
* https://search.censys.io/hosts/14.29.118.239
|
||
|
* https://search.censys.io/hosts/18.162.155.202
|
||
|
* https://search.censys.io/hosts/18.162.193.120
|
||
|
* https://search.censys.io/hosts/34.91.254.205
|
||
|
* https://search.censys.io/hosts/34.147.114.77
|
||
|
* https://search.censys.io/hosts/36.95.131.171
|
||
|
* https://search.censys.io/hosts/39.106.36.96
|
||
|
* https://search.censys.io/hosts/43.198.73.212
|
||
|
* https://search.censys.io/hosts/44.230.201.248
|
||
|
* https://search.censys.io/hosts/45.77.7.58
|
||
|
* https://search.censys.io/hosts/54.151.143.251
|
||
|
* https://search.censys.io/hosts/58.250.32.16
|
||
|
* https://search.censys.io/hosts/59.46.210.116
|
||
|
* https://search.censys.io/hosts/61.216.149.32
|
||
|
* https://search.censys.io/hosts/64.254.19.142
|
||
|
* https://search.censys.io/hosts/64.254.28.121
|
||
|
* https://search.censys.io/hosts/64.254.28.122
|
||
|
* https://search.censys.io/hosts/79.137.203.70
|
||
|
* https://search.censys.io/hosts/81.70.24.179
|
||
|
* https://search.censys.io/hosts/88.99.17.2
|
||
|
* https://search.censys.io/hosts/88.99.17.3
|
||
|
* https://search.censys.io/hosts/88.99.17.5
|
||
|
* https://search.censys.io/hosts/92.116.24.76
|
||
|
* https://search.censys.io/hosts/103.44.253.115
|
||
|
* https://search.censys.io/hosts/104.196.56.239
|
||
|
* https://search.censys.io/hosts/106.75.229.132
|
||
|
* https://search.censys.io/hosts/112.29.177.3
|
||
|
* https://search.censys.io/hosts/112.29.177.4
|
||
|
* https://search.censys.io/hosts/112.29.177.5
|
||
|
* https://search.censys.io/hosts/112.29.177.6
|
||
|
* https://search.censys.io/hosts/112.29.177.7
|
||
|
* https://search.censys.io/hosts/112.29.177.8
|
||
|
* https://search.censys.io/hosts/112.29.177.9
|
||
|
* https://search.censys.io/hosts/112.29.177.10
|
||
|
* https://search.censys.io/hosts/112.29.177.11
|
||
|
* https://search.censys.io/hosts/112.29.177.13
|
||
|
* https://search.censys.io/hosts/112.29.177.14
|
||
|
* https://search.censys.io/hosts/112.29.177.15
|
||
|
* https://search.censys.io/hosts/112.29.177.17
|
||
|
* https://search.censys.io/hosts/112.29.177.22
|
||
|
* https://search.censys.io/hosts/112.29.177.23
|
||
|
* https://search.censys.io/hosts/112.29.177.27
|
||
|
* https://search.censys.io/hosts/112.29.177.29
|
||
|
* https://search.censys.io/hosts/112.29.177.30
|
||
|
* https://search.censys.io/hosts/112.29.177.31
|
||
|
* https://search.censys.io/hosts/112.29.177.32
|
||
|
* https://search.censys.io/hosts/112.29.177.37
|
||
|
* https://search.censys.io/hosts/112.29.177.39
|
||
|
* https://search.censys.io/hosts/112.29.177.40
|
||
|
* https://search.censys.io/hosts/112.29.177.41
|
||
|
* https://search.censys.io/hosts/112.29.177.42
|
||
|
* https://search.censys.io/hosts/112.29.177.46
|
||
|
* https://search.censys.io/hosts/112.29.177.48
|
||
|
* https://search.censys.io/hosts/112.29.177.49
|
||
|
* https://search.censys.io/hosts/112.29.177.50
|
||
|
* https://search.censys.io/hosts/112.29.177.51
|
||
|
* https://search.censys.io/hosts/112.29.177.52
|
||
|
* https://search.censys.io/hosts/112.29.177.53
|
||
|
* https://search.censys.io/hosts/112.29.177.56
|
||
|
* https://search.censys.io/hosts/112.29.177.59
|
||
|
* https://search.censys.io/hosts/112.29.177.62
|
||
|
* https://search.censys.io/hosts/112.29.177.66
|
||
|
* https://search.censys.io/hosts/112.29.177.68
|
||
|
* https://search.censys.io/hosts/112.29.177.69
|
||
|
* https://search.censys.io/hosts/112.29.177.70
|
||
|
* https://search.censys.io/hosts/112.29.177.73
|
||
|
* https://search.censys.io/hosts/112.29.177.74
|
||
|
* https://search.censys.io/hosts/112.29.177.75
|
||
|
* https://search.censys.io/hosts/112.29.177.76
|
||
|
* https://search.censys.io/hosts/112.29.177.77
|
||
|
* https://search.censys.io/hosts/112.29.177.78
|
||
|
* https://search.censys.io/hosts/112.29.177.79
|
||
|
* https://search.censys.io/hosts/112.29.177.80
|
||
|
* https://search.censys.io/hosts/112.29.177.81
|
||
|
* https://search.censys.io/hosts/112.29.177.82
|
||
|
* https://search.censys.io/hosts/112.29.177.83
|
||
|
* https://search.censys.io/hosts/112.29.177.84
|
||
|
* https://search.censys.io/hosts/112.29.177.85
|
||
|
* https://search.censys.io/hosts/112.29.177.90
|
||
|
* https://search.censys.io/hosts/112.29.177.91
|
||
|
* https://search.censys.io/hosts/112.29.177.92
|
||
|
* https://search.censys.io/hosts/112.29.177.93
|
||
|
* https://search.censys.io/hosts/112.29.177.94
|
||
|
* https://search.censys.io/hosts/112.29.177.95
|
||
|
* https://search.censys.io/hosts/112.29.177.96
|
||
|
* https://search.censys.io/hosts/112.29.177.97
|
||
|
* https://search.censys.io/hosts/112.29.177.98
|
||
|
* https://search.censys.io/hosts/112.29.177.99
|
||
|
* https://search.censys.io/hosts/112.29.177.100
|
||
|
* https://search.censys.io/hosts/112.29.177.101
|
||
|
* https://search.censys.io/hosts/112.29.177.103
|
||
|
* https://search.censys.io/hosts/112.29.177.104
|
||
|
* https://search.censys.io/hosts/112.29.177.105
|
||
|
* https://search.censys.io/hosts/112.29.177.107
|
||
|
* https://search.censys.io/hosts/112.29.177.108
|
||
|
* https://search.censys.io/hosts/112.29.177.109
|
||
|
* https://search.censys.io/hosts/112.29.177.110
|
||
|
* https://search.censys.io/hosts/112.29.177.111
|
||
|
* https://search.censys.io/hosts/112.29.177.112
|
||
|
* https://search.censys.io/hosts/112.29.177.114
|
||
|
* https://search.censys.io/hosts/112.29.177.115
|
||
|
* https://search.censys.io/hosts/112.29.177.116
|
||
|
* https://search.censys.io/hosts/112.29.177.117
|
||
|
* https://search.censys.io/hosts/112.29.177.118
|
||
|
* https://search.censys.io/hosts/112.29.177.120
|
||
|
* https://search.censys.io/hosts/112.29.177.123
|
||
|
* https://search.censys.io/hosts/112.29.177.199
|
||
|
* https://search.censys.io/hosts/112.29.177.205
|
||
|
* https://search.censys.io/hosts/112.29.177.207
|
||
|
* https://search.censys.io/hosts/112.29.177.209
|
||
|
* https://search.censys.io/hosts/112.29.177.210
|
||
|
* https://search.censys.io/hosts/112.29.177.211
|
||
|
* https://search.censys.io/hosts/112.29.177.212
|
||
|
* https://search.censys.io/hosts/112.29.177.213
|
||
|
* https://search.censys.io/hosts/112.29.177.215
|
||
|
* https://search.censys.io/hosts/112.29.177.216
|
||
|
* https://search.censys.io/hosts/112.29.177.217
|
||
|
* https://search.censys.io/hosts/112.29.177.218
|
||
|
* https://search.censys.io/hosts/112.29.177.219
|
||
|
* https://search.censys.io/hosts/112.29.177.220
|
||
|
* https://search.censys.io/hosts/112.29.177.221
|
||
|
* https://search.censys.io/hosts/112.29.177.222
|
||
|
* https://search.censys.io/hosts/112.29.177.223
|
||
|
* https://search.censys.io/hosts/112.29.177.226
|
||
|
* https://search.censys.io/hosts/112.29.177.227
|
||
|
* https://search.censys.io/hosts/112.29.177.228
|
||
|
* https://search.censys.io/hosts/112.29.177.229
|
||
|
* https://search.censys.io/hosts/112.29.177.230
|
||
|
* https://search.censys.io/hosts/112.29.177.231
|
||
|
* https://search.censys.io/hosts/112.29.177.232
|
||
|
* https://search.censys.io/hosts/112.29.177.233
|
||
|
* https://search.censys.io/hosts/112.29.177.234
|
||
|
* https://search.censys.io/hosts/112.29.177.235
|
||
|
* https://search.censys.io/hosts/112.29.177.236
|
||
|
* https://search.censys.io/hosts/112.29.177.237
|
||
|
* https://search.censys.io/hosts/112.29.177.238
|
||
|
* https://search.censys.io/hosts/112.29.177.241
|
||
|
* https://search.censys.io/hosts/112.29.177.242
|
||
|
* https://search.censys.io/hosts/112.29.177.243
|
||
|
* https://search.censys.io/hosts/112.29.177.249
|
||
|
* https://search.censys.io/hosts/112.29.177.250
|
||
|
* https://search.censys.io/hosts/112.29.177.251
|
||
|
* https://search.censys.io/hosts/112.29.177.252
|
||
|
* https://search.censys.io/hosts/112.29.180.7
|
||
|
* https://search.censys.io/hosts/112.29.180.8
|
||
|
* https://search.censys.io/hosts/112.29.180.9
|
||
|
* https://search.censys.io/hosts/112.29.180.11
|
||
|
* https://search.censys.io/hosts/112.29.180.15
|
||
|
* https://search.censys.io/hosts/112.29.180.19
|
||
|
* https://search.censys.io/hosts/112.29.180.25
|
||
|
* https://search.censys.io/hosts/112.29.180.29
|
||
|
* https://search.censys.io/hosts/112.29.180.35
|
||
|
* https://search.censys.io/hosts/112.29.180.36
|
||
|
* https://search.censys.io/hosts/112.29.180.37
|
||
|
* https://search.censys.io/hosts/112.29.180.38
|
||
|
* https://search.censys.io/hosts/112.29.180.42
|
||
|
* https://search.censys.io/hosts/112.29.180.45
|
||
|
* https://search.censys.io/hosts/112.29.180.46
|
||
|
* https://search.censys.io/hosts/112.29.180.47
|
||
|
* https://search.censys.io/hosts/112.29.180.48
|
||
|
* https://search.censys.io/hosts/112.29.180.49
|
||
|
* https://search.censys.io/hosts/112.29.180.53
|
||
|
* https://search.censys.io/hosts/112.29.180.54
|
||
|
* https://search.censys.io/hosts/112.29.180.55
|
||
|
* https://search.censys.io/hosts/112.29.180.57
|
||
|
* https://search.censys.io/hosts/112.29.180.60
|
||
|
* https://search.censys.io/hosts/113.108.52.214
|
||
|
* https://search.censys.io/hosts/115.178.77.142
|
||
|
* https://search.censys.io/hosts/115.178.77.145
|
||
|
* https://search.censys.io/hosts/118.128.205.8
|
||
|
* https://search.censys.io/hosts/129.159.88.174
|
||
|
* https://search.censys.io/hosts/134.79.106.208
|
||
|
* https://search.censys.io/hosts/134.79.106.212
|
||
|
* https://search.censys.io/hosts/134.79.106.213
|
||
|
* https://search.censys.io/hosts/134.79.129.88
|
||
|
* https://search.censys.io/hosts/134.79.129.112
|
||
|
* https://search.censys.io/hosts/134.79.129.122
|
||
|
* https://search.censys.io/hosts/134.79.129.123
|
||
|
* https://search.censys.io/hosts/150.136.195.7
|
||
|
* https://search.censys.io/hosts/150.230.194.159
|
||
|
* https://search.censys.io/hosts/152.70.165.103
|
||
|
* https://search.censys.io/hosts/153.127.6.127
|
||
|
* https://search.censys.io/hosts/165.227.45.251
|
||
|
* https://search.censys.io/hosts/167.172.100.213
|
||
|
* https://search.censys.io/hosts/173.242.121.206
|
||
|
* https://search.censys.io/hosts/176.122.155.194
|
||
|
* https://search.censys.io/hosts/185.142.98.14
|
||
|
* https://search.censys.io/hosts/202.98.224.214
|
||
|
* https://search.censys.io/hosts/202.98.226.210
|
||
|
* https://search.censys.io/hosts/213.155.247.7
|
||
|
* https://search.censys.io/hosts/220.130.28.152
|
||
|
|
||
|
## Literature
|
||
|
|
||
|
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||
|
|
||
|
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||
|
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||
|
|
||
|
## License
|
||
|
|
||
|
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|