Update

2022-04-29 10:53:50 +02:00 · 2022-04-29 10:53:50 +02:00 · 0075741c28
parent 7154e3668a
commit 0075741c28
122 changed files with 4402 additions and 2402 deletions
--- a/actors/APP84VN/README.md
+++ b/actors/APP84VN/README.md
@ -0,0 +1,68 @@
 # APP84VN - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APP84VN](https://vuldb.com/?actor.app84vn). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.app84vn](https://vuldb.com/?actor.app84vn)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APP84VN:
 * [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of APP84VN.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [27.102.66.105](https://vuldb.com/?ip.27.102.66.105) | - | - | High
 2 | [27.102.132.235](https://vuldb.com/?ip.27.102.132.235) | - | - | High
 3 | [154.207.17.105](https://vuldb.com/?ip.154.207.17.105) | - | - | High
 4 | ... | ... | ... | ...
 There are 1 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _APP84VN_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
 There are 1 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by APP84VN. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/anony/mjpg.cgi` | High
 2 | File | `/product_list.php` | High
 3 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
 4 | ... | ... | ...
 There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://twitter.com/trungduc751995/status/1343822222901669888
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/APT-C-36/README.md
+++ b/actors/APT-C-36/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...
-There are 21 more country items available. Please use our online service to access the data.
+There are 20 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -35,7 +35,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
@ -51,63 +51,62 @@ ID | Type | Indicator | Confidence
 2 | File | `/+CSCOE+/logon.html` | High
 3 | File | `/assets/ctx` | Medium
 4 | File | `/bsms/?page=products` | High
-5 | File | `/cloud_config/router_post/check_reg_verify_code` | High
+5 | File | `/cgi-bin/system_mgr.cgi` | High
-6 | File | `/concat?/%2557EB-INF/web.xml` | High
+6 | File | `/cloud_config/router_post/check_reg_verify_code` | High
-7 | File | `/config/getuser` | High
+7 | File | `/concat?/%2557EB-INF/web.xml` | High
-8 | File | `/debug/pprof` | Medium
+8 | File | `/config/getuser` | High
-9 | File | `/ext/phar/phar_object.c` | High
+9 | File | `/debug/pprof` | Medium
-10 | File | `/filemanager/php/connector.php` | High
+10 | File | `/ext/phar/phar_object.c` | High
-11 | File | `/get_getnetworkconf.cgi` | High
+11 | File | `/filemanager/php/connector.php` | High
-12 | File | `/HNAP1` | Low
+12 | File | `/get_getnetworkconf.cgi` | High
-13 | File | `/include/chart_generator.php` | High
+13 | File | `/HNAP1` | Low
-14 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
+14 | File | `/include/chart_generator.php` | High
-15 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
+15 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
-16 | File | `/modx/manager/index.php` | High
+16 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
-17 | File | `/osm/REGISTER.cmd` | High
+17 | File | `/modx/manager/index.php` | High
-18 | File | `/product_list.php` | High
+18 | File | `/osm/REGISTER.cmd` | High
-19 | File | `/replication` | Medium
+19 | File | `/product_list.php` | High
-20 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
+20 | File | `/replication` | Medium
-21 | File | `/supervisor/procesa_carga.php` | High
+21 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
-22 | File | `/type.php` | Medium
+22 | File | `/supervisor/procesa_carga.php` | High
-23 | File | `/uncpath/` | Medium
+23 | File | `/type.php` | Medium
-24 | File | `/usr/bin/pkexec` | High
+24 | File | `/uncpath/` | Medium
-25 | File | `/zm/index.php` | High
+25 | File | `/usr/bin/pkexec` | High
-26 | File | `4.2.0.CP09` | Medium
+26 | File | `/zm/index.php` | High
-27 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+27 | File | `4.2.0.CP09` | Medium
-28 | File | `802dot1xclientcert.cgi` | High
+28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-29 | File | `add.exe` | Low
+29 | File | `802dot1xclientcert.cgi` | High
-30 | File | `addentry.php` | Medium
+30 | File | `add.exe` | Low
-31 | File | `admin-ajax.php` | High
+31 | File | `addentry.php` | Medium
-32 | File | `admin.color.php` | High
+32 | File | `admin-ajax.php` | High
-33 | File | `admin.cropcanvas.php` | High
+33 | File | `admin.color.php` | High
-34 | File | `admin.joomlaradiov5.php` | High
+34 | File | `admin.cropcanvas.php` | High
-35 | File | `admin.php` | Medium
+35 | File | `admin.joomlaradiov5.php` | High
-36 | File | `admin.php?m=Food&a=addsave` | High
+36 | File | `admin.php` | Medium
-37 | File | `admin/conf_users_edit.php` | High
+37 | File | `admin.php?m=Food&a=addsave` | High
-38 | File | `admin/index.php` | High
+38 | File | `admin/conf_users_edit.php` | High
-39 | File | `admin/user.php` | High
+39 | File | `admin/index.php` | High
-40 | File | `admin/write-post.php` | High
+40 | File | `admin/user.php` | High
-41 | File | `administrator/components/com_media/helpers/media.php` | High
+41 | File | `admin/write-post.php` | High
-42 | File | `admin_events.php` | High
+42 | File | `administrator/components/com_media/helpers/media.php` | High
-43 | File | `ajax_new_account.php` | High
+43 | File | `admin_events.php` | High
-44 | File | `akocomments.php` | High
+44 | File | `ajax_new_account.php` | High
-45 | File | `allopass-error.php` | High
+45 | File | `akocomments.php` | High
-46 | File | `announcement.php` | High
+46 | File | `allopass-error.php` | High
-47 | File | `apply.cgi` | Medium
+47 | File | `announcement.php` | High
-48 | File | `archiver\index.php` | High
+48 | File | `apply.cgi` | Medium
-49 | File | `artlinks.dispnew.php` | High
+49 | File | `archiver\index.php` | High
-50 | File | `auth.inc.php` | Medium
+50 | File | `artlinks.dispnew.php` | High
-51 | File | `authorization.do` | High
+51 | File | `auth.inc.php` | Medium
-52 | File | `awstats.pl` | Medium
+52 | File | `authorization.do` | High
-53 | File | `backoffice/login.asp` | High
+53 | File | `awstats.pl` | Medium
 54 | File | `bb_usage_stats.php` | High
 55 | File | `binder.c` | Medium
 56 | File | `books.php` | Medium
 57 | File | `C:\Python27` | Medium
-58 | File | `C:\Windows\System32\config\SAM` | High
+58 | ... | ... | ...
 59 | ... | ... | ...
-There are 516 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 510 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/APT10/README.md
+++ b/actors/APT10/README.md
@ -18,7 +18,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
-* [CH](https://vuldb.com/?country.ch)
+* [CN](https://vuldb.com/?country.cn)
 * ...
 There are 9 more country items available. Please use our online service to access the data.
@ -109,7 +109,7 @@ ID | Type | Indicator | Confidence
 31 | File | `authenticate.c` | High
 32 | ... | ... | ...
-There are 273 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/APT16/README.md
+++ b/actors/APT16/README.md
@ -35,11 +35,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/download` | Medium
-2 | File | `comment_add.asp` | High
+2 | File | `/oscommerce/admin/currencies.php` | High
-3 | File | `data/gbconfiguration.dat` | High
+3 | File | `comment_add.asp` | High
 4 | ... | ... | ...
-There are 11 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/APT28/README.md
+++ b/actors/APT28/README.md
@ -134,7 +134,7 @@ ID | Type | Indicator | Confidence
 31 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
 32 | ... | ... | ...
-There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/APT29/README.md
+++ b/actors/APT29/README.md
@ -90,32 +90,32 @@ ID | Type | Indicator | Confidence
 12 | File | `/context/%2e/WEB-INF/web.xml` | High
 13 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
 14 | File | `/fudforum/adm/hlplist.php` | High
-15 | File | `/login` | Low
+15 | File | `/hocms/classes/Master.php?f=delete_collection` | High
-16 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
+16 | File | `/login` | Low
-17 | File | `/monitoring` | Medium
+17 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
-18 | File | `/ms/cms/content/list.do` | High
+18 | File | `/monitoring` | Medium
-19 | File | `/new` | Low
+19 | File | `/ms/cms/content/list.do` | High
-20 | File | `/orms/` | Low
+20 | File | `/new` | Low
-21 | File | `/plesk-site-preview/` | High
+21 | File | `/orms/` | Low
-22 | File | `/proc/<pid>/status` | High
+22 | File | `/plesk-site-preview/` | High
-23 | File | `/public/plugins/` | High
+23 | File | `/proc/<pid>/status` | High
-24 | File | `/rom` | Low
+24 | File | `/public/plugins/` | High
-25 | File | `/scripts/killpvhost` | High
+25 | File | `/rom` | Low
-26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+26 | File | `/scripts/killpvhost` | High
-27 | File | `/secure/QueryComponent!Default.jspa` | High
+27 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-28 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+28 | File | `/secure/QueryComponent!Default.jspa` | High
-29 | File | `/student-grading-system/rms.php?page=grade` | High
+29 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-30 | File | `/tmp` | Low
+30 | File | `/student-grading-system/rms.php?page=grade` | High
-31 | File | `/tmp/redis.ds` | High
+31 | File | `/tmp` | Low
-32 | File | `/uncpath/` | Medium
+32 | File | `/tmp/redis.ds` | High
-33 | File | `/wp-admin` | Medium
+33 | File | `/uncpath/` | Medium
-34 | File | `/wp-json/wc/v3/webhooks` | High
+34 | File | `/wp-admin` | Medium
-35 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+35 | File | `/wp-json/wc/v3/webhooks` | High
-36 | File | `ABuffer.cpp` | Medium
+36 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-37 | File | `AccountManagerService.java` | High
+37 | File | `ABuffer.cpp` | Medium
 38 | ... | ... | ...
-There are 326 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/APT33/README.md
+++ b/actors/APT33/README.md
@ -17,8 +17,8 @@ The following _campaigns_ are known and can be associated with APT33:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
 * [PL](https://vuldb.com/?country.pl)
 * [SV](https://vuldb.com/?country.sv)
 * [DE](https://vuldb.com/?country.de)
 * [ES](https://vuldb.com/?country.es)
 * ...
 There are 8 more country items available. Please use our online service to access the data.
@ -56,7 +56,7 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...
 There are 8 more TTP items available. Please use our online service to access the data.
@ -68,34 +68,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.htaccess` | Medium
-2 | File | `/admin.add` | Medium
+2 | File | `/admin.php/admin/art/data.html` | High
-3 | File | `/admin.php/admin/art/data.html` | High
+3 | File | `/admin/goods/update` | High
-4 | File | `/admin/?page=user/manage_user` | High
+4 | File | `/admin/login.php` | High
-5 | File | `/admin/edit_user.php` | High
+5 | File | `/admin/posts.php` | High
-6 | File | `/admin/files` | Medium
+6 | File | `/admin/uesrs.php&action=type&userrole=User` | High
-7 | File | `/admin/login.php` | High
+7 | File | `/administrator/alerts/alertLightbox.php` | High
-8 | File | `/administrator/components/menu/` | High
+8 | File | `/api/appInternals/1.0/agent/configuration&amp` | High
-9 | File | `/administrator/components/table_manager/` | High
+9 | File | `/api/appInternals/1.0/agent/diagnostic/logs` | High
-10 | File | `/api/appInternals/1.0/agent/configuration&amp` | High
+10 | File | `/api/fetch` | Medium
-11 | File | `/api/appInternals/1.0/agent/diagnostic/logs` | High
+11 | File | `/api/user/{ID}` | High
-12 | File | `/api/fetch` | Medium
+12 | File | `/audit/log/log_management.php` | High
-13 | File | `/api/user/{ID}` | High
+13 | File | `/blog/blog.php` | High
-14 | File | `/audit/log/log_management.php` | High
+14 | File | `/cloud_config/router_post/register` | High
-15 | File | `/cloud_config/router_post/register` | High
+15 | File | `/cmd?cmd=connect` | High
 16 | File | `/config/list` | Medium
-17 | File | `/cwms/admin/?page=articles/view_article/` | High
+17 | File | `/customer_register.php` | High
-18 | File | `/Hospital-Management-System-master/contact.php` | High
+18 | File | `/cwms/admin/?page=articles/view_article/` | High
-19 | File | `/Hospital-Management-System-master/func.php` | High
+19 | File | `/etc/master.passwd` | High
-20 | File | `/i/:data/ipa.plist` | High
+20 | File | `/hocms/classes/Master.php?f=delete_collection` | High
-21 | File | `/ManageRoute/postRoute` | High
+21 | File | `/hocms/classes/Master.php?f=delete_phase` | High
-22 | File | `/ms/cms/content/list.do` | High
+22 | File | `/i/:data/ipa.plist` | High
-23 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+23 | File | `/index.php?page=reserve` | High
-24 | File | `/setting/NTPSyncWithHost` | High
+24 | File | `/ManageRoute/postRoute` | High
-25 | File | `/system/tool/ping.php` | High
+25 | File | `/module/api.php?mobile/webNasIPS` | High
-26 | File | `/system/user/resetPwd` | High
+26 | File | `/modules/eligibility/Student.php` | High
-27 | ... | ... | ...
+27 | File | `/plesk-site-preview/` | High
 28 | File | `/public_html/apply_vacancy` | High
 29 | File | `/purchase_order/classes/Master.php?f=delete_item` | High
 30 | File | `/reps/classes/Users.php?f=delete_agent` | High
 31 | ... | ... | ...
-There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 266 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/APT34/README.md
+++ b/actors/APT34/README.md
@ -73,24 +73,23 @@ ID | Type | Indicator | Confidence
 13 | File | `/replication` | Medium
 14 | File | `/RestAPI` | Medium
 15 | File | `/SASWebReportStudio/logonAndRender.do` | High
-16 | File | `/tmp/speedtest_urls.xml` | High
+16 | File | `/scas/admin/` | Medium
-17 | File | `/uncpath/` | Medium
+17 | File | `/tmp/speedtest_urls.xml` | High
-18 | File | `/var/log/nginx` | High
+18 | File | `/uncpath/` | Medium
-19 | File | `/wp-content/plugins/updraftplus/admin.php` | High
+19 | File | `/var/log/nginx` | High
-20 | File | `actions.hsp` | Medium
+20 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-21 | File | `addentry.php` | Medium
+21 | File | `actions.hsp` | Medium
-22 | File | `add_edit_user.asp` | High
+22 | File | `addentry.php` | Medium
-23 | File | `add_to_cart.php` | High
+23 | File | `add_edit_user.asp` | High
-24 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
+24 | File | `add_to_cart.php` | High
-25 | File | `admin/config/confmgr.php` | High
+25 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
-26 | File | `admin/system_manage/save.html` | High
+26 | File | `admin/config/confmgr.php` | High
-27 | File | `ajax.php` | Medium
+27 | File | `admin/system_manage/save.html` | High
-28 | File | `apcupsd.pid` | Medium
+28 | File | `ajax.php` | Medium
-29 | File | `api/sms/send-sms` | High
+29 | File | `apcupsd.pid` | Medium
-30 | File | `api/v1/alarms` | High
+30 | ... | ... | ...
 31 | ... | ... | ...
-There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 256 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/APT35/README.md
+++ b/actors/APT35/README.md
@ -0,0 +1,59 @@
 # APT35 - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT35](https://vuldb.com/?actor.apt35). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.apt35](https://vuldb.com/?actor.apt35)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT35:
 * [DE](https://vuldb.com/?country.de)
 * [US](https://vuldb.com/?country.us)
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of APT35.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [107.173.231.114](https://vuldb.com/?ip.107.173.231.114) | 107-173-231-114-host.colocrossing.com | - | High
 2 | [148.251.71.182](https://vuldb.com/?ip.148.251.71.182) | static.182.71.251.148.clients.your-server.de | - | High
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _APT35_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by APT35. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `data/gbconfiguration.dat` | High
 2 | File | `inc/config.php` | High
 3 | File | `register/check/username?username` | High
 4 | ... | ... | ...
 There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://thedfirreport.com/2022/03/21/apt35-automates-initial-access-using-proxyshell/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/APT41/README.md
+++ b/actors/APT41/README.md
@ -66,7 +66,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 7 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -116,7 +116,7 @@ ID | Type | Indicator | Confidence
 40 | File | `admin/conf_users_edit.php` | High
 41 | ... | ... | ...
-There are 353 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/Unknown/README.md
+++ b/Unknown/README.md
@ -72,38 +72,37 @@ ID | Type | Indicator | Confidence
 8 | File | `/file?action=download&file` | High
 9 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
 10 | File | `/html/includes/graphs/port/mac_acc_total.inc.php` | High
-11 | File | `/inc/subscriber_list.php` | High
+11 | File | `/install/index.php` | High
-12 | File | `/install/index.php` | High
+12 | File | `/layout/class.xblogcomment.php` | High
-13 | File | `/layout/class.xblogcomment.php` | High
+13 | File | `/LEPTON_stable_2.2.2/upload/admins/admintools/tool.php` | High
-14 | File | `/LEPTON_stable_2.2.2/upload/admins/admintools/tool.php` | High
+14 | File | `/manager/jsp/test.jsp` | High
-15 | File | `/manager/jsp/test.jsp` | High
+15 | File | `/medical/inventories.php` | High
-16 | File | `/medical/inventories.php` | High
+16 | File | `/monitoring` | Medium
-17 | File | `/monitoring` | Medium
+17 | File | `/plugins/servlet/audit/resource` | High
-18 | File | `/plugins/servlet/audit/resource` | High
+18 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
-19 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
+19 | File | `/public/login.htm` | High
-20 | File | `/public/login.htm` | High
+20 | File | `/replication` | Medium
-21 | File | `/replication` | Medium
+21 | File | `/RestAPI` | Medium
-22 | File | `/RestAPI` | Medium
+22 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
-23 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
+23 | File | `/tmp/speedtest_urls.xml` | High
-24 | File | `/tmp/speedtest_urls.xml` | High
+24 | File | `/uncpath/` | Medium
-25 | File | `/uncpath/` | Medium
+25 | File | `/usr/bin/at` | Medium
-26 | File | `/usr/bin/at` | Medium
+26 | File | `/var/log/nginx` | High
-27 | File | `/var/log/nginx` | High
+27 | File | `/_vti_pvt/access.cnf` | High
-28 | File | `/_vti_pvt/access.cnf` | High
+28 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
-29 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
+29 | File | `admin/e_mesaj_yaz.asp` | High
-30 | File | `admin/e_mesaj_yaz.asp` | High
+30 | File | `admin/profile.php` | High
-31 | File | `admin/profile.php` | High
+31 | File | `admin/salesadmin.php` | High
-32 | File | `admin/salesadmin.php` | High
+32 | File | `admin/systemWebAdminConfig.do` | High
-33 | File | `admin/systemWebAdminConfig.do` | High
+33 | File | `admin11.cgi` | Medium
-34 | File | `admin11.cgi` | Medium
+34 | File | `admincp/auth/checklogin.php` | High
-35 | File | `admincp/auth/checklogin.php` | High
+35 | File | `agenda2.php3` | Medium
-36 | File | `agenda2.php3` | Medium
+36 | File | `ajax-actions.php` | High
-37 | File | `ajax-actions.php` | High
+37 | File | `ajax/deletePage.php` | High
-38 | File | `ajax/deletePage.php` | High
+38 | File | `ajouter_tva.php` | High
-39 | File | `ajouter_tva.php` | High
+39 | ... | ... | ...
 40 | ... | ... | ...
-There are 343 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 339 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/B1txor20/README.md
+++ b/actors/B1txor20/README.md
@ -46,11 +46,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 8 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -58,41 +58,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/agenttrayicon` | High
+1 | File | `/admin.php/Plugins/update.html` | High
-2 | File | `/aqpg/users/login.php` | High
+2 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
-3 | File | `/blog/blog.php` | High
+3 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
-4 | File | `/category.php` | High
+4 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-5 | File | `/cmd?cmd=connect` | High
+5 | File | `/admin.php?r=admin/AdminBackup/del` | High
-6 | File | `/cwms/admin/?page=articles/view_article/` | High
+6 | File | `/admin/edit.php` | High
-7 | File | `/cwms/classes/Master.php?f=save_contact` | High
+7 | File | `/admin/inbox.php&action=delete` | High
-8 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
+8 | File | `/admin/inbox.php&action=read` | High
-9 | File | `/goform/login_process` | High
+9 | File | `/admin/index.php?mode=content&page=media&action=edit` | High
-10 | File | `/include/chart_generator.php` | High
+10 | File | `/admin/pagerole.php&action=edit` | High
-11 | File | `/include/make.php` | High
+11 | File | `/admin/posts.php` | High
-12 | File | `/login` | Low
+12 | File | `/admin/posts.php&action=delete` | High
-13 | File | `/manager/files` | High
+13 | File | `/admin/posts.php&action=edit` | High
-14 | File | `/mims/app/addcustomerHandler.php` | High
+14 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-15 | File | `/mims/login.php` | High
+15 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
-16 | File | `/nova/bin/detnet` | High
+16 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-17 | File | `/nova/bin/igmp-proxy` | High
+17 | File | `/admin/uesrs.php&action=display&value=Hide` | High
-18 | File | `/one_church/churchprofile.php` | High
+18 | File | `/admin/uesrs.php&action=display&value=Show` | High
-19 | File | `/one_church/userregister.php` | High
+19 | File | `/admin/uesrs.php&action=type&userrole=User` | High
-20 | File | `/preauth` | Medium
+20 | File | `/administrator/alerts/alertLightbox.php` | High
-21 | File | `/scas/admin/` | Medium
+21 | File | `/agenttrayicon` | High
-22 | File | `/sql/sql_string.h` | High
+22 | File | `/api/students/me/messages/` | High
-23 | File | `/src/njs_vmcode.c` | High
+23 | File | `/apps/acs-commons/content/page-compare.html` | High
-24 | File | `/uncpath/` | Medium
+24 | File | `/aqpg/users/login.php` | High
-25 | File | `/var/log/demisto/` | High
+25 | File | `/blog/blog.php` | High
-26 | File | `/wbg/core/_includes/authorization.inc.php` | High
+26 | File | `/category.php` | High
-27 | File | `/_error` | Low
+27 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
-28 | File | `a2billing/customer/iridium_threed.php` | High
+28 | File | `/cdsms/classes/Master.php?f=delete_package` | High
-29 | File | `actions/beats_uploader.php` | High
+29 | File | `/cgi-bin/main.cgi` | High
-30 | File | `actions/vote_channel.php` | High
+30 | File | `/cmd?cmd=connect` | High
-31 | File | `admin.php` | Medium
+31 | File | `/customer_register.php` | High
-32 | File | `admin/index.php?module=send_ssh` | High
+32 | File | `/cwms/admin/?page=articles/view_article/` | High
-33 | ... | ... | ...
+33 | File | `/cwms/classes/Master.php?f=save_contact` | High
 34 | File | `/demo/module/?module=HERE` | High
 35 | File | `/goform/WifiExtraSet` | High
 36 | File | `/hocms/classes/Master.php?f=delete_collection` | High
 37 | ... | ... | ...
-There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/BazarLoader/README.md
+++ b/actors/BazarLoader/README.md
@ -4,16 +4,23 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bazarloader](https://vuldb.com/?actor.bazarloader)
 ## Campaigns
 The following _campaigns_ are known and can be associated with BazarLoader:
 * Anchor
 * Diavol
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BazarLoader:
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
-* [DK](https://vuldb.com/?country.dk)
+* [RU](https://vuldb.com/?country.ru)
 * ...
-There are 21 more country items available. Please use our online service to access the data.
+There are 1 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -21,26 +28,31 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [13.225.230.232](https://vuldb.com/?ip.13.225.230.232) | server-13-225-230-232.jfk51.r.cloudfront.net | - | High
+1 | [3.101.57.185](https://vuldb.com/?ip.3.101.57.185) | ec2-3-101-57-185.us-west-1.compute.amazonaws.com | - | Medium
-2 | [13.226.32.216](https://vuldb.com/?ip.13.226.32.216) | server-13-226-32-216.ewr53.r.cloudfront.net | - | High
+2 | [13.225.230.232](https://vuldb.com/?ip.13.225.230.232) | server-13-225-230-232.jfk51.r.cloudfront.net | - | High
-3 | [18.67.60.164](https://vuldb.com/?ip.18.67.60.164) | server-18-67-60-164.iad89.r.cloudfront.net | - | High
+3 | [13.226.32.216](https://vuldb.com/?ip.13.226.32.216) | server-13-226-32-216.ewr53.r.cloudfront.net | - | High
-4 | [23.56.10.219](https://vuldb.com/?ip.23.56.10.219) | a23-56-10-219.deploy.static.akamaitechnologies.com | - | High
+4 | [18.67.60.164](https://vuldb.com/?ip.18.67.60.164) | server-18-67-60-164.iad89.r.cloudfront.net | - | High
-5 | [23.62.25.178](https://vuldb.com/?ip.23.62.25.178) | a23-62-25-178.deploy.static.akamaitechnologies.com | - | High
+5 | [23.56.10.219](https://vuldb.com/?ip.23.56.10.219) | a23-56-10-219.deploy.static.akamaitechnologies.com | - | High
-6 | [23.95.238.122](https://vuldb.com/?ip.23.95.238.122) | 23-95-238-122-host.colocrossing.com | - | High
+6 | [23.62.25.178](https://vuldb.com/?ip.23.62.25.178) | a23-62-25-178.deploy.static.akamaitechnologies.com | - | High
-7 | [23.106.223.174](https://vuldb.com/?ip.23.106.223.174) | - | - | High
+7 | [23.82.19.173](https://vuldb.com/?ip.23.82.19.173) | - | - | High
-8 | [23.160.193.217](https://vuldb.com/?ip.23.160.193.217) | unknown.ip-xfer.net | - | High
+8 | [23.94.51.80](https://vuldb.com/?ip.23.94.51.80) | 23-94-51-80-host.colocrossing.com | Anchor | High
-9 | [23.193.217.119](https://vuldb.com/?ip.23.193.217.119) | a23-193-217-119.deploy.static.akamaitechnologies.com | - | High
+9 | [23.95.238.122](https://vuldb.com/?ip.23.95.238.122) | 23-95-238-122-host.colocrossing.com | - | High
-10 | [31.171.251.118](https://vuldb.com/?ip.31.171.251.118) | ch.ns.mon0.li | - | High
+10 | [23.106.160.77](https://vuldb.com/?ip.23.106.160.77) | - | - | High
-11 | [31.214.240.203](https://vuldb.com/?ip.31.214.240.203) | - | - | High
+11 | [23.106.215.61](https://vuldb.com/?ip.23.106.215.61) | - | - | High
-12 | [34.209.40.84](https://vuldb.com/?ip.34.209.40.84) | ec2-34-209-40-84.us-west-2.compute.amazonaws.com | - | Medium
+12 | [23.106.223.174](https://vuldb.com/?ip.23.106.223.174) | - | - | High
-13 | [34.221.188.35](https://vuldb.com/?ip.34.221.188.35) | ec2-34-221-188-35.us-west-2.compute.amazonaws.com | - | Medium
+13 | [23.152.0.22](https://vuldb.com/?ip.23.152.0.22) | anahiem.net | Diavol | High
-14 | [34.222.222.126](https://vuldb.com/?ip.34.222.222.126) | ec2-34-222-222-126.us-west-2.compute.amazonaws.com | - | Medium
+14 | [23.160.193.217](https://vuldb.com/?ip.23.160.193.217) | unknown.ip-xfer.net | - | High
-15 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
+15 | [23.193.217.119](https://vuldb.com/?ip.23.193.217.119) | a23-193-217-119.deploy.static.akamaitechnologies.com | - | High
-16 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
+16 | [31.171.251.118](https://vuldb.com/?ip.31.171.251.118) | ch.ns.mon0.li | - | High
-17 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
+17 | [31.214.240.203](https://vuldb.com/?ip.31.214.240.203) | - | - | High
-18 | ... | ... | ... | ...
+18 | [34.209.40.84](https://vuldb.com/?ip.34.209.40.84) | ec2-34-209-40-84.us-west-2.compute.amazonaws.com | - | Medium
 19 | [34.210.71.206](https://vuldb.com/?ip.34.210.71.206) | ec2-34-210-71-206.us-west-2.compute.amazonaws.com | Anchor | Medium
 20 | [34.221.188.35](https://vuldb.com/?ip.34.221.188.35) | ec2-34-221-188-35.us-west-2.compute.amazonaws.com | - | Medium
 21 | [34.222.222.126](https://vuldb.com/?ip.34.222.222.126) | ec2-34-222-222-126.us-west-2.compute.amazonaws.com | - | Medium
 22 | [35.165.197.209](https://vuldb.com/?ip.35.165.197.209) | ec2-35-165-197-209.us-west-2.compute.amazonaws.com | - | Medium
 23 | ... | ... | ... | ...
-There are 68 more IOC items available. Please use our online service to access the data.
+There are 88 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -50,10 +62,10 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+3 | T1552 | CWE-319, CWE-522 | Unprotected Storage of Credentials | High
 4 | ... | ... | ... | ...
-There are 7 more TTP items available. Please use our online service to access the data.
+There are 1 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -61,64 +73,17 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.htaccess` | Medium
+1 | File | `/api` | Low
-2 | File | `.user` | Low
+2 | File | `/include/makecvs.php` | High
-3 | File | `/.dbus-keyrings` | High
+3 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
-4 | File | `/api` | Low
+4 | File | `/usr/local/psa/admin/sbin/wrapper` | High
-5 | File | `/catalog/admin/categories.php?cPath=&action=new_product` | High
+5 | File | `add.php` | Low
-6 | File | `/cgi-bin/system_mgr.cgi` | High
+6 | File | `admin/admin.shtml` | High
-7 | File | `/common/ticket_associated_tickets.php` | High
+7 | File | `cat.asp` | Low
-8 | File | `/common/user_profile.php` | High
+8 | File | `class.phpmailer.php` | High
-9 | File | `/Content/Template/root/reverse-shell.aspx` | High
+9 | ... | ... | ...
 10 | File | `/debug/pprof` | Medium
 11 | File | `/getcfg.php` | Medium
 12 | File | `/goform/form2userconfig.cgi` | High
 13 | File | `/include/makecvs.php` | High
 14 | File | `/includes/db_adodb.php` | High
 15 | File | `/objects/pluginSwitch.json.php` | High
 16 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
 17 | File | `/register.do` | Medium
 18 | File | `/rest/api/latest/groupuserpicker` | High
 19 | File | `/rest/project-templates/1.0/createshared` | High
 20 | File | `/restoreinfo.cgi` | High
 21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
 22 | File | `/see_more_details.php` | High
 23 | File | `/sendrcpackage?keyid=-2544&keysymbol=-4081` | High
 24 | File | `/services` | Medium
 25 | File | `/uncpath/` | Medium
 26 | File | `/usr/local/vesta/bin` | High
 27 | File | `/usr/sbin/suexec` | High
 28 | File | `/v3/credentials` | High
 29 | File | `/var/log/monkeyd/master.log` | High
 30 | File | `/var/passwd` | Medium
 31 | File | `/var/run/storage_account_root` | High
 32 | File | `/webconsole/APIController` | High
 33 | File | `/websocket` | Medium
 34 | File | `802dot1xclientcert.cgi` | High
 35 | File | `account.asp` | Medium
 36 | File | `Account.aspx` | Medium
 37 | File | `ActionsAndOperations` | High
 38 | File | `adclick.php` | Medium
 39 | File | `add.php` | Low
 40 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
 41 | File | `admin/admin.shtml` | High
 42 | File | `admin/db-backup-security/db-backup-security.php` | High
 43 | File | `admin/graph_trend.php` | High
 44 | File | `administrator/components/com_media/helpers/media.php` | High
 45 | File | `adminquery.php` | High
 46 | File | `agent_links.pl` | High
 47 | File | `ajax/render/widget_php` | High
 48 | File | `Ap4StssAtom.cpp` | High
 49 | File | `Ap4StszAtom.cpp` | High
 50 | File | `apetag.c` | Medium
 51 | File | `app/system/language/admin/language_general.class.php` | High
 52 | File | `apply_sec.cgi` | High
 53 | File | `app\contacts\contact_times.php` | High
 54 | File | `Archive.java` | Medium
 55 | File | `article.php` | Medium
 56 | ... | ... | ...
-There are 484 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -130,6 +95,10 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
 * https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/
 * https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/
 * https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/
 * https://thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/
 * https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
 * https://thedfirreport.com/2021/12/13/diavol-ransomware/
 * https://twitter.com/_pr4gma/status/1347617681197961225
 ## Literature
--- a/actors/BlackCat/README.md
+++ b/actors/BlackCat/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...
-There are 1 more country items available. Please use our online service to access the data.
+There are 3 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -52,34 +52,33 @@ ID | Type | Indicator | Confidence
 3 | File | `/admin.php/admin/ulog/index.html` | High
 4 | File | `/admin.php/admin/website/data.html` | High
 5 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
-6 | File | `/admin/inbox.php&action=read` | High
+6 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-7 | File | `/admin/posts.php` | High
+7 | File | `/admin/inbox.php&action=read` | High
-8 | File | `/admin/posts.php&action=delete` | High
+8 | File | `/admin/posts.php` | High
-9 | File | `/admin/run_ajax.php` | High
+9 | File | `/admin/posts.php&action=delete` | High
-10 | File | `/administrator/components/menu/` | High
+10 | File | `/admin/run_ajax.php` | High
-11 | File | `/admin_page/all-files-update-ajax.php` | High
+11 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-12 | File | `/api/crontab` | Medium
+12 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-13 | File | `/blog/blog.php` | High
+13 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
-14 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
+14 | File | `/admin_page/all-files-update-ajax.php` | High
-15 | File | `/cgi-bin/kerbynet` | High
+15 | File | `/api/crontab` | Medium
-16 | File | `/cloud_config/router_post/modify_account_pwd` | High
+16 | File | `/blog/blog.php` | High
-17 | File | `/cloud_config/router_post/register` | High
+17 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
-18 | File | `/config/list` | Medium
+18 | File | `/cgi-bin/kerbynet` | High
-19 | File | `/download/` | Medium
+19 | File | `/cloud_config/router_post/modify_account_pwd` | High
-20 | File | `/etc/ajenti/config.yml` | High
+20 | File | `/cloud_config/router_post/register` | High
-21 | File | `/etc/cobbler` | Medium
+21 | File | `/config/list` | Medium
-22 | File | `/etc/passwd` | Medium
+22 | File | `/download/` | Medium
-23 | File | `/export` | Low
+23 | File | `/etc/ajenti/config.yml` | High
-24 | File | `/goform/delAd` | High
+24 | File | `/etc/cobbler` | Medium
-25 | File | `/goform/form2Reboot.cgi` | High
+25 | File | `/etc/passwd` | Medium
-26 | File | `/home.asp` | Medium
+26 | File | `/export` | Low
-27 | File | `/index.php?act=api&tag=8` | High
+27 | File | `/goform/delAd` | High
-28 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
+28 | File | `/goform/form2Reboot.cgi` | High
-29 | File | `/languages/index.php` | High
+29 | File | `/home.asp` | Medium
-30 | File | `/members/view_member.php` | High
+30 | ... | ... | ...
 31 | ... | ... | ...
-There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 259 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Bouncing
+++ b/actors/Bouncing
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...
-There are 21 more country items available. Please use our online service to access the data.
+There are 22 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
--- a/actors/Bunse/README.md
+++ b/actors/Bunse/README.md
@ -14,6 +14,7 @@ The following _campaigns_ are known and can be associated with Bunse:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Bunse:
 * [FR](https://vuldb.com/?country.fr)
 * [ES](https://vuldb.com/?country.es)
 * [US](https://vuldb.com/?country.us)
--- a/actors/Candiru/README.md
+++ b/actors/Candiru/README.md
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.candiru](https://vuldb.com/?actor.candiru)
 ## Campaigns
 The following _campaigns_ are known and can be associated with Candiru:
 * CatalanGate
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Candiru:
@ -13,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [TR](https://vuldb.com/?country.tr)
 * ...
-There are 14 more country items available. Please use our online service to access the data.
+There are 13 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -29,7 +35,7 @@ ID | IP address | Hostname | Campaign | Confidence
 6 | [5.206.227.93](https://vuldb.com/?ip.5.206.227.93) | noos-proxy | - | High
 7 | ... | ... | ... | ...
-There are 23 more IOC items available. Please use our online service to access the data.
+There are 25 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -58,43 +64,43 @@ ID | Type | Indicator | Confidence
 6 | File | `/article/add` | Medium
 7 | File | `/cgi-bin/editBookmark` | High
 8 | File | `/cgi-bin/uploadWeiXinPic` | High
-9 | File | `/computer/(agent-name)/api` | High
+9 | File | `/controller/pay.class.php` | High
-10 | File | `/controller/pay.class.php` | High
+10 | File | `/dev/block/mmcblk0rpmb` | High
-11 | File | `/dev/block/mmcblk0rpmb` | High
+11 | File | `/dev/kmem` | Medium
-12 | File | `/dev/kmem` | Medium
+12 | File | `/dev/shm` | Medium
-13 | File | `/dev/shm` | Medium
+13 | File | `/dev/snd/seq` | Medium
-14 | File | `/dev/snd/seq` | Medium
+14 | File | `/device/device=140/tab=wifi/view` | High
-15 | File | `/device/device=140/tab=wifi/view` | High
+15 | File | `/dl/dl_print.php` | High
-16 | File | `/dl/dl_print.php` | High
+16 | File | `/getcfg.php` | Medium
-17 | File | `/getcfg.php` | Medium
+17 | File | `/goform/addressNat` | High
-18 | File | `/goform/addressNat` | High
+18 | File | `/htdocs/admin/dict.php?id=3` | High
-19 | File | `/htdocs/admin/dict.php?id=3` | High
+19 | File | `/include/menu_v.inc.php` | High
-20 | File | `/include/menu_v.inc.php` | High
+20 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
-21 | File | `/includes/rrdtool.inc.php` | High
+21 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
-22 | File | `/irj/servlet/prt/portal/prtroot/com.sap.portal.usermanagement.admin.UserMapping` | High
+22 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
-23 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
+23 | File | `/login` | Low
-24 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
+24 | File | `/module/module_frame/index.php` | High
-25 | File | `/login` | Low
+25 | File | `/notice-edit.php` | High
-26 | File | `/module/module_frame/index.php` | High
+26 | File | `/nova/bin/sniffer` | High
-27 | File | `/notice-edit.php` | High
+27 | File | `/ofcms/company-c-47` | High
-28 | File | `/nova/bin/sniffer` | High
+28 | File | `/proc/*/cmdline"` | High
-29 | File | `/ofcms/company-c-47` | High
+29 | File | `/proc/pid/syscall` | High
-30 | File | `/proc/*/cmdline"` | High
+30 | File | `/product_list.php` | High
-31 | File | `/proc/pid/syscall` | High
+31 | File | `/rest/api/2/user/picker` | High
-32 | File | `/product_list.php` | High
+32 | File | `/rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application` | High
-33 | File | `/rest/api/2/user/picker` | High
+33 | File | `/services/details.asp` | High
-34 | File | `/rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application` | High
+34 | File | `/src/core/controllers/cm.php` | High
-35 | File | `/services/details.asp` | High
+35 | File | `/storage/app/media/evil.svg` | High
-36 | File | `/src/core/controllers/cm.php` | High
+36 | File | `/transmission/web/` | High
-37 | File | `/storage/app/media/evil.svg` | High
+37 | ... | ... | ...
 38 | ... | ... | ...
-There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
 * https://github.com/eset/malware-ioc/tree/master/swc-candiru
 ## Literature
--- a/actors/ChaChi/README.md
+++ b/actors/ChaChi/README.md
@ -80,7 +80,7 @@ ID | Type | Indicator | Confidence
 28 | File | `admin/article_category.php?rec=update` | High
 29 | ... | ... | ...
-There are 245 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 246 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/Group/README.md
+++ b/Group/README.md
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Group:
 * [FR](https://vuldb.com/?country.fr)
-* [ES](https://vuldb.com/?country.es)
+* [PL](https://vuldb.com/?country.pl)
-* [DE](https://vuldb.com/?country.de)
+* [IT](https://vuldb.com/?country.it)
 * ...
 There are 8 more country items available. Please use our online service to access the data.
@ -54,28 +54,27 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/show.php` | High
 5 | File | `/administrator/components/menu/` | High
 6 | File | `/app/register.php` | High
-7 | File | `/controller/CommentAdminController.java` | High
+7 | File | `/data/sqldata` | High
-8 | File | `/data/sqldata` | High
+8 | File | `/feedback/post/` | High
-9 | File | `/feedback/post/` | High
+9 | File | `/goform/SetPptpServerCfg` | High
-10 | File | `/goform/SetPptpServerCfg` | High
+10 | File | `/hdf5/src/H5Fint.c` | High
-11 | File | `/hdf5/src/H5Fint.c` | High
+11 | File | `/index.php?page=reserve` | High
-12 | File | `/index.php?page=reserve` | High
+12 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
-13 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
+13 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
-14 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
+14 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
-15 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
+15 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
-16 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
+16 | File | `/public/launchNewWindow.jsp` | High
-17 | File | `/public/launchNewWindow.jsp` | High
+17 | File | `/purchase_order/admin/?page=user` | High
-18 | File | `/purchase_order/admin/?page=user` | High
+18 | File | `/reps/admin/?page=agents/manage_agent` | High
-19 | File | `/reps/admin/?page=agents/manage_agent` | High
+19 | File | `/SAP_Information_System/controllers/add_admin.php` | High
-20 | File | `/SAP_Information_System/controllers/add_admin.php` | High
+20 | File | `/scas/classes/Users.php?f=save_user` | High
-21 | File | `/scas/classes/Users.php?f=save_user` | High
+21 | File | `/servlets/Jmx_dynamic` | High
-22 | File | `/servlets/Jmx_dynamic` | High
+22 | File | `/setting/NTPSyncWithHost` | High
-23 | File | `/setting/NTPSyncWithHost` | High
+23 | File | `/src/njs_object.c` | High
-24 | File | `/src/njs_object.c` | High
+24 | File | `/template/unzip.do` | High
-25 | File | `/template/unzip.do` | High
+25 | ... | ... | ...
 26 | ... | ... | ...
-There are 214 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 212 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/Strike/README.md
+++ b/Strike/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Strike:
 * [US](https://vuldb.com/?country.us)
-* [SV](https://vuldb.com/?country.sv)
+* [DE](https://vuldb.com/?country.de)
 * [GB](https://vuldb.com/?country.gb)
 * ...
-There are 10 more country items available. Please use our online service to access the data.
+There are 21 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -21,13 +21,17 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [23.82.140.91](https://vuldb.com/?ip.23.82.140.91) | - | - | High
+1 | [5.255.98.144](https://vuldb.com/?ip.5.255.98.144) | - | - | High
-2 | [23.108.57.108](https://vuldb.com/?ip.23.108.57.108) | - | - | High
+2 | [23.19.227.147](https://vuldb.com/?ip.23.19.227.147) | - | - | High
-3 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | - | High
+3 | [23.81.246.32](https://vuldb.com/?ip.23.81.246.32) | - | - | High
-4 | [45.144.29.185](https://vuldb.com/?ip.45.144.29.185) | master.pisyandriy.com | - | High
+4 | [23.82.140.91](https://vuldb.com/?ip.23.82.140.91) | - | - | High
-5 | ... | ... | ... | ...
+5 | [23.108.57.39](https://vuldb.com/?ip.23.108.57.39) | - | - | High
 6 | [23.108.57.108](https://vuldb.com/?ip.23.108.57.108) | - | - | High
 7 | [23.227.199.10](https://vuldb.com/?ip.23.227.199.10) | 23-227-199-10.static.hvvc.us | - | High
 8 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | - | High
 9 | ... | ... | ... | ...
-There are 15 more IOC items available. Please use our online service to access the data.
+There are 33 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -40,7 +44,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 4 more TTP items available. Please use our online service to access the data.
+There are 5 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -48,66 +52,61 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?admin/user.html` | High
+1 | File | `/admin/success_story.php` | High
-2 | File | `/admin/success_story.php` | High
+2 | File | `/category.php` | High
-3 | File | `/configuration/httpListenerEdit.jsf` | High
+3 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
 4 | File | `/etc/tomcat8/Catalina/attack` | High
 5 | File | `/movie-portal-script/movie.php` | High
 6 | File | `/notice-edit.php` | High
-7 | File | `/resourceNode/jdbcResourceEdit.jsf` | High
+7 | File | `/objects/getSpiritsFromVideo.php` | High
-8 | File | `/tmp` | Low
+8 | File | `/servlet/webacc` | High
-9 | File | `/wp-content/plugins/updraftplus/admin.php` | High
+9 | File | `/TeamMate/Upload/DomainObjectDocumentUpload.ashx` | High
-10 | File | `4.2.0.CP08` | Medium
+10 | File | `/tmp` | Low
-11 | File | `account.asp` | Medium
+11 | File | `/uncpath/` | Medium
-12 | File | `acerctrl.ocx` | Medium
+12 | File | `/wp-admin/admin-ajax.php` | High
-13 | File | `activate.php` | Medium
+13 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-14 | File | `add.php` | Low
+14 | File | `4.2.0.CP08` | Medium
-15 | File | `adm/krgourl.php` | High
+15 | File | `account.asp` | Medium
-16 | File | `admin.php` | Medium
+16 | File | `acerctrl.ocx` | Medium
-17 | File | `admin/admin.php` | High
+17 | File | `activate.php` | Medium
-18 | File | `admin/adminaddeditdetails.php` | High
+18 | File | `add.php` | Low
-19 | File | `admin/ajaxsave.php` | High
+19 | File | `admin.php` | Medium
-20 | File | `admin/auth.php` | High
+20 | File | `admin/admin.php` | High
-21 | File | `admin/images.php` | High
+21 | File | `admin/adminaddeditdetails.php` | High
-22 | File | `admin/import/class-import-settings.php` | High
+22 | File | `admin/class-jtrt-responsive-tables-admin.php` | High
-23 | File | `ADMIN/loginaction.php` | High
+23 | File | `admin/images.php` | High
-24 | File | `admin/member_details.php` | High
+24 | File | `admin/import/class-import-settings.php` | High
-25 | File | `admin/preview.php` | High
+25 | File | `admin/infoclass_update.php` | High
-26 | File | `ajax/addComment.php` | High
+26 | File | `admin/member_details.php` | High
-27 | File | `and/or` | Low
+27 | File | `admin/preview.php` | High
-28 | File | `arch/powerpc/kernel/entry_64.S` | High
+28 | File | `ajax/addComment.php` | High
-29 | File | `archive_read_support_format_rar5.c` | High
+29 | File | `allocate_block.cpp` | High
-30 | File | `article.php` | Medium
+30 | File | `and/or` | Low
-31 | File | `asp:.jpg` | Medium
+31 | File | `app/code/core/Mage/Rss/Helper/Order.php` | High
-32 | File | `auth2-gss.c` | Medium
+32 | File | `arch/powerpc/kernel/entry_64.S` | High
-33 | File | `backup.php` | Medium
+33 | File | `archive_read_support_format_rar5.c` | High
-34 | File | `bios.php` | Medium
+34 | File | `article.php` | Medium
-35 | File | `blanko.preview.php` | High
+35 | File | `asmjs/asmangle.cpp` | High
-36 | File | `block/bfq-iosched.c` | High
+36 | File | `asp:.jpg` | Medium
-37 | File | `browse.php` | Medium
+37 | File | `auth2-gss.c` | Medium
-38 | File | `browse_ladies.php` | High
+38 | File | `backup.php` | Medium
-39 | File | `burl.c` | Low
+39 | File | `bios.php` | Medium
-40 | File | `cadena_ofertas_ext.php` | High
+40 | File | `blanko.preview.php` | High
-41 | File | `cal_popup.php` | High
+41 | File | `block/bfq-iosched.c` | High
-42 | File | `category-delete.php` | High
+42 | File | `books.php` | Medium
-43 | File | `category.php` | Medium
+43 | File | `browse_ladies.php` | High
-44 | File | `CFM File Handler` | High
+44 | File | `burl.c` | Low
-45 | File | `cgi-bin/awstats.pl` | High
+45 | File | `cadena_ofertas_ext.php` | High
-46 | File | `Change-password.php` | High
+46 | File | `category-delete.php` | High
-47 | File | `charts.php` | Medium
+47 | File | `category.php` | Medium
-48 | File | `chat.php` | Medium
+48 | File | `CFM File Handler` | High
-49 | File | `classified.php` | High
+49 | File | `cgi-bin/awstats.pl` | High
-50 | File | `comments.php` | Medium
+50 | File | `cgi-bin/write.cgi` | High
-51 | File | `config.php` | Medium
+51 | File | `Change-password.php` | High
-52 | File | `core/stack/l2cap/l2cap_sm.c` | High
+52 | File | `chat.php` | Medium
-53 | File | `country_escorts.php` | High
+53 | ... | ... | ...
 54 | File | `cource.php` | Medium
 55 | File | `Crypt32.dll` | Medium
 56 | File | `dapur/index.php` | High
 57 | File | `default.asp` | Medium
 58 | ... | ... | ...
-There are 510 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -122,8 +121,19 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
 * https://research.checkpoint.com/2019/cobalt-group-returns-to-kazakhstan/
 * https://securelist.com/owowa-credential-stealer-and-remote-access/105219/
 * https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/
 * https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/
 * https://thedfirreport.com/2021/05/12/conti-ransomware/
 * https://thedfirreport.com/2021/06/20/from-word-to-lateral-movement-in-1-hour/
 * https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/
 * https://thedfirreport.com/2021/08/16/trickbot-leads-up-to-fake-1password-installation/
 * https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
 * https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
 * https://thedfirreport.com/2021/12/13/diavol-ransomware/
 * https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
 * https://twitter.com/malware_traffic/status/1400876426497253379
 * https://twitter.com/malware_traffic/status/1415740795622248452
 * https://twitter.com/TheDFIRReport/status/1508451341844168706
 * https://twitter.com/Unit42_Intel/status/1392174941181812737
 * https://us-cert.cisa.gov/ncas/alerts/aa21-148a
 * https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
--- a/actors/Conti/README.md
+++ b/actors/Conti/README.md
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 The following _campaigns_ are known and can be associated with Conti:
 * BazarLoader
 * Cobalt Strike
 ## Countries
@ -34,52 +35,55 @@ ID | IP address | Hostname | Campaign | Confidence
 5 | [5.2.78.121](https://vuldb.com/?ip.5.2.78.121) | - | - | High
 6 | [5.34.178.185](https://vuldb.com/?ip.5.34.178.185) | hathi1.co.in | - | High
 7 | [5.34.181.18](https://vuldb.com/?ip.5.34.181.18) | storage-669286.hosted-by.itldc.com | - | High
-8 | [5.181.156.15](https://vuldb.com/?ip.5.181.156.15) | no-rdns.mivocloud.com | - | High
+8 | [5.181.80.113](https://vuldb.com/?ip.5.181.80.113) | ip-80-113-bullethost.net | - | High
-9 | [5.181.156.166](https://vuldb.com/?ip.5.181.156.166) | 5-181-156-166.mivocloud.com | - | High
+9 | [5.181.80.214](https://vuldb.com/?ip.5.181.80.214) | ip-80-214-bullethost.net | - | High
-10 | [5.181.156.226](https://vuldb.com/?ip.5.181.156.226) | no-rdns.mivocloud.com | - | High
+10 | [5.181.156.15](https://vuldb.com/?ip.5.181.156.15) | no-rdns.mivocloud.com | - | High
-11 | [5.183.95.6](https://vuldb.com/?ip.5.183.95.6) | mail.zeakids.de | - | High
+11 | [5.181.156.166](https://vuldb.com/?ip.5.181.156.166) | 5-181-156-166.mivocloud.com | - | High
-12 | [5.196.197.27](https://vuldb.com/?ip.5.196.197.27) | - | - | High
+12 | [5.181.156.226](https://vuldb.com/?ip.5.181.156.226) | no-rdns.mivocloud.com | - | High
-13 | [11.22.33.44](https://vuldb.com/?ip.11.22.33.44) | - | - | High
+13 | [5.183.95.6](https://vuldb.com/?ip.5.183.95.6) | mail.zeakids.de | - | High
-14 | [23.82.140.137](https://vuldb.com/?ip.23.82.140.137) | - | - | High
+14 | [5.196.197.27](https://vuldb.com/?ip.5.196.197.27) | - | - | High
-15 | [23.95.231.200](https://vuldb.com/?ip.23.95.231.200) | 23-95-231-200-host.colocrossing.com | - | High
+15 | [11.22.33.44](https://vuldb.com/?ip.11.22.33.44) | - | - | High
-16 | [23.106.160.174](https://vuldb.com/?ip.23.106.160.174) | - | - | High
+16 | [13.56.161.214](https://vuldb.com/?ip.13.56.161.214) | ec2-13-56-161-214.us-west-1.compute.amazonaws.com | BazarLoader | Medium
-17 | [23.146.242.134](https://vuldb.com/?ip.23.146.242.134) | - | - | High
+17 | [23.81.246.30](https://vuldb.com/?ip.23.81.246.30) | - | - | High
-18 | [23.254.228.234](https://vuldb.com/?ip.23.254.228.234) | hwsrv-935246.hostwindsdns.com | - | High
+18 | [23.82.140.137](https://vuldb.com/?ip.23.82.140.137) | - | - | High
-19 | [24.185.61.99](https://vuldb.com/?ip.24.185.61.99) | ool-18b93d63.dyn.optonline.net | - | High
+19 | [23.95.231.200](https://vuldb.com/?ip.23.95.231.200) | 23-95-231-200-host.colocrossing.com | - | High
-20 | [31.13.195.26](https://vuldb.com/?ip.31.13.195.26) | - | - | High
+20 | [23.106.160.174](https://vuldb.com/?ip.23.106.160.174) | - | - | High
-21 | [31.13.195.144](https://vuldb.com/?ip.31.13.195.144) | - | - | High
+21 | [23.146.242.134](https://vuldb.com/?ip.23.146.242.134) | - | - | High
-22 | [31.13.195.184](https://vuldb.com/?ip.31.13.195.184) | - | - | High
+22 | [23.254.228.234](https://vuldb.com/?ip.23.254.228.234) | hwsrv-935246.hostwindsdns.com | - | High
-23 | [31.14.40.95](https://vuldb.com/?ip.31.14.40.95) | - | - | High
+23 | [24.185.61.99](https://vuldb.com/?ip.24.185.61.99) | ool-18b93d63.dyn.optonline.net | - | High
-24 | [31.14.40.220](https://vuldb.com/?ip.31.14.40.220) | - | - | High
+24 | [31.13.195.26](https://vuldb.com/?ip.31.13.195.26) | - | - | High
-25 | [31.214.157.242](https://vuldb.com/?ip.31.214.157.242) | - | - | High
+25 | [31.13.195.144](https://vuldb.com/?ip.31.13.195.144) | - | - | High
-26 | [37.0.8.166](https://vuldb.com/?ip.37.0.8.166) | - | - | High
+26 | [31.13.195.184](https://vuldb.com/?ip.31.13.195.184) | - | - | High
-27 | [37.1.209.181](https://vuldb.com/?ip.37.1.209.181) | - | - | High
+27 | [31.14.40.95](https://vuldb.com/?ip.31.14.40.95) | - | - | High
-28 | [37.187.24.215](https://vuldb.com/?ip.37.187.24.215) | ns3206394.ip-37-187-24.eu | - | High
+28 | [31.14.40.160](https://vuldb.com/?ip.31.14.40.160) | perico.cavepanel.com | BazarLoader | High
-29 | [37.220.6.122](https://vuldb.com/?ip.37.220.6.122) | mail.foxlontech.com | - | High
+29 | [31.14.40.220](https://vuldb.com/?ip.31.14.40.220) | - | - | High
-30 | [37.235.53.46](https://vuldb.com/?ip.37.235.53.46) | gw1.mad1.vitalng.com | - | High
+30 | [31.214.157.242](https://vuldb.com/?ip.31.214.157.242) | - | - | High
-31 | [38.88.223.172](https://vuldb.com/?ip.38.88.223.172) | - | - | High
+31 | [34.219.130.241](https://vuldb.com/?ip.34.219.130.241) | ec2-34-219-130-241.us-west-2.compute.amazonaws.com | BazarLoader | Medium
-32 | [38.92.176.125](https://vuldb.com/?ip.38.92.176.125) | - | - | High
+32 | [37.0.8.166](https://vuldb.com/?ip.37.0.8.166) | - | - | High
-33 | [38.92.191.89](https://vuldb.com/?ip.38.92.191.89) | - | - | High
+33 | [37.1.209.181](https://vuldb.com/?ip.37.1.209.181) | - | - | High
-34 | [43.126.75.91](https://vuldb.com/?ip.43.126.75.91) | - | - | High
+34 | [37.187.24.215](https://vuldb.com/?ip.37.187.24.215) | ns3206394.ip-37-187-24.eu | - | High
-35 | [45.11.183.198](https://vuldb.com/?ip.45.11.183.198) | - | - | High
+35 | [37.220.6.122](https://vuldb.com/?ip.37.220.6.122) | mail.foxlontech.com | - | High
-36 | [45.11.183.211](https://vuldb.com/?ip.45.11.183.211) | - | - | High
+36 | [37.235.53.46](https://vuldb.com/?ip.37.235.53.46) | gw1.mad1.vitalng.com | - | High
-37 | [45.14.226.23](https://vuldb.com/?ip.45.14.226.23) | - | - | High
+37 | [38.88.223.172](https://vuldb.com/?ip.38.88.223.172) | - | - | High
-38 | [45.14.226.47](https://vuldb.com/?ip.45.14.226.47) | - | - | High
+38 | [38.92.176.125](https://vuldb.com/?ip.38.92.176.125) | - | - | High
-39 | [45.32.131.223](https://vuldb.com/?ip.45.32.131.223) | - | - | High
+39 | [38.92.191.89](https://vuldb.com/?ip.38.92.191.89) | - | - | High
-40 | [45.32.132.182](https://vuldb.com/?ip.45.32.132.182) | 45.32.132.182.vultr.com | - | Medium
+40 | [38.135.122.194](https://vuldb.com/?ip.38.135.122.194) | h194-us122.fcsrv.net | - | High
-41 | [45.61.136.221](https://vuldb.com/?ip.45.61.136.221) | - | - | High
+41 | [43.126.75.91](https://vuldb.com/?ip.43.126.75.91) | - | - | High
-42 | [45.61.138.153](https://vuldb.com/?ip.45.61.138.153) | - | - | High
+42 | [45.11.183.198](https://vuldb.com/?ip.45.11.183.198) | - | - | High
-43 | [45.67.228.196](https://vuldb.com/?ip.45.67.228.196) | moe.m | - | High
+43 | [45.11.183.211](https://vuldb.com/?ip.45.11.183.211) | - | - | High
-44 | [45.126.75.91](https://vuldb.com/?ip.45.126.75.91) | 43.126.75.91.stargatecommunications.com | - | High
+44 | [45.14.226.23](https://vuldb.com/?ip.45.14.226.23) | - | - | High
-45 | [45.141.101.253](https://vuldb.com/?ip.45.141.101.253) | ongu.golderitu.com | - | High
+45 | [45.14.226.47](https://vuldb.com/?ip.45.14.226.47) | - | - | High
-46 | [45.141.103.194](https://vuldb.com/?ip.45.141.103.194) | ptr.ruvds.com | - | High
+46 | [45.32.131.223](https://vuldb.com/?ip.45.32.131.223) | - | - | High
-47 | [45.143.94.60](https://vuldb.com/?ip.45.143.94.60) | - | - | High
+47 | [45.32.132.182](https://vuldb.com/?ip.45.32.132.182) | 45.32.132.182.vultr.com | - | Medium
-48 | [45.148.120.142](https://vuldb.com/?ip.45.148.120.142) | - | - | High
+48 | [45.61.136.221](https://vuldb.com/?ip.45.61.136.221) | - | - | High
-49 | [45.148.120.192](https://vuldb.com/?ip.45.148.120.192) | - | - | High
+49 | [45.61.138.153](https://vuldb.com/?ip.45.61.138.153) | - | - | High
-50 | [45.153.240.191](https://vuldb.com/?ip.45.153.240.191) | - | - | High
+50 | [45.67.228.196](https://vuldb.com/?ip.45.67.228.196) | moe.m | - | High
-51 | ... | ... | ... | ...
+51 | [45.126.75.91](https://vuldb.com/?ip.45.126.75.91) | 43.126.75.91.stargatecommunications.com | - | High
 52 | [45.141.101.253](https://vuldb.com/?ip.45.141.101.253) | ongu.golderitu.com | - | High
 53 | [45.141.103.194](https://vuldb.com/?ip.45.141.103.194) | ptr.ruvds.com | - | High
 54 | ... | ... | ... | ...
-There are 202 more IOC items available. Please use our online service to access the data.
+There are 213 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -127,22 +131,22 @@ ID | Type | Indicator | Confidence
 25 | File | `/uncpath/` | Medium
 26 | File | `/usr/bin/pkexec` | High
 27 | File | `/usr/sbin/suexec` | High
-28 | File | `/WEB-INF/web.xml` | High
+28 | File | `/wp-admin/admin-ajax.php` | High
-29 | File | `/wp-admin/admin-ajax.php` | High
+29 | File | `/wp-json/wc/v3/webhooks` | High
-30 | File | `/wp-json/wc/v3/webhooks` | High
+30 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+31 | File | `AccountManagerService.java` | High
-32 | File | `AccountManagerService.java` | High
+32 | File | `actions/CompanyDetailsSave.php` | High
-33 | File | `actions/CompanyDetailsSave.php` | High
+33 | File | `ActivityManagerService.java` | High
-34 | File | `ActivityManagerService.java` | High
+34 | File | `admin.php` | Medium
-35 | File | `admin.php` | Medium
+35 | File | `admin.php?page=languages` | High
-36 | File | `admin.php?page=languages` | High
+36 | File | `admin/add-glossary.php` | High
-37 | File | `admin/add-glossary.php` | High
+37 | File | `admin/admin.php` | High
-38 | File | `admin/admin.php` | High
+38 | File | `admin/conf_users_edit.php` | High
-39 | File | `admin/conf_users_edit.php` | High
+39 | File | `admin/edit-comments.php` | High
-40 | File | `admin/edit-comments.php` | High
+40 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
 41 | ... | ... | ...
-There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 356 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -150,6 +154,9 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://ddanchev.blogspot.com/2022/02/exposing-conti-ransomware-gang-osint_28.html
 * https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Conti.csv
 * https://thedfirreport.com/2021/05/12/conti-ransomware/
 * https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/
 * https://thedfirreport.com/2022/04/04/stolen-images-campaign-ends-in-conti-ransomware/
 * https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/
 * https://twitter.com/cherryblond83/status/1498133186316062724
 * https://twitter.com/vxunderground/status/1414809517993435139
--- a/actors/DPRK/README.md
+++ b/actors/DPRK/README.md
@ -13,7 +13,7 @@ The following _campaigns_ are known and can be associated with DPRK:
 * DrillMalware
 * ...
-There are 2 more campaign items available. Please use our online service to access the data.
+There are 3 more campaign items available. Please use our online service to access the data.
 ## Countries
@ -57,7 +57,7 @@ ID | IP address | Hostname | Campaign | Confidence
 27 | [57.73.224.0](https://vuldb.com/?ip.57.73.224.0) | - | - | High
 28 | ... | ... | ... | ...
-There are 108 more IOC items available. Please use our online service to access the data.
+There are 109 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -125,6 +125,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://github.com/blackorbird/APT_REPORT/tree/master/International%20Strategic/Korea
 * https://github.com/mandatoryprogrammer/NorthKoreaDNSLeak
 * https://raidforums.com/Thread-North-Korean-IP-Addresses-300
 * https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf
 * https://us-cert.cisa.gov/ncas/alerts/aa21-048a
 * https://us-cert.cisa.gov/ncas/analysis-reports/AR19-100A
 * https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a
--- a/actors/DarkComet/README.md
+++ b/actors/DarkComet/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [ES](https://vuldb.com/?country.es)
 * ...
-There are 8 more country items available. Please use our online service to access the data.
+There are 9 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -36,12 +36,13 @@ ID | IP address | Hostname | Campaign | Confidence
 13 | [23.36.85.183](https://vuldb.com/?ip.23.36.85.183) | a23-36-85-183.deploy.static.akamaitechnologies.com | - | High
 14 | [23.38.131.139](https://vuldb.com/?ip.23.38.131.139) | a23-38-131-139.deploy.static.akamaitechnologies.com | - | High
 15 | [23.64.110.64](https://vuldb.com/?ip.23.64.110.64) | a23-64-110-64.deploy.static.akamaitechnologies.com | - | High
-16 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
+16 | [23.67.200.172](https://vuldb.com/?ip.23.67.200.172) | a23-67-200-172.deploy.static.akamaitechnologies.com | - | High
-17 | [31.170.166.110](https://vuldb.com/?ip.31.170.166.110) | - | - | High
+17 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
-18 | [31.193.90.60](https://vuldb.com/?ip.31.193.90.60) | - | - | High
+18 | [31.170.166.110](https://vuldb.com/?ip.31.170.166.110) | - | - | High
-19 | ... | ... | ... | ...
+19 | [31.193.90.60](https://vuldb.com/?ip.31.193.90.60) | - | - | High
 20 | ... | ... | ... | ...
-There are 70 more IOC items available. Please use our online service to access the data.
+There are 74 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -51,10 +52,10 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254 | 7PK Security Features | High
+3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 3 more TTP items available. Please use our online service to access the data.
+There are 4 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -63,22 +64,24 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.htaccess` | Medium
-2 | File | `/modules/tasks/summary.inc.php` | High
+2 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
-3 | File | `/usr/bin/pkexec` | High
+3 | File | `/modules/tasks/summary.inc.php` | High
-4 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+4 | File | `/usr/bin/pkexec` | High
-5 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+5 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
-6 | File | `admin.php` | Medium
+6 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-7 | File | `adminpasswd.cgi` | High
+7 | File | `admin.php` | Medium
-8 | File | `ajax.php` | Medium
+8 | File | `adminpasswd.cgi` | High
-9 | File | `apache2/modsecurity.c` | High
+9 | File | `ajax.php` | Medium
-10 | ... | ... | ...
+10 | File | `apache2/modsecurity.c` | High
 11 | ... | ... | ...
-There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 80 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://blog.talosintelligence.com/2019/05/threat-roundup-0517-0524.html
 * https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
 * https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
 * https://blog.talosintelligence.com/2021/03/threat-roundup-0226-0305.html
@ -89,6 +92,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2021/07/threat-roundup-for-july-9-to-july-16.html
 * https://blog.talosintelligence.com/2021/08/threat-roundup-0806-0813.html
 * https://blog.talosintelligence.com/2021/09/threat-roundup-0903-0910.html
 * https://blog.talosintelligence.com/2022/04/threat-roundup-0325-0401.html
 ## Literature
--- a/actors/Dorkbot/README.md
+++ b/actors/Dorkbot/README.md
@ -0,0 +1,60 @@
 # Dorkbot - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dorkbot](https://vuldb.com/?actor.dorkbot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dorkbot](https://vuldb.com/?actor.dorkbot)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dorkbot:
 * [US](https://vuldb.com/?country.us)
 * [FR](https://vuldb.com/?country.fr)
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dorkbot.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
 2 | [204.79.197.200](https://vuldb.com/?ip.204.79.197.200) | a-0001.a-msedge.net | - | High
 3 | [212.83.168.196](https://vuldb.com/?ip.212.83.168.196) | 212-83-168-196.rev.poneytelecom.eu | - | High
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dorkbot_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dorkbot. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `countrydetails.php` | High
 2 | File | `data/gbconfiguration.dat` | High
 3 | File | `db_central_columns.php` | High
 4 | ... | ... | ...
 There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://blog.talosintelligence.com/2019/09/threat-roundup-0830-0906.html
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/Storm/README.md
+++ b/Storm/README.md
@ -17,9 +17,6 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
 * [GB](https://vuldb.com/?country.gb)
 * ...
 There are 1 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -62,44 +59,49 @@ ID | Type | Indicator | Confidence
 3 | File | `/#/CampaignManager/users` | High
 4 | File | `//` | Low
 5 | File | `/admin.php?action=themeinstall` | High
-6 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
+6 | File | `/admin/?setting-base.htm` | High
-7 | File | `/admin/login.php` | High
+7 | File | `/admin/admin_login.php` | High
-8 | File | `/apply_noauth.cgi` | High
+8 | File | `/admin/login.php` | High
-9 | File | `/article/comment` | High
+9 | File | `/apply_noauth.cgi` | High
 10 | File | `/audit/log/log_management.php` | High
-11 | File | `/backup/lispbx-CONF-YYYY-MM-DD.tar` | High
+11 | File | `/bin/login` | Medium
-12 | File | `/bin/login` | Medium
+12 | File | `/bin/sh` | Low
-13 | File | `/bin/sh` | Low
+13 | File | `/cgi-bin/login` | High
-14 | File | `/cgi-bin/login` | High
+14 | File | `/classes/profile.class.php` | High
-15 | File | `/cgi/sshcheck.cgi` | High
+15 | File | `/dev/tty` | Medium
-16 | File | `/classes/profile.class.php` | High
+16 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
-17 | File | `/crmeb/crmeb/services/UploadService.php` | High
+17 | File | `/downloads/` | Medium
-18 | File | `/dev/tty` | Medium
+18 | File | `/IISADMPWD` | Medium
-19 | File | `/downloads/` | Medium
+19 | File | `/inc/session.php` | High
-20 | File | `/IISADMPWD` | Medium
+20 | File | `/index.php` | Medium
-21 | File | `/inc/session.php` | High
+21 | File | `/login` | Low
-22 | File | `/index.php` | Medium
+22 | File | `/login.html` | Medium
-23 | File | `/mcms/view.do` | High
+23 | File | `/magnoliaPublic/travel/members/login.html` | High
 24 | File | `/member/index/login.html` | High
 25 | File | `/modules/certinfo/index.php` | High
-26 | File | `/post/editing` | High
+26 | File | `/restful-services/publish` | High
-27 | File | `/public/plugins/` | High
+27 | File | `/ScadaBR/login.htm` | High
-28 | File | `/restful-services/publish` | High
+28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-29 | File | `/ScadaBR/login.htm` | High
+29 | File | `/system/tool/ping.php` | High
-30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+30 | File | `/upload` | Low
-31 | File | `/system/tool/ping.php` | High
+31 | File | `/usr/bin/pkexec` | High
-32 | File | `/upload` | Low
+32 | File | `/var/adm/btmp` | High
-33 | File | `/usr/bin/pkexec` | High
+33 | File | `?location=search` | High
-34 | File | `/usr/sbin/mini_httpd` | High
+34 | File | `account/login.php` | High
-35 | File | `/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php` | High
+35 | File | `add.asp` | Low
-36 | File | `?location=search` | High
+36 | File | `add.php` | Low
-37 | File | `account/login.php` | High
+37 | File | `admin.inc.php` | High
-38 | File | `add.asp` | Low
+38 | File | `admin.php` | Medium
-39 | File | `admin.home.php` | High
+39 | File | `admin.php?m=backup&c=backup&a=doback` | High
-40 | File | `admin.php` | Medium
+40 | File | `admin/conf_users_edit.php` | High
-41 | ... | ... | ...
+41 | File | `admin/index.php` | High
 42 | File | `admin/login.asp` | High
 43 | File | `admin/login.php` | High
 44 | File | `admin/nos/login` | High
 45 | File | `admin\db\DoSql.php` | High
 46 | ... | ... | ...
-There are 355 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 396 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Emotet/README.md
+++ b/actors/Emotet/README.md
@ -10,10 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [VN](https://vuldb.com/?country.vn)
 * [US](https://vuldb.com/?country.us)
-* [GB](https://vuldb.com/?country.gb)
+* [CN](https://vuldb.com/?country.cn)
 * ...
 There are 4 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -46,203 +43,266 @@ ID | IP address | Hostname | Campaign | Confidence
 23 | [5.159.57.195](https://vuldb.com/?ip.5.159.57.195) | www-riedle.transfermarkt.de | - | High
 24 | [5.196.35.138](https://vuldb.com/?ip.5.196.35.138) | vps10.open-techno.net | - | High
 25 | [5.196.73.150](https://vuldb.com/?ip.5.196.73.150) | ns3000085.ip-5-196-73.eu | - | High
-26 | [5.230.193.41](https://vuldb.com/?ip.5.230.193.41) | casagarcia-web.sys.netzfabrik.eu | - | High
+26 | [5.196.133.206](https://vuldb.com/?ip.5.196.133.206) | pixelfed.hosnet.fr | - | High
-27 | [8.4.9.137](https://vuldb.com/?ip.8.4.9.137) | onlinehorizons.net | - | High
+27 | [5.230.193.41](https://vuldb.com/?ip.5.230.193.41) | casagarcia-web.sys.netzfabrik.eu | - | High
-28 | [8.247.6.134](https://vuldb.com/?ip.8.247.6.134) | - | - | High
+28 | [8.4.9.137](https://vuldb.com/?ip.8.4.9.137) | onlinehorizons.net | - | High
-29 | [12.6.183.21](https://vuldb.com/?ip.12.6.183.21) | - | - | High
+29 | [8.247.6.134](https://vuldb.com/?ip.8.247.6.134) | - | - | High
-30 | [12.32.68.154](https://vuldb.com/?ip.12.32.68.154) | mail.sealscoinc.com | - | High
+30 | [12.6.148.4](https://vuldb.com/?ip.12.6.148.4) | mail.carters.com | - | High
-31 | [12.149.72.170](https://vuldb.com/?ip.12.149.72.170) | - | - | High
+31 | [12.6.183.21](https://vuldb.com/?ip.12.6.183.21) | - | - | High
-32 | [12.162.84.2](https://vuldb.com/?ip.12.162.84.2) | - | - | High
+32 | [12.32.68.154](https://vuldb.com/?ip.12.32.68.154) | mail.sealscoinc.com | - | High
-33 | [12.163.208.58](https://vuldb.com/?ip.12.163.208.58) | - | - | High
+33 | [12.149.72.170](https://vuldb.com/?ip.12.149.72.170) | - | - | High
-34 | [12.182.146.226](https://vuldb.com/?ip.12.182.146.226) | - | - | High
+34 | [12.162.84.2](https://vuldb.com/?ip.12.162.84.2) | - | - | High
-35 | [12.184.217.101](https://vuldb.com/?ip.12.184.217.101) | - | - | High
+35 | [12.163.208.58](https://vuldb.com/?ip.12.163.208.58) | - | - | High
-36 | [12.222.134.10](https://vuldb.com/?ip.12.222.134.10) | - | - | High
+36 | [12.182.146.226](https://vuldb.com/?ip.12.182.146.226) | - | - | High
-37 | [12.238.114.130](https://vuldb.com/?ip.12.238.114.130) | - | - | High
+37 | [12.184.217.101](https://vuldb.com/?ip.12.184.217.101) | - | - | High
-38 | [23.6.65.194](https://vuldb.com/?ip.23.6.65.194) | a23-6-65-194.deploy.static.akamaitechnologies.com | - | High
+38 | [12.222.134.10](https://vuldb.com/?ip.12.222.134.10) | - | - | High
-39 | [23.36.85.183](https://vuldb.com/?ip.23.36.85.183) | a23-36-85-183.deploy.static.akamaitechnologies.com | - | High
+39 | [12.238.114.130](https://vuldb.com/?ip.12.238.114.130) | - | - | High
-40 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
+40 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
-41 | [23.199.71.185](https://vuldb.com/?ip.23.199.71.185) | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High
+41 | [14.49.39.215](https://vuldb.com/?ip.14.49.39.215) | - | - | High
-42 | [23.239.2.11](https://vuldb.com/?ip.23.239.2.11) | li683-11.members.linode.com | - | High
+42 | [17.56.136.171](https://vuldb.com/?ip.17.56.136.171) | p74-smtp.mail.icloud.com | - | High
-43 | [23.254.203.51](https://vuldb.com/?ip.23.254.203.51) | hwsrv-779084.hostwindsdns.com | - | High
+43 | [18.209.113.128](https://vuldb.com/?ip.18.209.113.128) | ec2-18-209-113-128.compute-1.amazonaws.com | - | Medium
-44 | [24.40.239.62](https://vuldb.com/?ip.24.40.239.62) | 24-40-239-62.fidnet.com | - | High
+44 | [18.211.9.206](https://vuldb.com/?ip.18.211.9.206) | ec2-18-211-9-206.compute-1.amazonaws.com | - | Medium
-45 | [24.43.99.75](https://vuldb.com/?ip.24.43.99.75) | rrcs-24-43-99-75.west.biz.rr.com | - | High
+45 | [23.5.231.225](https://vuldb.com/?ip.23.5.231.225) | a23-5-231-225.deploy.static.akamaitechnologies.com | - | High
-46 | [24.101.229.82](https://vuldb.com/?ip.24.101.229.82) | dynamic-acs-24-101-229-82.zoominternet.net | - | High
+46 | [23.6.65.194](https://vuldb.com/?ip.23.6.65.194) | a23-6-65-194.deploy.static.akamaitechnologies.com | - | High
-47 | [24.116.40.208](https://vuldb.com/?ip.24.116.40.208) | 24-116-40-208.cpe.sparklight.net | - | High
+47 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
-48 | [24.119.116.230](https://vuldb.com/?ip.24.119.116.230) | 24-119-116-230.cpe.sparklight.net | - | High
+48 | [23.36.85.183](https://vuldb.com/?ip.23.36.85.183) | a23-36-85-183.deploy.static.akamaitechnologies.com | - | High
-49 | [24.121.176.48](https://vuldb.com/?ip.24.121.176.48) | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | - | High
+49 | [23.41.248.194](https://vuldb.com/?ip.23.41.248.194) | a23-41-248-194.deploy.static.akamaitechnologies.com | - | High
-50 | [24.137.76.62](https://vuldb.com/?ip.24.137.76.62) | host-24-137-76-62.public.eastlink.ca | - | High
+50 | [23.46.53.71](https://vuldb.com/?ip.23.46.53.71) | a23-46-53-71.deploy.static.akamaitechnologies.com | - | High
-51 | [24.178.90.49](https://vuldb.com/?ip.24.178.90.49) | 024-178-090-049.res.spectrum.com | - | High
+51 | [23.52.7.20](https://vuldb.com/?ip.23.52.7.20) | a23-52-7-20.deploy.static.akamaitechnologies.com | - | High
-52 | [24.179.13.119](https://vuldb.com/?ip.24.179.13.119) | 024-179-013-119.res.spectrum.com | - | High
+52 | [23.95.95.18](https://vuldb.com/?ip.23.95.95.18) | 23-95-95-18-host.colocrossing.com | - | High
-53 | [24.201.79.34](https://vuldb.com/?ip.24.201.79.34) | modemcable034.79-201-24.mc.videotron.ca | - | High
+53 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
-54 | [24.203.4.40](https://vuldb.com/?ip.24.203.4.40) | modemcable040.4-203-24.mc.videotron.ca | - | High
+54 | [23.199.71.185](https://vuldb.com/?ip.23.199.71.185) | a23-199-71-185.deploy.static.akamaitechnologies.com | - | High
-55 | [24.217.117.217](https://vuldb.com/?ip.24.217.117.217) | 024-217-117-217.res.spectrum.com | - | High
+55 | [23.218.127.164](https://vuldb.com/?ip.23.218.127.164) | a23-218-127-164.deploy.static.akamaitechnologies.com | - | High
-56 | [24.232.228.233](https://vuldb.com/?ip.24.232.228.233) | OL233-228.fibertel.com.ar | - | High
+56 | [23.218.141.31](https://vuldb.com/?ip.23.218.141.31) | a23-218-141-31.deploy.static.akamaitechnologies.com | - | High
-57 | [24.244.177.40](https://vuldb.com/?ip.24.244.177.40) | - | - | High
+57 | [23.221.50.122](https://vuldb.com/?ip.23.221.50.122) | a23-221-50-122.deploy.static.akamaitechnologies.com | - | High
-58 | [27.50.89.209](https://vuldb.com/?ip.27.50.89.209) | 27-50-89-209.as45671.net | - | High
+58 | [23.229.190.0](https://vuldb.com/?ip.23.229.190.0) | ip-23-229-190-0.ip.secureserver.net | - | High
-59 | [27.78.27.110](https://vuldb.com/?ip.27.78.27.110) | localhost | - | High
+59 | [23.239.2.11](https://vuldb.com/?ip.23.239.2.11) | li683-11.members.linode.com | - | High
-60 | [27.82.13.10](https://vuldb.com/?ip.27.82.13.10) | KD027082013010.ppp-bb.dion.ne.jp | - | High
+60 | [23.254.203.51](https://vuldb.com/?ip.23.254.203.51) | hwsrv-779084.hostwindsdns.com | - | High
-61 | [27.109.24.214](https://vuldb.com/?ip.27.109.24.214) | - | - | High
+61 | [24.40.239.62](https://vuldb.com/?ip.24.40.239.62) | 24-40-239-62.fidnet.com | - | High
-62 | [27.114.9.93](https://vuldb.com/?ip.27.114.9.93) | i27-114-9-93.s41.a011.ap.plala.or.jp | - | High
+62 | [24.43.99.75](https://vuldb.com/?ip.24.43.99.75) | rrcs-24-43-99-75.west.biz.rr.com | - | High
-63 | [31.24.158.56](https://vuldb.com/?ip.31.24.158.56) | bm.servidoresdedicados.com | - | High
+63 | [24.101.229.82](https://vuldb.com/?ip.24.101.229.82) | dynamic-acs-24-101-229-82.zoominternet.net | - | High
-64 | [31.167.248.50](https://vuldb.com/?ip.31.167.248.50) | - | - | High
+64 | [24.116.40.208](https://vuldb.com/?ip.24.116.40.208) | 24-116-40-208.cpe.sparklight.net | - | High
-65 | [35.190.87.116](https://vuldb.com/?ip.35.190.87.116) | 116.87.190.35.bc.googleusercontent.com | - | Medium
+65 | [24.119.116.230](https://vuldb.com/?ip.24.119.116.230) | 24-119-116-230.cpe.sparklight.net | - | High
-66 | [36.91.44.183](https://vuldb.com/?ip.36.91.44.183) | - | - | High
+66 | [24.121.176.48](https://vuldb.com/?ip.24.121.176.48) | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | - | High
-67 | [37.46.129.215](https://vuldb.com/?ip.37.46.129.215) | we-too.ru | - | High
+67 | [24.137.76.62](https://vuldb.com/?ip.24.137.76.62) | host-24-137-76-62.public.eastlink.ca | - | High
-68 | [37.97.135.82](https://vuldb.com/?ip.37.97.135.82) | 37-97-135-82.colo.transip.net | - | High
+68 | [24.178.90.49](https://vuldb.com/?ip.24.178.90.49) | 024-178-090-049.res.spectrum.com | - | High
-69 | [37.120.175.15](https://vuldb.com/?ip.37.120.175.15) | v220220112692175454.nicesrv.de | - | High
+69 | [24.179.13.119](https://vuldb.com/?ip.24.179.13.119) | 024-179-013-119.res.spectrum.com | - | High
-70 | [37.139.21.175](https://vuldb.com/?ip.37.139.21.175) | 37.139.21.175-e2-8080-keep-up | - | High
+70 | [24.190.11.79](https://vuldb.com/?ip.24.190.11.79) | ool-18be0b4f.dyn.optonline.net | - | High
-71 | [37.179.204.33](https://vuldb.com/?ip.37.179.204.33) | - | - | High
+71 | [24.201.79.34](https://vuldb.com/?ip.24.201.79.34) | modemcable034.79-201-24.mc.videotron.ca | - | High
-72 | [37.187.4.178](https://vuldb.com/?ip.37.187.4.178) | ks2.kku.io | - | High
+72 | [24.203.4.40](https://vuldb.com/?ip.24.203.4.40) | modemcable040.4-203-24.mc.videotron.ca | - | High
-73 | [37.187.57.57](https://vuldb.com/?ip.37.187.57.57) | ns3357940.ovh.net | - | High
+73 | [24.217.117.217](https://vuldb.com/?ip.24.217.117.217) | 024-217-117-217.res.spectrum.com | - | High
-74 | [37.187.72.193](https://vuldb.com/?ip.37.187.72.193) | ns3362285.ip-37-187-72.eu | - | High
+74 | [24.232.228.233](https://vuldb.com/?ip.24.232.228.233) | OL233-228.fibertel.com.ar | - | High
-75 | [37.187.161.206](https://vuldb.com/?ip.37.187.161.206) | toolbox.alabs.io | - | High
+75 | [24.244.177.40](https://vuldb.com/?ip.24.244.177.40) | - | - | High
-76 | [37.205.9.252](https://vuldb.com/?ip.37.205.9.252) | s1.ithelp24.eu | - | High
+76 | [27.50.89.209](https://vuldb.com/?ip.27.50.89.209) | 27-50-89-209.as45671.net | - | High
-77 | [37.221.70.250](https://vuldb.com/?ip.37.221.70.250) | b2b-customer.inftele.net | - | High
+77 | [27.78.27.110](https://vuldb.com/?ip.27.78.27.110) | localhost | - | High
-78 | [41.76.108.46](https://vuldb.com/?ip.41.76.108.46) | - | - | High
+78 | [27.82.13.10](https://vuldb.com/?ip.27.82.13.10) | KD027082013010.ppp-bb.dion.ne.jp | - | High
-79 | [41.169.36.237](https://vuldb.com/?ip.41.169.36.237) | - | - | High
+79 | [27.109.24.214](https://vuldb.com/?ip.27.109.24.214) | - | - | High
-80 | [41.185.28.84](https://vuldb.com/?ip.41.185.28.84) | brf01-nix01.wadns.net | - | High
+80 | [27.114.9.93](https://vuldb.com/?ip.27.114.9.93) | i27-114-9-93.s41.a011.ap.plala.or.jp | - | High
-81 | [41.185.29.128](https://vuldb.com/?ip.41.185.29.128) | abp79-nix01.wadns.net | - | High
+81 | [31.24.158.56](https://vuldb.com/?ip.31.24.158.56) | bm.servidoresdedicados.com | - | High
-82 | [41.204.202.41](https://vuldb.com/?ip.41.204.202.41) | www41.cpt2.host-h.net | - | High
+82 | [31.167.248.50](https://vuldb.com/?ip.31.167.248.50) | - | - | High
-83 | [41.231.225.139](https://vuldb.com/?ip.41.231.225.139) | - | - | High
+83 | [31.172.86.183](https://vuldb.com/?ip.31.172.86.183) | - | - | High
-84 | [42.62.40.103](https://vuldb.com/?ip.42.62.40.103) | - | - | High
+84 | [35.190.87.116](https://vuldb.com/?ip.35.190.87.116) | 116.87.190.35.bc.googleusercontent.com | - | Medium
-85 | [45.16.226.117](https://vuldb.com/?ip.45.16.226.117) | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | - | High
+85 | [36.91.44.183](https://vuldb.com/?ip.36.91.44.183) | - | - | High
-86 | [45.33.77.42](https://vuldb.com/?ip.45.33.77.42) | li1023-42.members.linode.com | - | High
+86 | [37.9.175.14](https://vuldb.com/?ip.37.9.175.14) | 14.175.9.37.in-addr.arpa.websupport.sk | - | High
-87 | [45.46.37.97](https://vuldb.com/?ip.45.46.37.97) | cpe-45-46-37-97.maine.res.rr.com | - | High
+87 | [37.46.129.215](https://vuldb.com/?ip.37.46.129.215) | we-too.ru | - | High
-88 | [45.55.36.51](https://vuldb.com/?ip.45.55.36.51) | - | - | High
+88 | [37.97.135.82](https://vuldb.com/?ip.37.97.135.82) | 37-97-135-82.colo.transip.net | - | High
-89 | [45.55.219.163](https://vuldb.com/?ip.45.55.219.163) | - | - | High
+89 | [37.120.175.15](https://vuldb.com/?ip.37.120.175.15) | v220220112692175454.nicesrv.de | - | High
-90 | [45.79.95.107](https://vuldb.com/?ip.45.79.95.107) | li1194-107.members.linode.com | - | High
+90 | [37.139.21.175](https://vuldb.com/?ip.37.139.21.175) | 37.139.21.175-e2-8080-keep-up | - | High
-91 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
+91 | [37.179.204.33](https://vuldb.com/?ip.37.179.204.33) | - | - | High
-92 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
+92 | [37.187.4.178](https://vuldb.com/?ip.37.187.4.178) | ks2.kku.io | - | High
-93 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
+93 | [37.187.57.57](https://vuldb.com/?ip.37.187.57.57) | ns3357940.ovh.net | - | High
-94 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
+94 | [37.187.72.193](https://vuldb.com/?ip.37.187.72.193) | ns3362285.ip-37-187-72.eu | - | High
-95 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
+95 | [37.187.161.206](https://vuldb.com/?ip.37.187.161.206) | toolbox.alabs.io | - | High
-96 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
+96 | [37.205.9.252](https://vuldb.com/?ip.37.205.9.252) | s1.ithelp24.eu | - | High
-97 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
+97 | [37.221.70.250](https://vuldb.com/?ip.37.221.70.250) | b2b-customer.inftele.net | - | High
-98 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
+98 | [40.97.124.18](https://vuldb.com/?ip.40.97.124.18) | - | - | High
-99 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
+99 | [41.76.108.46](https://vuldb.com/?ip.41.76.108.46) | - | - | High
-100 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
+100 | [41.169.36.237](https://vuldb.com/?ip.41.169.36.237) | - | - | High
-101 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
+101 | [41.185.28.84](https://vuldb.com/?ip.41.185.28.84) | brf01-nix01.wadns.net | - | High
-102 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
+102 | [41.185.29.128](https://vuldb.com/?ip.41.185.29.128) | abp79-nix01.wadns.net | - | High
-103 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
+103 | [41.204.202.41](https://vuldb.com/?ip.41.204.202.41) | www41.cpt2.host-h.net | - | High
-104 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
+104 | [41.231.225.139](https://vuldb.com/?ip.41.231.225.139) | - | - | High
-105 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
+105 | [42.62.40.103](https://vuldb.com/?ip.42.62.40.103) | - | - | High
-106 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
+106 | [43.229.62.186](https://vuldb.com/?ip.43.229.62.186) | rocket-cheese.bnr.la | - | High
-107 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
+107 | [45.16.226.117](https://vuldb.com/?ip.45.16.226.117) | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | - | High
-108 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
+108 | [45.33.35.103](https://vuldb.com/?ip.45.33.35.103) | li985-103.members.linode.com | - | High
-109 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
+109 | [45.33.77.42](https://vuldb.com/?ip.45.33.77.42) | li1023-42.members.linode.com | - | High
-110 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
+110 | [45.46.37.97](https://vuldb.com/?ip.45.46.37.97) | cpe-45-46-37-97.maine.res.rr.com | - | High
-111 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
+111 | [45.55.36.51](https://vuldb.com/?ip.45.55.36.51) | - | - | High
-112 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
+112 | [45.55.219.163](https://vuldb.com/?ip.45.55.219.163) | - | - | High
-113 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
+113 | [45.59.204.133](https://vuldb.com/?ip.45.59.204.133) | rrcs-45-59-204-133.west.biz.rr.com | - | High
-114 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
+114 | [45.79.95.107](https://vuldb.com/?ip.45.79.95.107) | li1194-107.members.linode.com | - | High
-115 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
+115 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
-116 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
+116 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
-117 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
+117 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
-118 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
+118 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
-119 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
+119 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
-120 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
+120 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
-121 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
+121 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
-122 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
+122 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
-123 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
+123 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
-124 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
+124 | [46.30.213.132](https://vuldb.com/?ip.46.30.213.132) | - | - | High
-125 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
+125 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
-126 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
+126 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
-127 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
+127 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
-128 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
+128 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
-129 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
+129 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
-130 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
+130 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
-131 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
+131 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
-132 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
+132 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
-133 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
+133 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
-134 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
+134 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
-135 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
+135 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
-136 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
+136 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
-137 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
+137 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
-138 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
+138 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
-139 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
+139 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
-140 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
+140 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
-141 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
+141 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
-142 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
+142 | [47.52.19.221](https://vuldb.com/?ip.47.52.19.221) | - | - | High
-143 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
+143 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
-144 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
+144 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
-145 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
+145 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
-146 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
+146 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
-147 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
+147 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
-148 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
+148 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
-149 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
+149 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
-150 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
+150 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
-151 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
+151 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
-152 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
+152 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
-153 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
+153 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
-154 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
+154 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
-155 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
+155 | [50.23.248.182](https://vuldb.com/?ip.50.23.248.182) | b6.f8.1732.ip4.static.sl-reverse.com | - | High
-156 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
+156 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
-157 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
+157 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
-158 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
+158 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
-159 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
+159 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
-160 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
+160 | [50.62.176.42](https://vuldb.com/?ip.50.62.176.42) | p3plcpnl0515.prod.phx3.secureserver.net | - | High
-161 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
+161 | [50.62.176.244](https://vuldb.com/?ip.50.62.176.244) | p3plcpnl0728.prod.phx3.secureserver.net | - | High
-162 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
+162 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
-163 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
+163 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
-164 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
+164 | [50.87.59.65](https://vuldb.com/?ip.50.87.59.65) | 50-87-59-65.unifiedlayer.com | - | High
-165 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
+165 | [50.87.144.137](https://vuldb.com/?ip.50.87.144.137) | gator3103.hostgator.com | - | High
-166 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
+166 | [50.87.144.197](https://vuldb.com/?ip.50.87.144.197) | gator3161.hostgator.com | - | High
-167 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
+167 | [50.87.150.177](https://vuldb.com/?ip.50.87.150.177) | 50-87-150-177.unifiedlayer.com | - | High
-168 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
+168 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
-169 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
+169 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
-170 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
+170 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
-171 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
+171 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
-172 | [64.60.82.82](https://vuldb.com/?ip.64.60.82.82) | 64-60-82-82.static-ip.telepacific.net | - | High
+172 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
-173 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
+173 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
-174 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
+174 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
-175 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
+175 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
-176 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
+176 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
-177 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
+177 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
-178 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
+178 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
-179 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
+179 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
-180 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
+180 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
-181 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
+181 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
-182 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
+182 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
-183 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
+183 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
-184 | [67.68.235.25](https://vuldb.com/?ip.67.68.235.25) | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High
+184 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
-185 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
+185 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
-186 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
+186 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
-187 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
+187 | [52.31.99.185](https://vuldb.com/?ip.52.31.99.185) | ec2-52-31-99-185.eu-west-1.compute.amazonaws.com | - | Medium
-188 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
+188 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
-189 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
+189 | [52.96.38.82](https://vuldb.com/?ip.52.96.38.82) | - | - | High
-190 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
+190 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
-191 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
+191 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
-192 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
+192 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
-193 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
+193 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
-194 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
+194 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
-195 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
+195 | [59.124.1.19](https://vuldb.com/?ip.59.124.1.19) | 59-124-1-19.hinet-ip.hinet.net | - | High
-196 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
+196 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
-197 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
+197 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
-198 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
+198 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
-199 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
+199 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
-200 | [70.32.92.133](https://vuldb.com/?ip.70.32.92.133) | popdesigngroup.com | - | High
+200 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
-201 | [70.32.115.157](https://vuldb.com/?ip.70.32.115.157) | harpotripofalifetime.com | - | High
+201 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
-202 | [70.36.102.35](https://vuldb.com/?ip.70.36.102.35) | - | - | High
+202 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
-203 | [70.45.30.28](https://vuldb.com/?ip.70.45.30.28) | dynamic.libertypr.net | - | High
+203 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
-204 | [70.168.7.6](https://vuldb.com/?ip.70.168.7.6) | wsip-70-168-7-6.ri.ri.cox.net | - | High
+204 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
-205 | [70.182.77.184](https://vuldb.com/?ip.70.182.77.184) | wsip-70-182-77-184.ok.ok.cox.net | - | High
+205 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
-206 | [70.183.113.54](https://vuldb.com/?ip.70.183.113.54) | wsip-70-183-113-54.no.no.cox.net | - | High
+206 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
-207 | [70.184.125.132](https://vuldb.com/?ip.70.184.125.132) | wsip-70-184-125-132.ph.ph.cox.net | - | High
+207 | [62.210.127.136](https://vuldb.com/?ip.62.210.127.136) | 62-210-127-136.rev.poneytelecom.eu | - | High
-208 | [71.8.1.188](https://vuldb.com/?ip.71.8.1.188) | 071-008-001-188.res.spectrum.com | - | High
+208 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
-209 | [71.15.245.148](https://vuldb.com/?ip.71.15.245.148) | 071-015-245-148.res.spectrum.com | - | High
+209 | [64.4.244.68](https://vuldb.com/?ip.64.4.244.68) | - | - | High
-210 | [71.40.213.82](https://vuldb.com/?ip.71.40.213.82) | rrcs-71-40-213-82.sw.biz.rr.com | - | High
+210 | [64.26.60.221](https://vuldb.com/?ip.64.26.60.221) | pop5.csee.onr.siteprotect.com | - | High
-211 | [71.58.165.119](https://vuldb.com/?ip.71.58.165.119) | c-71-58-165-119.hsd1.pa.comcast.net | - | High
+211 | [64.59.136.142](https://vuldb.com/?ip.64.59.136.142) | mail.shaw.ca | - | High
-212 | [71.71.3.84](https://vuldb.com/?ip.71.71.3.84) | - | - | High
+212 | [64.60.82.82](https://vuldb.com/?ip.64.60.82.82) | 64-60-82-82.static-ip.telepacific.net | - | High
-213 | [71.163.171.106](https://vuldb.com/?ip.71.163.171.106) | static-71-163-171-106.washdc.fios.verizon.net | - | High
+213 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
-214 | [71.165.252.144](https://vuldb.com/?ip.71.165.252.144) | static-71-165-252-144.lsanca.fios.frontiernet.net | - | High
+214 | [64.85.73.16](https://vuldb.com/?ip.64.85.73.16) | - | - | High
-215 | [71.177.184.128](https://vuldb.com/?ip.71.177.184.128) | static-71-177-184-128.lsanca.fios.frontiernet.net | - | High
+215 | [64.90.62.162](https://vuldb.com/?ip.64.90.62.162) | pop.dreamhost.com | - | High
-216 | [71.197.211.156](https://vuldb.com/?ip.71.197.211.156) | c-71-197-211-156.hsd1.wa.comcast.net | - | High
+216 | [64.91.228.45](https://vuldb.com/?ip.64.91.228.45) | - | - | High
-217 | [71.214.17.130](https://vuldb.com/?ip.71.214.17.130) | 71-214-17-130.orlf.qwest.net | - | High
+217 | [64.98.36.5](https://vuldb.com/?ip.64.98.36.5) | mail.b.hostedemail.com | - | High
-218 | [71.244.60.231](https://vuldb.com/?ip.71.244.60.231) | static-71-244-60-231.dllstx.fios.frontiernet.net | - | High
+218 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
-219 | [72.10.49.117](https://vuldb.com/?ip.72.10.49.117) | rtw7-rfpn.accessdomain.com | - | High
+219 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
-220 | ... | ... | ... | ...
+220 | [64.250.117.68](https://vuldb.com/?ip.64.250.117.68) | smtp.movistarcloud.com.ve | - | High
 221 | [65.49.60.163](https://vuldb.com/?ip.65.49.60.163) | 65-49-60-163.ip.linodeusercontent.com | - | High
 222 | [65.55.72.183](https://vuldb.com/?ip.65.55.72.183) | origin.sn134w.snt134.mail.live.com | - | High
 223 | [65.182.102.90](https://vuldb.com/?ip.65.182.102.90) | mail.geantes.com | - | High
 224 | [65.254.228.100](https://vuldb.com/?ip.65.254.228.100) | customer.hostcentric.com | - | High
 225 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
 226 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
 227 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
 228 | [66.71.241.102](https://vuldb.com/?ip.66.71.241.102) | mail.nixhost.net | - | High
 229 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
 230 | [66.96.134.1](https://vuldb.com/?ip.66.96.134.1) | 1.134.96.66.static.eigbox.net | - | High
 231 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
 232 | [66.96.147.110](https://vuldb.com/?ip.66.96.147.110) | 110.147.96.66.static.eigbox.net | - | High
 233 | [66.195.202.115](https://vuldb.com/?ip.66.195.202.115) | mail.navarac.com | - | High
 234 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
 235 | [66.216.234.131](https://vuldb.com/?ip.66.216.234.131) | 066-216-234-131.res.spectrum.com | - | High
 236 | [66.220.110.56](https://vuldb.com/?ip.66.220.110.56) | h66-220-110-56.bendor.broadband.dynamic.tds.net | - | High
 237 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
 238 | [66.228.45.129](https://vuldb.com/?ip.66.228.45.129) | li326-129.members.linode.com | - | High
 239 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
 240 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
 241 | [67.68.235.25](https://vuldb.com/?ip.67.68.235.25) | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High
 242 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
 243 | [67.177.71.77](https://vuldb.com/?ip.67.177.71.77) | c-67-177-71-77.hsd1.al.comcast.net | - | High
 244 | [67.195.197.75](https://vuldb.com/?ip.67.195.197.75) | p9ats-i.geo.vip.bf1.yahoo.com | - | High
 245 | [67.195.228.95](https://vuldb.com/?ip.67.195.228.95) | unknown.yahoo.com | - | High
 246 | [67.216.131.134](https://vuldb.com/?ip.67.216.131.134) | 134.131.216.67.134.static.hargray.net | - | High
 247 | [67.222.2.148](https://vuldb.com/?ip.67.222.2.148) | - | - | High
 248 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
 249 | [67.225.221.173](https://vuldb.com/?ip.67.225.221.173) | host.hddpool2.net | - | High
 250 | [67.241.81.253](https://vuldb.com/?ip.67.241.81.253) | cpe-67-241-81-253.twcny.res.rr.com | - | High
 251 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
 252 | [68.66.194.12](https://vuldb.com/?ip.68.66.194.12) | 68.66.194.12.static.a2webhosting.com | - | High
 253 | [68.178.213.203](https://vuldb.com/?ip.68.178.213.203) | p3plibsmtp03-v01.prod.phx3.secureserver.net | - | High
 254 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
 255 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
 256 | [69.16.228.14](https://vuldb.com/?ip.69.16.228.14) | kurt.duplika.com | - | High
 257 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
 258 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
 259 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
 260 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
 261 | [69.61.0.198](https://vuldb.com/?ip.69.61.0.198) | alpha01.serverparlor.net | - | High
 262 | [69.147.92.11](https://vuldb.com/?ip.69.147.92.11) | e1.ycpi.vip.dca.yahoo.com | - | High
 263 | [69.147.92.12](https://vuldb.com/?ip.69.147.92.12) | e2.ycpi.vip.dca.yahoo.com | - | High
 264 | [69.156.240.33](https://vuldb.com/?ip.69.156.240.33) | smtp.transportalliance.ca | - | High
 265 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
 266 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
 267 | [69.168.106.36](https://vuldb.com/?ip.69.168.106.36) | mail.windstream.syn-alias.com | - | High
 268 | [69.175.31.212](https://vuldb.com/?ip.69.175.31.212) | 212.31.175.69.unassigned.ord.singlehop.net | - | High
 269 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
 270 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
 271 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
 272 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
 273 | [70.32.92.133](https://vuldb.com/?ip.70.32.92.133) | popdesigngroup.com | - | High
 274 | [70.32.115.157](https://vuldb.com/?ip.70.32.115.157) | harpotripofalifetime.com | - | High
 275 | [70.36.102.35](https://vuldb.com/?ip.70.36.102.35) | - | - | High
 276 | [70.45.30.28](https://vuldb.com/?ip.70.45.30.28) | dynamic.libertypr.net | - | High
 277 | [70.168.7.6](https://vuldb.com/?ip.70.168.7.6) | wsip-70-168-7-6.ri.ri.cox.net | - | High
 278 | [70.182.77.184](https://vuldb.com/?ip.70.182.77.184) | wsip-70-182-77-184.ok.ok.cox.net | - | High
 279 | [70.183.113.54](https://vuldb.com/?ip.70.183.113.54) | wsip-70-183-113-54.no.no.cox.net | - | High
 280 | [70.184.86.103](https://vuldb.com/?ip.70.184.86.103) | wsip-70-184-86-103.ph.ph.cox.net | - | High
 281 | [70.184.125.132](https://vuldb.com/?ip.70.184.125.132) | wsip-70-184-125-132.ph.ph.cox.net | - | High
 282 | [71.8.1.188](https://vuldb.com/?ip.71.8.1.188) | 071-008-001-188.res.spectrum.com | - | High
 283 | ... | ... | ... | ...
-There are 877 more IOC items available. Please use our online service to access the data.
+There are 1126 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -250,12 +310,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 6 more TTP items available. Please use our online service to access the data.
+There are 3 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -263,25 +323,22 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/index.php?slides` | High
+1 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
-2 | File | `/AvalancheWeb/image` | High
+2 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
-3 | File | `/cgi-bin/adm.cgi` | High
+3 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-4 | File | `/classes/Comment` | High
+4 | File | `/admin/inbox.php&action=delete` | High
-5 | File | `/cms/content/list` | High
+5 | File | `/admin/inbox.php&action=read` | High
-6 | File | `/customer_register.php` | High
+6 | File | `/admin/pagerole.php&action=display&value=1` | High
-7 | File | `/etc/master.passwd` | High
+7 | File | `/admin/pagerole.php&action=edit` | High
-8 | File | `/example/editor` | High
+8 | File | `/admin/posts.php` | High
-9 | File | `/goform/login_process` | High
+9 | File | `/admin/posts.php&action=delete` | High
-10 | File | `/goform/rlmswitchr_process` | High
+10 | File | `/admin/posts.php&action=edit` | High
-11 | File | `/goforms/rlminfo` | High
+11 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-12 | File | `/include/chart_generator.php` | High
+12 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
-13 | File | `/index.php?page=home` | High
+13 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-14 | File | `/index.php?page=reserve` | High
+14 | ... | ... | ...
 15 | File | `/public_html/animals` | High
 16 | File | `/public_html/apply_vacancy` | High
 17 | ... | ... | ...
-There are 142 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -291,6 +348,26 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2018/07/threat-roundup-0720-0727.html
 * https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
 * https://blog.talosintelligence.com/2018/10/threat-roundup-1005-1012.html
 *  https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
 * https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html
 * https://blog.talosintelligence.com/2018/11/threat-roundup-1123-1130.html
 * https://blog.talosintelligence.com/2018/12/threat-roundup-1130-1207.html
 * https://blog.talosintelligence.com/2018/12/threat-roundup-1214-1221.html
 * https://blog.talosintelligence.com/2019/01/threat-roundup-0111-0118.html
 *  https://blog.talosintelligence.com/2019/01/threat-roundup-0118-0125.html
 *  https://blog.talosintelligence.com/2019/02/threat-roundup-0201-0208.html
 * https://blog.talosintelligence.com/2019/02/threat-roundup-for-feb-15-to-feb-22.html
 * https://blog.talosintelligence.com/2019/03/threat-roundup-0308-0315.html
 * https://blog.talosintelligence.com/2019/03/threat-roundup-0315-0322.html
 * https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html
 * https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html
 * https://blog.talosintelligence.com/2019/04/threat-roundup-0329-0405.html
 * https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
 * https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
 * https://blog.talosintelligence.com/2019/04/threat-roundup-0419-to-0426.html
 * https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
 * https://blog.talosintelligence.com/2019/05/threat-roundup-0517-0524.html
 * https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
 * https://blog.talosintelligence.com/2019/09/emotet-is-back-after-summer-break.html
 * https://blog.talosintelligence.com/2020/06/threat-roundup-0605-0612.html
 * https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
--- a/actors/FIN7/README.md
+++ b/actors/FIN7/README.md
@ -82,7 +82,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
@ -96,59 +96,59 @@ ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
 2 | File | `/bsms/?page=products` | High
-3 | File | `/cloud_config/router_post/check_reg_verify_code` | High
+3 | File | `/cgi-bin/system_mgr.cgi` | High
-4 | File | `/context/%2e/WEB-INF/web.xml` | High
+4 | File | `/cloud_config/router_post/check_reg_verify_code` | High
-5 | File | `/debug/pprof` | Medium
+5 | File | `/context/%2e/WEB-INF/web.xml` | High
-6 | File | `/ext/phar/phar_object.c` | High
+6 | File | `/debug/pprof` | Medium
-7 | File | `/filemanager/php/connector.php` | High
+7 | File | `/ext/phar/phar_object.c` | High
-8 | File | `/get_getnetworkconf.cgi` | High
+8 | File | `/filemanager/php/connector.php` | High
-9 | File | `/HNAP1` | Low
+9 | File | `/get_getnetworkconf.cgi` | High
-10 | File | `/include/chart_generator.php` | High
+10 | File | `/HNAP1` | Low
-11 | File | `/modx/manager/index.php` | High
+11 | File | `/include/chart_generator.php` | High
-12 | File | `/monitoring` | Medium
+12 | File | `/modx/manager/index.php` | High
-13 | File | `/new` | Low
+13 | File | `/monitoring` | Medium
-14 | File | `/proc/<pid>/status` | High
+14 | File | `/new` | Low
-15 | File | `/public/login.htm` | High
+15 | File | `/proc/<pid>/status` | High
-16 | File | `/public/plugins/` | High
+16 | File | `/public/login.htm` | High
-17 | File | `/replication` | Medium
+17 | File | `/public/plugins/` | High
-18 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+18 | File | `/replication` | Medium
-19 | File | `/secure/QueryComponent!Default.jspa` | High
+19 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-20 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
+20 | File | `/secure/QueryComponent!Default.jspa` | High
-21 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+21 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
-22 | File | `/tmp` | Low
+22 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-23 | File | `/type.php` | Medium
+23 | File | `/tmp` | Low
-24 | File | `/uncpath/` | Medium
+24 | File | `/type.php` | Medium
-25 | File | `/usr/bin/pkexec` | High
+25 | File | `/uncpath/` | Medium
-26 | File | `/wp-json/wc/v3/webhooks` | High
+26 | File | `/usr/bin/pkexec` | High
-27 | File | `4.2.0.CP09` | Medium
+27 | File | `/wp-json/wc/v3/webhooks` | High
-28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+28 | File | `4.2.0.CP09` | Medium
-29 | File | `802dot1xclientcert.cgi` | High
+29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-30 | File | `AccountManagerService.java` | High
+30 | File | `802dot1xclientcert.cgi` | High
-31 | File | `actions/CompanyDetailsSave.php` | High
+31 | File | `AccountManagerService.java` | High
-32 | File | `ActivityManagerService.java` | High
+32 | File | `actions/CompanyDetailsSave.php` | High
-33 | File | `add.exe` | Low
+33 | File | `ActivityManagerService.java` | High
-34 | File | `admin.color.php` | High
+34 | File | `add.exe` | Low
-35 | File | `admin.cropcanvas.php` | High
+35 | File | `admin.color.php` | High
-36 | File | `admin.joomlaradiov5.php` | High
+36 | File | `admin.cropcanvas.php` | High
-37 | File | `admin.php` | Medium
+37 | File | `admin.joomlaradiov5.php` | High
-38 | File | `admin.php?m=Food&a=addsave` | High
+38 | File | `admin.php` | Medium
-39 | File | `admin/add-glossary.php` | High
+39 | File | `admin.php?m=Food&a=addsave` | High
-40 | File | `admin/conf_users_edit.php` | High
+40 | File | `admin/add-glossary.php` | High
-41 | File | `admin/edit-comments.php` | High
+41 | File | `admin/conf_users_edit.php` | High
-42 | File | `admin/index.php` | High
+42 | File | `admin/edit-comments.php` | High
-43 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
+43 | File | `admin/index.php` | High
-44 | File | `admin/write-post.php` | High
+44 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
-45 | File | `administrator/components/com_media/helpers/media.php` | High
+45 | File | `admin/write-post.php` | High
-46 | File | `admin_events.php` | High
+46 | File | `administrator/components/com_media/helpers/media.php` | High
-47 | File | `aidl_const_expressions.cpp` | High
+47 | File | `admin_events.php` | High
-48 | File | `ajax/include.php` | High
+48 | File | `aidl_const_expressions.cpp` | High
-49 | File | `AjaxApplication.java` | High
+49 | File | `ajax/include.php` | High
-50 | File | `akocomments.php` | High
+50 | File | `AjaxApplication.java` | High
-51 | File | `allopass-error.php` | High
+51 | File | `akocomments.php` | High
-52 | File | `AllowBindAppWidgetActivity.java` | High
+52 | File | `allopass-error.php` | High
 53 | ... | ... | ...
-There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 464 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/FakeAlert/README.md
+++ b/actors/FakeAlert/README.md
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * [PT](https://vuldb.com/?country.pt)
-* [RU](https://vuldb.com/?country.ru)
+* [TR](https://vuldb.com/?country.tr)
 * ...
 There are 4 more country items available. Please use our online service to access the data.
--- a/actors/FritzFrog/README.md
+++ b/actors/FritzFrog/README.md
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:
 * [VN](https://vuldb.com/?country.vn)
 * [CN](https://vuldb.com/?country.cn)
 * [VN](https://vuldb.com/?country.vn)
 * [ES](https://vuldb.com/?country.es)
 * ...
-There are 12 more country items available. Please use our online service to access the data.
+There are 11 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -332,11 +332,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 8 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -344,41 +344,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/#/CampaignManager/users` | High
+1 | File | `.procmailrc` | Medium
-2 | File | `/admin/admin_login.php` | High
+2 | File | `/#/CampaignManager/users` | High
-3 | File | `/admin/index.php?slides` | High
+3 | File | `/admin/admin_login.php` | High
 4 | File | `/admin/login.php` | High
-5 | File | `/apply.cgi` | Medium
+5 | File | `/AvalancheWeb/image` | High
 6 | File | `/bin/sh` | Low
-7 | File | `/bsms/?page=products` | High
+7 | File | `/cgi-bin/portal` | High
-8 | File | `/cgi-bin/portal` | High
+8 | File | `/cgi-bin/system_mgr.cgi` | High
-9 | File | `/cgi-bin/system_mgr.cgi` | High
+9 | File | `/dev/tty` | Medium
 10 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
 11 | File | `/etc/groups` | Medium
-12 | File | `/form/index.php?module=getjson` | High
+12 | File | `/ghost/preview` | High
-13 | File | `/ghost/preview` | High
+13 | File | `/login` | Low
-14 | File | `/include/chart_generator.php` | High
+14 | File | `/login.html` | Medium
-15 | File | `/login` | Low
+15 | File | `/magnoliaPublic/travel/members/login.html` | High
-16 | File | `/login.html` | Medium
+16 | File | `/member/index/login.html` | High
-17 | File | `/magnoliaPublic/travel/members/login.html` | High
+17 | File | `/nova/bin/detnet` | High
-18 | File | `/member/index/login.html` | High
+18 | File | `/proc/self/setgroups` | High
-19 | File | `/nova/bin/detnet` | High
+19 | File | `/public/plugins/` | High
-20 | File | `/op/op.LockDocument.php` | High
+20 | File | `/rest/api/latest/user/avatar/temporary` | High
-21 | File | `/public/plugins/` | High
+21 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
-22 | File | `/rest/api/2/search` | High
+22 | File | `/sm/api/v1/firewall/zone/services` | High
-23 | File | `/rest/api/latest/projectvalidate/key` | High
+23 | File | `/src/njs_vmcode.c` | High
-24 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
+24 | File | `/system/user/resetPwd` | High
-25 | File | `/SAP_Information_System/controllers/add_admin.php` | High
+25 | File | `/tmp/app/.env` | High
-26 | File | `/sm/api/v1/firewall/zone/services` | High
+26 | File | `/uncpath/` | Medium
-27 | File | `/src/njs_vmcode.c` | High
+27 | File | `/user-utils/users/md5.json` | High
-28 | File | `/system/tool/ping.php` | High
+28 | File | `/var/adm/btmp` | High
-29 | File | `/system/user/resetPwd` | High
+29 | File | `/websocket/exec` | High
-30 | File | `/tmp/app/.env` | High
+30 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-31 | File | `/uncpath/` | Medium
+31 | File | `/x_program_center/jaxrs/invoke` | High
-32 | File | `/wp-admin/admin-ajax.php` | High
+32 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-33 | ... | ... | ...
+33 | File | `add_vhost.php` | High
 34 | File | `admin.inc.php` | High
 35 | File | `admin/conf_users_edit.php` | High
 36 | File | `admin/index.php` | High
 37 | ... | ... | ...
-There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Gh0stRAT/README.md
+++ b/actors/Gh0stRAT/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [VN](https://vuldb.com/?country.vn)
 * ...
-There are 14 more country items available. Please use our online service to access the data.
+There are 11 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -91,39 +91,49 @@ ID | Type | Indicator | Confidence
 4 | File | `//` | Low
 5 | File | `/admin.php?action=themeinstall` | High
 6 | File | `/admin/?setting-base.htm` | High
-7 | File | `/admin/login.php` | High
+7 | File | `/admin/admin_login.php` | High
-8 | File | `/apply_noauth.cgi` | High
+8 | File | `/admin/login.php` | High
-9 | File | `/audit/log/log_management.php` | High
+9 | File | `/apply_noauth.cgi` | High
-10 | File | `/bin/login` | Medium
+10 | File | `/audit/log/log_management.php` | High
-11 | File | `/bin/sh` | Low
+11 | File | `/bin/login` | Medium
-12 | File | `/cgi-bin/login` | High
+12 | File | `/bin/sh` | Low
-13 | File | `/classes/profile.class.php` | High
+13 | File | `/cgi-bin/login` | High
-14 | File | `/CMD_ACCOUNT_ADMIN` | High
+14 | File | `/classes/profile.class.php` | High
-15 | File | `/core/admin/categories.php` | High
+15 | File | `/dev/tty` | Medium
-16 | File | `/dev/tty` | Medium
+16 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
 17 | File | `/downloads/` | Medium
-18 | File | `/index.php` | Medium
+18 | File | `/etc/groups` | Medium
-19 | File | `/member/index/login.html` | High
+19 | File | `/index.php` | Medium
-20 | File | `/modules/certinfo/index.php` | High
+20 | File | `/login` | Low
-21 | File | `/MTFWU` | Low
+21 | File | `/login.html` | Medium
-22 | File | `/ptms/classes/Users.php` | High
+22 | File | `/magnoliaPublic/travel/members/login.html` | High
-23 | File | `/ScadaBR/login.htm` | High
+23 | File | `/member/index/login.html` | High
-24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+24 | File | `/modules/certinfo/index.php` | High
-25 | File | `/system/tool/ping.php` | High
+25 | File | `/MTFWU` | Low
-26 | File | `/uncpath/` | Medium
+26 | File | `/ptms/classes/Users.php` | High
-27 | File | `/updown/upload.cgi` | High
+27 | File | `/ScadaBR/login.htm` | High
-28 | File | `/upload` | Low
+28 | File | `/system/tool/ping.php` | High
-29 | File | `/usr/bin/pkexec` | High
+29 | File | `/uncpath/` | Medium
-30 | File | `/wp-json` | Medium
+30 | File | `/usr/bin/pkexec` | High
-31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+31 | File | `/var/adm/btmp` | High
-32 | File | `?location=search` | High
+32 | File | `/wp-json` | Medium
-33 | File | `account/login.php` | High
+33 | File | `?location=search` | High
-34 | File | `add.php` | Low
+34 | File | `account/login.php` | High
-35 | File | `admin.php` | Medium
+35 | File | `add.php` | Low
-36 | File | `admin.php?m=backup&c=backup&a=doback` | High
+36 | File | `admin.inc.php` | High
-37 | ... | ... | ...
+37 | File | `admin.php` | Medium
 38 | File | `admin.php?m=backup&c=backup&a=doback` | High
 39 | File | `admin/conf_users_edit.php` | High
 40 | File | `admin/index.php` | High
 41 | File | `admin/login.asp` | High
 42 | File | `admin/login.php` | High
 43 | File | `admin/nos/login` | High
 44 | File | `admin\db\DoSql.php` | High
 45 | File | `agenda.php3` | Medium
 46 | File | `ajaxp.php` | Medium
 47 | ... | ... | ...
-There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 410 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/GoGoogle/README.md
+++ b/actors/GoGoogle/README.md
@ -0,0 +1,63 @@
 # GoGoogle - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GoGoogle](https://vuldb.com/?actor.gogoogle). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gogoogle](https://vuldb.com/?actor.gogoogle)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GoGoogle:
 * [GB](https://vuldb.com/?country.gb)
 * [US](https://vuldb.com/?country.us)
 * [IN](https://vuldb.com/?country.in)
 * ...
 There are 3 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GoGoogle.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [93.174.95.73](https://vuldb.com/?ip.93.174.95.73) | - | - | High
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GoGoogle_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GoGoogle. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/api/addusers` | High
 2 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
 3 | File | `/public/login.htm` | High
 4 | ... | ... | ...
 There are 5 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://thedfirreport.com/2020/04/04/gogoogle-ransomware/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Gootkit/README.md
+++ b/actors/Gootkit/README.md
@ -0,0 +1,75 @@
 # Gootkit - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gootkit](https://vuldb.com/?actor.gootkit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gootkit](https://vuldb.com/?actor.gootkit)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gootkit:
 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
 * [CN](https://vuldb.com/?country.cn)
 * ...
 There are 7 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gootkit.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [31.214.157.14](https://vuldb.com/?ip.31.214.157.14) | dev.neto-svedberg.com | - | High
 2 | [31.214.157.162](https://vuldb.com/?ip.31.214.157.162) | crm.tuxexpert.com | - | High
 3 | [109.230.199.13](https://vuldb.com/?ip.109.230.199.13) | sw1-wg.celo.net | - | High
 4 | ... | ... | ... | ...
 There are 11 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Gootkit_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
 There are 3 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gootkit. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.htaccess` | Medium
 2 | File | `/addnews.html` | High
 3 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
 4 | File | `/download` | Medium
 5 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
 6 | File | `/uncpath/` | Medium
 7 | ... | ... | ...
 There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://blog.talosintelligence.com/2019/10/threat-roundup-1011-1018.html
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/GreyEnergy/README.md
+++ b/actors/GreyEnergy/README.md
@ -86,7 +86,7 @@ ID | Type | Indicator | Confidence
 35 | File | `admin/edit-comments.php` | High
 36 | ... | ... | ...
-There are 312 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/Steppe/README.md
+++ b/Steppe/README.md
@ -175,36 +175,37 @@ ID | Type | Indicator | Confidence
 5 | File | `/admin.php/admin/ulog/index.html` | High
 6 | File | `/admin/configure.php` | High
 7 | File | `/admin/doctors/view_doctor.php` | High
-8 | File | `/api/crontab` | Medium
+8 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-9 | File | `/api/trackedEntityInstances` | High
+9 | File | `/api/crontab` | Medium
-10 | File | `/AvalancheWeb/image` | High
+10 | File | `/api/students/me/messages/` | High
-11 | File | `/category.php` | High
+11 | File | `/api/trackedEntityInstances` | High
-12 | File | `/cgi-bin/uploadAccessCodePic` | High
+12 | File | `/AvalancheWeb/image` | High
-13 | File | `/cms/ajax.php` | High
+13 | File | `/category.php` | High
-14 | File | `/context/%2e/WEB-INF/web.xml` | High
+14 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
-15 | File | `/dev/dri/card1` | High
+15 | File | `/cdsms/classes/Master.php?f=delete_package` | High
-16 | File | `/export` | Low
+16 | File | `/cgi-bin/uploadAccessCodePic` | High
-17 | File | `/file?action=download&file` | High
+17 | File | `/common/info.cgi` | High
-18 | File | `/goform/setIPv6Status` | High
+18 | File | `/context/%2e/WEB-INF/web.xml` | High
-19 | File | `/images` | Low
+19 | File | `/dev/dri/card1` | High
-20 | File | `/include/chart_generator.php` | High
+20 | File | `/export` | Low
-21 | File | `/include/make.php` | High
+21 | File | `/file?action=download&file` | High
-22 | File | `/InternalPages/ExecuteTask.aspx` | High
+22 | File | `/goform/setIPv6Status` | High
-23 | File | `/music/ajax.php` | High
+23 | File | `/goform/WifiExtraSet` | High
-24 | File | `/nova/bin/sniffer` | High
+24 | File | `/images` | Low
-25 | File | `/pandora_console/ajax.php` | High
+25 | File | `/include/chart_generator.php` | High
-26 | File | `/principals` | Medium
+26 | File | `/include/make.php` | High
-27 | File | `/public/plugins/` | High
+27 | File | `/InternalPages/ExecuteTask.aspx` | High
-28 | File | `/SASWebReportStudio/logonAndRender.do` | High
+28 | File | `/nova/bin/sniffer` | High
-29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+29 | File | `/principals` | Medium
-30 | File | `/system/bin/osi_bin` | High
+30 | File | `/public/plugins/` | High
-31 | File | `/tmp` | Low
+31 | File | `/reps/admin/?page=agents/manage_agent` | High
-32 | File | `/TMS/admin/setting/mail/createorupdate` | High
+32 | File | `/reps/classes/Master.php?f=delete_estate` | High
-33 | File | `/uncpath/` | Medium
+33 | File | `/SASWebReportStudio/logonAndRender.do` | High
-34 | File | `/web/MCmsAction.java` | High
+34 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-35 | ... | ... | ...
+35 | File | `/system/bin/osi_bin` | High
 36 | ... | ... | ...
-There are 301 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 306 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Hancitor/README.md
+++ b/actors/Hancitor/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [CN](https://vuldb.com/?country.cn)
 * ...
-There are 14 more country items available. Please use our online service to access the data.
+There are 13 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -75,35 +75,34 @@ ID | Type | Indicator | Confidence
 10 | File | `/inc/parser/xhtml.php` | High
 11 | File | `/login` | Low
 12 | File | `/modules/profile/index.php` | High
-13 | File | `/objects/getImageMP4.php` | High
+13 | File | `/nova/bin/console` | High
-14 | File | `/one_church/userregister.php` | High
+14 | File | `/objects/getImageMP4.php` | High
-15 | File | `/out.php` | Medium
+15 | File | `/one_church/userregister.php` | High
-16 | File | `/public/plugins/` | High
+16 | File | `/out.php` | Medium
-17 | File | `/replication` | Medium
+17 | File | `/public/plugins/` | High
-18 | File | `/req_password_user.php` | High
+18 | File | `/replication` | Medium
-19 | File | `/SAP_Information_System/controllers/add_admin.php` | High
+19 | File | `/req_password_user.php` | High
-20 | File | `/SASWebReportStudio/logonAndRender.do` | High
+20 | File | `/SAP_Information_System/controllers/add_admin.php` | High
-21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+21 | File | `/SASWebReportStudio/logonAndRender.do` | High
-22 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-23 | File | `/secure/QueryComponent!Default.jspa` | High
+23 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-24 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
+24 | File | `/secure/QueryComponent!Default.jspa` | High
-25 | File | `/tmp` | Low
+25 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
-26 | File | `/tmp/phpglibccheck` | High
+26 | File | `/tmp` | Low
-27 | File | `/uncpath/` | Medium
+27 | File | `/tmp/phpglibccheck` | High
-28 | File | `/usr/syno/etc/mount.conf` | High
+28 | File | `/uncpath/` | Medium
-29 | File | `/WEB-INF/web.xml` | High
+29 | File | `/usr/syno/etc/mount.conf` | High
-30 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
+30 | File | `/WEB-INF/web.xml` | High
-31 | File | `/wp-json/oembed/1.0/embed?url` | High
+31 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
-32 | File | `adclick.php` | Medium
+32 | File | `/wp-json/oembed/1.0/embed?url` | High
-33 | File | `addentry.php` | Medium
+33 | File | `adclick.php` | Medium
-34 | File | `admin.cropcanvas.php` | High
+34 | File | `addentry.php` | Medium
 35 | File | `admin.jcomments.php` | High
 36 | File | `admin.php` | Medium
 37 | File | `admin/conf_users_edit.php` | High
-38 | File | `admin/create-package.php` | High
+38 | ... | ... | ...
 39 | ... | ... | ...
-There are 339 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Hive0117/README.md
+++ b/actors/Hive0117/README.md
@ -0,0 +1,36 @@
 # Hive0117 - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hive0117](https://vuldb.com/?actor.hive0117). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hive0117](https://vuldb.com/?actor.hive0117)
 ## Campaigns
 The following _campaigns_ are known and can be associated with Hive0117:
 * DarkWatchman
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hive0117.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [103.153.157.33](https://vuldb.com/?ip.103.153.157.33) | 103-153-157-33.ip.fulltimehosting.net | DarkWatchman | High
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://securityintelligence.com/posts/hive00117-fileless-malware-delivery-eastern-europe/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/IcedID/README.md
+++ b/actors/IcedID/README.md
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.icedid](https://vuldb.com/?actor.icedid)
 ## Campaigns
 The following _campaigns_ are known and can be associated with IcedID:
 * Cobalt Strike
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with IcedID:
@ -13,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [RU](https://vuldb.com/?country.ru)
 * ...
-There are 17 more country items available. Please use our online service to access the data.
+There are 20 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -21,25 +27,27 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [5.149.252.179](https://vuldb.com/?ip.5.149.252.179) | hnh7.arenal.xyz | - | High
+1 | [5.61.46.161](https://vuldb.com/?ip.5.61.46.161) | - | - | High
-2 | [31.24.224.12](https://vuldb.com/?ip.31.24.224.12) | 1f18e00c.setaptr.net | - | High
+2 | [5.149.252.179](https://vuldb.com/?ip.5.149.252.179) | hnh7.arenal.xyz | - | High
-3 | [31.24.228.170](https://vuldb.com/?ip.31.24.228.170) | 31.24.228.170.static.midphase.com | - | High
+3 | [31.24.224.12](https://vuldb.com/?ip.31.24.224.12) | 1f18e00c.setaptr.net | - | High
-4 | [31.184.199.11](https://vuldb.com/?ip.31.184.199.11) | dalesmanager.com | - | High
+4 | [31.24.228.170](https://vuldb.com/?ip.31.24.228.170) | 31.24.228.170.static.midphase.com | - | High
-5 | [45.129.99.241](https://vuldb.com/?ip.45.129.99.241) | 354851-vds-mamozw.gmhost.pp.ua | - | High
+5 | [31.184.199.11](https://vuldb.com/?ip.31.184.199.11) | dalesmanager.com | - | High
-6 | [45.138.172.179](https://vuldb.com/?ip.45.138.172.179) | - | - | High
+6 | [37.120.222.100](https://vuldb.com/?ip.37.120.222.100) | - | - | High
-7 | [45.147.228.198](https://vuldb.com/?ip.45.147.228.198) | - | - | High
+7 | [45.129.99.241](https://vuldb.com/?ip.45.129.99.241) | 354851-vds-mamozw.gmhost.pp.ua | - | High
-8 | [45.147.230.82](https://vuldb.com/?ip.45.147.230.82) | - | - | High
+8 | [45.138.172.179](https://vuldb.com/?ip.45.138.172.179) | - | - | High
-9 | [45.147.230.88](https://vuldb.com/?ip.45.147.230.88) | mailnode7.bulletproof-mail.biz | - | High
+9 | [45.147.228.198](https://vuldb.com/?ip.45.147.228.198) | - | - | High
-10 | [45.147.231.113](https://vuldb.com/?ip.45.147.231.113) | - | - | High
+10 | [45.147.230.82](https://vuldb.com/?ip.45.147.230.82) | - | - | High
-11 | [45.153.240.135](https://vuldb.com/?ip.45.153.240.135) | - | - | High
+11 | [45.147.230.88](https://vuldb.com/?ip.45.147.230.88) | mailnode7.bulletproof-mail.biz | - | High
-12 | [45.153.241.115](https://vuldb.com/?ip.45.153.241.115) | - | - | High
+12 | [45.147.231.113](https://vuldb.com/?ip.45.147.231.113) | - | - | High
-13 | [46.17.98.191](https://vuldb.com/?ip.46.17.98.191) | - | - | High
+13 | [45.153.240.135](https://vuldb.com/?ip.45.153.240.135) | - | - | High
-14 | [46.249.62.199](https://vuldb.com/?ip.46.249.62.199) | - | - | High
+14 | [45.153.241.115](https://vuldb.com/?ip.45.153.241.115) | - | - | High
-15 | [79.141.161.176](https://vuldb.com/?ip.79.141.161.176) | zzs7bp73.copycomdigital.com | - | High
+15 | [46.17.98.191](https://vuldb.com/?ip.46.17.98.191) | - | - | High
-16 | [79.141.164.241](https://vuldb.com/?ip.79.141.164.241) | x6ts.mtsgamingpro.fun | - | High
+16 | [46.249.62.199](https://vuldb.com/?ip.46.249.62.199) | - | - | High
-17 | ... | ... | ... | ...
+17 | [79.141.161.176](https://vuldb.com/?ip.79.141.161.176) | zzs7bp73.copycomdigital.com | - | High
 18 | [79.141.164.241](https://vuldb.com/?ip.79.141.164.241) | x6ts.mtsgamingpro.fun | - | High
 19 | ... | ... | ... | ...
-There are 66 more IOC items available. Please use our online service to access the data.
+There are 74 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -66,52 +74,49 @@ ID | Type | Indicator | Confidence
 4 | File | `/anony/mjpg.cgi` | High
 5 | File | `/bin/sh` | Low
 6 | File | `/cgi-bin/editBookmark` | High
-7 | File | `/etc/shadow` | Medium
+7 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
-8 | File | `/EXCU_SHELL` | Medium
+8 | File | `/etc/shadow` | Medium
-9 | File | `/export` | Low
+9 | File | `/EXCU_SHELL` | Medium
-10 | File | `/GetSimpleCMS-3.3.15/admin/log.php` | High
+10 | File | `/export` | Low
-11 | File | `/goform/addressNat` | High
+11 | File | `/GetSimpleCMS-3.3.15/admin/log.php` | High
-12 | File | `/iisadmpwd` | Medium
+12 | File | `/goform/addressNat` | High
-13 | File | `/include/menu_v.inc.php` | High
+13 | File | `/iisadmpwd` | Medium
-14 | File | `/lms/admin.php` | High
+14 | File | `/include/menu_v.inc.php` | High
-15 | File | `/mc` | Low
+15 | File | `/lms/admin.php` | High
-16 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
+16 | File | `/mc` | Low
-17 | File | `/opt/novell/ncl/bin/nwrights` | High
+17 | File | `/opt/IBM/es/lib/libffq.cryptionjni.so` | High
-18 | File | `/out.php` | Medium
+18 | File | `/opt/novell/ncl/bin/nwrights` | High
-19 | File | `/proc/*/cmdline"` | High
+19 | File | `/out.php` | Medium
-20 | File | `/proc/pid/syscall` | High
+20 | File | `/proc/*/cmdline"` | High
-21 | File | `/rest/review-coverage-chart/1.0/data/<repository_name>/.json` | High
+21 | File | `/proc/pid/syscall` | High
-22 | File | `/uncpath/` | Medium
+22 | File | `/rest/review-coverage-chart/1.0/data/<repository_name>/.json` | High
-23 | File | `/var/log/pcp/configs.sh` | High
+23 | File | `/TeamMate/Upload/DomainObjectDocumentUpload.ashx` | High
-24 | File | `/webconsole/APIController` | High
+24 | File | `/uncpath/` | Medium
-25 | File | `/WWW//app/admin/controller/admincontroller.php` | High
+25 | File | `/var/log/pcp/configs.sh` | High
-26 | File | `a-b-membres.php` | High
+26 | File | `/webconsole/APIController` | High
-27 | File | `action.php` | Medium
+27 | File | `/wp-admin/admin-ajax.php` | High
-28 | File | `admin-search.php` | High
+28 | File | `/WWW//app/admin/controller/admincontroller.php` | High
-29 | File | `admin.jcomments.php` | High
+29 | File | `a-b-membres.php` | High
-30 | File | `admin/adminsignin.html` | High
+30 | File | `action.php` | Medium
-31 | File | `admin/index.php` | High
+31 | File | `admin-search.php` | High
-32 | File | `admin/plugin.php` | High
+32 | File | `admin.jcomments.php` | High
-33 | File | `admin/test.php` | High
+33 | File | `admin/adminsignin.html` | High
-34 | File | `admin/versions.html` | High
+34 | File | `admin/index.php` | High
-35 | File | `administrator/index.php?option=com_pago&view=comments` | High
+35 | File | `admin/infoclass_update.php` | High
-36 | File | `Adminlog.asp` | Medium
+36 | File | `admin/plugin.php` | High
-37 | File | `admin_iplog.php` | High
+37 | File | `admin/test.php` | High
-38 | File | `ajax.php` | Medium
+38 | File | `admin/versions.html` | High
-39 | File | `ajax_admin_apis.php` | High
+39 | File | `administrator/index.php?option=com_pago&view=comments` | High
-40 | File | `ajax_php_pecl.php` | High
+40 | File | `Adminlog.asp` | Medium
-41 | File | `antserver.exe` | High
+41 | File | `admin_iplog.php` | High
-42 | File | `api.cc` | Low
+42 | File | `ajax.php` | Medium
-43 | File | `api/ApiQueryCheckUser.php` | High
+43 | File | `ajax_admin_apis.php` | High
-44 | File | `app/helpers/application_helper.rb` | High
+44 | File | `ajax_php_pecl.php` | High
-45 | File | `app\conference_controls\conference_control_details.php` | High
+45 | File | `allocate_block.cpp` | High
-46 | File | `apt/package.py` | High
+46 | File | `api.cc` | Low
-47 | File | `arch/x86/include/asm/uaccess.h` | High
+47 | ... | ... | ...
 48 | File | `architext.conf` | High
 49 | File | `archive/savedqueries/savequeryfinish.html` | High
 50 | ... | ... | ...
-There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -127,6 +132,8 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/
 * https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
 * https://research.checkpoint.com/2021/melting-ice-tracking-icedid-servers-with-a-few-simple-steps/
 * https://thedfirreport.com/2021/07/19/icedid-and-cobalt-strike-vs-antivirus/
 * https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
 ## Literature
--- a/actors/Inception/README.md
+++ b/actors/Inception/README.md
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...
-There are 8 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -57,33 +57,31 @@ ID | Type | Indicator | Confidence
 2 | File | `/admin/inbox.php&action=read` | High
 3 | File | `/admin/news/news_mod.php` | High
 4 | File | `/admin/page_edit/3` | High
-5 | File | `/apps/acs-commons/content/page-compare.html` | High
+5 | File | `/administrator/alerts/alertLightbox.php` | High
-6 | File | `/blog/blog.php` | High
+6 | File | `/apps/acs-commons/content/page-compare.html` | High
-7 | File | `/cgi-bin/uploadWeiXinPic` | High
+7 | File | `/blog/blog.php` | High
-8 | File | `/domain/service/.ewell-known/caldav` | High
+8 | File | `/cgi-bin/main.cgi` | High
-9 | File | `/dvcset/sysset/set.cgi` | High
+9 | File | `/cgi-bin/uploadWeiXinPic` | High
-10 | File | `/example/editor` | High
+10 | File | `/controller/Adv.php` | High
-11 | File | `/include/make.php` | High
+11 | File | `/domain/service/.ewell-known/caldav` | High
-12 | File | `/jquery_file_upload/server/php/index.php` | High
+12 | File | `/dvcset/sysset/set.cgi` | High
-13 | File | `/mobile/SelectUsers.jsp` | High
+13 | File | `/example/editor` | High
-14 | File | `/php/ajax.php` | High
+14 | File | `/include/make.php` | High
-15 | File | `/ProteinArraySignificanceTest.json` | High
+15 | File | `/jquery_file_upload/server/php/index.php` | High
-16 | File | `/ptms/classes/Users.php` | High
+16 | File | `/mobile/SelectUsers.jsp` | High
-17 | File | `/public/admin/index.php?add_product` | High
+17 | File | `/php/ajax.php` | High
-18 | File | `/system/bin/osi_bin` | High
+18 | File | `/ProteinArraySignificanceTest.json` | High
-19 | File | `/usr/local/bin/mjs` | High
+19 | File | `/ptms/classes/Users.php` | High
-20 | File | `/wp-content/uploads/jobmonster/` | High
+20 | File | `/public/admin/index.php?add_product` | High
-21 | File | `/zbzedit/php/zbz.php` | High
+21 | File | `/role/saveOrUpdateRole.do` | High
-22 | File | `ActiveServices.java` | High
+22 | File | `/system/bin/osi_bin` | High
-23 | File | `admin/bad.php` | High
+23 | File | `/usr/local/bin/mjs` | High
-24 | File | `admin/dl_sendmail.php` | High
+24 | File | `/wp-content/uploads/jobmonster/` | High
-25 | File | `admin/htaccess/bpsunlock.php` | High
+25 | File | `/zbzedit/php/zbz.php` | High
-26 | File | `admin/pages/useredit.php` | High
+26 | File | `ActiveServices.java` | High
-27 | File | `AlertReceiver.java` | High
+27 | ... | ... | ...
 28 | File | `alfresco/s/admin/admin-nodebrowser` | High
 29 | ... | ... | ...
-There are 244 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 224 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Kimsuky/README.md
+++ b/actors/Kimsuky/README.md
@ -76,15 +76,15 @@ ID | Type | Indicator | Confidence
 16 | File | `/public/plugins/` | High
 17 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
 18 | File | `/SASWebReportStudio/logonAndRender.do` | High
-19 | File | `/tlogin.cgi` | Medium
+19 | File | `/scas/admin/` | Medium
-20 | File | `/tmp/scfgdndf` | High
+20 | File | `/tlogin.cgi` | Medium
-21 | File | `/uncpath/` | Medium
+21 | File | `/tmp/scfgdndf` | High
-22 | File | `/upload` | Low
+22 | File | `/uncpath/` | Medium
-23 | File | `/usr/ucb/mail` | High
+23 | File | `/upload` | Low
-24 | File | `/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php` | High
+24 | File | `/usr/ucb/mail` | High
 25 | ... | ... | ...
-There are 205 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 209 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Kinsing/README.md
+++ b/actors/Kinsing/README.md
@ -99,7 +99,7 @@ ID | Type | Indicator | Confidence
 37 | File | `blog.php` | Medium
 38 | ... | ... | ...
-There are 328 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Lapsus/README.md
+++ b/actors/Lapsus/README.md
@ -0,0 +1,79 @@
 # Lapsus - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Lapsus](https://vuldb.com/?actor.lapsus). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.lapsus](https://vuldb.com/?actor.lapsus)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lapsus:
 * [US](https://vuldb.com/?country.us)
 * [GB](https://vuldb.com/?country.gb)
 * [GR](https://vuldb.com/?country.gr)
 * ...
 There are 8 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Lapsus.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [104.238.222.158](https://vuldb.com/?ip.104.238.222.158) | - | - | High
 2 | [108.61.173.214](https://vuldb.com/?ip.108.61.173.214) | 108.61.173.214.vultrusercontent.com | - | High
 3 | [185.169.255.74](https://vuldb.com/?ip.185.169.255.74) | - | - | High
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Lapsus_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1211 | CWE-254, CWE-358 | 7PK Security Features | High
 4 | ... | ... | ... | ...
 There are 3 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Lapsus. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.env` | Low
 2 | File | `/cbpos/` | Low
 3 | File | `/context/%2e/WEB-INF/web.xml` | High
 4 | File | `/forum/away.php` | High
 5 | File | `/horde/util/go.php` | High
 6 | File | `/plain` | Low
 7 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
 8 | File | `/uncpath/` | Medium
 9 | File | `admin/admin.shtml` | High
 10 | File | `admin/import/class-import-settings.php` | High
 11 | File | `Administration/Controllers/ImportController.cs` | High
 12 | File | `administrator/components/com_media/helpers/media.php` | High
 13 | File | `base/PdfString.cpp` | High
 14 | ... | ... | ...
 There are 106 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://research.nccgroup.com/2022/04/28/lapsus-recent-techniques-tactics-and-procedures/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Lazarus/README.md
+++ b/actors/Lazarus/README.md
@ -20,8 +20,8 @@ There are 7 more campaign items available. Please use our online service to acce
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lazarus:
 * [VN](https://vuldb.com/?country.vn)
 * [FR](https://vuldb.com/?country.fr)
 * [IN](https://vuldb.com/?country.in)
 * [US](https://vuldb.com/?country.us)
 * ...
 There are 4 more country items available. Please use our online service to access the data.
@ -225,12 +225,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 7 more TTP items available. Please use our online service to access the data.
+There are 4 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -243,22 +243,16 @@ ID | Type | Indicator | Confidence
 3 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
 4 | File | `/admin/inbox.php&action=delete` | High
 5 | File | `/admin/inbox.php&action=read` | High
-6 | File | `/admin/index.php` | High
+6 | File | `/admin/pagerole.php&action=display&value=1` | High
-7 | File | `/admin/pagerole.php&action=display&value=1` | High
+7 | File | `/admin/pagerole.php&action=edit` | High
-8 | File | `/admin/pagerole.php&action=edit` | High
+8 | File | `/admin/posts.php` | High
-9 | File | `/admin/posts.php` | High
+9 | File | `/admin/posts.php&action=delete` | High
-10 | File | `/admin/posts.php&action=delete` | High
+10 | File | `/admin/posts.php&action=edit` | High
-11 | File | `/admin/posts.php&action=edit` | High
+11 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
 12 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
-13 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
+13 | ... | ... | ...
 14 | File | `/admin/uesrs.php&action=display&value=Show` | High
 15 | File | `/apps/acs-commons/content/page-compare.html` | High
 16 | File | `/blog/blog.php` | High
 17 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
 18 | File | `/cdsms/classes/Master.php?f=delete_package` | High
 19 | ... | ... | ...
-There are 152 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/Press/README.md
+++ b/Press/README.md
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Liberty Front Press:
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
 * [VN](https://vuldb.com/?country.vn)
 * [CN](https://vuldb.com/?country.cn)
 * ...
-There are 24 more country items available. Please use our online service to access the data.
+There are 25 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -104,40 +104,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.ssh/authorized_keys` | High
-2 | File | `/CMD_ACCOUNT_ADMIN` | High
+2 | File | `/admin.php` | Medium
-3 | File | `/context/%2e/WEB-INF/web.xml` | High
+3 | File | `/CMD_ACCOUNT_ADMIN` | High
-4 | File | `/core/admin/categories.php` | High
+4 | File | `/context/%2e/WEB-INF/web.xml` | High
-5 | File | `/etc/hosts` | Medium
+5 | File | `/core/admin/categories.php` | High
-6 | File | `/etc/sudoers` | Medium
+6 | File | `/etc/groups` | Medium
-7 | File | `/filemanager/php/connector.php` | High
+7 | File | `/etc/hosts` | Medium
-8 | File | `/forum/away.php` | High
+8 | File | `/etc/sudoers` | Medium
-9 | File | `/modules/profile/index.php` | High
+9 | File | `/filemanager/php/connector.php` | High
-10 | File | `/MTFWU` | Low
+10 | File | `/forum/away.php` | High
-11 | File | `/new` | Low
+11 | File | `/modules/profile/index.php` | High
-12 | File | `/proc/<pid>/status` | High
+12 | File | `/MTFWU` | Low
-13 | File | `/public/plugins/` | High
+13 | File | `/new` | Low
-14 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+14 | File | `/proc/<pid>/status` | High
-15 | File | `/secure/QueryComponent!Default.jspa` | High
+15 | File | `/public/plugins/` | High
-16 | File | `/server-info` | Medium
+16 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-17 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+17 | File | `/secure/QueryComponent!Default.jspa` | High
-18 | File | `/tmp` | Low
+18 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-19 | File | `/uncpath/` | Medium
+19 | File | `/tmp` | Low
-20 | File | `/updown/upload.cgi` | High
+20 | File | `/uncpath/` | Medium
-21 | File | `/usr/bin/pkexec` | High
+21 | File | `/updown/upload.cgi` | High
-22 | File | `/way4acs/enroll` | High
+22 | File | `/usr/bin/pkexec` | High
 23 | File | `4.2.0.CP09` | Medium
 24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
 25 | File | `AccountManagerService.java` | High
 26 | File | `actions/CompanyDetailsSave.php` | High
 27 | File | `ActivityManagerService.java` | High
 28 | File | `admin.php` | Medium
-29 | File | `admin.php/comments/batchdel/` | High
+29 | ... | ... | ...
 30 | File | `admin/add-glossary.php` | High
 31 | File | `admin/conf_users_edit.php` | High
 32 | File | `admin/edit-comments.php` | High
 33 | ... | ... | ...
-There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/LinuxMoose/README.md
+++ b/actors/LinuxMoose/README.md
@ -81,13 +81,13 @@ ID | Type | Indicator | Confidence
 22 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
 23 | File | `AccountManagerService.java` | High
 24 | File | `actions/CompanyDetailsSave.php` | High
-25 | File | `ActiveServices.java` | High
+25 | File | `ActivityManagerService.java` | High
-26 | File | `ActivityManagerService.java` | High
+26 | File | `admin.php` | Medium
-27 | File | `admin.php` | Medium
+27 | File | `admin/add-glossary.php` | High
-28 | File | `admin/add-glossary.php` | High
+28 | File | `admin/conf_users_edit.php` | High
 29 | ... | ... | ...
-There are 247 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 246 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/LoggerMiner/README.md
+++ b/actors/LoggerMiner/README.md
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LoggerMiner:
 * [CN](https://vuldb.com/?country.cn)
 * [JP](https://vuldb.com/?country.jp)
 * [US](https://vuldb.com/?country.us)
 * [GB](https://vuldb.com/?country.gb)
 * ...
 There are 1 more country items available. Please use our online service to access the data.
--- a/actors/Magecart/README.md
+++ b/actors/Magecart/README.md
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Magecart:
 * [CN](https://vuldb.com/?country.cn)
 * [PL](https://vuldb.com/?country.pl)
 * [FR](https://vuldb.com/?country.fr)
 * [CN](https://vuldb.com/?country.cn)
 * ...
-There are 11 more country items available. Please use our online service to access the data.
+There are 10 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -39,7 +39,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
@ -54,33 +54,34 @@ ID | Type | Indicator | Confidence
 1 | File | `/admin-panel1.php` | High
 2 | File | `/admin/delete_image.php` | High
 3 | File | `/admin/login.php` | High
-4 | File | `/administrator/components/table_manager/` | High
+4 | File | `/admin/users.php?source=edit_user&id=1` | High
-5 | File | `/aqpg/users/login.php` | High
+5 | File | `/admin/weixin.php` | High
-6 | File | `/cloud_config/router_post/check_reg_verify_code` | High
+6 | File | `/administrator/components/table_manager/` | High
-7 | File | `/context/%2e/WEB-INF/web.xml` | High
+7 | File | `/apps/acs-commons/content/page-compare.html` | High
-8 | File | `/data-service/users/` | High
+8 | File | `/aqpg/users/login.php` | High
-9 | File | `/etc/config/rpcd` | High
+9 | File | `/cloud_config/router_post/check_reg_verify_code` | High
-10 | File | `/Hospital-Management-System-master/func.php` | High
+10 | File | `/context/%2e/WEB-INF/web.xml` | High
-11 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
+11 | File | `/data-service/users/` | High
-12 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
+12 | File | `/etc/config/rpcd` | High
-13 | File | `/js/app.js` | Medium
+13 | File | `/Hospital-Management-System-master/func.php` | High
-14 | File | `/ManageRoute/postRoute` | High
+14 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
-15 | File | `/message-bus/_diagnostics` | High
+15 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
-16 | File | `/ms/cms/content/list.do` | High
+16 | File | `/js/app.js` | Medium
-17 | File | `/one_church/churchprofile.php` | High
+17 | File | `/ManageRoute/postRoute` | High
-18 | File | `/php/ajax.php` | High
+18 | File | `/ms/cms/content/list.do` | High
-19 | File | `/public/plugins/` | High
+19 | File | `/one_church/churchprofile.php` | High
-20 | File | `/public_html/apply_vacancy` | High
+20 | File | `/php/ajax.php` | High
-21 | File | `/rest-service-fecru/server-v1` | High
+21 | File | `/public/plugins/` | High
-22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+22 | File | `/public_html/apply_vacancy` | High
-23 | File | `/secure/EditSubscription.jspa` | High
+23 | File | `/purchase_order/admin/?page=user` | High
-24 | File | `/secure/QueryComponent!Default.jspa` | High
+24 | File | `/rest-service-fecru/server-v1` | High
-25 | File | `/tmp` | Low
+25 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-26 | File | `/tmp/swhkd.sock` | High
+26 | File | `/student-grading-system/rms.php?page=school_year` | High
-27 | File | `/uncpath/` | Medium
+27 | File | `/tmp` | Low
-28 | ... | ... | ...
+28 | File | `/tmp/swhkd.sock` | High
 29 | ... | ... | ...
-There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/Hound/README.md
+++ b/Hound/README.md
@ -61,10 +61,10 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1211 | CWE-254, CWE-358 | 7PK Security Features | High
+3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 4 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -78,23 +78,26 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/loginc.php` | High
 5 | File | `/auditLogAction.do` | High
 6 | File | `/cgi-bin/wapopen` | High
-7 | File | `/etc/ajenti/config.yml` | High
+7 | File | `/devices/acurite.c` | High
-8 | File | `/getcfg.php` | Medium
+8 | File | `/etc/ajenti/config.yml` | High
-9 | File | `/GetCSSashx/?CP=%2fwebconfig` | High
+9 | File | `/example/editor` | High
-10 | File | `/plugin` | Low
+10 | File | `/getcfg.php` | Medium
-11 | File | `/rating.php` | Medium
+11 | File | `/GetCSSashx/?CP=%2fwebconfig` | High
-12 | File | `/services/prefs.php` | High
+12 | File | `/goform/login_process` | High
-13 | File | `/src/njs_object.c` | High
+13 | File | `/goform/rlmswitchr_process` | High
-14 | File | `/uncpath/` | Medium
+14 | File | `/goforms/rlminfo` | High
-15 | File | `/wordpress-gallery-transformation/gallery.php` | High
+15 | File | `/plugin` | Low
-16 | File | `adclick.php` | Medium
+16 | File | `/rating.php` | Medium
-17 | File | `add_to_cart.php` | High
+17 | File | `/scas/admin/` | Medium
-18 | File | `admin.php` | Medium
+18 | File | `/scas/classes/Users.php?f=save_user` | High
-19 | File | `admin/config/confmgr.php` | High
+19 | File | `/services/prefs.php` | High
-20 | File | `admin/index.php` | High
+20 | File | `/src/njs_object.c` | High
-21 | ... | ... | ...
+21 | File | `/uncpath/` | Medium
 22 | File | `/wordpress-gallery-transformation/gallery.php` | High
 23 | File | `adclick.php` | Medium
 24 | ... | ... | ...
-There are 174 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Molerats/README.md
+++ b/actors/Molerats/README.md
@ -90,7 +90,7 @@ ID | Type | Indicator | Confidence
 29 | File | `apport/hookutils.py` | High
 30 | ... | ... | ...
-There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 252 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/Panda/README.md
+++ b/Panda/README.md
@ -10,6 +10,7 @@ The following _campaigns_ are known and can be associated with Mustang Panda:
 * Diànxùn
 * Hodur
 * PlugX
 ## Countries
@ -34,11 +35,12 @@ ID | IP address | Hostname | Campaign | Confidence
 4 | [45.32.50.150](https://vuldb.com/?ip.45.32.50.150) | 45.32.50.150.vultr.com | - | Medium
 5 | [45.77.184.12](https://vuldb.com/?ip.45.77.184.12) | comm.phiu.pw | - | High
 6 | [45.131.179.179](https://vuldb.com/?ip.45.131.179.179) | - | Hodur | High
-7 | [45.154.14.235](https://vuldb.com/?ip.45.154.14.235) | - | Hodur | High
+7 | [45.134.83.41](https://vuldb.com/?ip.45.134.83.41) | - | PlugX | High
-8 | [45.248.87.14](https://vuldb.com/?ip.45.248.87.14) | - | - | High
+8 | [45.154.14.235](https://vuldb.com/?ip.45.154.14.235) | - | Hodur | High
-9 | ... | ... | ... | ...
+9 | [45.248.87.14](https://vuldb.com/?ip.45.248.87.14) | - | - | High
 10 | ... | ... | ... | ...
-There are 32 more IOC items available. Please use our online service to access the data.
+There are 34 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -70,9 +72,10 @@ ID | Type | Indicator | Confidence
 9 | File | `/uploads/dede` | High
 10 | File | `/way4acs/enroll` | High
 11 | File | `/webtools/control/httpService` | High
-12 | ... | ... | ...
+12 | File | `/_error` | Low
 13 | ... | ... | ...
-There are 97 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 98 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -80,6 +83,8 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://github.com/eset/malware-ioc/tree/master/quarterly_reports/2020_Q2
 * https://twitter.com/ESETresearch/status/1400165861973966854
 * https://twitter.com/xorhex/status/1406496693735067650
 * https://twitter.com/xorhex/status/1422815329684758537
 * https://www.anomali.com/blog/china-based-apt-mustang-panda-targets-minority-groups-public-and-private-sector-organizations
 * https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-dianxun.pdf
 * https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant/
--- a/actors/NetWalker/README.md
+++ b/actors/NetWalker/README.md
@ -0,0 +1,81 @@
 # NetWalker - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [NetWalker](https://vuldb.com/?actor.netwalker). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.netwalker](https://vuldb.com/?actor.netwalker)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with NetWalker:
 * [US](https://vuldb.com/?country.us)
 * [CO](https://vuldb.com/?country.co)
 * [RU](https://vuldb.com/?country.ru)
 * ...
 There are 8 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of NetWalker.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [93.179.69.154](https://vuldb.com/?ip.93.179.69.154) | - | - | High
 2 | [141.98.81.191](https://vuldb.com/?ip.141.98.81.191) | - | - | High
 3 | [173.232.146.37](https://vuldb.com/?ip.173.232.146.37) | - | - | High
 4 | ... | ... | ... | ...
 There are 4 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _NetWalker_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1211 | CWE-254 | 7PK Security Features | High
 4 | ... | ... | ... | ...
 There are 3 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by NetWalker. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
 2 | File | `/apply_noauth.cgi` | High
 3 | File | `/cgi-bin/wapopen` | High
 4 | File | `/config.cgi?webmin` | High
 5 | File | `/lib/` | Low
 6 | File | `/public/login.htm` | High
 7 | File | `/rom-0` | Low
 8 | File | `/uncpath/` | Medium
 9 | File | `/var/run/beaker/container_file/` | High
 10 | File | `/wordpress/wp-admin/options-general.php` | High
 11 | File | `/workspaceCleanup` | High
 12 | File | `5.2.9\syscrb.exe` | High
 13 | ... | ... | ...
 There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://thedfirreport.com/2020/08/31/netwalker-ransomware-in-1-hour/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/PYSA/README.md
+++ b/actors/PYSA/README.md
@ -0,0 +1,104 @@
 # PYSA - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PYSA](https://vuldb.com/?actor.pysa). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.pysa](https://vuldb.com/?actor.pysa)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PYSA:
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
 * [DE](https://vuldb.com/?country.de)
 * ...
 There are 4 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PYSA.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [23.129.64.190](https://vuldb.com/?ip.23.129.64.190) | - | - | High
 2 | [45.147.231.210](https://vuldb.com/?ip.45.147.231.210) | - | - | High
 3 | [185.220.100.240](https://vuldb.com/?ip.185.220.100.240) | tor-exit-13.zbau.f3netze.de | - | High
 4 | ... | ... | ... | ...
 There are 2 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PYSA_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
 2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...
 There are 9 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PYSA. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/admin-panel1.php` | High
 2 | File | `/admin.php/admin/plog/index.html` | High
 3 | File | `/admin.php/admin/website/data.html` | High
 4 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
 5 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
 6 | File | `/admin/config` | High
 7 | File | `/admin/file-manager/` | High
 8 | File | `/admin/inbox.php&action=delete` | High
 9 | File | `/admin/news/news_mod.php` | High
 10 | File | `/admin/posts.php` | High
 11 | File | `/administrator/alerts/alertLightbox.php` | High
 12 | File | `/admin_page/all-files-update-ajax.php` | High
 13 | File | `/agenttrayicon` | High
 14 | File | `/api/servers` | Medium
 15 | File | `/api/students/me/messages/` | High
 16 | File | `/app/controller/Books.php` | High
 17 | File | `/app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php` | High
 18 | File | `/apps/acs-commons/content/page-compare.html` | High
 19 | File | `/cgi-bin/uploadWeiXinPic` | High
 20 | File | `/config/list` | Medium
 21 | File | `/data/sqldata` | High
 22 | File | `/export` | Low
 23 | File | `/goform/login_process` | High
 24 | File | `/goform/setAdInfoDetail` | High
 25 | File | `/goform/setFixTools` | High
 26 | File | `/goform/SetInternetLanInfo` | High
 27 | File | `/goform/setPicListItem` | High
 28 | File | `/hocms/classes/Master.php?f=delete_collection` | High
 29 | File | `/hocms/classes/Master.php?f=delete_member` | High
 30 | File | `/northstar/Admin/changePassword.jsp` | High
 31 | File | `/nova/bin/detnet` | High
 32 | File | `/ofcms/company-c-47` | High
 33 | File | `/ok_jpg.c` | Medium
 34 | File | `/ok_png.c` | Medium
 35 | File | `/one_church/churchprofile.php` | High
 36 | ... | ... | ...
 There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://thedfirreport.com/2020/11/23/pysa-mespinoza-ransomware/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Patchwork/README.md
+++ b/actors/Patchwork/README.md
@ -141,41 +141,40 @@ ID | Type | Indicator | Confidence
 19 | File | `/proc/ioports` | High
 20 | File | `/property-list/property_view.php` | High
 21 | File | `/ptms/classes/Users.php` | High
-22 | File | `/rest` | Low
+22 | File | `/rest/api/2/search` | High
-23 | File | `/rest/api/2/search` | High
+23 | File | `/s/` | Low
-24 | File | `/s/` | Low
+24 | File | `/scripts/cpan_config` | High
-25 | File | `/scripts/cpan_config` | High
+25 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+26 | File | `/services/system/setup.json` | High
-27 | File | `/services/system/setup.json` | High
+27 | File | `/uncpath/` | Medium
-28 | File | `/uncpath/` | Medium
+28 | File | `/videotalk` | Medium
-29 | File | `/videotalk` | Medium
+29 | File | `/web/MCmsAction.java` | High
-30 | File | `/web/MCmsAction.java` | High
+30 | File | `/webconsole/APIController` | High
-31 | File | `/webconsole/APIController` | High
+31 | File | `/websocket/exec` | High
-32 | File | `/websocket/exec` | High
+32 | File | `/wp-admin/admin-ajax.php` | High
-33 | File | `/wp-admin/admin-ajax.php` | High
+33 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
-34 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
+34 | File | `/wp-json` | Medium
-35 | File | `/wp-json` | Medium
+35 | File | `/wp-json/oembed/1.0/embed?url` | High
-36 | File | `/wp-json/oembed/1.0/embed?url` | High
+36 | File | `/_next` | Low
-37 | File | `/_next` | Low
+37 | File | `4.edu.php\conn\function.php` | High
-38 | File | `4.edu.php\conn\function.php` | High
+38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-39 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+39 | File | `about.php` | Medium
-40 | File | `about.php` | Medium
+40 | File | `acl.c` | Low
-41 | File | `acl.c` | Low
+41 | File | `activity_log.php` | High
-42 | File | `activity_log.php` | High
+42 | File | `adclick.php` | Medium
-43 | File | `adclick.php` | Medium
+43 | File | `addentry.php` | Medium
-44 | File | `addentry.php` | Medium
+44 | File | `add_vhost.php` | High
-45 | File | `add_vhost.php` | High
+45 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
-46 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
+46 | File | `admin/category.inc.php` | High
-47 | File | `admin/category.inc.php` | High
+47 | File | `admin/conf_users_edit.php` | High
-48 | File | `admin/conf_users_edit.php` | High
+48 | File | `admin/default.asp` | High
-49 | File | `admin/default.asp` | High
+49 | File | `admin/dl_sendmail.php` | High
-50 | File | `admin/dl_sendmail.php` | High
+50 | File | `admin/getparam.cgi` | High
-51 | File | `admin/getparam.cgi` | High
+51 | File | `admin/index.php` | High
-52 | File | `admin/index.php` | High
+52 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
-53 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
+53 | ... | ... | ...
 54 | ... | ... | ...
-There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/PlugX/README.md
+++ b/actors/PlugX/README.md
@ -96,7 +96,7 @@ ID | Type | Indicator | Confidence
 42 | File | `addmerchpicform.php` | High
 43 | ... | ... | ...
-There are 371 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/PoshC2/README.md
+++ b/actors/PoshC2/README.md
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.poshc2](https://vuldb.com/?actor.poshc2)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PoshC2:
 * [US](https://vuldb.com/?country.us)
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of PoshC2.
@ -12,6 +18,27 @@ ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [35.202.253.45](https://vuldb.com/?ip.35.202.253.45) | 45.253.202.35.bc.googleusercontent.com | - | Medium
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _PoshC2_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by PoshC2. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
 2 | File | `cat.asp` | Low
 3 | File | `category.cfm` | Medium
 4 | ... | ... | ...
 There are 5 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
--- a/Spider/README.md
+++ b/Spider/README.md
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * [SC](https://vuldb.com/?country.sc)
-* [RU](https://vuldb.com/?country.ru)
+* [IL](https://vuldb.com/?country.il)
 * ...
 There are 2 more country items available. Please use our online service to access the data.
@ -51,7 +51,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 8 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -59,40 +59,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/goods/update` | High
+1 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
-2 | File | `/agenttrayicon` | High
+2 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-3 | File | `/blog/blog.php` | High
+3 | File | `/admin.php?r=admin/AdminBackup/del` | High
-4 | File | `/cmd?cmd=connect` | High
+4 | File | `/admin/edit.php` | High
-5 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
+5 | File | `/admin/inbox.php&action=delete` | High
-6 | File | `/goform/login_process` | High
+6 | File | `/admin/inbox.php&action=read` | High
-7 | File | `/include/make.php` | High
+7 | File | `/admin/index.php?mode=content&page=media&action=edit` | High
-8 | File | `/login` | Low
+8 | File | `/admin/pagerole.php&action=edit` | High
-9 | File | `/manager/files` | High
+9 | File | `/admin/posts.php` | High
-10 | File | `/nova/bin/detnet` | High
+10 | File | `/admin/posts.php&action=delete` | High
-11 | File | `/nova/bin/igmp-proxy` | High
+11 | File | `/admin/posts.php&action=edit` | High
-12 | File | `/ofcms/company-c-47` | High
+12 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-13 | File | `/php/ajax.php` | High
+13 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
-14 | File | `/preauth` | Medium
+14 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-15 | File | `/sql/sql_string.h` | High
+15 | File | `/admin/uesrs.php&action=display&value=Hide` | High
-16 | File | `/src/njs_vmcode.c` | High
+16 | File | `/admin/uesrs.php&action=display&value=Show` | High
-17 | File | `/uncpath/` | Medium
+17 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
-18 | File | `/var/log/demisto/` | High
+18 | File | `/admin/uesrs.php&action=type&userrole=User` | High
-19 | File | `/webminlog/view.cgi` | High
+19 | File | `/administrator/alerts/alertLightbox.php` | High
-20 | File | `/_error` | Low
+20 | File | `/agenttrayicon` | High
-21 | File | `a2billing/customer/iridium_threed.php` | High
+21 | File | `/api/students/me/messages/` | High
-22 | File | `actions/beats_uploader.php` | High
+22 | File | `/apps/acs-commons/content/page-compare.html` | High
-23 | File | `actions/vote_channel.php` | High
+23 | File | `/blog/blog.php` | High
-24 | File | `ActiveServices.java` | High
+24 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
-25 | File | `admin.php` | Medium
+25 | File | `/cdsms/classes/Master.php?f=delete_package` | High
-26 | File | `admin/moduleinterface.php` | High
+26 | File | `/cmd?cmd=connect` | High
-27 | File | `admin/profile/save` | High
+27 | File | `/hocms/classes/Master.php?f=delete_collection` | High
-28 | File | `admin/tools/utf8conversion/index.php` | High
+28 | File | `/hocms/classes/Master.php?f=delete_member` | High
-29 | File | `ad_manage.php` | High
+29 | File | `/hocms/classes/Master.php?f=delete_phase` | High
-30 | File | `asm/preproc.c` | High
+30 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
-31 | File | `Atom.CMS_admin_ajax_list-sort.php` | High
+31 | File | `/login` | Low
-32 | ... | ... | ...
+32 | File | `/manager/files` | High
 33 | File | `/module/api.php?mobile/wapNasIPS` | High
 34 | File | `/module/api.php?mobile/webNasIPS` | High
 35 | ... | ... | ...
-There are 269 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/PsiXBot/README.md
+++ b/actors/PsiXBot/README.md
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [DE](https://vuldb.com/?country.de)
 * ...
-There are 19 more country items available. Please use our online service to access the data.
+There are 20 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -66,55 +66,55 @@ ID | Type | Indicator | Confidence
 6 | File | `/download` | Medium
 7 | File | `/etc/gsissh/sshd_config` | High
 8 | File | `/etc/passwd` | Medium
-9 | File | `/etc/quantum/quantum.conf` | High
+9 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
-10 | File | `/etc/shadow` | Medium
+10 | File | `/etc/quantum/quantum.conf` | High
-11 | File | `/forum/away.php` | High
+11 | File | `/etc/shadow` | Medium
-12 | File | `/getcfg.php` | Medium
+12 | File | `/forum/away.php` | High
-13 | File | `/goform/telnet` | High
+13 | File | `/getcfg.php` | Medium
-14 | File | `/goform/WanParameterSetting` | High
+14 | File | `/goform/telnet` | High
-15 | File | `/inc/extensions.php` | High
+15 | File | `/goform/WanParameterSetting` | High
-16 | File | `/include/makecvs.php` | High
+16 | File | `/inc/extensions.php` | High
-17 | File | `/modules/profile/index.php` | High
+17 | File | `/include/makecvs.php` | High
-18 | File | `/modules/tasks/summary.inc.php` | High
+18 | File | `/modules/profile/index.php` | High
-19 | File | `/payu/icpcheckout/` | High
+19 | File | `/modules/tasks/summary.inc.php` | High
-20 | File | `/property-list/property_view.php` | High
+20 | File | `/monitoring` | Medium
-21 | File | `/public/login.htm` | High
+21 | File | `/nova/bin/console` | High
-22 | File | `/req_password_user.php` | High
+22 | File | `/payu/icpcheckout/` | High
-23 | File | `/resourceNode/jdbcResourceEdit.jsf` | High
+23 | File | `/property-list/property_view.php` | High
-24 | File | `/resourceNode/resources.jsf` | High
+24 | File | `/public/login.htm` | High
-25 | File | `/rest/project-templates/1.0/createshared` | High
+25 | File | `/req_password_user.php` | High
-26 | File | `/rom-0` | Low
+26 | File | `/resourceNode/jdbcResourceEdit.jsf` | High
-27 | File | `/secure/QueryComponent!Default.jspa` | High
+27 | File | `/resourceNode/resources.jsf` | High
-28 | File | `/trx_addons/v2/get/sc_layout` | High
+28 | File | `/rest/project-templates/1.0/createshared` | High
-29 | File | `/uncpath/` | Medium
+29 | File | `/rom-0` | Low
-30 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
+30 | File | `/secure/QueryComponent!Default.jspa` | High
-31 | File | `/usr/syno/etc/mount.conf` | High
+31 | File | `/trx_addons/v2/get/sc_layout` | High
-32 | File | `/var/log/nginx` | High
+32 | File | `/uncpath/` | Medium
-33 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
+33 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
-34 | File | `/WEB-INF/web.xml` | High
+34 | File | `/usr/syno/etc/mount.conf` | High
-35 | File | `/_next` | Low
+35 | File | `/var/log/nginx` | High
-36 | File | `3.6.cpj` | Low
+36 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
-37 | File | `404.php` | Low
+37 | File | `/WEB-INF/web.xml` | High
-38 | File | `a-b-membres.php` | High
+38 | File | `/_next` | Low
-39 | File | `ActionsAndOperations` | High
+39 | File | `3.6.cpj` | Low
-40 | File | `adclick.php` | Medium
+40 | File | `404.php` | Low
-41 | File | `add_2_basket.asp` | High
+41 | File | `a-b-membres.php` | High
-42 | File | `admin.asp` | Medium
+42 | File | `ActionsAndOperations` | High
-43 | File | `admin.aspx` | Medium
+43 | File | `adclick.php` | Medium
-44 | File | `admin.php` | Medium
+44 | File | `add_2_basket.asp` | High
-45 | File | `admin/aboutus.php` | High
+45 | File | `admin.asp` | Medium
-46 | File | `admin/member_details.php` | High
+46 | File | `admin.aspx` | Medium
-47 | File | `admin_chatconfig.php` | High
+47 | File | `admin.php` | Medium
-48 | File | `ajaxp.php` | Medium
+48 | File | `admin/aboutus.php` | High
-49 | File | `ajax_calls.php` | High
+49 | File | `admin/member_details.php` | High
-50 | File | `alphabet.php` | Medium
+50 | File | `admin_chatconfig.php` | High
-51 | File | `article2/comments.inc.php` | High
+51 | File | `ajaxp.php` | Medium
-52 | File | `articles/edit.php` | High
+52 | File | `ajax_calls.php` | High
-53 | File | `assp.pl` | Low
+53 | File | `alphabet.php` | Medium
-54 | File | `auth-gss2.c` | Medium
+54 | File | `article2/comments.inc.php` | High
 55 | ... | ... | ...
-There are 478 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 483 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Qakbot/README.md
+++ b/actors/Qakbot/README.md
@ -31,82 +31,88 @@ ID | IP address | Hostname | Campaign | Confidence
 8 | [5.13.74.26](https://vuldb.com/?ip.5.13.74.26) | 5-13-74-26.residential.rdsnet.ro | - | High
 9 | [5.13.84.186](https://vuldb.com/?ip.5.13.84.186) | 5-13-84-186.residential.rdsnet.ro | - | High
 10 | [5.15.81.52](https://vuldb.com/?ip.5.15.81.52) | 5-15-81-52.residential.rdsnet.ro | - | High
-11 | [5.193.61.212](https://vuldb.com/?ip.5.193.61.212) | - | - | High
+11 | [5.136.131.34](https://vuldb.com/?ip.5.136.131.34) | - | - | High
-12 | [5.193.178.241](https://vuldb.com/?ip.5.193.178.241) | - | - | High
+12 | [5.193.61.212](https://vuldb.com/?ip.5.193.61.212) | - | - | High
-13 | [8.209.64.96](https://vuldb.com/?ip.8.209.64.96) | - | - | High
+13 | [5.193.178.241](https://vuldb.com/?ip.5.193.178.241) | - | - | High
-14 | [12.5.37.3](https://vuldb.com/?ip.12.5.37.3) | - | - | High
+14 | [8.209.64.96](https://vuldb.com/?ip.8.209.64.96) | - | - | High
-15 | [23.111.114.52](https://vuldb.com/?ip.23.111.114.52) | - | - | High
+15 | [12.5.37.3](https://vuldb.com/?ip.12.5.37.3) | - | - | High
-16 | [24.42.14.241](https://vuldb.com/?ip.24.42.14.241) | - | - | High
+16 | [12.167.151.79](https://vuldb.com/?ip.12.167.151.79) | - | - | High
-17 | [24.43.22.221](https://vuldb.com/?ip.24.43.22.221) | rrcs-24-43-22-221.west.biz.rr.com | - | High
+17 | [12.167.151.87](https://vuldb.com/?ip.12.167.151.87) | - | - | High
-18 | [24.55.112.61](https://vuldb.com/?ip.24.55.112.61) | dynamic.libertypr.net | - | High
+18 | [23.111.114.52](https://vuldb.com/?ip.23.111.114.52) | - | - | High
-19 | [24.90.160.91](https://vuldb.com/?ip.24.90.160.91) | cpe-24-90-160-91.nyc.res.rr.com | - | High
+19 | [24.42.14.241](https://vuldb.com/?ip.24.42.14.241) | - | - | High
-20 | [24.95.61.62](https://vuldb.com/?ip.24.95.61.62) | cpe-24-95-61-62.columbus.res.rr.com | - | High
+20 | [24.43.22.221](https://vuldb.com/?ip.24.43.22.221) | rrcs-24-43-22-221.west.biz.rr.com | - | High
-21 | [24.110.14.40](https://vuldb.com/?ip.24.110.14.40) | - | - | High
+21 | [24.55.112.61](https://vuldb.com/?ip.24.55.112.61) | dynamic.libertypr.net | - | High
-22 | [24.110.96.149](https://vuldb.com/?ip.24.110.96.149) | - | - | High
+22 | [24.90.160.91](https://vuldb.com/?ip.24.90.160.91) | cpe-24-90-160-91.nyc.res.rr.com | - | High
-23 | [24.117.107.120](https://vuldb.com/?ip.24.117.107.120) | 24-117-107-120.cpe.sparklight.net | - | High
+23 | [24.95.61.62](https://vuldb.com/?ip.24.95.61.62) | cpe-24-95-61-62.columbus.res.rr.com | - | High
-24 | [24.139.72.117](https://vuldb.com/?ip.24.139.72.117) | - | - | High
+24 | [24.110.14.40](https://vuldb.com/?ip.24.110.14.40) | - | - | High
-25 | [24.139.132.70](https://vuldb.com/?ip.24.139.132.70) | dynamic.libertypr.net | - | High
+25 | [24.110.96.149](https://vuldb.com/?ip.24.110.96.149) | - | - | High
-26 | [24.152.219.253](https://vuldb.com/?ip.24.152.219.253) | 24.152.219.253.res-cmts.sm.ptd.net | - | High
+26 | [24.117.107.120](https://vuldb.com/?ip.24.117.107.120) | 24-117-107-120.cpe.sparklight.net | - | High
-27 | [24.164.79.147](https://vuldb.com/?ip.24.164.79.147) | cpe-24-164-79-147.cinci.res.rr.com | - | High
+27 | [24.139.72.117](https://vuldb.com/?ip.24.139.72.117) | - | - | High
-28 | [24.165.87.61](https://vuldb.com/?ip.24.165.87.61) | cpe-24-165-87-61.san.res.rr.com | - | High
+28 | [24.139.132.70](https://vuldb.com/?ip.24.139.132.70) | dynamic.libertypr.net | - | High
-29 | [24.183.39.93](https://vuldb.com/?ip.24.183.39.93) | 024-183-039-093.res.spectrum.com | - | High
+29 | [24.152.219.253](https://vuldb.com/?ip.24.152.219.253) | 24.152.219.253.res-cmts.sm.ptd.net | - | High
-30 | [24.202.42.48](https://vuldb.com/?ip.24.202.42.48) | modemcable048.42-202-24.mc.videotron.ca | - | High
+30 | [24.164.79.147](https://vuldb.com/?ip.24.164.79.147) | cpe-24-164-79-147.cinci.res.rr.com | - | High
-31 | [24.226.156.153](https://vuldb.com/?ip.24.226.156.153) | 24-226-156-153.resi.cgocable.ca | - | High
+31 | [24.165.87.61](https://vuldb.com/?ip.24.165.87.61) | cpe-24-165-87-61.san.res.rr.com | - | High
-32 | [24.229.150.54](https://vuldb.com/?ip.24.229.150.54) | 24.229.150.54.cmts-static.sm.ptd.net | - | High
+32 | [24.183.39.93](https://vuldb.com/?ip.24.183.39.93) | 024-183-039-093.res.spectrum.com | - | High
-33 | [24.234.86.201](https://vuldb.com/?ip.24.234.86.201) | wsip-24-234-86-201.lv.lv.cox.net | - | High
+33 | [24.202.42.48](https://vuldb.com/?ip.24.202.42.48) | modemcable048.42-202-24.mc.videotron.ca | - | High
-34 | [27.223.92.142](https://vuldb.com/?ip.27.223.92.142) | - | - | High
+34 | [24.226.156.153](https://vuldb.com/?ip.24.226.156.153) | 24-226-156-153.resi.cgocable.ca | - | High
-35 | [35.142.12.163](https://vuldb.com/?ip.35.142.12.163) | 035-142-012-163.dhcp.bhn.net | - | High
+35 | [24.229.150.54](https://vuldb.com/?ip.24.229.150.54) | 24.229.150.54.cmts-static.sm.ptd.net | - | High
-36 | [35.208.146.4](https://vuldb.com/?ip.35.208.146.4) | 4.146.208.35.bc.googleusercontent.com | - | Medium
+36 | [24.234.86.201](https://vuldb.com/?ip.24.234.86.201) | wsip-24-234-86-201.lv.lv.cox.net | - | High
-37 | [36.77.151.211](https://vuldb.com/?ip.36.77.151.211) | - | - | High
+37 | [27.223.92.142](https://vuldb.com/?ip.27.223.92.142) | - | - | High
-38 | [37.156.243.67](https://vuldb.com/?ip.37.156.243.67) | - | - | High
+38 | [35.142.12.163](https://vuldb.com/?ip.35.142.12.163) | 035-142-012-163.dhcp.bhn.net | - | High
-39 | [37.182.238.170](https://vuldb.com/?ip.37.182.238.170) | net-37-182-238-170.cust.vodafonedsl.it | - | High
+39 | [35.208.146.4](https://vuldb.com/?ip.35.208.146.4) | 4.146.208.35.bc.googleusercontent.com | - | Medium
-40 | [39.36.61.58](https://vuldb.com/?ip.39.36.61.58) | - | - | High
+40 | [36.77.151.211](https://vuldb.com/?ip.36.77.151.211) | - | - | High
-41 | [41.34.91.90](https://vuldb.com/?ip.41.34.91.90) | host-41.34.91.90.tedata.net | - | High
+41 | [37.156.243.67](https://vuldb.com/?ip.37.156.243.67) | - | - | High
-42 | [41.97.138.74](https://vuldb.com/?ip.41.97.138.74) | - | - | High
+42 | [37.182.238.170](https://vuldb.com/?ip.37.182.238.170) | net-37-182-238-170.cust.vodafonedsl.it | - | High
-43 | [41.225.231.43](https://vuldb.com/?ip.41.225.231.43) | - | - | High
+43 | [39.36.61.58](https://vuldb.com/?ip.39.36.61.58) | - | - | High
-44 | [41.228.206.99](https://vuldb.com/?ip.41.228.206.99) | - | - | High
+44 | [41.34.91.90](https://vuldb.com/?ip.41.34.91.90) | host-41.34.91.90.tedata.net | - | High
-45 | [45.32.211.207](https://vuldb.com/?ip.45.32.211.207) | 45.32.211.207.vultr.com | - | Medium
+45 | [41.97.138.74](https://vuldb.com/?ip.41.97.138.74) | - | - | High
-46 | [45.45.51.182](https://vuldb.com/?ip.45.45.51.182) | modemcable182.51-45-45.mc.videotron.ca | - | High
+46 | [41.225.231.43](https://vuldb.com/?ip.41.225.231.43) | - | - | High
-47 | [45.46.53.140](https://vuldb.com/?ip.45.46.53.140) | cpe-45-46-53-140.maine.res.rr.com | - | High
+47 | [41.228.22.180](https://vuldb.com/?ip.41.228.22.180) | - | - | High
-48 | [45.63.107.192](https://vuldb.com/?ip.45.63.107.192) | 45.63.107.192.vultr.com | - | Medium
+48 | [41.228.206.99](https://vuldb.com/?ip.41.228.206.99) | - | - | High
-49 | [45.67.231.247](https://vuldb.com/?ip.45.67.231.247) | vm272927.pq.hosting | - | High
+49 | [45.32.211.207](https://vuldb.com/?ip.45.32.211.207) | 45.32.211.207.vultr.com | - | Medium
-50 | [45.77.115.208](https://vuldb.com/?ip.45.77.115.208) | 45.77.115.208.vultr.com | - | Medium
+50 | [45.45.51.182](https://vuldb.com/?ip.45.45.51.182) | modemcable182.51-45-45.mc.videotron.ca | - | High
-51 | [45.77.117.108](https://vuldb.com/?ip.45.77.117.108) | 45.77.117.108.vultr.com | - | Medium
+51 | [45.46.53.140](https://vuldb.com/?ip.45.46.53.140) | cpe-45-46-53-140.maine.res.rr.com | - | High
-52 | [45.77.215.141](https://vuldb.com/?ip.45.77.215.141) | 45.77.215.141.vultr.com | - | Medium
+52 | [45.63.107.192](https://vuldb.com/?ip.45.63.107.192) | 45.63.107.192.vultr.com | - | Medium
-53 | [45.230.228.26](https://vuldb.com/?ip.45.230.228.26) | - | - | High
+53 | [45.67.231.247](https://vuldb.com/?ip.45.67.231.247) | vm272927.pq.hosting | - | High
-54 | [46.214.62.199](https://vuldb.com/?ip.46.214.62.199) | 46-214-62-199.next-gen.ro | - | High
+54 | [45.77.115.208](https://vuldb.com/?ip.45.77.115.208) | 45.77.115.208.vultr.com | - | Medium
-55 | [46.228.199.235](https://vuldb.com/?ip.46.228.199.235) | vps2231940.fastwebserver.de | - | High
+55 | [45.77.117.108](https://vuldb.com/?ip.45.77.117.108) | 45.77.117.108.vultr.com | - | Medium
-56 | [47.22.148.6](https://vuldb.com/?ip.47.22.148.6) | ool-2f169406.static.optonline.net | - | High
+56 | [45.77.215.141](https://vuldb.com/?ip.45.77.215.141) | 45.77.215.141.vultr.com | - | Medium
-57 | [47.24.47.218](https://vuldb.com/?ip.47.24.47.218) | 047-024-047-218.res.spectrum.com | - | High
+57 | [45.230.228.26](https://vuldb.com/?ip.45.230.228.26) | - | - | High
-58 | [47.28.135.155](https://vuldb.com/?ip.47.28.135.155) | 047-028-135-155.res.spectrum.com | - | High
+58 | [46.214.62.199](https://vuldb.com/?ip.46.214.62.199) | 46-214-62-199.next-gen.ro | - | High
-59 | [47.44.217.98](https://vuldb.com/?ip.47.44.217.98) | 047-044-217-098.biz.spectrum.com | - | High
+59 | [46.228.199.235](https://vuldb.com/?ip.46.228.199.235) | vps2231940.fastwebserver.de | - | High
-60 | [47.138.200.85](https://vuldb.com/?ip.47.138.200.85) | - | - | High
+60 | [47.22.148.6](https://vuldb.com/?ip.47.22.148.6) | ool-2f169406.static.optonline.net | - | High
-61 | [47.153.115.154](https://vuldb.com/?ip.47.153.115.154) | - | - | High
+61 | [47.24.47.218](https://vuldb.com/?ip.47.24.47.218) | 047-024-047-218.res.spectrum.com | - | High
-62 | [47.180.66.10](https://vuldb.com/?ip.47.180.66.10) | static-47-180-66-10.lsan.ca.frontiernet.net | - | High
+62 | [47.28.135.155](https://vuldb.com/?ip.47.28.135.155) | 047-028-135-155.res.spectrum.com | - | High
-63 | [47.196.192.184](https://vuldb.com/?ip.47.196.192.184) | - | - | High
+63 | [47.44.217.98](https://vuldb.com/?ip.47.44.217.98) | 047-044-217-098.biz.spectrum.com | - | High
-64 | [49.144.81.46](https://vuldb.com/?ip.49.144.81.46) | dsl.49.144.81.46.pldt.net | - | High
+64 | [47.138.200.85](https://vuldb.com/?ip.47.138.200.85) | - | - | High
-65 | [49.191.4.245](https://vuldb.com/?ip.49.191.4.245) | n49-191-4-245.mrk1.qld.optusnet.com.au | - | High
+65 | [47.153.115.154](https://vuldb.com/?ip.47.153.115.154) | - | - | High
-66 | [49.207.105.25](https://vuldb.com/?ip.49.207.105.25) | broadband.actcorp.in | - | High
+66 | [47.180.66.10](https://vuldb.com/?ip.47.180.66.10) | static-47-180-66-10.lsan.ca.frontiernet.net | - | High
-67 | [50.29.166.232](https://vuldb.com/?ip.50.29.166.232) | 50.29.166.232.res-cmts.sth3.ptd.net | - | High
+67 | [47.196.192.184](https://vuldb.com/?ip.47.196.192.184) | - | - | High
-68 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
+68 | [49.144.81.46](https://vuldb.com/?ip.49.144.81.46) | dsl.49.144.81.46.pldt.net | - | High
-69 | [50.104.68.223](https://vuldb.com/?ip.50.104.68.223) | 50-104-68-223.prtg.in.frontiernet.net | - | High
+69 | [49.191.4.245](https://vuldb.com/?ip.49.191.4.245) | n49-191-4-245.mrk1.qld.optusnet.com.au | - | High
-70 | [50.244.112.106](https://vuldb.com/?ip.50.244.112.106) | 50-244-112-106-static.hfc.comcastbusiness.net | - | High
+70 | [49.207.105.25](https://vuldb.com/?ip.49.207.105.25) | broadband.actcorp.in | - | High
-71 | [51.210.14.58](https://vuldb.com/?ip.51.210.14.58) | vps-e6e2a926.vps.ovh.net | - | High
+71 | [50.29.166.232](https://vuldb.com/?ip.50.29.166.232) | 50.29.166.232.res-cmts.sth3.ptd.net | - | High
-72 | [54.36.108.120](https://vuldb.com/?ip.54.36.108.120) | ns3112762.ip-54-36-108.eu | - | High
+72 | [50.87.150.203](https://vuldb.com/?ip.50.87.150.203) | mail.euroanatolia.eu | - | High
-73 | [58.233.220.182](https://vuldb.com/?ip.58.233.220.182) | - | - | High
+73 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
-74 | [59.90.246.200](https://vuldb.com/?ip.59.90.246.200) | static.bb.chn.59.90.246.200.bsnl.in | - | High
+74 | [50.104.68.223](https://vuldb.com/?ip.50.104.68.223) | 50-104-68-223.prtg.in.frontiernet.net | - | High
-75 | [59.124.10.133](https://vuldb.com/?ip.59.124.10.133) | 59-124-10-133.hinet-ip.hinet.net | - | High
+75 | [50.244.112.106](https://vuldb.com/?ip.50.244.112.106) | 50-244-112-106-static.hfc.comcastbusiness.net | - | High
-76 | [62.38.114.12](https://vuldb.com/?ip.62.38.114.12) | ppp062038114012.dsl.hol.gr | - | High
+76 | [51.210.14.58](https://vuldb.com/?ip.51.210.14.58) | vps-e6e2a926.vps.ovh.net | - | High
-77 | [62.121.123.57](https://vuldb.com/?ip.62.121.123.57) | - | - | High
+77 | [52.45.143.178](https://vuldb.com/?ip.52.45.143.178) | ec2-52-45-143-178.compute-1.amazonaws.com | - | Medium
-78 | [64.19.74.29](https://vuldb.com/?ip.64.19.74.29) | primhall.com | - | High
+78 | [52.201.200.28](https://vuldb.com/?ip.52.201.200.28) | ec2-52-201-200-28.compute-1.amazonaws.com | - | Medium
-79 | [64.29.151.102](https://vuldb.com/?ip.64.29.151.102) | mail.myfairpoint.net | - | High
+79 | [54.36.108.120](https://vuldb.com/?ip.54.36.108.120) | ns3112762.ip-54-36-108.eu | - | High
-80 | [64.121.114.87](https://vuldb.com/?ip.64.121.114.87) | 64-121-114-87.s597.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com | - | High
+80 | [58.233.220.182](https://vuldb.com/?ip.58.233.220.182) | - | - | High
-81 | [65.100.174.]105](https://vuldb.com/?ip.65.100.174.]105) | - | - | High
+81 | [59.90.246.200](https://vuldb.com/?ip.59.90.246.200) | static.bb.chn.59.90.246.200.bsnl.in | - | High
-82 | [65.100.174.]106](https://vuldb.com/?ip.65.100.174.]106) | - | - | High
+82 | [59.124.10.133](https://vuldb.com/?ip.59.124.10.133) | 59-124-10-133.hinet-ip.hinet.net | - | High
-83 | [65.100.174.]107](https://vuldb.com/?ip.65.100.174.]107) | - | - | High
+83 | [62.38.114.12](https://vuldb.com/?ip.62.38.114.12) | ppp062038114012.dsl.hol.gr | - | High
-84 | ... | ... | ... | ...
+84 | [62.121.123.57](https://vuldb.com/?ip.62.121.123.57) | - | - | High
 85 | [64.19.74.29](https://vuldb.com/?ip.64.19.74.29) | primhall.com | - | High
 86 | [64.29.151.102](https://vuldb.com/?ip.64.29.151.102) | mail.myfairpoint.net | - | High
 87 | [64.121.114.87](https://vuldb.com/?ip.64.121.114.87) | 64-121-114-87.s597.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com | - | High
 88 | [65.100.174.]105](https://vuldb.com/?ip.65.100.174.]105) | - | - | High
 89 | [65.100.174.]106](https://vuldb.com/?ip.65.100.174.]106) | - | - | High
 90 | ... | ... | ... | ...
-There are 334 more IOC items available. Please use our online service to access the data.
+There are 358 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -127,42 +133,43 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
+1 | File | `/+CSCOE+/logon.html` | High
-2 | File | `/+CSCOE+/logon.html` | High
+2 | File | `/../conf/config.properties` | High
-3 | File | `/../conf/config.properties` | High
+3 | File | `/alumni/admin/ajax.php?action=save_settings` | High
-4 | File | `/alumni/admin/ajax.php?action=save_settings` | High
+4 | File | `/auth/session` | High
-5 | File | `/auth/session` | High
+5 | File | `/cgi-bin/ExportALLSettings.sh` | High
-6 | File | `/cgi-bin/ExportALLSettings.sh` | High
+6 | File | `/cgi-bin/webproc` | High
-7 | File | `/cgi-bin/webproc` | High
+7 | File | `/config/getuser` | High
-8 | File | `/config/getuser` | High
+8 | File | `/etc/passwd` | Medium
-9 | File | `/etc/passwd` | Medium
+9 | File | `/exponent_constants.php` | High
-10 | File | `/exponent_constants.php` | High
+10 | File | `/front/document.form.php` | High
-11 | File | `/front/document.form.php` | High
+11 | File | `/ibi_apps/WFServlet.cfg` | High
-12 | File | `/ibi_apps/WFServlet.cfg` | High
+12 | File | `/include/chart_generator.php` | High
-13 | File | `/include/chart_generator.php` | High
+13 | File | `/proc/sysvipc/sem` | High
-14 | File | `/proc/sysvipc/sem` | High
+14 | File | `/replication` | Medium
-15 | File | `/replication` | Medium
+15 | File | `/rest/collectors/1.0/template/custom` | High
-16 | File | `/rest/collectors/1.0/template/custom` | High
+16 | File | `/RestAPI` | Medium
-17 | File | `/RestAPI` | Medium
+17 | File | `/search.php` | Medium
-18 | File | `/search.php` | Medium
+18 | File | `/trigger` | Medium
-19 | File | `/tmp` | Low
+19 | File | `/uncpath/` | Medium
-20 | File | `/trigger` | Medium
+20 | File | `/user/login/oauth` | High
-21 | File | `/uncpath/` | Medium
+21 | File | `/usr/bin/pkexec` | High
-22 | File | `/user/login/oauth` | High
+22 | File | `/usr/doc` | Medium
-23 | File | `/usr/bin/pkexec` | High
+23 | File | `/WEB-INF/web.xml` | High
-24 | File | `/usr/doc` | Medium
+24 | File | `/webpages/data` | High
-25 | File | `/WEB-INF/web.xml` | High
+25 | File | `/websocket/exec` | High
-26 | File | `/webpages/data` | High
+26 | File | `/wp-admin/admin-ajax.php` | High
-27 | File | `/wp-admin/admin-ajax.php` | High
+27 | File | `/wp-json` | Medium
-28 | File | `/wp-json` | Medium
+28 | ... | ... | ...
 29 | ... | ... | ...
-There are 248 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 240 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html
 * https://blog.talosintelligence.com/2019/08/threat-roundup-0823-0830.html
 * https://github.com/firehol/blocklist-ipsets/blob/master/bambenek_qakbot.ipset
 * https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/
 * https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/
@ -172,6 +179,8 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://isc.sans.edu/forums/diary/Recent+Qakbot+Qbot+activity/26862/
 * https://pastebin.com/u/MalwareQuinn
 * https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/
 * https://thedfirreport.com/2022/02/07/qbot-likes-to-move-it-move-it/
 * https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
 * https://tria.ge/210511-kvcz7vyfkx
 * https://twitter.com/Malwar3Ninja/status/1483514897266737154
--- a/actors/Quantum/README.md
+++ b/actors/Quantum/README.md
@ -0,0 +1,74 @@
 # Quantum - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Quantum](https://vuldb.com/?actor.quantum). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.quantum](https://vuldb.com/?actor.quantum)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Quantum:
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
 * [DE](https://vuldb.com/?country.de)
 * ...
 There are 1 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Quantum.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [138.68.42.130](https://vuldb.com/?ip.138.68.42.130) | prod-sfo2-1.qencode-master-cf283c7cc10911ecb9daa269211215a9 | - | High
 2 | [157.245.142.66](https://vuldb.com/?ip.157.245.142.66) | - | - | High
 3 | [185.203.118.227](https://vuldb.com/?ip.185.203.118.227) | - | - | High
 4 | ... | ... | ... | ...
 There are 1 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Quantum_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1222 | CWE-275 | Permission Issues | High
 4 | ... | ... | ... | ...
 There are 2 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Quantum. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/etc/shadow` | Medium
 2 | File | `/goform/net\_Web\_get_value` | High
 3 | File | `/goform/net_WebCSRGen` | High
 4 | File | `/goform/WebRSAKEYGen` | High
 5 | File | `/uncpath/` | Medium
 6 | ... | ... | ...
 There are 39 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://thedfirreport.com/2022/04/25/quantum-ransomware/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/REvil/README.md
+++ b/actors/REvil/README.md
@ -36,9 +36,10 @@ ID | IP address | Hostname | Campaign | Confidence
 7 | [45.33.23.183](https://vuldb.com/?ip.45.33.23.183) | li977-183.members.linode.com | - | High
 8 | [45.33.30.197](https://vuldb.com/?ip.45.33.30.197) | li1047-197.members.linode.com | - | High
 9 | [45.55.211.79](https://vuldb.com/?ip.45.55.211.79) | - | CVE-2019-2725 | High
-10 | ... | ... | ... | ...
+10 | [45.56.79.23](https://vuldb.com/?ip.45.56.79.23) | li929-23.members.linode.com | - | High
 11 | ... | ... | ... | ...
-There are 36 more IOC items available. Please use our online service to access the data.
+There are 39 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -60,25 +61,26 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/.htpasswd` | Medium
-2 | File | `/category_view.php` | High
+2 | File | `/assets/something/services/AppModule.class` | High
-3 | File | `/cgi-bin/nasset.cgi` | High
+3 | File | `/category_view.php` | High
-4 | File | `/cgi-bin/webadminget.cgi` | High
+4 | File | `/cgi-bin/nasset.cgi` | High
-5 | File | `/cms/process.php` | High
+5 | File | `/cgi-bin/webadminget.cgi` | High
-6 | File | `/etc/shadow` | Medium
+6 | File | `/cms/process.php` | High
-7 | File | `/forum/away.php` | High
+7 | File | `/etc/shadow` | Medium
-8 | File | `/goform/SetNetControlList` | High
+8 | File | `/forum/away.php` | High
-9 | File | `/index.php/weblinks-categories` | High
+9 | File | `/goform/SetNetControlList` | High
-10 | File | `/modules/profile/index.php` | High
+10 | File | `/index.php/weblinks-categories` | High
-11 | File | `/movie.php` | Medium
+11 | File | `/modules/profile/index.php` | High
-12 | File | `/public/login.htm` | High
+12 | File | `/movie.php` | Medium
-13 | File | `/show_news.php` | High
+13 | File | `/public/login.htm` | High
-14 | File | `/uncpath/` | Medium
+14 | File | `/service/v1/createUser` | High
-15 | File | `adclick.php` | Medium
+15 | File | `/show_news.php` | High
-16 | File | `admin.asp` | Medium
+16 | File | `/system?action=ServiceAdmin` | High
-17 | File | `admin/categories_industry.php` | High
+17 | File | `/uncpath/` | Medium
-18 | ... | ... | ...
+18 | File | `adclick.php` | Medium
 19 | ... | ... | ...
-There are 147 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 158 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -87,6 +89,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
 * https://blogs.blackberry.com/en/2021/11/revil-under-the-microscope
 * https://ddanchev.blogspot.com/2022/01/exposing-internet-connected_24.html
 * https://thedfirreport.com/2021/03/29/sodinokibi-aka-revil-ransomware/
 * https://www.darktrace.com/en/blog/darktraces-cyber-ai-analyst-investigates-sodinokibi-r-evil-ransomware/
 * https://www.varonis.com/blog/revil-msp-supply-chain-attack/
--- a/actors/RedEcho/README.md
+++ b/actors/RedEcho/README.md
@ -4,6 +4,12 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.redecho](https://vuldb.com/?actor.redecho)
 ## Campaigns
 The following _campaigns_ are known and can be associated with RedEcho:
 * India Power Grid
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with RedEcho:
@ -21,13 +27,18 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | [27.255.92.83](https://vuldb.com/?ip.27.255.92.83) | - | - | High
+1 | [14.43.108.22](https://vuldb.com/?ip.14.43.108.22) | - | India Power Grid | High
-2 | [27.255.94.21](https://vuldb.com/?ip.27.255.94.21) | - | - | High
+2 | [27.255.92.83](https://vuldb.com/?ip.27.255.92.83) | - | - | High
-3 | [27.255.94.29](https://vuldb.com/?ip.27.255.94.29) | - | - | High
+3 | [27.255.94.21](https://vuldb.com/?ip.27.255.94.21) | - | - | High
-4 | [101.78.177.227](https://vuldb.com/?ip.101.78.177.227) | - | - | High
+4 | [27.255.94.29](https://vuldb.com/?ip.27.255.94.29) | - | - | High
-5 | ... | ... | ... | ...
+5 | [59.10.140.47](https://vuldb.com/?ip.59.10.140.47) | - | India Power Grid | High
 6 | [59.127.10.132](https://vuldb.com/?ip.59.127.10.132) | 59-127-10-132.hinet-ip.hinet.net | India Power Grid | High
 7 | [61.74.255.16](https://vuldb.com/?ip.61.74.255.16) | - | India Power Grid | High
 8 | [101.78.177.227](https://vuldb.com/?ip.101.78.177.227) | - | - | High
 9 | [101.78.177.242](https://vuldb.com/?ip.101.78.177.242) | - | - | High
 10 | ... | ... | ... | ...
-There are 17 more IOC items available. Please use our online service to access the data.
+There are 34 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -71,25 +82,26 @@ ID | Type | Indicator | Confidence
 21 | File | `/image_zoom.php` | High
 22 | File | `/include/config.cache.php` | High
 23 | File | `/json/profile/removeStarAjax.do` | High
-24 | File | `/oauth/token/request` | High
+24 | File | `/plugin/ajax.php` | High
-25 | File | `/plugin/ajax.php` | High
+25 | File | `/plugins/servlet/branchreview` | High
-26 | File | `/plugins/servlet/branchreview` | High
+26 | File | `/preauth` | Medium
-27 | File | `/preauth` | Medium
+27 | File | `/proc/ioports` | High
-28 | File | `/proc/ioports` | High
+28 | File | `/public/plugins/` | High
-29 | File | `/public/plugins/` | High
+29 | File | `/rest/api/2/search` | High
-30 | File | `/rest/api/2/search` | High
+30 | File | `/rest/api/latest/groupuserpicker` | High
-31 | File | `/rest/api/latest/groupuserpicker` | High
+31 | File | `/rest/api/latest/projectvalidate/key` | High
-32 | File | `/rest/api/latest/projectvalidate/key` | High
+32 | File | `/rom-0` | Low
-33 | File | `/rom-0` | Low
+33 | File | `/tmp` | Low
-34 | File | `/tmp` | Low
+34 | File | `/tmp/connlicj.bin` | High
 35 | ... | ... | ...
-There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 301 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://go.recordedfuture.com/hubfs/reports/ta-2022-0406.pdf
 * https://vxug.fakedoma.in/archive/APTs/2021/2021.02.28/RedEcho%20APT.pdf
 ## Literature
--- a/actors/Remcos/README.md
+++ b/actors/Remcos/README.md
@ -71,9 +71,10 @@ ID | IP address | Hostname | Campaign | Confidence
 42 | [37.1.206.16](https://vuldb.com/?ip.37.1.206.16) | free.ispiria.net | - | High
 43 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
 44 | [37.120.138.222](https://vuldb.com/?ip.37.120.138.222) | - | - | High
-45 | ... | ... | ... | ...
+45 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
 46 | ... | ... | ... | ...
-There are 178 more IOC items available. Please use our online service to access the data.
+There are 179 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -105,29 +106,29 @@ ID | Type | Indicator | Confidence
 9 | File | `/inc/parser/xhtml.php` | High
 10 | File | `/index.php?page=signup` | High
 11 | File | `/login` | Low
-12 | File | `/mgmt/shared/authz/users/` | High
+12 | File | `/modules/profile/index.php` | High
-13 | File | `/modules/profile/index.php` | High
+13 | File | `/one_church/userregister.php` | High
-14 | File | `/one_church/userregister.php` | High
+14 | File | `/out.php` | Medium
-15 | File | `/out.php` | Medium
+15 | File | `/public/plugins/` | High
-16 | File | `/public/plugins/` | High
+16 | File | `/SAP_Information_System/controllers/add_admin.php` | High
-17 | File | `/SAP_Information_System/controllers/add_admin.php` | High
+17 | File | `/SASWebReportStudio/logonAndRender.do` | High
-18 | File | `/SASWebReportStudio/logonAndRender.do` | High
+18 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-19 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+19 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-20 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+20 | File | `/system/proxy` | High
-21 | File | `/system/proxy` | High
+21 | File | `/tmp/phpglibccheck` | High
-22 | File | `/tmp/phpglibccheck` | High
+22 | File | `adclick.php` | Medium
-23 | File | `adclick.php` | Medium
+23 | File | `add.php` | Low
-24 | File | `add.php` | Low
+24 | File | `addentry.php` | Medium
-25 | File | `addentry.php` | Medium
+25 | File | `addressbookprovider.php` | High
-26 | File | `addressbookprovider.php` | High
+26 | File | `admin.jcomments.php` | High
-27 | File | `admin.jcomments.php` | High
+27 | File | `admin/pageUploadCSV.php` | High
-28 | File | `admin/pageUploadCSV.php` | High
+28 | File | `ajax_udf.php` | Medium
-29 | File | `ajax_udf.php` | Medium
+29 | File | `AppCompatCache.exe` | High
-30 | File | `AppCompatCache.exe` | High
+30 | File | `application.js.php` | High
-31 | File | `application.js.php` | High
+31 | File | `arm/lithium-codegen-arm.cc` | High
 32 | ... | ... | ...
-There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -160,6 +161,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2022/03/ukraine-invasion-scams-malware.html
 * https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
 * https://isc.sans.edu/forums/diary/Malspam+using+passwordprotected+Word+docs+to+push+Remcos+RAT/25292/
 * https://twitter.com/Paladin3161/status/1197842954037018625
 ## Literature
--- a/actors/Ripprbot/README.md
+++ b/actors/Ripprbot/README.md
@ -33,11 +33,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1555 | CWE-312 | Cleartext Storage of Sensitive Information | High
+3 | T1600 | CWE-311 | Cryptographic Issues | High
 4 | ... | ... | ... | ...
 There are 1 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -50,13 +47,13 @@ ID | Type | Indicator | Confidence
 3 | File | `/admin.php` | Medium
 4 | File | `/admin/doctors/view_doctor.php` | High
 5 | File | `/admin/modules/bibliography/index.php` | High
-6 | File | `/app/controller/Books.php` | High
+6 | File | `/adminlogin.asp` | High
-7 | File | `/aqpg/users/login.php` | High
+7 | File | `/app/controller/Books.php` | High
-8 | File | `/controller/Index.php` | High
+8 | File | `/aqpg/users/login.php` | High
-9 | File | `/coreframe/app/content/admin/content.php` | High
+9 | File | `/controller/Index.php` | High
-10 | File | `/dl/dl_print.php` | High
+10 | File | `/coreframe/app/content/admin/content.php` | High
-11 | File | `/dus_en/medieninfo_detail/index.php` | High
+11 | File | `/dl/dl_print.php` | High
-12 | File | `/etc/passwd` | Medium
+12 | File | `/dus_en/medieninfo_detail/index.php` | High
 13 | File | `/Hospital-Management-System-master/contact.php` | High
 14 | File | `/include/friends.inc.php` | High
 15 | File | `/master/article.php` | High
@ -66,78 +63,79 @@ ID | Type | Indicator | Confidence
 19 | File | `/sitemagic/upgrade.php` | High
 20 | File | `/userman/inbox.php` | High
 21 | File | `/userui/ticket_list.php` | High
-22 | File | `/zm/index.php` | High
+22 | File | `/wp-admin/options-general.php` | High
-23 | File | `adaptive-images-script.php` | High
+23 | File | `/zm/index.php` | High
-24 | File | `additem.asp` | Medium
+24 | File | `adaptive-images-script.php` | High
-25 | File | `addtocart.asp` | High
+25 | File | `additem.asp` | Medium
-26 | File | `adherents/subscription/info.php` | High
+26 | File | `addtocart.asp` | High
-27 | File | `admin.asp` | Medium
+27 | File | `adherents/subscription/info.php` | High
-28 | File | `admin.php` | Medium
+28 | File | `admin.asp` | Medium
-29 | File | `admin/admin.php` | High
+29 | File | `admin.php` | Medium
-30 | File | `admin/general.php` | High
+30 | File | `admin/admin.php` | High
-31 | File | `admin/header.php` | High
+31 | File | `admin/general.php` | High
-32 | File | `admin/inc/change_action.php` | High
+32 | File | `admin/header.php` | High
-33 | File | `admin/index.php` | High
+33 | File | `admin/inc/change_action.php` | High
-34 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
+34 | File | `admin/index.php` | High
-35 | File | `admin/info.php` | High
+35 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
-36 | File | `admin/login.asp` | High
+36 | File | `admin/info.php` | High
-37 | File | `admin/manage-comments.php` | High
+37 | File | `admin/login.asp` | High
-38 | File | `admin/manage-news.php` | High
+38 | File | `admin/manage-comments.php` | High
-39 | File | `admin/plugin-settings.php` | High
+39 | File | `admin/manage-news.php` | High
-40 | File | `admin/specials.php` | High
+40 | File | `admin/plugin-settings.php` | High
-41 | File | `admin:de` | Medium
+41 | File | `admin/specials.php` | High
-42 | File | `admincp/auth/checklogin.php` | High
+42 | File | `admin:de` | Medium
-43 | File | `admincp/auth/secure.php` | High
+43 | File | `admincp/auth/checklogin.php` | High
-44 | File | `administrator/index.php` | High
+44 | File | `admincp/auth/secure.php` | High
-45 | File | `admin_login.asp` | High
+45 | File | `administrator/index.php` | High
-46 | File | `adv_search.asp` | High
+46 | File | `admin_login.asp` | High
-47 | File | `ajax.php` | Medium
+47 | File | `adv_search.asp` | High
-48 | File | `ajax_url.php` | Medium
+48 | File | `ajax.php` | Medium
-49 | File | `album_portal.php` | High
+49 | File | `ajax_url.php` | Medium
-50 | File | `al_initialize.php` | High
+50 | File | `album_portal.php` | High
-51 | File | `anjel.index.php` | High
+51 | File | `al_initialize.php` | High
-52 | File | `annonces-p-f.php` | High
+52 | File | `anjel.index.php` | High
-53 | File | `announce.php` | Medium
+53 | File | `annonces-p-f.php` | High
-54 | File | `announcement.php` | High
+54 | File | `announce.php` | Medium
-55 | File | `announcements.php` | High
+55 | File | `announcement.php` | High
-56 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
+56 | File | `announcements.php` | High
-57 | File | `apply.cgi` | Medium
+57 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
-58 | File | `apps/app_article/controller/rating.php` | High
+58 | File | `apply.cgi` | Medium
-59 | File | `article.php` | Medium
+59 | File | `apps/app_article/controller/rating.php` | High
-60 | File | `articles.php` | Medium
+60 | File | `article.php` | Medium
-61 | File | `artikel_anzeige.php` | High
+61 | File | `articles.php` | Medium
-62 | File | `auktion.cgi` | Medium
+62 | File | `artikel_anzeige.php` | High
-63 | File | `auth.php` | Medium
+63 | File | `auktion.cgi` | Medium
-64 | File | `basket.php` | Medium
+64 | File | `auth.php` | Medium
-65 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
+65 | File | `basket.php` | Medium
-66 | File | `books.php` | Medium
+66 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
-67 | File | `browse-category.php` | High
+67 | File | `books.php` | Medium
-68 | File | `browse.php` | Medium
+68 | File | `browse-category.php` | High
-69 | File | `browse_videos.php` | High
+69 | File | `browse.php` | Medium
-70 | File | `BrudaNews/BrudaGB` | High
+70 | File | `browse_videos.php` | High
-71 | File | `bwlist_inc.html` | High
+71 | File | `BrudaNews/BrudaGB` | High
-72 | File | `calendar.php` | Medium
+72 | File | `bwlist_inc.html` | High
-73 | File | `cart.php` | Medium
+73 | File | `calendar.php` | Medium
-74 | File | `cart_add.php` | Medium
+74 | File | `cart.php` | Medium
-75 | File | `case.filemanager.php` | High
+75 | File | `cart_add.php` | Medium
-76 | File | `catalog.php` | Medium
+76 | File | `case.filemanager.php` | High
-77 | File | `catalogshop.php` | High
+77 | File | `catalog.php` | Medium
-78 | File | `catalogue.asp` | High
+78 | File | `catalogshop.php` | High
-79 | File | `category.cfm` | Medium
+79 | File | `catalogue.asp` | High
-80 | File | `category.php` | Medium
+80 | File | `category.cfm` | Medium
-81 | File | `category_list.php` | High
+81 | File | `category.php` | Medium
-82 | File | `cgi-bin/awstats.pl` | High
+82 | File | `category_list.php` | High
-83 | File | `channel.asp` | Medium
+83 | File | `cgi-bin/awstats.pl` | High
-84 | File | `ChooseCpSearch.php` | High
+84 | File | `channel.asp` | Medium
-85 | File | `comentarii.php` | High
+85 | File | `ChooseCpSearch.php` | High
-86 | File | `comments.php` | Medium
+86 | File | `comentarii.php` | High
-87 | File | `compose.php` | Medium
+87 | File | `comments.php` | Medium
-88 | File | `config.inc.php` | High
+88 | File | `compose.php` | Medium
-89 | File | `config.php` | Medium
+89 | File | `config.inc.php` | High
-90 | File | `contact.php` | Medium
+90 | File | `config.php` | Medium
-91 | ... | ... | ...
+91 | File | `contact.php` | Medium
 92 | ... | ... | ...
-There are 807 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 813 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Sandworm
+++ b/actors/Sandworm
@ -95,7 +95,7 @@ ID | Type | Indicator | Confidence
 35 | File | `actions/CompanyDetailsSave.php` | High
 36 | ... | ... | ...
-There are 310 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Shuckworm/README.md
+++ b/actors/Shuckworm/README.md
@ -0,0 +1,87 @@
 # Shuckworm - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Shuckworm](https://vuldb.com/?actor.shuckworm). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.shuckworm](https://vuldb.com/?actor.shuckworm)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Shuckworm:
 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
 * [CN](https://vuldb.com/?country.cn)
 * ...
 There are 4 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Shuckworm.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.63.157.11](https://vuldb.com/?ip.5.63.157.11) | 5-63-157-11.cloudvps.regruhosting.ru | - | High
 2 | [5.252.178.115](https://vuldb.com/?ip.5.252.178.115) | 5-252-178-115.mivocloud.com | - | High
 3 | [5.252.178.120](https://vuldb.com/?ip.5.252.178.120) | no-rdns.mivocloud.com | - | High
 4 | [5.252.178.145](https://vuldb.com/?ip.5.252.178.145) | 5-252-178-145.mivocloud.com | - | High
 5 | [31.31.203.61](https://vuldb.com/?ip.31.31.203.61) | 31-31-203-61.cloudvps.regruhosting.ru | - | High
 6 | [37.140.197.165](https://vuldb.com/?ip.37.140.197.165) | 37-140-197-165.cloudvps.regruhosting.ru | - | High
 7 | [37.140.197.251](https://vuldb.com/?ip.37.140.197.251) | 37-140-197-251.cloudvps.regruhosting.ru | - | High
 8 | [45.76.169.62](https://vuldb.com/?ip.45.76.169.62) | 45.76.169.62.vultrusercontent.com | - | High
 9 | [70.34.217.0](https://vuldb.com/?ip.70.34.217.0) | 70.34.217.0.vultrusercontent.com | - | High
 10 | [80.78.241.15](https://vuldb.com/?ip.80.78.241.15) | 80-78-241-15.cloudvps.regruhosting.ru | - | High
 11 | [80.78.245.226](https://vuldb.com/?ip.80.78.245.226) | srv3.netpatch.ru | - | High
 12 | [80.78.253.31](https://vuldb.com/?ip.80.78.253.31) | 80-78-253-31.cloudvps.regruhosting.ru | - | High
 13 | ... | ... | ... | ...
 There are 47 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Shuckworm_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1495 | CWE-494 | Download of Code Without Integrity Check | High
 4 | ... | ... | ... | ...
 There are 1 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Shuckworm. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/error` | Low
 2 | File | `/forum/away.php` | High
 3 | File | `/gena.cgi` | Medium
 4 | File | `/login` | Low
 5 | File | `/php/ajax.php` | High
 6 | File | `/rapi/read_url` | High
 7 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
 8 | File | `/see_more_details.php` | High
 9 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
 10 | ... | ... | ...
 There are 72 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://github.com/Symantec/threathunters/blob/main/Shuckworm/network
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/SideCopy/README.md
+++ b/actors/SideCopy/README.md
@ -77,7 +77,7 @@ ID | Type | Indicator | Confidence
 28 | File | `auth-options.c` | High
 29 | ... | ... | ...
-There are 248 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/SocGholish/README.md
+++ b/actors/SocGholish/README.md
@ -0,0 +1,86 @@
 # SocGholish - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [SocGholish](https://vuldb.com/?actor.socgholish). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.socgholish](https://vuldb.com/?actor.socgholish)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with SocGholish:
 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
 * [ES](https://vuldb.com/?country.es)
 * ...
 There are 5 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of SocGholish.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [5.53.125.173](https://vuldb.com/?ip.5.53.125.173) | authoremail.net | - | High
 2 | [77.223.98.12](https://vuldb.com/?ip.77.223.98.12) | cloud12915.coteseuplano1.com.br | - | High
 3 | [87.249.50.201](https://vuldb.com/?ip.87.249.50.201) | 832423-cv17319.tmweb.ru | - | High
 4 | ... | ... | ... | ...
 There are 3 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _SocGholish_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1211 | CWE-254 | 7PK Security Features | High
 4 | ... | ... | ... | ...
 There are 7 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by SocGholish. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/addsrv` | Low
 2 | File | `/Admin/Views/FileEditor/` | High
 3 | File | `/adminlogin.asp` | High
 4 | File | `/article/add` | Medium
 5 | File | `/controller/pay.class.php` | High
 6 | File | `/dev/kmem` | Medium
 7 | File | `/dev/snd/seq` | Medium
 8 | File | `/device/device=140/tab=wifi/view` | High
 9 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
 10 | File | `/product_list.php` | High
 11 | File | `/rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application` | High
 12 | File | `/src/core/controllers/cm.php` | High
 13 | File | `/transmission/web/` | High
 14 | File | `/uncpath/` | Medium
 15 | File | `/usr/local` | Medium
 16 | File | `/weibo/publishdata` | High
 17 | File | `adm.cgi` | Low
 18 | ... | ... | ...
 There are 148 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://www.cybereason.com/blog/threat-analysis-report-socgholish-and-zloader-from-fake-updates-and-installers-to-owning-your-systems
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/TA505/README.md
+++ b/actors/TA505/README.md
@ -105,9 +105,10 @@ ID | Type | Indicator | Confidence
 37 | File | `app/call_centers/cmd.php` | High
 38 | File | `arch/x86/kvm/hyperv.c` | High
 39 | File | `auction.cgi` | Medium
-40 | ... | ... | ...
+40 | File | `autologin.jsp` | High
 41 | ... | ... | ...
-There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 351 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/TeamTNT/README.md
+++ b/actors/TeamTNT/README.md
@ -18,7 +18,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [MO](https://vuldb.com/?country.mo)
 * [US](https://vuldb.com/?country.us)
-* [ES](https://vuldb.com/?country.es)
+* [CN](https://vuldb.com/?country.cn)
 * ...
 There are 2 more country items available. Please use our online service to access the data.
--- a/Reservoir/README.md
+++ b/Reservoir/README.md
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Thamar Reservoir:
 * [RU](https://vuldb.com/?country.ru)
 * [US](https://vuldb.com/?country.us)
 * [PL](https://vuldb.com/?country.pl)
@ -28,6 +29,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
 ## IOA - Indicator of Attack
--- a/actors/Tofsee/README.md
+++ b/actors/Tofsee/README.md
@ -159,7 +159,7 @@ ID | Type | Indicator | Confidence
 36 | File | `ActiveServices.java` | High
 37 | ... | ... | ...
-There are 320 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Tomiris/README.md
+++ b/actors/Tomiris/README.md
@ -41,7 +41,7 @@ ID | Type | Indicator | Confidence
 3 | File | `/public/login.htm` | High
 4 | ... | ... | ...
-There are 9 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 10 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/TrickBot/README.md
+++ b/actors/TrickBot/README.md
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [VN](https://vuldb.com/?country.vn)
 * [RU](https://vuldb.com/?country.ru)
-* [SH](https://vuldb.com/?country.sh)
+* [GB](https://vuldb.com/?country.gb)
 * ...
-There are 1 more country items available. Please use our online service to access the data.
+There are 3 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -35,106 +35,124 @@ ID | IP address | Hostname | Campaign | Confidence
 6 | [5.53.124.49](https://vuldb.com/?ip.5.53.124.49) | dgbtechnologies.com | - | High
 7 | [5.59.205.32](https://vuldb.com/?ip.5.59.205.32) | dhcp-32-205-59-5.metro86.ru | - | High
 8 | [5.133.179.108](https://vuldb.com/?ip.5.133.179.108) | 5-133-179-108.freeucouponsnow.ru | - | High
-9 | [5.182.210.132](https://vuldb.com/?ip.5.182.210.132) | - | - | High
+9 | [5.182.210.30](https://vuldb.com/?ip.5.182.210.30) | realestatepromotion.ru | - | High
-10 | [5.182.210.226](https://vuldb.com/?ip.5.182.210.226) | - | - | High
+10 | [5.182.210.132](https://vuldb.com/?ip.5.182.210.132) | - | - | High
-11 | [5.182.210.230](https://vuldb.com/?ip.5.182.210.230) | - | - | High
+11 | [5.182.210.178](https://vuldb.com/?ip.5.182.210.178) | mail.rainingdreams.to | - | High
-12 | [5.182.210.246](https://vuldb.com/?ip.5.182.210.246) | - | - | High
+12 | [5.182.210.226](https://vuldb.com/?ip.5.182.210.226) | - | - | High
-13 | [5.182.210.254](https://vuldb.com/?ip.5.182.210.254) | n01-nlam.kdktech.com | - | High
+13 | [5.182.210.230](https://vuldb.com/?ip.5.182.210.230) | - | - | High
-14 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
+14 | [5.182.210.246](https://vuldb.com/?ip.5.182.210.246) | - | - | High
-15 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
+15 | [5.182.210.254](https://vuldb.com/?ip.5.182.210.254) | n01-nlam.kdktech.com | - | High
-16 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
+16 | [5.196.247.14](https://vuldb.com/?ip.5.196.247.14) | ip14.ip-5-196-247.eu | - | High
-17 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
+17 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
-18 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
+18 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
-19 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
+19 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
-20 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
+20 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
-21 | [23.21.121.219](https://vuldb.com/?ip.23.21.121.219) | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium
+21 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
-22 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
+22 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
-23 | [23.23.83.153](https://vuldb.com/?ip.23.23.83.153) | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium
+23 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
-24 | [23.23.243.154](https://vuldb.com/?ip.23.23.243.154) | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium
+24 | [23.21.121.219](https://vuldb.com/?ip.23.21.121.219) | ec2-23-21-121-219.compute-1.amazonaws.com | - | Medium
-25 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
+25 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
-26 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
+26 | [23.23.83.153](https://vuldb.com/?ip.23.23.83.153) | ec2-23-23-83-153.compute-1.amazonaws.com | - | Medium
-27 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
+27 | [23.23.243.154](https://vuldb.com/?ip.23.23.243.154) | ec2-23-23-243-154.compute-1.amazonaws.com | - | Medium
-28 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
+28 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
-29 | [23.202.231.166](https://vuldb.com/?ip.23.202.231.166) | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High
+29 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
-30 | [23.217.138.107](https://vuldb.com/?ip.23.217.138.107) | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High
+30 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
-31 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
+31 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
-32 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
+32 | [23.202.231.166](https://vuldb.com/?ip.23.202.231.166) | a23-202-231-166.deploy.static.akamaitechnologies.com | - | High
-33 | [31.131.26.122](https://vuldb.com/?ip.31.131.26.122) | - | - | High
+33 | [23.217.138.107](https://vuldb.com/?ip.23.217.138.107) | a23-217-138-107.deploy.static.akamaitechnologies.com | - | High
-34 | [31.134.60.181](https://vuldb.com/?ip.31.134.60.181) | 31-134-60-181.telico.pl | - | High
+34 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
-35 | [31.172.177.90](https://vuldb.com/?ip.31.172.177.90) | poczta.mp-lift.pl | - | High
+35 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
-36 | [31.184.253.6](https://vuldb.com/?ip.31.184.253.6) | - | - | High
+36 | [31.131.26.122](https://vuldb.com/?ip.31.131.26.122) | - | - | High
-37 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
+37 | [31.134.60.181](https://vuldb.com/?ip.31.134.60.181) | 31-134-60-181.telico.pl | - | High
-38 | [34.196.181.158](https://vuldb.com/?ip.34.196.181.158) | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium
+38 | [31.134.124.90](https://vuldb.com/?ip.31.134.124.90) | - | - | High
-39 | [34.233.102.38](https://vuldb.com/?ip.34.233.102.38) | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium
+39 | [31.172.177.90](https://vuldb.com/?ip.31.172.177.90) | poczta.mp-lift.pl | - | High
-40 | [36.37.176.6](https://vuldb.com/?ip.36.37.176.6) | - | - | High
+40 | [31.184.253.6](https://vuldb.com/?ip.31.184.253.6) | - | - | High
-41 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
+41 | [31.211.85.110](https://vuldb.com/?ip.31.211.85.110) | - | - | High
-42 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
+42 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
-43 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
+43 | [34.196.181.158](https://vuldb.com/?ip.34.196.181.158) | ec2-34-196-181-158.compute-1.amazonaws.com | - | Medium
-44 | [36.89.228.201](https://vuldb.com/?ip.36.89.228.201) | - | - | High
+44 | [34.233.102.38](https://vuldb.com/?ip.34.233.102.38) | ec2-34-233-102-38.compute-1.amazonaws.com | - | Medium
-45 | [36.91.88.164](https://vuldb.com/?ip.36.91.88.164) | - | - | High
+45 | [36.37.176.6](https://vuldb.com/?ip.36.37.176.6) | - | - | High
-46 | [36.91.117.231](https://vuldb.com/?ip.36.91.117.231) | - | - | High
+46 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
-47 | [36.91.186.235](https://vuldb.com/?ip.36.91.186.235) | - | - | High
+47 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
-48 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
+48 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
-49 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
+49 | [36.89.228.201](https://vuldb.com/?ip.36.89.228.201) | - | - | High
-50 | [36.95.23.89](https://vuldb.com/?ip.36.95.23.89) | - | - | High
+50 | [36.91.45.10](https://vuldb.com/?ip.36.91.45.10) | - | - | High
-51 | [36.95.27.243](https://vuldb.com/?ip.36.95.27.243) | - | - | High
+51 | [36.91.88.164](https://vuldb.com/?ip.36.91.88.164) | - | - | High
-52 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
+52 | [36.91.117.231](https://vuldb.com/?ip.36.91.117.231) | - | - | High
-53 | [37.228.117.250](https://vuldb.com/?ip.37.228.117.250) | janome.ru | - | High
+53 | [36.91.186.235](https://vuldb.com/?ip.36.91.186.235) | - | - | High
-54 | [37.230.112.146](https://vuldb.com/?ip.37.230.112.146) | audiotop.ru | - | High
+54 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
-55 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
+55 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
-56 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
+56 | [36.95.23.89](https://vuldb.com/?ip.36.95.23.89) | - | - | High
-57 | [37.230.115.129](https://vuldb.com/?ip.37.230.115.129) | dvcarry.fvds.ru | - | High
+57 | [36.95.27.243](https://vuldb.com/?ip.36.95.27.243) | - | - | High
-58 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
+58 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
-59 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
+59 | [37.228.117.250](https://vuldb.com/?ip.37.228.117.250) | janome.ru | - | High
-60 | [37.230.115.171](https://vuldb.com/?ip.37.230.115.171) | geobrox.com | - | High
+60 | [37.230.112.146](https://vuldb.com/?ip.37.230.112.146) | audiotop.ru | - | High
-61 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
+61 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
-62 | [38.132.99.174](https://vuldb.com/?ip.38.132.99.174) | - | - | High
+62 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
-63 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
+63 | [37.230.115.129](https://vuldb.com/?ip.37.230.115.129) | dvcarry.fvds.ru | - | High
-64 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
+64 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
-65 | [45.14.226.115](https://vuldb.com/?ip.45.14.226.115) | - | - | High
+65 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
-66 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
+66 | [37.230.115.171](https://vuldb.com/?ip.37.230.115.171) | geobrox.com | - | High
-67 | [45.115.172.105](https://vuldb.com/?ip.45.115.172.105) | - | - | High
+67 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
-68 | [45.155.173.242](https://vuldb.com/?ip.45.155.173.242) | - | - | High
+68 | [38.132.99.174](https://vuldb.com/?ip.38.132.99.174) | - | - | High
-69 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
+69 | [41.77.134.250](https://vuldb.com/?ip.41.77.134.250) | cliente6386477933.clubnet.mz | - | High
-70 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
+70 | [41.243.29.182](https://vuldb.com/?ip.41.243.29.182) | 182-29-243-41.r.airtel.cd | - | High
-71 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
+71 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
-72 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
+72 | [45.5.152.39](https://vuldb.com/?ip.45.5.152.39) | - | - | High
-73 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
+73 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
-74 | [46.4.167.250](https://vuldb.com/?ip.46.4.167.250) | ip-subnet46-4-167.unassigned.theideahosting.net | - | High
+74 | [45.14.226.115](https://vuldb.com/?ip.45.14.226.115) | - | - | High
-75 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
+75 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
-76 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
+76 | [45.115.172.105](https://vuldb.com/?ip.45.115.172.105) | - | - | High
-77 | [46.30.45.208](https://vuldb.com/?ip.46.30.45.208) | vm418209.eurodir.ru | - | High
+77 | [45.155.173.242](https://vuldb.com/?ip.45.155.173.242) | - | - | High
-78 | [46.99.175.217](https://vuldb.com/?ip.46.99.175.217) | - | - | High
+78 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
-79 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
+79 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
-80 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
+80 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
-81 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
+81 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
-82 | [50.16.229.140](https://vuldb.com/?ip.50.16.229.140) | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium
+82 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
-83 | [50.19.247.198](https://vuldb.com/?ip.50.19.247.198) | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium
+83 | [46.4.167.250](https://vuldb.com/?ip.46.4.167.250) | ip-subnet46-4-167.unassigned.theideahosting.net | - | High
-84 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
+84 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
-85 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
+85 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
-86 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
+86 | [46.30.45.208](https://vuldb.com/?ip.46.30.45.208) | vm418209.eurodir.ru | - | High
-87 | [51.89.115.101](https://vuldb.com/?ip.51.89.115.101) | secure-3111.buzztary.com | - | High
+87 | [46.99.175.217](https://vuldb.com/?ip.46.99.175.217) | - | - | High
-88 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
+88 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
-89 | [51.89.115.121](https://vuldb.com/?ip.51.89.115.121) | mail1.cmailer.online | - | High
+89 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
-90 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
+90 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
-91 | [51.254.83.17](https://vuldb.com/?ip.51.254.83.17) | ip17.ip-51-254-83.eu | - | High
+91 | [50.16.229.140](https://vuldb.com/?ip.50.16.229.140) | ec2-50-16-229-140.compute-1.amazonaws.com | - | Medium
-92 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | - | High
+92 | [50.19.247.198](https://vuldb.com/?ip.50.19.247.198) | ec2-50-19-247-198.compute-1.amazonaws.com | - | Medium
-93 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
+93 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
-94 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
+94 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
-95 | [52.202.139.131](https://vuldb.com/?ip.52.202.139.131) | ec2-52-202-139-131.compute-1.amazonaws.com | - | Medium
+95 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
-96 | [52.204.109.97](https://vuldb.com/?ip.52.204.109.97) | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
+96 | [51.89.115.101](https://vuldb.com/?ip.51.89.115.101) | secure-3111.buzztary.com | - | High
-97 | [52.206.161.133](https://vuldb.com/?ip.52.206.161.133) | ec2-52-206-161-133.compute-1.amazonaws.com | - | Medium
+97 | [51.89.115.108](https://vuldb.com/?ip.51.89.115.108) | coms.jt120.com.cn | - | High
-98 | [54.39.106.25](https://vuldb.com/?ip.54.39.106.25) | ns560342.ip-54-39-106.net | - | High
+98 | [51.89.115.112](https://vuldb.com/?ip.51.89.115.112) | brides-crude.nationfox.net | - | High
-99 | [54.204.36.156](https://vuldb.com/?ip.54.204.36.156) | ec2-54-204-36-156.compute-1.amazonaws.com | - | Medium
+99 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
-100 | [54.221.253.252](https://vuldb.com/?ip.54.221.253.252) | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
+100 | [51.89.115.121](https://vuldb.com/?ip.51.89.115.121) | mail1.cmailer.online | - | High
-101 | [54.235.124.112](https://vuldb.com/?ip.54.235.124.112) | ec2-54-235-124-112.compute-1.amazonaws.com | - | Medium
+101 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
-102 | [54.243.147.226](https://vuldb.com/?ip.54.243.147.226) | ec2-54-243-147-226.compute-1.amazonaws.com | - | Medium
+102 | [51.254.83.17](https://vuldb.com/?ip.51.254.83.17) | ip17.ip-51-254-83.eu | - | High
-103 | [54.243.198.12](https://vuldb.com/?ip.54.243.198.12) | ec2-54-243-198-12.compute-1.amazonaws.com | - | Medium
+103 | [51.254.164.243](https://vuldb.com/?ip.51.254.164.243) | amortizserv.info | - | High
-104 | [58.97.72.83](https://vuldb.com/?ip.58.97.72.83) | 58-97-72-83.static.asianet.co.th | - | High
+104 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | - | High
-105 | [60.51.47.65](https://vuldb.com/?ip.60.51.47.65) | - | - | High
+105 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
-106 | ... | ... | ... | ...
+106 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
 107 | [52.202.139.131](https://vuldb.com/?ip.52.202.139.131) | ec2-52-202-139-131.compute-1.amazonaws.com | - | Medium
 108 | [52.204.109.97](https://vuldb.com/?ip.52.204.109.97) | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
 109 | [52.206.161.133](https://vuldb.com/?ip.52.206.161.133) | ec2-52-206-161-133.compute-1.amazonaws.com | - | Medium
 110 | [54.39.106.25](https://vuldb.com/?ip.54.39.106.25) | ns560342.ip-54-39-106.net | - | High
 111 | [54.204.36.156](https://vuldb.com/?ip.54.204.36.156) | ec2-54-204-36-156.compute-1.amazonaws.com | - | Medium
 112 | [54.221.253.252](https://vuldb.com/?ip.54.221.253.252) | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
 113 | [54.235.124.112](https://vuldb.com/?ip.54.235.124.112) | ec2-54-235-124-112.compute-1.amazonaws.com | - | Medium
 114 | [54.243.147.226](https://vuldb.com/?ip.54.243.147.226) | ec2-54-243-147-226.compute-1.amazonaws.com | - | Medium
 115 | [54.243.198.12](https://vuldb.com/?ip.54.243.198.12) | ec2-54-243-198-12.compute-1.amazonaws.com | - | Medium
 116 | [58.97.72.83](https://vuldb.com/?ip.58.97.72.83) | 58-97-72-83.static.asianet.co.th | - | High
 117 | [60.51.47.65](https://vuldb.com/?ip.60.51.47.65) | - | - | High
 118 | [62.64.9.237](https://vuldb.com/?ip.62.64.9.237) | clients-62.64.9.237.misp.ru | - | High
 119 | [62.69.241.103](https://vuldb.com/?ip.62.69.241.103) | 62-69-241-103.internetia.net.pl | - | High
 120 | [62.99.76.213](https://vuldb.com/?ip.62.99.76.213) | 213.62-99-76.static.clientes.euskaltel.es | - | High
 121 | [62.109.2.172](https://vuldb.com/?ip.62.109.2.172) | megamart24.ru | - | High
 122 | [62.109.6.188](https://vuldb.com/?ip.62.109.6.188) | velomarket31.ru | - | High
 123 | [62.109.14.24](https://vuldb.com/?ip.62.109.14.24) | btc-manager1.ru | - | High
 124 | ... | ... | ... | ...
-There are 421 more IOC items available. Please use our online service to access the data.
+There are 493 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -143,11 +161,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
-2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1059.007 | CWE-79 | Cross Site Scripting | High
-3 | T1068 | CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...
-There are 7 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -155,26 +173,32 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/config` | High
+1 | File | `/admin.php?id=posts&action=display&value=1&postid=` | High
-2 | File | `/admin/export/getcsv/article_db` | High
+2 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
-3 | File | `/admin/goods/update` | High
+3 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-4 | File | `/api/V2/internal/TaskPermissions/CheckTaskAccess` | High
+4 | File | `/admin/goods/update` | High
-5 | File | `/apply.cgi` | Medium
+5 | File | `/admin/inbox.php&action=delete` | High
-6 | File | `/blog/blog.php` | High
+6 | File | `/admin/inbox.php&action=read` | High
-7 | File | `/Car_Rental/booking.php` | High
+7 | File | `/admin/pagerole.php&action=display&value=1` | High
-8 | File | `/classes/Comment` | High
+8 | File | `/admin/pagerole.php&action=edit` | High
-9 | File | `/cms/content/list` | High
+9 | File | `/admin/posts.php` | High
-10 | File | `/devices/acurite.c` | High
+10 | File | `/admin/posts.php&action=delete` | High
-11 | File | `/etc/master.passwd` | High
+11 | File | `/admin/posts.php&action=edit` | High
-12 | File | `/example/editor` | High
+12 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-13 | File | `/feedback/post/` | High
+13 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
-14 | File | `/index.php?page=reserve` | High
+14 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-15 | File | `/public_html/animals` | High
+15 | File | `/admin/uesrs.php&action=display&value=Hide` | High
-16 | File | `/src/njs_vmcode.c` | High
+16 | File | `/admin/uesrs.php&action=display&value=Show` | High
-17 | File | `/system/user/resetPwd` | High
+17 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
-18 | ... | ... | ...
+18 | File | `/admin/uesrs.php&action=type&userrole=User` | High
 19 | File | `/api/students/me/messages/` | High
 20 | File | `/apply.cgi` | Medium
 21 | File | `/apps/acs-commons/content/page-compare.html` | High
 22 | File | `/blog/blog.php` | High
 23 | File | `/Car_Rental/booking.php` | High
 24 | ... | ... | ...
-There are 144 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 197 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -213,6 +237,11 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/
 * https://securelist.com/trickbot-module-descriptions/104603/
 * https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/
 * https://thedfirreport.com/2020/04/30/tricky-pyxie/
 * https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/
 * https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/
 * https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/
 * https://thedfirreport.com/2021/08/16/trickbot-leads-up-to-fake-1password-installation/
 ## Literature
--- a/actors/Trickster/README.md
+++ b/actors/Trickster/README.md
@ -0,0 +1,30 @@
 # Trickster - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Trickster](https://vuldb.com/?actor.trickster). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.trickster](https://vuldb.com/?actor.trickster)
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Trickster.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [216.218.206.69](https://vuldb.com/?ip.216.218.206.69) | scan-08.shadowserver.org | - | High
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/UAC-0056/README.md
+++ b/actors/UAC-0056/README.md
@ -63,35 +63,35 @@ ID | Type | Indicator | Confidence
 7 | File | `/common/logViewer/logViewer.jsf` | High
 8 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
 9 | File | `/forum/away.php` | High
-10 | File | `/includes/rrdtool.inc.php` | High
+10 | File | `/hocms/classes/Master.php?f=delete_collection` | High
-11 | File | `/mc-admin/post.php?state=delete&delete` | High
+11 | File | `/includes/rrdtool.inc.php` | High
-12 | File | `/mifs/c/i/reg/reg.html` | High
+12 | File | `/mc-admin/post.php?state=delete&delete` | High
-13 | File | `/ms/cms/content/list.do` | High
+13 | File | `/mifs/c/i/reg/reg.html` | High
-14 | File | `/orms/` | Low
+14 | File | `/ms/cms/content/list.do` | High
-15 | File | `/plesk-site-preview/` | High
+15 | File | `/orms/` | Low
-16 | File | `/uncpath/` | Medium
+16 | File | `/plesk-site-preview/` | High
-17 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
+17 | File | `/student-grading-system/rms.php?page=grade` | High
-18 | File | `/www/ping_response.cgi` | High
+18 | File | `/uncpath/` | Medium
-19 | File | `ABuffer.cpp` | Medium
+19 | File | `/usr/local/nagiosxi/html/includes/configwizards/windowswmi/windowswmi.inc.php` | High
-20 | File | `account.asp` | Medium
+20 | File | `/www/ping_response.cgi` | High
-21 | File | `addmember.php` | High
+21 | File | `ABuffer.cpp` | Medium
-22 | File | `addtocart.asp` | High
+22 | File | `account.asp` | Medium
-23 | File | `addtomylist.asp` | High
+23 | File | `addmember.php` | High
-24 | File | `admin.php` | Medium
+24 | File | `addtocart.asp` | High
-25 | File | `admin.x-shop.php` | High
+25 | File | `addtomylist.asp` | High
-26 | File | `admin/auth.php` | High
+26 | File | `admin.php` | Medium
-27 | File | `admin/changedata.php` | High
+27 | File | `admin.x-shop.php` | High
-28 | File | `admin/dashboard.php` | High
+28 | File | `admin/auth.php` | High
-29 | File | `admin/edit-news.php` | High
+29 | File | `admin/changedata.php` | High
-30 | File | `admin/gallery.php` | High
+30 | File | `admin/dashboard.php` | High
-31 | File | `admin/index.php` | High
+31 | File | `admin/edit-news.php` | High
-32 | File | `admin/manage-departments.php` | High
+32 | File | `admin/gallery.php` | High
-33 | File | `admin/sellerupd.php` | High
+33 | File | `admin/index.php` | High
-34 | File | `admin/vqmods.app/vqmods.inc.php` | High
+34 | File | `admin/manage-departments.php` | High
-35 | File | `admincp/auth/checklogin.php` | High
+35 | File | `admin/sellerupd.php` | High
 36 | ... | ... | ...
-There are 305 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 308 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/UAC-0098/README.md
+++ b/actors/UAC-0098/README.md
@ -0,0 +1,81 @@
 # UAC-0098 - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [UAC-0098](https://vuldb.com/?actor.uac-0098). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.uac-0098](https://vuldb.com/?actor.uac-0098)
 ## Campaigns
 The following _campaigns_ are known and can be associated with UAC-0098:
 * Cobalt Strike
 * IcedID
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with UAC-0098:
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
 * [DE](https://vuldb.com/?country.de)
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of UAC-0098.
 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
 1 | [84.32.188.29](https://vuldb.com/?ip.84.32.188.29) | - | Cobalt Strike | High
 2 | [134.209.144.87](https://vuldb.com/?ip.134.209.144.87) | - | IcedID | High
 3 | [138.68.229.0](https://vuldb.com/?ip.138.68.229.0) | - | Cobalt Strike | High
 4 | [139.60.160.8](https://vuldb.com/?ip.139.60.160.8) | - | Cobalt Strike | High
 5 | [139.60.160.17](https://vuldb.com/?ip.139.60.160.17) | - | Cobalt Strike | High
 6 | ... | ... | ... | ...
 There are 19 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _UAC-0098_. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1222 | CWE-275 | Permission Issues | High
 4 | ... | ... | ... | ...
 There are 2 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by UAC-0098. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/etc/shadow` | Medium
 2 | File | `/goform/net\_Web\_get_value` | High
 3 | File | `/goform/net_WebCSRGen` | High
 4 | File | `/goform/WebRSAKEYGen` | High
 5 | File | `/uncpath/` | Medium
 6 | ... | ... | ...
 There are 35 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://cert.gov.ua/article/39609
 * https://cert.gov.ua/article/39708
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/actors/Ursnif/README.md
+++ b/actors/Ursnif/README.md
@ -60,7 +60,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 6 more TTP items available. Please use our online service to access the data.
+There are 5 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
--- a/actors/VBShower/README.md
+++ b/actors/VBShower/README.md
@ -35,7 +35,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1068 | CWE-250, CWE-264, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
 4 | ... | ... | ... | ...
-There are 8 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -47,33 +47,31 @@ ID | Type | Indicator | Confidence
 2 | File | `/admin/inbox.php&action=read` | High
 3 | File | `/admin/news/news_mod.php` | High
 4 | File | `/admin/page_edit/3` | High
-5 | File | `/apps/acs-commons/content/page-compare.html` | High
+5 | File | `/administrator/alerts/alertLightbox.php` | High
-6 | File | `/blog/blog.php` | High
+6 | File | `/apps/acs-commons/content/page-compare.html` | High
-7 | File | `/cgi-bin/uploadWeiXinPic` | High
+7 | File | `/blog/blog.php` | High
-8 | File | `/domain/service/.ewell-known/caldav` | High
+8 | File | `/cgi-bin/main.cgi` | High
-9 | File | `/dvcset/sysset/set.cgi` | High
+9 | File | `/cgi-bin/uploadWeiXinPic` | High
-10 | File | `/example/editor` | High
+10 | File | `/domain/service/.ewell-known/caldav` | High
-11 | File | `/include/make.php` | High
+11 | File | `/dvcset/sysset/set.cgi` | High
-12 | File | `/jquery_file_upload/server/php/index.php` | High
+12 | File | `/example/editor` | High
-13 | File | `/mobile/SelectUsers.jsp` | High
+13 | File | `/include/make.php` | High
-14 | File | `/php/ajax.php` | High
+14 | File | `/jquery_file_upload/server/php/index.php` | High
-15 | File | `/ProteinArraySignificanceTest.json` | High
+15 | File | `/mobile/SelectUsers.jsp` | High
-16 | File | `/ptms/classes/Users.php` | High
+16 | File | `/php/ajax.php` | High
-17 | File | `/public/admin/index.php?add_product` | High
+17 | File | `/ProteinArraySignificanceTest.json` | High
-18 | File | `/system/bin/osi_bin` | High
+18 | File | `/ptms/classes/Users.php` | High
-19 | File | `/usr/local/bin/mjs` | High
+19 | File | `/public/admin/index.php?add_product` | High
-20 | File | `/wp-content/uploads/jobmonster/` | High
+20 | File | `/role/saveOrUpdateRole.do` | High
-21 | File | `/zbzedit/php/zbz.php` | High
+21 | File | `/system/bin/osi_bin` | High
-22 | File | `ActiveServices.java` | High
+22 | File | `/usr/local/bin/mjs` | High
-23 | File | `admin/bad.php` | High
+23 | File | `/wp-content/uploads/jobmonster/` | High
-24 | File | `admin/dl_sendmail.php` | High
+24 | File | `/zbzedit/php/zbz.php` | High
-25 | File | `admin/htaccess/bpsunlock.php` | High
+25 | File | `ActiveServices.java` | High
-26 | File | `admin/pages/useredit.php` | High
+26 | File | `admin/htaccess/bpsunlock.php` | High
-27 | File | `AlertReceiver.java` | High
+27 | ... | ... | ...
 28 | File | `alfresco/s/admin/admin-nodebrowser` | High
 29 | ... | ... | ...
-There are 243 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 225 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Valyria/README.md
+++ b/actors/Valyria/README.md
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
-* [DE](https://vuldb.com/?country.de)
+* [IL](https://vuldb.com/?country.il)
 * ...
 There are 6 more country items available. Please use our online service to access the data.
@ -43,7 +43,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
-There are 9 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -51,43 +51,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/.htaccess` | Medium
+1 | File | `/admin.php/admin/art/data.html` | High
-2 | File | `/admin.php/admin/art/data.html` | High
+2 | File | `/admin.php/admin/ulog/index.html` | High
-3 | File | `/admin.php/admin/ulog/index.html` | High
+3 | File | `/admin.php/admin/vod/data.html` | High
-4 | File | `/admin.php/admin/vod/data.html` | High
+4 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-5 | File | `/admin/goods/update` | High
+5 | File | `/admin.php?r=admin/AdminBackup/del` | High
-6 | File | `/api/eventinstance` | High
+6 | File | `/admin/edit.php` | High
-7 | File | `/api /v3/auth` | High
+7 | File | `/admin/goods/update` | High
-8 | File | `/blog/blog.php` | High
+8 | File | `/admin/inbox.php&action=delete` | High
-9 | File | `/cgi-bin/uploadAccessCodePic` | High
+9 | File | `/admin/inbox.php&action=read` | High
-10 | File | `/cloud_config/router_post/check_reset_pwd_verify_code` | High
+10 | File | `/admin/pagerole.php&action=edit` | High
-11 | File | `/cloud_config/router_post/upgrade_info` | High
+11 | File | `/admin/posts.php` | High
-12 | File | `/cwms/admin/?page=articles/view_article/` | High
+12 | File | `/admin/posts.php&action=delete` | High
-13 | File | `/cwms/classes/Master.php?f=save_contact` | High
+13 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-14 | File | `/data/sqldata` | High
+14 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
-15 | File | `/DataPackageTable` | High
+15 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-16 | File | `/download/` | Medium
+16 | File | `/admin/uesrs.php&action=display&value=Hide` | High
-17 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
+17 | File | `/admin/uesrs.php&action=display&value=Show` | High
-18 | File | `/etc/zarafa/license` | High
+18 | File | `/admin/uesrs.php&action=type&userrole=User` | High
-19 | File | `/factor/avx-ecm/vecarith52.c` | High
+19 | File | `/administrator/alerts/alertLightbox.php` | High
-20 | File | `/goform/delAd` | High
+20 | File | `/api/eventinstance` | High
-21 | File | `/goform/form2Reboot.cgi` | High
+21 | File | `/api /v3/auth` | High
-22 | File | `/goform/login_process` | High
+22 | File | `/appliance/users?action=edit` | High
-23 | File | `/goform/SetLanInfo` | High
+23 | File | `/apps/acs-commons/content/page-compare.html` | High
-24 | File | `/i/:data/ipa.plist` | High
+24 | File | `/blog/blog.php` | High
-25 | File | `/include/make.php` | High
+25 | File | `/cdsms/classes/Master.php?f=delete_package` | High
-26 | File | `/jpg/image.jpg` | High
+26 | File | `/cmd?cmd=connect` | High
-27 | File | `/login` | Low
+27 | File | `/cwms/admin/?page=articles/view_article/` | High
-28 | File | `/nova/bin/traceroute` | High
+28 | File | `/cwms/classes/Master.php?f=save_contact` | High
-29 | File | `/one_church/churchprofile.php` | High
+29 | File | `/data/sqldata` | High
-30 | File | `/one_church/userregister.php` | High
+30 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
-31 | File | `/php/ajax.php` | High
+31 | File | `/etc/zarafa/license` | High
-32 | File | `/plesk-site-preview/` | High
+32 | File | `/goform/login_process` | High
-33 | File | `/public/admin/index.php?add_product` | High
+33 | File | `/hocms/classes/Master.php?f=delete_member` | High
-34 | File | `/tmp/swhks.pid` | High
+34 | File | `/hocms/classes/Master.php?f=delete_phase` | High
-35 | ... | ... | ...
+35 | File | `/include/make.php` | High
 36 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
 37 | File | `/jpg/image.jpg` | High
 38 | File | `/login` | Low
 39 | ... | ... | ...
-There are 301 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 338 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/WindShift/README.md
+++ b/actors/WindShift/README.md
@ -15,8 +15,11 @@ The following _campaigns_ are known and can be associated with WindShift:
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with WindShift:
 * [US](https://vuldb.com/?country.us)
 * [TR](https://vuldb.com/?country.tr)
 * [RU](https://vuldb.com/?country.ru)
 * [TR](https://vuldb.com/?country.tr)
 * ...
 There are 3 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -34,6 +37,7 @@ ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 ## IOA - Indicator of Attack
@ -42,11 +46,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `.procmailrc` | Medium
-2 | File | `/uncpath/` | Medium
+2 | File | `/cgi-bin/wapopen` | High
-3 | File | `base/ErrorHandler.php` | High
+3 | File | `/it-IT/splunkd/__raw/services/get_snapshot` | High
 4 | ... | ... | ...
-There are 3 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 23 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Wocao/README.md
+++ b/actors/Wocao/README.md
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
-* [DE](https://vuldb.com/?country.de)
+* [IL](https://vuldb.com/?country.il)
 * ...
-There are 6 more country items available. Please use our online service to access the data.
+There are 7 more country items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 4 | ... | ... | ... | ...
-There are 9 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -53,44 +53,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/.htaccess` | Medium
+1 | File | `/admin.php/admin/art/data.html` | High
-2 | File | `/admin.php/admin/art/data.html` | High
+2 | File | `/admin.php/admin/vod/data.html` | High
-3 | File | `/admin.php/admin/ulog/index.html` | High
+3 | File | `/admin.php?id=siteoptions&social=edit&sid=2` | High
-4 | File | `/admin.php/admin/vod/data.html` | High
+4 | File | `/admin.php?r=admin/AdminBackup/del` | High
-5 | File | `/admin/goods/update` | High
+5 | File | `/admin/edit.php` | High
-6 | File | `/admin/login.php` | High
+6 | File | `/admin/goods/update` | High
-7 | File | `/admin/templates/template_manage.php` | High
+7 | File | `/admin/inbox.php&action=delete` | High
-8 | File | `/api/eventinstance` | High
+8 | File | `/admin/inbox.php&action=read` | High
-9 | File | `/api /v3/auth` | High
+9 | File | `/admin/pagerole.php&action=edit` | High
-10 | File | `/blog/blog.php` | High
+10 | File | `/admin/posts.php` | High
-11 | File | `/cgi-bin/uploadAccessCodePic` | High
+11 | File | `/admin/posts.php&action=delete` | High
-12 | File | `/cloud_config/router_post/check_reset_pwd_verify_code` | High
+12 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-13 | File | `/cloud_config/router_post/upgrade_info` | High
+13 | File | `/admin/siteoptions.php&social=remove&sid=2` | High
-14 | File | `/cwms/admin/?page=articles/view_article/` | High
+14 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-15 | File | `/cwms/classes/Master.php?f=save_contact` | High
+15 | File | `/admin/uesrs.php&action=display&value=Hide` | High
-16 | File | `/data/sqldata` | High
+16 | File | `/admin/uesrs.php&action=display&value=Show` | High
-17 | File | `/DataPackageTable` | High
+17 | File | `/admin/uesrs.php&action=type&userrole=User` | High
-18 | File | `/download/` | Medium
+18 | File | `/administrator/alerts/alertLightbox.php` | High
-19 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
+19 | File | `/api/eventinstance` | High
-20 | File | `/etc/zarafa/license` | High
+20 | File | `/api /v3/auth` | High
-21 | File | `/factor/avx-ecm/vecarith52.c` | High
+21 | File | `/appliance/users?action=edit` | High
-22 | File | `/goform/delAd` | High
+22 | File | `/apps/acs-commons/content/page-compare.html` | High
-23 | File | `/goform/form2Reboot.cgi` | High
+23 | File | `/blog/blog.php` | High
-24 | File | `/goform/login_process` | High
+24 | File | `/cdsms/classes/Master.php?f=delete_package` | High
-25 | File | `/goform/SetLanInfo` | High
+25 | File | `/cmd?cmd=connect` | High
-26 | File | `/i/:data/ipa.plist` | High
+26 | File | `/cwms/admin/?page=articles/view_article/` | High
-27 | File | `/include/make.php` | High
+27 | File | `/cwms/classes/Master.php?f=save_contact` | High
-28 | File | `/jpg/image.jpg` | High
+28 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
-29 | File | `/login` | Low
+29 | File | `/etc/zarafa/license` | High
-30 | File | `/nova/bin/traceroute` | High
+30 | File | `/goform/login_process` | High
-31 | File | `/one_church/churchprofile.php` | High
+31 | File | `/hocms/classes/Master.php?f=delete_member` | High
-32 | File | `/one_church/userregister.php` | High
+32 | File | `/hocms/classes/Master.php?f=delete_phase` | High
-33 | File | `/php/ajax.php` | High
+33 | File | `/include/make.php` | High
-34 | File | `/plesk-site-preview/` | High
+34 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
-35 | File | `/public/admin/index.php?add_product` | High
+35 | File | `/jpg/image.jpg` | High
-36 | ... | ... | ...
+36 | File | `/login` | Low
 37 | File | `/manager/files` | High
 38 | File | `/module/api.php?mobile/wapNasIPS` | High
 39 | ... | ... | ...
-There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/actors/Xcnfe/README.md
+++ b/actors/Xcnfe/README.md
@ -13,14 +13,17 @@ ID | IP address | Hostname | Campaign | Confidence
 1 | [8.249.221.254](https://vuldb.com/?ip.8.249.221.254) | - | - | High
 2 | [8.249.225.254](https://vuldb.com/?ip.8.249.225.254) | - | - | High
 3 | [72.21.81.240](https://vuldb.com/?ip.72.21.81.240) | - | - | High
-4 | ... | ... | ... | ...
+4 | [104.20.208.21](https://vuldb.com/?ip.104.20.208.21) | - | - | High
 5 | ... | ... | ... | ...
-There are 11 more IOC items available. Please use our online service to access the data.
+There are 15 more IOC items available. Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the actor and the associated activities:
 * https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
 * https://blog.talosintelligence.com/2019/08/threat-roundup-0816-0823.html
 * https://blog.talosintelligence.com/2021/05/threat-roundup-0430-0507.html
 ## Literature
--- a/actors/Zebra2104/README.md
+++ b/actors/Zebra2104/README.md
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Zebra2104:
 * [CF](https://vuldb.com/?country.cf)
 * [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
 * ...
 There are 3 more country items available. Please use our online service to access the data.
--- a/actors/Zegost/README.md
+++ b/actors/Zegost/README.md
@ -43,7 +43,7 @@ ID | IP address | Hostname | Campaign | Confidence
 20 | [50.63.202.73](https://vuldb.com/?ip.50.63.202.73) | ip-50-63-202-73.ip.secureserver.net | - | High
 21 | ... | ... | ... | ...
-There are 80 more IOC items available. Please use our online service to access the data.
+There are 81 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -70,52 +70,51 @@ ID | Type | Indicator | Confidence
 4 | File | `/admin/default.asp` | High
 5 | File | `/ajax/networking/get_netcfg.php` | High
 6 | File | `/assets/ctx` | Medium
-7 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
+7 | File | `/cgi-bin/login_action.cgi` | High
-8 | File | `/checkLogin.cgi` | High
+8 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
-9 | File | `/cms/print.php` | High
+9 | File | `/checkLogin.cgi` | High
-10 | File | `/concat?/%2557EB-INF/web.xml` | High
+10 | File | `/cms/print.php` | High
-11 | File | `/data/remove` | Medium
+11 | File | `/concat?/%2557EB-INF/web.xml` | High
-12 | File | `/etc/ajenti/config.yml` | High
+12 | File | `/data/remove` | Medium
-13 | File | `/etc/passwd` | Medium
+13 | File | `/etc/ajenti/config.yml` | High
-14 | File | `/goform/telnet` | High
+14 | File | `/etc/passwd` | Medium
-15 | File | `/login` | Low
+15 | File | `/goform/telnet` | High
-16 | File | `/modules/profile/index.php` | High
+16 | File | `/login` | Low
-17 | File | `/navigate/navigate_download.php` | High
+17 | File | `/modules/profile/index.php` | High
-18 | File | `/owa/auth/logon.aspx` | High
+18 | File | `/navigate/navigate_download.php` | High
-19 | File | `/p` | Low
+19 | File | `/out.php` | Medium
-20 | File | `/password.html` | High
+20 | File | `/owa/auth/logon.aspx` | High
-21 | File | `/proc/ioports` | High
+21 | File | `/p` | Low
-22 | File | `/property-list/property_view.php` | High
+22 | File | `/password.html` | High
-23 | File | `/ptms/classes/Users.php` | High
+23 | File | `/proc/ioports` | High
-24 | File | `/rest` | Low
+24 | File | `/property-list/property_view.php` | High
-25 | File | `/rest/api/2/search` | High
+25 | File | `/ptms/classes/Users.php` | High
-26 | File | `/s/` | Low
+26 | File | `/rest` | Low
-27 | File | `/scripts/cpan_config` | High
+27 | File | `/rest/api/2/search` | High
-28 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+28 | File | `/rom-0` | Low
-29 | File | `/services/system/setup.json` | High
+29 | File | `/s/` | Low
-30 | File | `/uncpath/` | Medium
+30 | File | `/scripts/cpan_config` | High
-31 | File | `/webconsole/APIController` | High
+31 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
-32 | File | `/websocket/exec` | High
+32 | File | `/services/system/setup.json` | High
-33 | File | `/wp-admin/admin-ajax.php` | High
+33 | File | `/uncpath/` | Medium
-34 | File | `/wp-json` | Medium
+34 | File | `/webconsole/APIController` | High
-35 | File | `/wp-json/oembed/1.0/embed?url` | High
+35 | File | `/websocket/exec` | High
-36 | File | `/_next` | Low
+36 | File | `/wp-admin/admin-ajax.php` | High
-37 | File | `4.edu.php\conn\function.php` | High
+37 | File | `/wp-json` | Medium
-38 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+38 | File | `/wp-json/oembed/1.0/embed?url` | High
-39 | File | `adclick.php` | Medium
+39 | File | `/_next` | Low
-40 | File | `addentry.php` | Medium
+40 | File | `4.edu.php\conn\function.php` | High
-41 | File | `add_comment.php` | High
+41 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-42 | File | `admin/admin.php` | High
+42 | File | `adclick.php` | Medium
-43 | File | `admin/category.inc.php` | High
+43 | File | `addentry.php` | Medium
-44 | File | `admin/conf_users_edit.php` | High
+44 | File | `admin/admin.php` | High
-45 | File | `admin/dl_sendmail.php` | High
+45 | File | `admin/category.inc.php` | High
-46 | File | `admin/index.php` | High
+46 | File | `admin/conf_users_edit.php` | High
-47 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
+47 | File | `admin/dl_sendmail.php` | High
-48 | File | `admin/password_forgotten.php` | High
+48 | File | `admin/index.php` | High
-49 | File | `admin/versions.html` | High
+49 | ... | ... | ...
 50 | ... | ... | ...
-There are 432 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 424 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -138,6 +137,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
 * https://blog.talosintelligence.com/2022/04/threat-roundup-0325-0401.html
 * https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
 * https://blog.talosintelligence.com/2022/04/threat-roundup-0415-0422.html
 ## Literature
--- a/actors/xHunt/README.md
+++ b/actors/xHunt/README.md
@ -49,7 +49,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
-There are 8 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -81,9 +81,9 @@ ID | Type | Indicator | Confidence
 22 | File | `/new` | Low
 23 | File | `/public/plugins/` | High
 24 | File | `/sbin/gs_config` | High
-25 | File | `/Storage/Emulated/0/Telegram/Telegram` | High
+25 | File | `/secure/QueryComponent!Default.jspa` | High
-26 | File | `/uncpath/` | Medium
+26 | File | `/Storage/Emulated/0/Telegram/Telegram` | High
-27 | File | `/Upload/admin/index.php?module=forum-management&action=add` | High
+27 | File | `/uncpath/` | Medium
 28 | File | `/uploads/dede` | High
 29 | File | `/usr/bin/pkexec` | High
 30 | File | `/usr/sbin/nagios` | High
@ -101,8 +101,7 @@ ID | Type | Indicator | Confidence
 42 | File | `admin/bitrix.xscan_worker.php` | High
 43 | File | `admin/conf_users_edit.php` | High
 44 | File | `admin/mcart_xls_import.php` | High
-45 | File | `admin/ops/reports/ops/news.php` | High
+45 | ... | ... | ...
 46 | ... | ... | ...
 There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
--- a/campaigns/Afghanistan
+++ b/campaigns/Afghanistan
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Afghanistan and India:
 * [FR](https://vuldb.com/?country.fr)
 * [ES](https://vuldb.com/?country.es)
 * [US](https://vuldb.com/?country.us)
--- a/campaigns/Anchor/README.md
+++ b/campaigns/Anchor/README.md
@ -0,0 +1,83 @@
 # Anchor - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the campaign known as _Anchor_. The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor](https://vuldb.com/?actor)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Anchor:
 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
 * [CN](https://vuldb.com/?country.cn)
 * ...
 There are 1 more country items available. Please use our online service to access the data.
 ## Actors
 These _actors_ are associated with Anchor or other actors linked to the campaign.
 ID | Actor | Confidence
 -- | ----- | ----------
 1 | [TrickBot](https://vuldb.com/?actor.trickbot) | High
 2 | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Anchor.
 ID | IP address | Hostname | Actor | Confidence
 -- | ---------- | -------- | ----- | ----------
 1 | [23.94.51.80](https://vuldb.com/?ip.23.94.51.80) | 23-94-51-80-host.colocrossing.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 2 | [34.210.71.206](https://vuldb.com/?ip.34.210.71.206) | ec2-34-210-71-206.us-west-2.compute.amazonaws.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | Medium
 3 | [54.176.158.165](https://vuldb.com/?ip.54.176.158.165) | ec2-54-176-158-165.us-west-1.compute.amazonaws.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | Medium
 4 | ... | ... | ... | ...
 There are 6 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used within Anchor. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
 3 | T1211 | CWE-254 | 7PK Security Features | High
 4 | ... | ... | ... | ...
 There are 2 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during Anchor. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/+CSCOE+/logon.html` | High
 2 | File | `/forum/away.php` | High
 3 | File | `add_comment.php` | High
 4 | File | `comment_add.asp` | High
 5 | ... | ... | ...
 There are 28 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the campaign and the associated activities:
 * https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/
 * https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/campaigns/AppleSeed/README.md
+++ b/campaigns/AppleSeed/README.md
@ -69,7 +69,7 @@ ID | Type | Indicator | Confidence
 12 | File | `/SASWebReportStudio/logonAndRender.do` | High
 13 | ... | ... | ...
-There are 99 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 103 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/campaigns/BLINDINGCAN/README.md
+++ b/campaigns/BLINDINGCAN/README.md
@ -66,7 +66,7 @@ ID | Type | Indicator | Confidence
 9 | File | `admin/google_search_console/class-gsc-table.php` | High
 10 | ... | ... | ...
-There are 73 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 74 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/campaigns/BazarLoader/README.md
+++ b/campaigns/BazarLoader/README.md
@ -0,0 +1,117 @@
 # BazarLoader - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the campaign known as _BazarLoader_. The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor](https://vuldb.com/?actor)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BazarLoader:
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
 * [RU](https://vuldb.com/?country.ru)
 * ...
 There are 1 more country items available. Please use our online service to access the data.
 ## Actors
 These _actors_ are associated with BazarLoader or other actors linked to the campaign.
 ID | Actor | Confidence
 -- | ----- | ----------
 1 | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 2 | [Conti](https://vuldb.com/?actor.conti) | High
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BazarLoader.
 ID | IP address | Hostname | Actor | Confidence
 -- | ---------- | -------- | ----- | ----------
 1 | [3.101.57.185](https://vuldb.com/?ip.3.101.57.185) | ec2-3-101-57-185.us-west-1.compute.amazonaws.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | Medium
 2 | [13.56.161.214](https://vuldb.com/?ip.13.56.161.214) | ec2-13-56-161-214.us-west-1.compute.amazonaws.com | [Conti](https://vuldb.com/?actor.conti) | Medium
 3 | [13.225.230.232](https://vuldb.com/?ip.13.225.230.232) | server-13-225-230-232.jfk51.r.cloudfront.net | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 4 | [13.226.32.216](https://vuldb.com/?ip.13.226.32.216) | server-13-226-32-216.ewr53.r.cloudfront.net | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 5 | [18.67.60.164](https://vuldb.com/?ip.18.67.60.164) | server-18-67-60-164.iad89.r.cloudfront.net | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 6 | [23.56.10.219](https://vuldb.com/?ip.23.56.10.219) | a23-56-10-219.deploy.static.akamaitechnologies.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 7 | [23.62.25.178](https://vuldb.com/?ip.23.62.25.178) | a23-62-25-178.deploy.static.akamaitechnologies.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 8 | [23.82.19.173](https://vuldb.com/?ip.23.82.19.173) | - | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 9 | [23.94.51.80](https://vuldb.com/?ip.23.94.51.80) | 23-94-51-80-host.colocrossing.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 10 | [23.95.238.122](https://vuldb.com/?ip.23.95.238.122) | 23-95-238-122-host.colocrossing.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 11 | [23.106.160.77](https://vuldb.com/?ip.23.106.160.77) | - | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 12 | [23.106.215.61](https://vuldb.com/?ip.23.106.215.61) | - | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 13 | [23.106.223.174](https://vuldb.com/?ip.23.106.223.174) | - | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 14 | [23.152.0.22](https://vuldb.com/?ip.23.152.0.22) | anahiem.net | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 15 | [23.160.193.217](https://vuldb.com/?ip.23.160.193.217) | unknown.ip-xfer.net | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 16 | [23.193.217.119](https://vuldb.com/?ip.23.193.217.119) | a23-193-217-119.deploy.static.akamaitechnologies.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 17 | [31.14.40.160](https://vuldb.com/?ip.31.14.40.160) | perico.cavepanel.com | [Conti](https://vuldb.com/?actor.conti) | High
 18 | [31.171.251.118](https://vuldb.com/?ip.31.171.251.118) | ch.ns.mon0.li | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 19 | [31.214.240.203](https://vuldb.com/?ip.31.214.240.203) | - | [BazarLoader](https://vuldb.com/?actor.bazarloader) | High
 20 | [34.209.40.84](https://vuldb.com/?ip.34.209.40.84) | ec2-34-209-40-84.us-west-2.compute.amazonaws.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | Medium
 21 | [34.210.71.206](https://vuldb.com/?ip.34.210.71.206) | ec2-34-210-71-206.us-west-2.compute.amazonaws.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | Medium
 22 | [34.219.130.241](https://vuldb.com/?ip.34.219.130.241) | ec2-34-219-130-241.us-west-2.compute.amazonaws.com | [Conti](https://vuldb.com/?actor.conti) | Medium
 23 | [34.221.188.35](https://vuldb.com/?ip.34.221.188.35) | ec2-34-221-188-35.us-west-2.compute.amazonaws.com | [BazarLoader](https://vuldb.com/?actor.bazarloader) | Medium
 24 | ... | ... | ... | ...
 There are 91 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used within BazarLoader. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1552 | CWE-319, CWE-522 | Unprotected Storage of Credentials | High
 4 | ... | ... | ... | ...
 There are 1 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during BazarLoader. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/api` | Low
 2 | File | `/include/makecvs.php` | High
 3 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
 4 | File | `/usr/local/psa/admin/sbin/wrapper` | High
 5 | File | `add.php` | Low
 6 | File | `admin/admin.shtml` | High
 7 | File | `cat.asp` | Low
 8 | File | `class.phpmailer.php` | High
 9 | ... | ... | ...
 There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the campaign and the associated activities:
 * https://blog.talosintelligence.com/2021/05/threat-roundup-0514-0521.html
 * https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
 * https://blog.talosintelligence.com/2022/03/threat-roundup-0311-0318.html
 * https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
 * https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/
 * https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/
 * https://thedfirreport.com/2021/03/08/bazar-drops-the-anchor/
 * https://thedfirreport.com/2021/09/13/bazarloader-to-conti-ransomware-in-32-hours/
 * https://thedfirreport.com/2021/10/04/bazarloader-and-the-conti-leaks/
 * https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
 * https://thedfirreport.com/2021/12/13/diavol-ransomware/
 * https://twitter.com/_pr4gma/status/1347617681197961225
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/campaigns/BumbleBee/README.md
+++ b/campaigns/BumbleBee/README.md
@ -70,43 +70,43 @@ ID | Type | Indicator | Confidence
 8 | File | `/admin/modules/system/custom_field.php` | High
 9 | File | `/api/crontab` | Medium
 10 | File | `/app1/admin#foo` | High
-11 | File | `/articles/welcome-to-your-site#comments-head` | High
+11 | File | `/bin/boa` | Medium
-12 | File | `/assets/ctx` | Medium
+12 | File | `/cgi-bin/wapopen` | High
-13 | File | `/bin/boa` | Medium
+13 | File | `/cgi-mod/lookup.cgi` | High
-14 | File | `/cgi-bin/wapopen` | High
+14 | File | `/cgi?1&5` | Medium
-15 | File | `/cgi-mod/lookup.cgi` | High
+15 | File | `/config/getuser` | High
-16 | File | `/cgi?1&5` | Medium
+16 | File | `/debug/pprof` | Medium
-17 | File | `/config/getuser` | High
+17 | File | `/export` | Low
-18 | File | `/debug/pprof` | Medium
+18 | File | `/forum/away.php` | High
-19 | File | `/export` | Low
+19 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
-20 | File | `/forum/away.php` | High
+20 | File | `/iissamples` | Medium
-21 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
+21 | File | `/interface/main/backup.php` | High
-22 | File | `/iissamples` | Medium
+22 | File | `/new` | Low
-23 | File | `/interface/main/backup.php` | High
+23 | File | `/public/plugins/` | High
-24 | File | `/new` | Low
+24 | File | `/sbin/gs_config` | High
-25 | File | `/public/plugins/` | High
+25 | File | `/secure/QueryComponent!Default.jspa` | High
-26 | File | `/sbin/gs_config` | High
+26 | File | `/Storage/Emulated/0/Telegram/Telegram` | High
-27 | File | `/Storage/Emulated/0/Telegram/Telegram` | High
+27 | File | `/uncpath/` | Medium
-28 | File | `/uncpath/` | Medium
+28 | File | `/uploads/dede` | High
-29 | File | `/Upload/admin/index.php?module=forum-management&action=add` | High
+29 | File | `/usr/bin/pkexec` | High
-30 | File | `/uploads/dede` | High
+30 | File | `/usr/sbin/nagios` | High
-31 | File | `/usr/bin/pkexec` | High
+31 | File | `/usr/sbin/suexec` | High
-32 | File | `/usr/sbin/nagios` | High
+32 | File | `/WEB-INF/web.xml` | High
-33 | File | `/usr/sbin/suexec` | High
+33 | File | `/webman/info.cgi` | High
-34 | File | `/WEB-INF/web.xml` | High
+34 | File | `/wp-admin/admin-ajax.php` | High
-35 | File | `/webman/info.cgi` | High
+35 | File | `/wp-json/oembed/1.0/embed?url` | High
-36 | File | `/wp-admin/admin-ajax.php` | High
+36 | File | `/wp-json/wc/v3/webhooks` | High
-37 | File | `/wp-json/oembed/1.0/embed?url` | High
+37 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-38 | File | `/wp-json/wc/v3/webhooks` | High
+38 | File | `admin.php?m=admin&c=site&a=save` | High
-39 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+39 | File | `admin.php?page=languages` | High
-40 | File | `admin.php?m=admin&c=site&a=save` | High
+40 | File | `admin/admin_users.php` | High
-41 | File | `admin.php?page=languages` | High
+41 | File | `admin/bitrix.mpbuilder_step2.php` | High
-42 | File | `admin/admin_users.php` | High
+42 | File | `admin/bitrix.xscan_worker.php` | High
-43 | File | `admin/bitrix.mpbuilder_step2.php` | High
+43 | File | `admin/conf_users_edit.php` | High
-44 | File | `admin/bitrix.xscan_worker.php` | High
+44 | File | `admin/mcart_xls_import.php` | High
 45 | ... | ... | ...
-There are 391 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/campaigns/COVID-19/README.md
+++ b/campaigns/COVID-19/README.md
@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with COVID-19:
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
 * [VN](https://vuldb.com/?country.vn)
 * [CN](https://vuldb.com/?country.cn)
 * [LA](https://vuldb.com/?country.la)
 * ...
 There are 4 more country items available. Please use our online service to access the data.
@ -34,12 +34,116 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Actor | Confidence
 -- | ---------- | -------- | ----- | ----------
-1 | [45.123.190.167](https://vuldb.com/?ip.45.123.190.167) | - | [APT29](https://vuldb.com/?actor.apt29) | High
+1 | [2.47.112.152](https://vuldb.com/?ip.2.47.112.152) | net-2-47-112-152.cust.vodafonedsl.it | [Unknown](https://vuldb.com/?actor.unknown) | High
-2 | [45.129.229.48](https://vuldb.com/?ip.45.129.229.48) | - | [APT29](https://vuldb.com/?actor.apt29) | High
+2 | [2.56.214.178](https://vuldb.com/?ip.2.56.214.178) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
-3 | [46.101.202.66](https://vuldb.com/?ip.46.101.202.66) | grafana.jagu.dev | [Transparent Tribe](https://vuldb.com/?actor.transparent_tribe) | High
+3 | [5.75.75.75](https://vuldb.com/?ip.5.75.75.75) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
-4 | ... | ... | ... | ...
+4 | [5.101.0.209](https://vuldb.com/?ip.5.101.0.209) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 5 | [5.157.87.204](https://vuldb.com/?ip.5.157.87.204) | redirect.yourhosting.nl | [Unknown](https://vuldb.com/?actor.unknown) | High
 6 | [5.181.156.14](https://vuldb.com/?ip.5.181.156.14) | no-rdns.mivocloud.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 7 | [5.182.210.2](https://vuldb.com/?ip.5.182.210.2) | server30.flaunt7.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 8 | [5.182.210.84](https://vuldb.com/?ip.5.182.210.84) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 9 | [5.188.60.131](https://vuldb.com/?ip.5.188.60.131) | sk.s5.ans1.ns148.ztomy.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 10 | [5.189.132.254](https://vuldb.com/?ip.5.189.132.254) | vmi429632.contaboserver.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 11 | [5.255.96.187](https://vuldb.com/?ip.5.255.96.187) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 12 | [8.208.15.85](https://vuldb.com/?ip.8.208.15.85) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 13 | [8.208.78.192](https://vuldb.com/?ip.8.208.78.192) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 14 | [8.209.69.101](https://vuldb.com/?ip.8.209.69.101) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 15 | [8.209.70.110](https://vuldb.com/?ip.8.209.70.110) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 16 | [8.250.169.254](https://vuldb.com/?ip.8.250.169.254) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 17 | [8.250.183.254](https://vuldb.com/?ip.8.250.183.254) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 18 | [8.251.5.254](https://vuldb.com/?ip.8.251.5.254) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 19 | [8.251.15.254](https://vuldb.com/?ip.8.251.15.254) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 20 | [8.251.31.254](https://vuldb.com/?ip.8.251.31.254) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 21 | [12.162.84.2](https://vuldb.com/?ip.12.162.84.2) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 22 | [14.161.6.60](https://vuldb.com/?ip.14.161.6.60) | static.vnpt.vn | [Unknown](https://vuldb.com/?actor.unknown) | High
 23 | [23.19.227.235](https://vuldb.com/?ip.23.19.227.235) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 24 | [23.227.38.64](https://vuldb.com/?ip.23.227.38.64) | shops.myshopify.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 25 | [23.254.215.229](https://vuldb.com/?ip.23.254.215.229) | hwsrv-869108.hostwindsdns.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 26 | [24.94.237.248](https://vuldb.com/?ip.24.94.237.248) | cpe-24-94-237-248.sw.res.rr.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 27 | [24.196.13.216](https://vuldb.com/?ip.24.196.13.216) | 024-196-013-216.res.spectrum.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 28 | [24.247.182.167](https://vuldb.com/?ip.24.247.182.167) | 024-247-182-167.res.spectrum.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 29 | [24.247.182.240](https://vuldb.com/?ip.24.247.182.240) | 024-247-182-240.res.spectrum.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 30 | [31.31.77.83](https://vuldb.com/?ip.31.31.77.83) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 31 | [31.146.61.34](https://vuldb.com/?ip.31.146.61.34) | 31-146-61-34.dsl.utg.ge | [Unknown](https://vuldb.com/?actor.unknown) | High
 32 | [31.202.128.80](https://vuldb.com/?ip.31.202.128.80) | 31-202-128-80-kh.maxnet.ua | [Unknown](https://vuldb.com/?actor.unknown) | High
 33 | [35.242.251.130](https://vuldb.com/?ip.35.242.251.130) | 130.251.242.35.bc.googleusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | Medium
 34 | [37.1.209.51](https://vuldb.com/?ip.37.1.209.51) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 35 | [37.1.212.70](https://vuldb.com/?ip.37.1.212.70) | surprisefoun.reveltip.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 36 | [37.1.221.65](https://vuldb.com/?ip.37.1.221.65) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 37 | [37.49.226.13](https://vuldb.com/?ip.37.49.226.13) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 38 | [37.49.226.21](https://vuldb.com/?ip.37.49.226.21) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 39 | [37.49.226.142](https://vuldb.com/?ip.37.49.226.142) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 40 | [37.49.226.182](https://vuldb.com/?ip.37.49.226.182) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 41 | [37.70.131.107](https://vuldb.com/?ip.37.70.131.107) | 107.131.70.37.rev.sfr.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 42 | [37.152.88.55](https://vuldb.com/?ip.37.152.88.55) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 43 | [37.208.106.146](https://vuldb.com/?ip.37.208.106.146) | mail.joerrens.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 44 | [38.132.124.233](https://vuldb.com/?ip.38.132.124.233) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 45 | [41.60.200.34](https://vuldb.com/?ip.41.60.200.34) | 41.60.200.34.liquidtelecom.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 46 | [41.185.29.128](https://vuldb.com/?ip.41.185.29.128) | abp79-nix01.wadns.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 47 | [41.221.164.77](https://vuldb.com/?ip.41.221.164.77) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 48 | [42.51.192.231](https://vuldb.com/?ip.42.51.192.231) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 49 | [45.55.49.33](https://vuldb.com/?ip.45.55.49.33) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 50 | [45.55.179.121](https://vuldb.com/?ip.45.55.179.121) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 51 | [45.56.64.36](https://vuldb.com/?ip.45.56.64.36) | li914-36.members.linode.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 52 | [45.76.218.232](https://vuldb.com/?ip.45.76.218.232) | 45.76.218.232.vultrusercontent.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 53 | [45.81.226.17](https://vuldb.com/?ip.45.81.226.17) | vm3471381.43ssd.had.wf | [Unknown](https://vuldb.com/?actor.unknown) | High
 54 | [45.95.168.85](https://vuldb.com/?ip.45.95.168.85) | maxko-hosting.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 55 | [45.95.168.98](https://vuldb.com/?ip.45.95.168.98) | maxko-hosting.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 56 | [45.118.136.92](https://vuldb.com/?ip.45.118.136.92) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 57 | [45.123.190.167](https://vuldb.com/?ip.45.123.190.167) | - | [APT29](https://vuldb.com/?actor.apt29) | High
 58 | [45.128.132.55](https://vuldb.com/?ip.45.128.132.55) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 59 | [45.128.134.14](https://vuldb.com/?ip.45.128.134.14) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 60 | [45.128.134.20](https://vuldb.com/?ip.45.128.134.20) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 61 | [45.129.229.48](https://vuldb.com/?ip.45.129.229.48) | - | [APT29](https://vuldb.com/?actor.apt29) | High
 62 | [45.138.72.143](https://vuldb.com/?ip.45.138.72.143) | uziel.example.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 63 | [45.138.72.155](https://vuldb.com/?ip.45.138.72.155) | sp200177.example.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 64 | [45.142.212.126](https://vuldb.com/?ip.45.142.212.126) | ivan.temporary | [Unknown](https://vuldb.com/?actor.unknown) | High
 65 | [45.142.212.192](https://vuldb.com/?ip.45.142.212.192) | blackswan95.example1.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 66 | [45.142.212.209](https://vuldb.com/?ip.45.142.212.209) | augenweide.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 67 | [45.142.213.59](https://vuldb.com/?ip.45.142.213.59) | vm423520.stark-industries.solutions | [Unknown](https://vuldb.com/?actor.unknown) | High
 68 | [45.143.138.47](https://vuldb.com/?ip.45.143.138.47) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 69 | [45.148.120.13](https://vuldb.com/?ip.45.148.120.13) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 70 | [45.148.120.153](https://vuldb.com/?ip.45.148.120.153) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 71 | [45.153.40.105](https://vuldb.com/?ip.45.153.40.105) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 72 | [45.153.184.67](https://vuldb.com/?ip.45.153.184.67) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 73 | [45.161.242.102](https://vuldb.com/?ip.45.161.242.102) | 45-161-242-102.megalink.com.br | [Unknown](https://vuldb.com/?actor.unknown) | High
 74 | [46.4.157.37](https://vuldb.com/?ip.46.4.157.37) | static.37.157.4.46.clients.your-server.de | [Unknown](https://vuldb.com/?actor.unknown) | High
 75 | [46.17.6.116](https://vuldb.com/?ip.46.17.6.116) | 116-6-17-46.static.fxw.nl | [Unknown](https://vuldb.com/?actor.unknown) | High
 76 | [46.17.107.65](https://vuldb.com/?ip.46.17.107.65) | ulasiuk21.example.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 77 | [46.19.143.155](https://vuldb.com/?ip.46.19.143.155) | growthinside.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 78 | [46.20.1.226](https://vuldb.com/?ip.46.20.1.226) | ns1.ceyhunsezer.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 79 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 80 | [46.101.202.66](https://vuldb.com/?ip.46.101.202.66) | grafana.jagu.dev | [Transparent Tribe](https://vuldb.com/?actor.transparent_tribe) | High
 81 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | [Unknown](https://vuldb.com/?actor.unknown) | High
 82 | [46.166.187.223](https://vuldb.com/?ip.46.166.187.223) | . | [Unknown](https://vuldb.com/?actor.unknown) | High
 83 | [46.214.11.172](https://vuldb.com/?ip.46.214.11.172) | 46-214-11-172.next-gen.ro | [Unknown](https://vuldb.com/?actor.unknown) | High
 84 | [47.150.248.161](https://vuldb.com/?ip.47.150.248.161) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 85 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 86 | [50.87.253.50](https://vuldb.com/?ip.50.87.253.50) | box2161.bluehost.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 87 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 88 | [51.38.93.190](https://vuldb.com/?ip.51.38.93.190) | ip190.ip-51-38-93.eu | [Unknown](https://vuldb.com/?actor.unknown) | High
 89 | [51.79.129.4](https://vuldb.com/?ip.51.79.129.4) | ip4.ip-51-79-129.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 90 | [51.89.73.158](https://vuldb.com/?ip.51.89.73.158) | ip158.ip-51-89-73.eu | [Unknown](https://vuldb.com/?actor.unknown) | High
 91 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | [Unknown](https://vuldb.com/?actor.unknown) | High
 92 | [51.254.164.244](https://vuldb.com/?ip.51.254.164.244) | y9gs.gaurented.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 93 | [51.254.164.245](https://vuldb.com/?ip.51.254.164.245) | ip245.ip-51-254-164.eu | [Unknown](https://vuldb.com/?actor.unknown) | High
 94 | [54.39.139.67](https://vuldb.com/?ip.54.39.139.67) | ip67.ip-54-39-139.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 95 | [58.171.38.26](https://vuldb.com/?ip.58.171.38.26) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 96 | [58.177.172.160](https://vuldb.com/?ip.58.177.172.160) | 058177172160.ctinets.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 97 | [59.20.65.102](https://vuldb.com/?ip.59.20.65.102) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 98 | [59.120.5.154](https://vuldb.com/?ip.59.120.5.154) | 59-120-5-154.hinet-ip.hinet.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 99 | [60.130.173.117](https://vuldb.com/?ip.60.130.173.117) | softbank060130173117.bbtec.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 100 | [60.250.78.22](https://vuldb.com/?ip.60.250.78.22) | 60-250-78-22.hinet-ip.hinet.net | [Unknown](https://vuldb.com/?actor.unknown) | High
 101 | [61.92.159.208](https://vuldb.com/?ip.61.92.159.208) | 061092159208.ctinets.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 102 | [63.142.252.21](https://vuldb.com/?ip.63.142.252.21) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 103 | [63.250.38.195](https://vuldb.com/?ip.63.250.38.195) | business61-5.web-hosting.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 104 | [63.250.38.240](https://vuldb.com/?ip.63.250.38.240) | anakmas.org | [Unknown](https://vuldb.com/?actor.unknown) | High
 105 | [63.250.47.83](https://vuldb.com/?ip.63.250.47.83) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 106 | [64.44.51.113](https://vuldb.com/?ip.64.44.51.113) | srv44.pahlmeyer.life | [Unknown](https://vuldb.com/?actor.unknown) | High
 107 | [64.188.25.205](https://vuldb.com/?ip.64.188.25.205) | 64.188.25.205.static.quadranet.com | [Unknown](https://vuldb.com/?actor.unknown) | High
 108 | ... | ... | ... | ...
-There are 9 more IOC items available. Please use our online service to access the data.
+There are 426 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -47,8 +151,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
+2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...
 There are 8 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -56,16 +164,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/pages/systemcall.php?command={COMMAND}` | High
+1 | File | `//` | Low
-2 | File | `/phppath/php` | Medium
+2 | File | `/admin/index.php?slides` | High
-3 | File | `/uncpath/` | Medium
+3 | File | `/apply.cgi` | Medium
-4 | File | `/WEB-INF/web.xml` | High
+4 | File | `/config/getuser` | High
-5 | File | `abook_database.php` | High
+5 | File | `/domains/list` | High
-6 | File | `adclick.php` | Medium
+6 | File | `/form/index.php?module=getjson` | High
-7 | File | `admin/conf_users_edit.php` | High
+7 | File | `/ghost/preview` | High
-8 | ... | ... | ...
+8 | File | `/include/chart_generator.php` | High
 9 | File | `/nova/bin/detnet` | High
 10 | File | `/ptms/classes/Users.php` | High
 11 | File | `/public/admin.php` | High
 12 | File | `/public/login.htm` | High
 13 | File | `/public/login.htm?errormsg=&loginurl=%22%3E%3Csvg%20onload=prompt%28/XSS/%29%3E` | High
 14 | File | `/rest/api/latest/user/avatar/temporary` | High
 15 | File | `/s/` | Low
 16 | File | `/SAP_Information_System/controllers/add_admin.php` | High
 17 | File | `/scripts/unlock_tasks.php` | High
 18 | File | `/tmp/app/.env` | High
 19 | File | `/uncpath/` | Medium
 20 | File | `/user-utils/users/md5.json` | High
 21 | File | `/userfs/bin/tcapi` | High
 22 | File | `/usr/bin/pkexec` | High
 23 | File | `/wp-admin/admin-ajax.php` | High
 24 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
 25 | File | `500page.jsp` | Medium
 26 | File | `accountrecoveryendpoint/recoverpassword.do` | High
 27 | File | `admin.php` | Medium
 28 | File | `admin/conf_users_edit.php` | High
 29 | File | `afr.php` | Low
 30 | ... | ... | ...
-There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 253 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -73,6 +203,7 @@ The following list contains _external sources_ which discuss the campaign and th
 * https://github.com/blackorbird/APT_REPORT/blob/master/International%20Strategic/Russia/Advisory-APT29-targets-COVID-19-vaccine-development.pdf
 * https://lab52.io/blog/new-transparentribe-operation-targeting-india-with-weaponized-covid-19-lure-documents/
 * https://loreto.ccn-cert.cni.es/index.php/s/oDcNr5Jqqpd5cjn#editor
 * https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/
 * https://us-cert.cisa.gov/ncas/alerts/aa20-225a
--- a/campaigns/CVE-2021-44207/README.md
+++ b/campaigns/CVE-2021-44207/README.md
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CVE-2021-44207:
 * [US](https://vuldb.com/?country.us)
 * [CN](https://vuldb.com/?country.cn)
 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
 * ...
@ -47,7 +47,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1211 | CWE-254 | 7PK Security Features | High
 4 | ... | ... | ... | ...
-There are 1 more TTP items available. Please use our online service to access the data.
+There are 2 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
 4 | File | `admin.php` | Medium
 5 | ... | ... | ...
-There are 33 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 34 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/campaigns/CVE-2021-44228/README.md
+++ b/campaigns/CVE-2021-44228/README.md
@ -64,35 +64,36 @@ ID | Type | Indicator | Confidence
 2 | File | `/admin.php/admin/plog/index.html` | High
 3 | File | `/admin.php/admin/ulog/index.html` | High
 4 | File | `/admin.php/admin/website/data.html` | High
-5 | File | `/admin/login.php` | High
+5 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
-6 | File | `/administrator/components/menu/` | High
+6 | File | `/admin/inbox.php&action=read` | High
-7 | File | `/admin_page/all-files-update-ajax.php` | High
+7 | File | `/admin/login.php` | High
-8 | File | `/api/crontab` | Medium
+8 | File | `/admin/posts.php&action=delete` | High
-9 | File | `/application/common.php#action_log` | High
+9 | File | `/admin/siteoptions.php&action=displaygoal&value=1&roleid=1` | High
-10 | File | `/category_view.php` | High
+10 | File | `/admin/uesrs.php&&action=delete&userid=4` | High
-11 | File | `/cgi-bin/kerbynet` | High
+11 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
-12 | File | `/cloud_config/router_post/register` | High
+12 | File | `/administrator/components/menu/` | High
-13 | File | `/config/list` | Medium
+13 | File | `/admin_page/all-files-update-ajax.php` | High
-14 | File | `/download/` | Medium
+14 | File | `/api/crontab` | Medium
-15 | File | `/etc/ajenti/config.yml` | High
+15 | File | `/application/common.php#action_log` | High
-16 | File | `/etc/cobbler` | Medium
+16 | File | `/category_view.php` | High
-17 | File | `/etc/passwd` | Medium
+17 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
-18 | File | `/goform/delAd` | High
+18 | File | `/cgi-bin/kerbynet` | High
-19 | File | `/goform/form2Reboot.cgi` | High
+19 | File | `/cloud_config/router_post/register` | High
-20 | File | `/home.asp` | Medium
+20 | File | `/config/list` | Medium
-21 | File | `/index.php?act=api&tag=8` | High
+21 | File | `/download/` | Medium
-22 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
+22 | File | `/etc/ajenti/config.yml` | High
-23 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
+23 | File | `/etc/cobbler` | Medium
-24 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
+24 | File | `/etc/passwd` | Medium
-25 | File | `/languages/index.php` | High
+25 | File | `/goform/delAd` | High
-26 | File | `/leave_system/classes/Login.php` | High
+26 | File | `/goform/form2Reboot.cgi` | High
-27 | File | `/members/view_member.php` | High
+27 | File | `/home.asp` | Medium
-28 | File | `/mims/app/addcustomerHandler.php` | High
+28 | File | `/index.php?act=api&tag=8` | High
-29 | File | `/music/ajax.php` | High
+29 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
-30 | File | `/orms/` | Low
+30 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
-31 | ... | ... | ...
+31 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
 32 | ... | ... | ...
-There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 274 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/campaigns/CatalanGate/README.md
+++ b/campaigns/CatalanGate/README.md
@ -0,0 +1,67 @@
 # CatalanGate - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the campaign known as _CatalanGate_. The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor](https://vuldb.com/?actor)
 ## Countries
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CatalanGate:
 * [US](https://vuldb.com/?country.us)
 ## Actors
 These _actors_ are associated with CatalanGate or other actors linked to the campaign.
 ID | Actor | Confidence
 -- | ----- | ----------
 1 | [Candiru](https://vuldb.com/?actor.candiru) | High
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CatalanGate.
 ID | IP address | Hostname | Actor | Confidence
 -- | ---------- | -------- | ----- | ----------
 1 | [185.181.8.155](https://vuldb.com/?ip.185.181.8.155) | - | [Candiru](https://vuldb.com/?actor.candiru) | High
 2 | [185.193.38.113](https://vuldb.com/?ip.185.193.38.113) | - | [Candiru](https://vuldb.com/?actor.candiru) | High
 ## TTP - Tactics, Techniques, Procedures
 _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used within CatalanGate. This data is unique as it uses our predictive model for actor profiling.
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79 | Cross Site Scripting | High
 2 | T1600 | CWE-327 | Cryptographic Issues | High
 ## IOA - Indicator of Attack
 These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during CatalanGate. This data is unique as it uses our predictive model for actor profiling.
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `arch/x86/platform/efi/efi.c` | High
 2 | File | `cp-demangle.c` | High
 3 | File | `jumpin.php` | Medium
 4 | ... | ... | ...
 There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
 The following list contains _external sources_ which discuss the campaign and the associated activities:
 * https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/campaigns/Chafer/README.md
+++ b/campaigns/Chafer/README.md
@ -65,7 +65,7 @@ ID | Type | Indicator | Confidence
 7 | File | `/uncpath/` | Medium
 8 | ... | ... | ...
-There are 57 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 58 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/Hopper/README.md
+++ b/Hopper/README.md
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * [RU](https://vuldb.com/?country.ru)
-* [CH](https://vuldb.com/?country.ch)
+* [CN](https://vuldb.com/?country.cn)
 * ...
 There are 9 more country items available. Please use our online service to access the data.
@ -106,7 +106,7 @@ ID | Type | Indicator | Confidence
 31 | File | `authenticate.c` | High
 32 | ... | ... | ...
-There are 271 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/Strike/README.md
+++ b/Strike/README.md
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
 * [US](https://vuldb.com/?country.us)
 * [DE](https://vuldb.com/?country.de)
-* [SV](https://vuldb.com/?country.sv)
+* [GB](https://vuldb.com/?country.gb)
 * ...
-There are 10 more country items available. Please use our online service to access the data.
+There are 21 more country items available. Please use our online service to access the data.
 ## Actors
@ -23,6 +23,10 @@ ID | Actor | Confidence
 -- | ----- | ----------
 1 | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
 2 | [Conti](https://vuldb.com/?actor.conti) | High
 3 | [Hancitor](https://vuldb.com/?actor.hancitor) | High
 4 | ... | ...
 There are 1 more actor items available. Please use our online service to access the data.
 ## IOC - Indicator of Compromise
@ -30,14 +34,20 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Actor | Confidence
 -- | ---------- | -------- | ----- | ----------
-1 | [23.82.140.91](https://vuldb.com/?ip.23.82.140.91) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
+1 | [5.255.98.144](https://vuldb.com/?ip.5.255.98.144) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
-2 | [23.108.57.108](https://vuldb.com/?ip.23.108.57.108) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
+2 | [23.19.227.147](https://vuldb.com/?ip.23.19.227.147) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
-3 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
+3 | [23.81.246.32](https://vuldb.com/?ip.23.81.246.32) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
-4 | [45.144.29.185](https://vuldb.com/?ip.45.144.29.185) | master.pisyandriy.com | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
+4 | [23.82.140.91](https://vuldb.com/?ip.23.82.140.91) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
-5 | [62.128.111.176](https://vuldb.com/?ip.62.128.111.176) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
+5 | [23.108.57.39](https://vuldb.com/?ip.23.108.57.39) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
-6 | ... | ... | ... | ...
+6 | [23.108.57.108](https://vuldb.com/?ip.23.108.57.108) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
 7 | [23.227.199.10](https://vuldb.com/?ip.23.227.199.10) | 23-227-199-10.static.hvvc.us | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
 8 | [45.134.26.174](https://vuldb.com/?ip.45.134.26.174) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
 9 | [45.144.29.185](https://vuldb.com/?ip.45.144.29.185) | master.pisyandriy.com | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
 10 | [62.128.111.176](https://vuldb.com/?ip.62.128.111.176) | - | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
 11 | [65.60.35.141](https://vuldb.com/?ip.65.60.35.141) | duwaer.presembling.vip | [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike) | High
 12 | ... | ... | ... | ...
-There are 18 more IOC items available. Please use our online service to access the data.
+There are 43 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -58,65 +68,61 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/?admin/user.html` | High
+1 | File | `/admin/success_story.php` | High
-2 | File | `/admin/success_story.php` | High
+2 | File | `/category.php` | High
-3 | File | `/configuration/httpListenerEdit.jsf` | High
+3 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
 4 | File | `/etc/tomcat8/Catalina/attack` | High
 5 | File | `/movie-portal-script/movie.php` | High
 6 | File | `/notice-edit.php` | High
-7 | File | `/resourceNode/jdbcResourceEdit.jsf` | High
+7 | File | `/objects/getSpiritsFromVideo.php` | High
 8 | File | `/servlet/webacc` | High
-9 | File | `/tmp` | Low
+9 | File | `/TeamMate/Upload/DomainObjectDocumentUpload.ashx` | High
-10 | File | `/wp-content/plugins/updraftplus/admin.php` | High
+10 | File | `/tmp` | Low
-11 | File | `4.2.0.CP08` | Medium
+11 | File | `/uncpath/` | Medium
-12 | File | `account.asp` | Medium
+12 | File | `/wp-admin/admin-ajax.php` | High
-13 | File | `acerctrl.ocx` | Medium
+13 | File | `/wp-content/plugins/updraftplus/admin.php` | High
-14 | File | `activate.php` | Medium
+14 | File | `4.2.0.CP08` | Medium
-15 | File | `add.php` | Low
+15 | File | `account.asp` | Medium
-16 | File | `admin.php` | Medium
+16 | File | `acerctrl.ocx` | Medium
-17 | File | `admin/admin.php` | High
+17 | File | `activate.php` | Medium
-18 | File | `admin/adminaddeditdetails.php` | High
+18 | File | `add.php` | Low
-19 | File | `admin/auth.php` | High
+19 | File | `admin.php` | Medium
-20 | File | `admin/images.php` | High
+20 | File | `admin/admin.php` | High
-21 | File | `admin/import/class-import-settings.php` | High
+21 | File | `admin/adminaddeditdetails.php` | High
-22 | File | `admin/member_details.php` | High
+22 | File | `admin/class-jtrt-responsive-tables-admin.php` | High
-23 | File | `admin/preview.php` | High
+23 | File | `admin/images.php` | High
-24 | File | `ajax/addComment.php` | High
+24 | File | `admin/import/class-import-settings.php` | High
-25 | File | `and/or` | Low
+25 | File | `admin/infoclass_update.php` | High
-26 | File | `app/code/core/Mage/Rss/Helper/Order.php` | High
+26 | File | `admin/member_details.php` | High
-27 | File | `arch/powerpc/kernel/entry_64.S` | High
+27 | File | `admin/preview.php` | High
-28 | File | `archive_read_support_format_rar5.c` | High
+28 | File | `ajax/addComment.php` | High
-29 | File | `article.php` | Medium
+29 | File | `allocate_block.cpp` | High
-30 | File | `asp:.jpg` | Medium
+30 | File | `and/or` | Low
-31 | File | `auth2-gss.c` | Medium
+31 | File | `app/code/core/Mage/Rss/Helper/Order.php` | High
-32 | File | `backup.php` | Medium
+32 | File | `arch/powerpc/kernel/entry_64.S` | High
-33 | File | `bios.php` | Medium
+33 | File | `archive_read_support_format_rar5.c` | High
-34 | File | `blanko.preview.php` | High
+34 | File | `article.php` | Medium
-35 | File | `block/bfq-iosched.c` | High
+35 | File | `asmjs/asmangle.cpp` | High
-36 | File | `browse_ladies.php` | High
+36 | File | `asp:.jpg` | Medium
-37 | File | `burl.c` | Low
+37 | File | `auth2-gss.c` | Medium
-38 | File | `cadena_ofertas_ext.php` | High
+38 | File | `backup.php` | Medium
-39 | File | `cal_popup.php` | High
+39 | File | `bios.php` | Medium
-40 | File | `category-delete.php` | High
+40 | File | `blanko.preview.php` | High
-41 | File | `category.php` | Medium
+41 | File | `block/bfq-iosched.c` | High
-42 | File | `CFM File Handler` | High
+42 | File | `books.php` | Medium
-43 | File | `cgi-bin/awstats.pl` | High
+43 | File | `browse_ladies.php` | High
-44 | File | `Change-password.php` | High
+44 | File | `burl.c` | Low
-45 | File | `charts.php` | Medium
+45 | File | `cadena_ofertas_ext.php` | High
-46 | File | `chat.php` | Medium
+46 | File | `category-delete.php` | High
-47 | File | `class.t3lib_formmail.php` | High
+47 | File | `category.php` | Medium
-48 | File | `comments.php` | Medium
+48 | File | `CFM File Handler` | High
-49 | File | `config.php` | Medium
+49 | File | `cgi-bin/awstats.pl` | High
-50 | File | `core/stack/l2cap/l2cap_sm.c` | High
+50 | File | `cgi-bin/write.cgi` | High
-51 | File | `country_escorts.php` | High
+51 | File | `Change-password.php` | High
-52 | File | `cource.php` | Medium
+52 | File | `chat.php` | Medium
-53 | File | `Crypt32.dll` | Medium
+53 | ... | ... | ...
 54 | File | `dapur/index.php` | High
 55 | File | `default.asp` | Medium
 56 | File | `detail.php` | Medium
 57 | ... | ... | ...
-There are 498 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -131,9 +137,22 @@ The following list contains _external sources_ which discuss the campaign and th
 * https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
 * https://research.checkpoint.com/2019/cobalt-group-returns-to-kazakhstan/
 * https://securelist.com/owowa-credential-stealer-and-remote-access/105219/
 * https://thedfirreport.com/2021/01/11/trickbot-still-alive-and-well/
 * https://thedfirreport.com/2021/05/02/trickbot-brief-creds-and-beacons/
 * https://thedfirreport.com/2021/05/12/conti-ransomware/
 * https://thedfirreport.com/2021/06/20/from-word-to-lateral-movement-in-1-hour/
 * https://thedfirreport.com/2021/06/28/hancitor-continues-to-push-cobalt-strike/
 * https://thedfirreport.com/2021/07/19/icedid-and-cobalt-strike-vs-antivirus/
 * https://thedfirreport.com/2021/08/01/bazarcall-to-conti-ransomware-via-trickbot-and-cobalt-strike/
 * https://thedfirreport.com/2021/08/16/trickbot-leads-up-to-fake-1password-installation/
 * https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
 * https://thedfirreport.com/2021/11/29/continuing-the-bazar-ransomware-story/
 * https://thedfirreport.com/2021/12/13/diavol-ransomware/
 * https://thedfirreport.com/2022/02/21/qbot-and-zerologon-lead-to-full-domain-compromise/
 * https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/
 * https://twitter.com/malware_traffic/status/1400876426497253379
 * https://twitter.com/malware_traffic/status/1415740795622248452
 * https://twitter.com/TheDFIRReport/status/1508451341844168706
 * https://twitter.com/Unit42_Intel/status/1392174941181812737
 * https://us-cert.cisa.gov/ncas/alerts/aa21-148a
 * https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/
--- a/campaigns/Cryptomining/README.md
+++ b/campaigns/Cryptomining/README.md
@ -9,8 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cryptomining:
 * [US](https://vuldb.com/?country.us)
 * [HU](https://vuldb.com/?country.hu)
 * [CN](https://vuldb.com/?country.cn)
-* [ES](https://vuldb.com/?country.es)
+* ...
 There are 6 more country items available. Please use our online service to access the data.
 ## Actors
@ -27,12 +30,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
 ID | IP address | Hostname | Actor | Confidence
 -- | ---------- | -------- | ----- | ----------
-1 | [45.9.148.182](https://vuldb.com/?ip.45.9.148.182) | - | [TeamTNT](https://vuldb.com/?actor.teamtnt) | High
+1 | [5.122.15.138](https://vuldb.com/?ip.5.122.15.138) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
-2 | [129.226.180.53](https://vuldb.com/?ip.129.226.180.53) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
+2 | [45.9.148.182](https://vuldb.com/?ip.45.9.148.182) | - | [TeamTNT](https://vuldb.com/?actor.teamtnt) | High
-3 | [132.162.107.97](https://vuldb.com/?ip.132.162.107.97) | ip-107-97.wireless.oberlin.edu | [Unknown](https://vuldb.com/?actor.unknown) | High
+3 | [45.136.244.146](https://vuldb.com/?ip.45.136.244.146) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
 4 | ... | ... | ... | ...
-There are 2 more IOC items available. Please use our online service to access the data.
+There are 7 more IOC items available. Please use our online service to access the data.
 ## TTP - Tactics, Techniques, Procedures
@ -40,12 +43,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
-1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
 2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
 3 | T1211 | CWE-254 | 7PK Security Features | High
 4 | ... | ... | ... | ...
-There are 5 more TTP items available. Please use our online service to access the data.
+There are 6 more TTP items available. Please use our online service to access the data.
 ## IOA - Indicator of Attack
@ -54,13 +57,19 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/goform/SetNetControlList` | High
-2 | File | `/rest/api/2/user/picker` | High
+2 | File | `/modules/tasks/summary.inc.php` | High
-3 | File | `admin/categories_industry.php` | High
+3 | File | `/rest/api/2/user/picker` | High
-4 | File | `admin/content/postcategory` | High
+4 | File | `/uncpath/` | Medium
-5 | File | `Adminstrator/Users/Edit/` | High
+5 | File | `admin/categories_industry.php` | High
-6 | ... | ... | ...
+6 | File | `admin/category.inc.php` | High
 7 | File | `admin/content/postcategory` | High
 8 | File | `Adminstrator/Users/Edit/` | High
 9 | File | `agent.cfg` | Medium
 10 | File | `ALL_IN_THE_BOX.OCX` | High
 11 | File | `bmp.c` | Low
 12 | ... | ... | ...
-There are 36 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 97 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
@ -68,6 +77,8 @@ The following list contains _external sources_ which discuss the campaign and th
 * https://blog.trendmicro.co.jp/archives/20418
 * https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/log4j-indicators-of-compromise-to-date/
 * https://thedfirreport.com/2020/11/12/cryptominers-exploiting-weblogic-rce-cve-2020-14882/
 * https://thedfirreport.com/2021/01/18/all-that-for-a-coinminer/
 * https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html
 ## Literature
--- a/Ukraine/README.md
+++ b/Ukraine/README.md
@ -74,83 +74,84 @@ ID | Type | Indicator | Confidence
 15 | File | `/master/article.php` | High
 16 | File | `/members/profiles.php` | High
 17 | File | `/members/view_member.php` | High
-18 | File | `/servlet/webacc` | High
+18 | File | `/scas/admin/` | Medium
-19 | File | `/sitemagic/upgrade.php` | High
+19 | File | `/servlet/webacc` | High
-20 | File | `/tmp` | Low
+20 | File | `/sitemagic/upgrade.php` | High
-21 | File | `/userman/inbox.php` | High
+21 | File | `/tmp` | Low
-22 | File | `/userui/ticket_list.php` | High
+22 | File | `/userman/inbox.php` | High
-23 | File | `/wp-admin/options-general.php` | High
+23 | File | `/userui/ticket_list.php` | High
-24 | File | `/zm/index.php` | High
+24 | File | `/wp-admin/options-general.php` | High
-25 | File | `adaptive-images-script.php` | High
+25 | File | `/zm/index.php` | High
-26 | File | `additem.asp` | Medium
+26 | File | `adaptive-images-script.php` | High
-27 | File | `addtocart.asp` | High
+27 | File | `additem.asp` | Medium
-28 | File | `adherents/subscription/info.php` | High
+28 | File | `addtocart.asp` | High
-29 | File | `admin.asp` | Medium
+29 | File | `adherents/subscription/info.php` | High
-30 | File | `admin.php` | Medium
+30 | File | `admin.asp` | Medium
-31 | File | `admin/admin.php` | High
+31 | File | `admin.php` | Medium
-32 | File | `admin/general.php` | High
+32 | File | `admin/admin.php` | High
-33 | File | `admin/header.php` | High
+33 | File | `admin/general.php` | High
-34 | File | `admin/inc/change_action.php` | High
+34 | File | `admin/header.php` | High
-35 | File | `admin/index.php` | High
+35 | File | `admin/inc/change_action.php` | High
-36 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
+36 | File | `admin/index.php` | High
-37 | File | `admin/info.php` | High
+37 | File | `admin/index.php?id=users/action=edit/user_id=1` | High
-38 | File | `admin/login.asp` | High
+38 | File | `admin/info.php` | High
-39 | File | `admin/manage-comments.php` | High
+39 | File | `admin/login.asp` | High
-40 | File | `admin/manage-news.php` | High
+40 | File | `admin/manage-comments.php` | High
-41 | File | `admin/plugin-settings.php` | High
+41 | File | `admin/manage-news.php` | High
-42 | File | `admin/specials.php` | High
+42 | File | `admin/plugin-settings.php` | High
-43 | File | `admin:de` | Medium
+43 | File | `admin/specials.php` | High
-44 | File | `admincp/auth/checklogin.php` | High
+44 | File | `admin:de` | Medium
-45 | File | `admincp/auth/secure.php` | High
+45 | File | `admincp/auth/checklogin.php` | High
-46 | File | `administrator/index.php` | High
+46 | File | `admincp/auth/secure.php` | High
-47 | File | `admin_login.asp` | High
+47 | File | `administrator/index.php` | High
-48 | File | `adv_search.asp` | High
+48 | File | `admin_login.asp` | High
-49 | File | `ajax.php` | Medium
+49 | File | `adv_search.asp` | High
-50 | File | `ajax_url.php` | Medium
+50 | File | `ajax.php` | Medium
-51 | File | `album_portal.php` | High
+51 | File | `ajax_url.php` | Medium
-52 | File | `al_initialize.php` | High
+52 | File | `album_portal.php` | High
-53 | File | `anjel.index.php` | High
+53 | File | `al_initialize.php` | High
-54 | File | `annonces-p-f.php` | High
+54 | File | `anjel.index.php` | High
-55 | File | `announce.php` | Medium
+55 | File | `annonces-p-f.php` | High
-56 | File | `announcement.php` | High
+56 | File | `announce.php` | Medium
-57 | File | `announcements.php` | High
+57 | File | `announcement.php` | High
-58 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
+58 | File | `announcements.php` | High
-59 | File | `apply.cgi` | Medium
+59 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
-60 | File | `apps/app_article/controller/rating.php` | High
+60 | File | `apply.cgi` | Medium
-61 | File | `article.php` | Medium
+61 | File | `apps/app_article/controller/rating.php` | High
-62 | File | `articles.php` | Medium
+62 | File | `article.php` | Medium
-63 | File | `artikel_anzeige.php` | High
+63 | File | `articles.php` | Medium
-64 | File | `auktion.cgi` | Medium
+64 | File | `artikel_anzeige.php` | High
-65 | File | `auth.php` | Medium
+65 | File | `auktion.cgi` | Medium
-66 | File | `basket.php` | Medium
+66 | File | `auth.php` | Medium
-67 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
+67 | File | `basket.php` | Medium
-68 | File | `books.php` | Medium
+68 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
-69 | File | `browse-category.php` | High
+69 | File | `books.php` | Medium
-70 | File | `browse.php` | Medium
+70 | File | `browse-category.php` | High
-71 | File | `browse_videos.php` | High
+71 | File | `browse.php` | Medium
-72 | File | `BrudaNews/BrudaGB` | High
+72 | File | `browse_videos.php` | High
-73 | File | `bwlist_inc.html` | High
+73 | File | `BrudaNews/BrudaGB` | High
-74 | File | `calendar.php` | Medium
+74 | File | `bwlist_inc.html` | High
-75 | File | `cart.php` | Medium
+75 | File | `calendar.php` | Medium
-76 | File | `cart_add.php` | Medium
+76 | File | `cart.php` | Medium
-77 | File | `case.filemanager.php` | High
+77 | File | `cart_add.php` | Medium
-78 | File | `catalog.php` | Medium
+78 | File | `case.filemanager.php` | High
-79 | File | `catalogshop.php` | High
+79 | File | `catalog.php` | Medium
-80 | File | `catalogue.asp` | High
+80 | File | `catalogshop.php` | High
-81 | File | `category.cfm` | Medium
+81 | File | `catalogue.asp` | High
-82 | File | `category.php` | Medium
+82 | File | `category.cfm` | Medium
-83 | File | `category_list.php` | High
+83 | File | `category.php` | Medium
-84 | File | `cgi-bin/awstats.pl` | High
+84 | File | `category_list.php` | High
-85 | File | `channel.asp` | Medium
+85 | File | `cgi-bin/awstats.pl` | High
-86 | File | `ChooseCpSearch.php` | High
+86 | File | `channel.asp` | Medium
-87 | File | `comentarii.php` | High
+87 | File | `ChooseCpSearch.php` | High
-88 | File | `comments.php` | Medium
+88 | File | `comentarii.php` | High
-89 | File | `config.inc.php` | High
+89 | File | `comments.php` | Medium
-90 | File | `config.php` | Medium
+90 | File | `config.inc.php` | High
-91 | File | `contact.php` | Medium
+91 | File | `config.php` | Medium
-92 | ... | ... | ...
+92 | File | `contact.php` | Medium
 93 | ... | ... | ...
-There are 813 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 819 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
 ## References
--- a/campaigns/DarkWatchman/README.md
+++ b/campaigns/DarkWatchman/README.md
@ -0,0 +1,41 @@
 # DarkWatchman - Cyber Threat Intelligence
 These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the campaign known as _DarkWatchman_. The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor](https://vuldb.com/?actor)
 ## Actors
 These _actors_ are associated with DarkWatchman or other actors linked to the campaign.
 ID | Actor | Confidence
 -- | ----- | ----------
 1 | [DarkWatchman](https://vuldb.com/?actor.darkwatchman) | High
 2 | [Hive0117](https://vuldb.com/?actor.hive0117) | High
 ## IOC - Indicator of Compromise
 These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of DarkWatchman.
 ID | IP address | Hostname | Actor | Confidence
 -- | ---------- | -------- | ----- | ----------
 1 | [45.156.27.245](https://vuldb.com/?ip.45.156.27.245) | dasee-1.net7.dns.cloudbackbone.net | [DarkWatchman](https://vuldb.com/?actor.darkwatchman) | High
 2 | [103.153.157.33](https://vuldb.com/?ip.103.153.157.33) | 103-153-157-33.ip.fulltimehosting.net | [Hive0117](https://vuldb.com/?actor.hive0117) | High
 ## References
 The following list contains _external sources_ which discuss the campaign and the associated activities:
 * https://securityintelligence.com/posts/hive00117-fileless-malware-delivery-eastern-europe/
 * https://www.prevailion.com/darkwatchman-new-fileless-techniques/
 ## Literature
 The following _articles_ explain our unique predictive cyber threat intelligence:
 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
 ## License
 (c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
--- a/Show More
+++ b/Show More