Update June 2023
This commit is contained in:
parent
b057cc617d
commit
0955ba53e2
|
@ -0,0 +1,64 @@
|
|||
# .IMG Files - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [.IMG Files](https://vuldb.com/?actor..img_files). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor..img_files](https://vuldb.com/?actor..img_files)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with .IMG Files:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of .IMG Files.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.101.94.172](https://vuldb.com/?ip.185.101.94.172) | kruxaw.de | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _.IMG Files_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by .IMG Files. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `PARAM.SFO` | Medium
|
||||
3 | File | `prod.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blogs.cisco.com/security/disk-image-deception-incident-response
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -93,7 +93,7 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `/uncpath/` | Medium
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 320 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,53 @@
|
|||
# 5ss5c - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [5ss5c](https://vuldb.com/?actor.5ss5c). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.5ss5c](https://vuldb.com/?actor.5ss5c)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with 5ss5c:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of 5ss5c.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [58.221.158.90](https://vuldb.com/?ip.58.221.158.90) | - | - | High
|
||||
2 | [61.186.243.2](https://vuldb.com/?ip.61.186.243.2) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _5ss5c_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by 5ss5c. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `rpc.kstatd` | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://bartblaze.blogspot.com/2020/01/satan-ransomware-rebrands-as-5ss5c.html?m=1
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -79,52 +79,47 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/index.php?page=category_list` | High
|
||||
30 | File | `/items/view_item.php` | High
|
||||
31 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
32 | File | `/lookin/info` | Medium
|
||||
33 | File | `/manager/index.php` | High
|
||||
31 | File | `/jobinfo/` | Medium
|
||||
32 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
33 | File | `/lookin/info` | Medium
|
||||
34 | File | `/medical/inventories.php` | High
|
||||
35 | File | `/modules/profile/index.php` | High
|
||||
36 | File | `/modules/projects/vw_files.php` | High
|
||||
37 | File | `/modules/public/calendar.php` | High
|
||||
38 | File | `/Moosikay/order.php` | High
|
||||
39 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
40 | File | `/newsDia.php` | Medium
|
||||
41 | File | `/opac/Actions.php?a=login` | High
|
||||
42 | File | `/out.php` | Medium
|
||||
43 | File | `/php-opos/index.php` | High
|
||||
44 | File | `/PreviewHandler.ashx` | High
|
||||
45 | File | `/proxy` | Low
|
||||
46 | File | `/public/launchNewWindow.jsp` | High
|
||||
47 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
48 | File | `/reports/rwservlet` | High
|
||||
49 | File | `/reservation/add_message.php` | High
|
||||
50 | File | `/sacco_shield/manage_user.php` | High
|
||||
51 | File | `/spip.php` | Medium
|
||||
52 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
53 | File | `/staff/bookdetails.php` | High
|
||||
54 | File | `/uncpath/` | Medium
|
||||
55 | File | `/user/updatePwd` | High
|
||||
56 | File | `/user/update_booking.php` | High
|
||||
57 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
58 | File | `/wireless/security.asp` | High
|
||||
59 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
60 | File | `/wp-admin/admin-ajax.php` | High
|
||||
61 | File | `01article.php` | High
|
||||
62 | File | `a-forms.php` | Medium
|
||||
63 | File | `AbstractScheduleJob.java` | High
|
||||
64 | File | `actionphp/download.File.php` | High
|
||||
65 | File | `activenews_view.asp` | High
|
||||
66 | File | `adclick.php` | Medium
|
||||
67 | File | `addtocart.asp` | High
|
||||
68 | File | `admin.a6mambocredits.php` | High
|
||||
69 | File | `admin.cropcanvas.php` | High
|
||||
70 | File | `admin.php` | Medium
|
||||
71 | File | `admin/abc.php` | High
|
||||
72 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
73 | File | `admin/admin/adminsave.html` | High
|
||||
74 | ... | ... | ...
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
39 | File | `/newsDia.php` | Medium
|
||||
40 | File | `/opac/Actions.php?a=login` | High
|
||||
41 | File | `/out.php` | Medium
|
||||
42 | File | `/php-opos/index.php` | High
|
||||
43 | File | `/PreviewHandler.ashx` | High
|
||||
44 | File | `/proxy` | Low
|
||||
45 | File | `/public/launchNewWindow.jsp` | High
|
||||
46 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
47 | File | `/reports/rwservlet` | High
|
||||
48 | File | `/reservation/add_message.php` | High
|
||||
49 | File | `/spip.php` | Medium
|
||||
50 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
51 | File | `/staff/bookdetails.php` | High
|
||||
52 | File | `/uncpath/` | Medium
|
||||
53 | File | `/user/updatePwd` | High
|
||||
54 | File | `/user/update_booking.php` | High
|
||||
55 | File | `/var/lib/docker/<remapping>` | High
|
||||
56 | File | `/wireless/security.asp` | High
|
||||
57 | File | `/wp-admin/admin-ajax.php` | High
|
||||
58 | File | `01article.php` | High
|
||||
59 | File | `a-forms.php` | Medium
|
||||
60 | File | `AbstractScheduleJob.java` | High
|
||||
61 | File | `actionphp/download.File.php` | High
|
||||
62 | File | `activenews_view.asp` | High
|
||||
63 | File | `adclick.php` | Medium
|
||||
64 | File | `admin.a6mambocredits.php` | High
|
||||
65 | File | `admin.cropcanvas.php` | High
|
||||
66 | File | `admin.php` | Medium
|
||||
67 | File | `admin/abc.php` | High
|
||||
68 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
69 | ... | ... | ...
|
||||
|
||||
There are 647 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 607 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -119,7 +119,7 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `addentry.php` | Medium
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 292 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -102,7 +102,7 @@ ID | Type | Indicator | Confidence
|
|||
39 | File | `admin_gallery.php3` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 348 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -70,7 +70,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -93,36 +93,37 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/app/options.py` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/boat/login.php` | High
|
||||
17 | File | `/bsms_ci/index.php/book` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
22 | File | `/dashboard/reports/logs/view` | High
|
||||
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/DXR.axd` | Medium
|
||||
26 | File | `/etc/hosts` | Medium
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/goform/setmac` | High
|
||||
29 | File | `/goform/wizard_end` | High
|
||||
30 | File | `/manage-apartment.php` | High
|
||||
31 | File | `/medicines/profile.php` | High
|
||||
32 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
33 | File | `/owa/auth/logon.aspx` | High
|
||||
34 | File | `/pages/apply_vacancy.php` | High
|
||||
35 | File | `/proc/<PID>/mem` | High
|
||||
36 | File | `/project/PROJECTNAME/reports/` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/reservation/add_message.php` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/tmp` | Low
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/upload` | Low
|
||||
43 | ... | ... | ...
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
23 | File | `/dashboard/reports/logs/view` | High
|
||||
24 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/DXR.axd` | Medium
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/setmac` | High
|
||||
31 | File | `/goform/wizard_end` | High
|
||||
32 | File | `/manage-apartment.php` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
35 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
36 | File | `/owa/auth/logon.aspx` | High
|
||||
37 | File | `/pages/apply_vacancy.php` | High
|
||||
38 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
39 | File | `/proc/<PID>/mem` | High
|
||||
40 | File | `/project/PROJECTNAME/reports/` | High
|
||||
41 | File | `/proxy` | Low
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 369 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -58,35 +58,35 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
3 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
4 | File | `/api/gen/clients/{language}` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/bin/httpd` | Medium
|
||||
7 | File | `/cgi-bin/wapopen` | High
|
||||
8 | File | `/ci_spms/admin/category` | High
|
||||
9 | File | `/ci_spms/admin/search/searching/` | High
|
||||
10 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
11 | File | `/classes/Master.php?f=delete_train` | High
|
||||
12 | File | `/cms/print.php` | High
|
||||
13 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
15 | File | `/ctcprotocol/Protocol` | High
|
||||
16 | File | `/dashboard/menu-list.php` | High
|
||||
17 | File | `/data/remove` | Medium
|
||||
18 | File | `/ebics-server/ebics.aspx` | High
|
||||
19 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/goforms/rlminfo` | High
|
||||
22 | File | `/HNAP1` | Low
|
||||
23 | File | `/HNAP1/SetClientInfo` | High
|
||||
24 | File | `/Items/*/RemoteImages/Download` | High
|
||||
25 | File | `/menu.html` | Medium
|
||||
26 | File | `/modules/profile/index.php` | High
|
||||
27 | File | `/navigate/navigate_download.php` | High
|
||||
28 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
29 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/owa/auth/logon.aspx` | High
|
||||
3 | File | `/ajax.php?action=read_msg` | High
|
||||
4 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
5 | File | `/api/gen/clients/{language}` | High
|
||||
6 | File | `/app/options.py` | High
|
||||
7 | File | `/bin/httpd` | Medium
|
||||
8 | File | `/cgi-bin/wapopen` | High
|
||||
9 | File | `/ci_spms/admin/category` | High
|
||||
10 | File | `/ci_spms/admin/search/searching/` | High
|
||||
11 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
12 | File | `/classes/Master.php?f=delete_train` | High
|
||||
13 | File | `/cms/print.php` | High
|
||||
14 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/ctcprotocol/Protocol` | High
|
||||
17 | File | `/dashboard/menu-list.php` | High
|
||||
18 | File | `/data/remove` | Medium
|
||||
19 | File | `/ebics-server/ebics.aspx` | High
|
||||
20 | File | `/ffos/classes/Master.php?f=save_category` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goforms/rlminfo` | High
|
||||
23 | File | `/HNAP1` | Low
|
||||
24 | File | `/HNAP1/SetClientInfo` | High
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/menu.html` | Medium
|
||||
27 | File | `/modules/profile/index.php` | High
|
||||
28 | File | `/navigate/navigate_download.php` | High
|
||||
29 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/password.html` | High
|
||||
33 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
34 | File | `/proc/ioports` | High
|
||||
|
@ -100,10 +100,9 @@ ID | Type | Indicator | Confidence
|
|||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
44 | File | `/sys/dict/queryTableData` | High
|
||||
45 | File | `/tmp` | Low
|
||||
46 | ... | ... | ...
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Acidbox - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Acidbox](https://vuldb.com/?actor.acidbox). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.acidbox](https://vuldb.com/?actor.acidbox)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Acidbox.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.2.0.0](https://vuldb.com/?ip.2.2.0.0) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://unit42.paloaltonetworks.com/acidbox-rare-malware/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# ActionSpy - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ActionSpy](https://vuldb.com/?actor.actionspy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.actionspy](https://vuldb.com/?actor.actionspy)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of ActionSpy.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [114.215.41.93](https://vuldb.com/?ip.114.215.41.93) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.trendmicro.com/trendlabs-security-intelligence/new-android-spyware-actionspy-revealed-via-phishing-attacks-from-earth-empusa/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -3967,10 +3967,10 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-29, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-29, CWE-35, CWE-36, CWE-50 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -3993,53 +3993,51 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/admin/report/index.php` | High
|
||||
11 | File | `/admin/user/manage_user.php` | High
|
||||
12 | File | `/admin/userprofile.php` | High
|
||||
13 | File | `/cgi-bin/activate.cgi` | High
|
||||
14 | File | `/cgi-bin/kerbynet` | High
|
||||
15 | File | `/cgi-bin/wapopen` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/classes/Master.php?f=delete_service` | High
|
||||
18 | File | `/classes/Master.php?f=save_course` | High
|
||||
19 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
20 | File | `/Electron/download` | High
|
||||
21 | File | `/export` | Low
|
||||
22 | File | `/feeds/post/publish` | High
|
||||
23 | File | `/form/index.php?module=getjson` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/goform/addRouting` | High
|
||||
26 | File | `/goform/form2Wan.cgi` | High
|
||||
27 | File | `/goform/WifiGuestSet` | High
|
||||
28 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
29 | File | `/inc/topBarNav.php` | High
|
||||
30 | File | `/index.php/archives/1/comment` | High
|
||||
31 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
32 | File | `/index.php?page=category_list` | High
|
||||
33 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
34 | File | `/Moosikay/order.php` | High
|
||||
35 | File | `/opac/Actions.php?a=login` | High
|
||||
36 | File | `/PreviewHandler.ashx` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/queuing/login.php` | High
|
||||
40 | File | `/reservation/add_message.php` | High
|
||||
41 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
42 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/text/pdf/PdfReader.java` | High
|
||||
45 | File | `/ueditor/net/controller.ashx?action=catchimage` | High
|
||||
46 | File | `/upload` | Low
|
||||
47 | File | `/user/updatePwd` | High
|
||||
48 | File | `/utils/ToHtmlServlet.java` | High
|
||||
49 | File | `/vaccinated/admin/maintenance/manage_location.php` | High
|
||||
50 | File | `/var/log/nginx/html/ADMINPASS` | High
|
||||
51 | File | `/var/log/webfsd.log` | High
|
||||
52 | File | `/wbms/classes/Master.php?f=delete_client` | High
|
||||
53 | File | `/wp-admin/admin-ajax.php` | High
|
||||
54 | File | `/xxl-job-admin/user/add` | High
|
||||
55 | File | `404Like.php` | Medium
|
||||
56 | File | `a-forms.php` | Medium
|
||||
57 | ... | ... | ...
|
||||
13 | File | `/api/upload.php` | High
|
||||
14 | File | `/application/common.php#action_log` | High
|
||||
15 | File | `/bin/ate` | Medium
|
||||
16 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
17 | File | `/cgi-bin/activate.cgi` | High
|
||||
18 | File | `/cgi-bin/kerbynet` | High
|
||||
19 | File | `/cgi-bin/wapopen` | High
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/classes/Master.php?f=delete_service` | High
|
||||
22 | File | `/classes/Master.php?f=save_course` | High
|
||||
23 | File | `/classes/Users.php?f=save` | High
|
||||
24 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
25 | File | `/Electron/download` | High
|
||||
26 | File | `/export` | Low
|
||||
27 | File | `/feeds/post/publish` | High
|
||||
28 | File | `/form/index.php?module=getjson` | High
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goForm/aspForm` | High
|
||||
31 | File | `/goform/form2Wan.cgi` | High
|
||||
32 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
33 | File | `/inc/topBarNav.php` | High
|
||||
34 | File | `/index.php/archives/1/comment` | High
|
||||
35 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
36 | File | `/index.php?page=category_list` | High
|
||||
37 | File | `/jobinfo/` | Medium
|
||||
38 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
39 | File | `/librarian/bookdetails.php` | High
|
||||
40 | File | `/login.php` | Medium
|
||||
41 | File | `/Moosikay/order.php` | High
|
||||
42 | File | `/opac/Actions.php?a=login` | High
|
||||
43 | File | `/PreviewHandler.ashx` | High
|
||||
44 | File | `/proxy` | Low
|
||||
45 | File | `/queuing/login.php` | High
|
||||
46 | File | `/reservation/add_message.php` | High
|
||||
47 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
48 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
49 | File | `/sys/user/querySysUser?username=admin` | High
|
||||
50 | File | `/text/pdf/PdfReader.java` | High
|
||||
51 | File | `/ueditor/net/controller.ashx?action=catchimage` | High
|
||||
52 | File | `/upload` | Low
|
||||
53 | File | `/user/updatePwd` | High
|
||||
54 | File | `/utils/ToHtmlServlet.java` | High
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 494 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 481 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -44,19 +44,20 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/login.php` | High
|
||||
2 | File | `/api/file_uploader.php` | High
|
||||
3 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
4 | File | `/mgmt/tm/util/bash` | High
|
||||
5 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
6 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
7 | File | `/secure/ViewCollectors` | High
|
||||
8 | File | `/Session` | Medium
|
||||
9 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
|
||||
10 | File | `adclick.php` | Medium
|
||||
11 | File | `add_comment.php` | High
|
||||
12 | File | `board.php` | Medium
|
||||
13 | ... | ... | ...
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/login.php` | High
|
||||
3 | File | `/api/file_uploader.php` | High
|
||||
4 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
5 | File | `/mgmt/tm/util/bash` | High
|
||||
6 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
7 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
8 | File | `/secure/ViewCollectors` | High
|
||||
9 | File | `/Session` | Medium
|
||||
10 | File | `/xAdmin/html/cm_doclist_view_uc.jsp` | High
|
||||
11 | File | `adclick.php` | Medium
|
||||
12 | File | `add_comment.php` | High
|
||||
13 | File | `board.php` | Medium
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 106 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -100,34 +100,34 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/api/stl/actions/search` | High
|
||||
18 | File | `/api/v2/cli/commands` | High
|
||||
19 | File | `/APR/login.php` | High
|
||||
20 | File | `/bin/httpd` | Medium
|
||||
21 | File | `/boat/login.php` | High
|
||||
22 | File | `/cgi-bin` | Medium
|
||||
23 | File | `/cgi-bin/wapopen` | High
|
||||
24 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
25 | File | `/College/admin/teacher.php` | High
|
||||
26 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
27 | File | `/dcim/rack-roles/` | High
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/env` | Low
|
||||
30 | File | `/feeds/post/publish` | High
|
||||
31 | File | `/film-rating.php` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/goform/aspForm` | High
|
||||
34 | File | `/home/masterConsole` | High
|
||||
35 | File | `/home/sendBroadcast` | High
|
||||
36 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
37 | File | `/inc/topBarNav.php` | High
|
||||
38 | File | `/index.php` | Medium
|
||||
39 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
40 | File | `/index.php?page=category_list` | High
|
||||
41 | File | `/jobinfo/` | Medium
|
||||
42 | File | `/kelas/data` | Medium
|
||||
43 | File | `/librarian/bookdetails.php` | High
|
||||
44 | File | `/Moosikay/order.php` | High
|
||||
45 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
46 | File | `/opac/Actions.php?a=login` | High
|
||||
47 | File | `/php-opos/index.php` | High
|
||||
20 | File | `/bin/ate` | Medium
|
||||
21 | File | `/bin/httpd` | Medium
|
||||
22 | File | `/boat/login.php` | High
|
||||
23 | File | `/cgi-bin` | Medium
|
||||
24 | File | `/cgi-bin/wapopen` | High
|
||||
25 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
26 | File | `/College/admin/teacher.php` | High
|
||||
27 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
28 | File | `/dcim/rack-roles/` | High
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/env` | Low
|
||||
31 | File | `/feeds/post/publish` | High
|
||||
32 | File | `/film-rating.php` | High
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/goform/aspForm` | High
|
||||
35 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
36 | File | `/inc/topBarNav.php` | High
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
39 | File | `/index.php?page=category_list` | High
|
||||
40 | File | `/jobinfo/` | Medium
|
||||
41 | File | `/kelas/data` | Medium
|
||||
42 | File | `/librarian/bookdetails.php` | High
|
||||
43 | File | `/Moosikay/order.php` | High
|
||||
44 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
45 | File | `/opac/Actions.php?a=login` | High
|
||||
46 | File | `/php-opos/index.php` | High
|
||||
47 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
48 | File | `/PreviewHandler.ashx` | High
|
||||
49 | File | `/public/launchNewWindow.jsp` | High
|
||||
50 | File | `/reservation/add_message.php` | High
|
||||
|
@ -147,7 +147,7 @@ ID | Type | Indicator | Confidence
|
|||
64 | File | `admin.a6mambocredits.php` | High
|
||||
65 | ... | ... | ...
|
||||
|
||||
There are 574 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 565 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,79 @@
|
|||
# Asacub - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Asacub](https://vuldb.com/?actor.asacub). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.asacub](https://vuldb.com/?actor.asacub)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Asacub:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Asacub.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.45.73.24](https://vuldb.com/?ip.5.45.73.24) | - | - | High
|
||||
2 | [5.45.74.130](https://vuldb.com/?ip.5.45.74.130) | - | - | High
|
||||
3 | [155.133.82.181](https://vuldb.com/?ip.155.133.82.181) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Asacub_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Asacub. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.DS_Store` | Medium
|
||||
2 | File | `/.vnc/sesman_${username}_passwd` | High
|
||||
3 | File | `/ajax-files/postComment.php` | High
|
||||
4 | File | `/cgi-bin/editBookmark` | High
|
||||
5 | File | `/etc/luminex/pkgmgr` | High
|
||||
6 | File | `/goform/langSwitch` | High
|
||||
7 | File | `/rom-0` | Low
|
||||
8 | File | `add.php` | Low
|
||||
9 | File | `add_comment.php` | High
|
||||
10 | File | `add_quiz.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 88 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Asia Unknown:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -24949,345 +24949,9 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
24926 | [58.73.0.0](https://vuldb.com/?ip.58.73.0.0) | - | - | High
|
||||
24927 | [58.74.0.0](https://vuldb.com/?ip.58.74.0.0) | - | - | High
|
||||
24928 | [58.76.0.0](https://vuldb.com/?ip.58.76.0.0) | - | - | High
|
||||
24929 | [58.80.0.0](https://vuldb.com/?ip.58.80.0.0) | 58x80x0x0.ap58.ftth.ucom.ne.jp | - | High
|
||||
24930 | [58.82.0.0](https://vuldb.com/?ip.58.82.0.0) | - | - | High
|
||||
24931 | [58.82.128.0](https://vuldb.com/?ip.58.82.128.0) | - | - | High
|
||||
24932 | [58.82.129.0](https://vuldb.com/?ip.58.82.129.0) | - | - | High
|
||||
24933 | [58.82.130.0](https://vuldb.com/?ip.58.82.130.0) | - | - | High
|
||||
24934 | [58.82.132.0](https://vuldb.com/?ip.58.82.132.0) | 0.132.82.58.static-corp.jastel.co.th | - | High
|
||||
24935 | [58.82.136.0](https://vuldb.com/?ip.58.82.136.0) | 0.136.82.58.static-corp.jastel.co.th | - | High
|
||||
24936 | [58.82.144.0](https://vuldb.com/?ip.58.82.144.0) | - | - | High
|
||||
24937 | [58.82.160.0](https://vuldb.com/?ip.58.82.160.0) | 0.160.82.58.static-corp.jastel.co.th | - | High
|
||||
24938 | [58.82.192.0](https://vuldb.com/?ip.58.82.192.0) | - | - | High
|
||||
24939 | [58.82.203.0](https://vuldb.com/?ip.58.82.203.0) | - | - | High
|
||||
24940 | [58.82.204.0](https://vuldb.com/?ip.58.82.204.0) | - | - | High
|
||||
24941 | [58.82.209.0](https://vuldb.com/?ip.58.82.209.0) | - | - | High
|
||||
24942 | [58.82.210.0](https://vuldb.com/?ip.58.82.210.0) | - | - | High
|
||||
24943 | [58.82.242.0](https://vuldb.com/?ip.58.82.242.0) | - | - | High
|
||||
24944 | [58.83.0.0](https://vuldb.com/?ip.58.83.0.0) | - | - | High
|
||||
24945 | [58.84.0.0](https://vuldb.com/?ip.58.84.0.0) | - | - | High
|
||||
24946 | [58.84.4.0](https://vuldb.com/?ip.58.84.4.0) | - | - | High
|
||||
24947 | [58.84.5.0](https://vuldb.com/?ip.58.84.5.0) | - | - | High
|
||||
24948 | [58.84.6.0](https://vuldb.com/?ip.58.84.6.0) | - | - | High
|
||||
24949 | [58.84.8.0](https://vuldb.com/?ip.58.84.8.0) | - | - | High
|
||||
24950 | [58.84.12.0](https://vuldb.com/?ip.58.84.12.0) | - | - | High
|
||||
24951 | [58.84.14.0](https://vuldb.com/?ip.58.84.14.0) | - | - | High
|
||||
24952 | [58.84.16.0](https://vuldb.com/?ip.58.84.16.0) | - | - | High
|
||||
24953 | [58.84.20.0](https://vuldb.com/?ip.58.84.20.0) | 58.84.20.0.static-uttarpradesheast.powertel.in | - | High
|
||||
24954 | [58.84.24.0](https://vuldb.com/?ip.58.84.24.0) | 58.84.24.0.static-mumbai.powertel.in | - | High
|
||||
24955 | [58.84.28.0](https://vuldb.com/?ip.58.84.28.0) | - | - | High
|
||||
24956 | [58.84.32.0](https://vuldb.com/?ip.58.84.32.0) | - | - | High
|
||||
24957 | [58.84.39.0](https://vuldb.com/?ip.58.84.39.0) | - | - | High
|
||||
24958 | [58.84.40.0](https://vuldb.com/?ip.58.84.40.0) | - | - | High
|
||||
24959 | [58.84.42.0](https://vuldb.com/?ip.58.84.42.0) | - | - | High
|
||||
24960 | [58.84.44.0](https://vuldb.com/?ip.58.84.44.0) | - | - | High
|
||||
24961 | [58.84.52.0](https://vuldb.com/?ip.58.84.52.0) | Host-by.nerocloud.io | - | High
|
||||
24962 | [58.84.56.0](https://vuldb.com/?ip.58.84.56.0) | 0-56.netsolutioninc.com | - | High
|
||||
24963 | [58.84.240.0](https://vuldb.com/?ip.58.84.240.0) | - | - | High
|
||||
24964 | [58.85.0.0](https://vuldb.com/?ip.58.85.0.0) | - | - | High
|
||||
24965 | [58.86.0.0](https://vuldb.com/?ip.58.86.0.0) | - | - | High
|
||||
24966 | [58.87.16.0](https://vuldb.com/?ip.58.87.16.0) | user16-0.rcn.ne.jp | - | High
|
||||
24967 | [58.87.32.0](https://vuldb.com/?ip.58.87.32.0) | - | - | High
|
||||
24968 | [58.87.64.0](https://vuldb.com/?ip.58.87.64.0) | - | - | High
|
||||
24969 | [58.87.128.0](https://vuldb.com/?ip.58.87.128.0) | - | - | High
|
||||
24970 | [58.88.0.0](https://vuldb.com/?ip.58.88.0.0) | - | - | High
|
||||
24971 | [58.96.160.0](https://vuldb.com/?ip.58.96.160.0) | - | - | High
|
||||
24972 | [58.96.192.0](https://vuldb.com/?ip.58.96.192.0) | 0.192.96.58.starhub.net.sg | - | High
|
||||
24973 | [58.97.0.0](https://vuldb.com/?ip.58.97.0.0) | 58-97-0-0.static.asianet.co.th | - | High
|
||||
24974 | [58.97.64.0](https://vuldb.com/?ip.58.97.64.0) | 58-97-64-0.static.asianet.co.th | - | High
|
||||
24975 | [58.97.96.0](https://vuldb.com/?ip.58.97.96.0) | 58-97-96-0.static.asianet.co.th | - | High
|
||||
24976 | [58.97.104.0](https://vuldb.com/?ip.58.97.104.0) | 58-97-104-0.static.asianet.co.th | - | High
|
||||
24977 | [58.97.108.0](https://vuldb.com/?ip.58.97.108.0) | 58-97-108-0.static.asianet.co.th | - | High
|
||||
24978 | [58.97.110.0](https://vuldb.com/?ip.58.97.110.0) | 58-97-110-0.static.asianet.co.th | - | High
|
||||
24979 | [58.97.111.0](https://vuldb.com/?ip.58.97.111.0) | 58-97-111-0.static.asianet.co.th | - | High
|
||||
24980 | [58.97.112.0](https://vuldb.com/?ip.58.97.112.0) | - | - | High
|
||||
24981 | [58.97.136.0](https://vuldb.com/?ip.58.97.136.0) | - | - | High
|
||||
24982 | [58.97.144.0](https://vuldb.com/?ip.58.97.144.0) | - | - | High
|
||||
24983 | [58.97.160.0](https://vuldb.com/?ip.58.97.160.0) | - | - | High
|
||||
24984 | [58.97.192.0](https://vuldb.com/?ip.58.97.192.0) | - | - | High
|
||||
24985 | [58.97.208.0](https://vuldb.com/?ip.58.97.208.0) | - | - | High
|
||||
24986 | [58.97.216.0](https://vuldb.com/?ip.58.97.216.0) | - | - | High
|
||||
24987 | [58.97.218.0](https://vuldb.com/?ip.58.97.218.0) | - | - | High
|
||||
24988 | [58.97.219.0](https://vuldb.com/?ip.58.97.219.0) | - | - | High
|
||||
24989 | [58.97.220.0](https://vuldb.com/?ip.58.97.220.0) | - | - | High
|
||||
24990 | [58.97.224.0](https://vuldb.com/?ip.58.97.224.0) | - | - | High
|
||||
24991 | [58.98.0.0](https://vuldb.com/?ip.58.98.0.0) | - | - | High
|
||||
24992 | [58.99.0.0](https://vuldb.com/?ip.58.99.0.0) | - | - | High
|
||||
24993 | [58.99.128.0](https://vuldb.com/?ip.58.99.128.0) | - | - | High
|
||||
24994 | [58.100.0.0](https://vuldb.com/?ip.58.100.0.0) | - | - | High
|
||||
24995 | [58.102.0.0](https://vuldb.com/?ip.58.102.0.0) | - | - | High
|
||||
24996 | [58.112.0.0](https://vuldb.com/?ip.58.112.0.0) | - | - | High
|
||||
24997 | [58.114.0.0](https://vuldb.com/?ip.58.114.0.0) | - | - | High
|
||||
24998 | [58.116.0.0](https://vuldb.com/?ip.58.116.0.0) | - | - | High
|
||||
24999 | [58.120.0.0](https://vuldb.com/?ip.58.120.0.0) | - | - | High
|
||||
25000 | [58.128.0.0](https://vuldb.com/?ip.58.128.0.0) | - | - | High
|
||||
25001 | [58.136.0.0](https://vuldb.com/?ip.58.136.0.0) | - | - | High
|
||||
25002 | [58.138.0.0](https://vuldb.com/?ip.58.138.0.0) | 0.0.138.58.dy.bbexcite.jp | - | High
|
||||
25003 | [58.138.128.0](https://vuldb.com/?ip.58.138.128.0) | - | - | High
|
||||
25004 | [58.138.192.0](https://vuldb.com/?ip.58.138.192.0) | - | - | High
|
||||
25005 | [58.139.0.0](https://vuldb.com/?ip.58.139.0.0) | - | - | High
|
||||
25006 | [58.140.0.0](https://vuldb.com/?ip.58.140.0.0) | - | - | High
|
||||
25007 | [58.144.0.0](https://vuldb.com/?ip.58.144.0.0) | - | - | High
|
||||
25008 | [58.145.0.0](https://vuldb.com/?ip.58.145.0.0) | - | - | High
|
||||
25009 | [58.145.160.0](https://vuldb.com/?ip.58.145.160.0) | - | - | High
|
||||
25010 | [58.145.168.0](https://vuldb.com/?ip.58.145.168.0) | - | - | High
|
||||
25011 | [58.145.176.0](https://vuldb.com/?ip.58.145.176.0) | - | - | High
|
||||
25012 | [58.145.184.0](https://vuldb.com/?ip.58.145.184.0) | - | - | High
|
||||
25013 | [58.145.192.0](https://vuldb.com/?ip.58.145.192.0) | - | - | High
|
||||
25014 | [58.145.224.0](https://vuldb.com/?ip.58.145.224.0) | - | - | High
|
||||
25015 | [58.145.225.0](https://vuldb.com/?ip.58.145.225.0) | - | - | High
|
||||
25016 | [58.145.226.0](https://vuldb.com/?ip.58.145.226.0) | 58-145-226-0.revdns.pacificinternet.com | - | High
|
||||
25017 | [58.145.227.0](https://vuldb.com/?ip.58.145.227.0) | 58-145-227-0.revdns.pacificinternet.com | - | High
|
||||
25018 | [58.145.228.0](https://vuldb.com/?ip.58.145.228.0) | - | - | High
|
||||
25019 | [58.145.229.0](https://vuldb.com/?ip.58.145.229.0) | 58-145-229-0.revdns.pacificinternet.com | - | High
|
||||
25020 | [58.145.230.0](https://vuldb.com/?ip.58.145.230.0) | 58-145-230-0.revdns.pacificinternet.com | - | High
|
||||
25021 | [58.145.231.0](https://vuldb.com/?ip.58.145.231.0) | 58-145-231-0.revdns.pacificinternet.com | - | High
|
||||
25022 | [58.145.232.0](https://vuldb.com/?ip.58.145.232.0) | 58-145-232-0.revdns.pacificinternet.com | - | High
|
||||
25023 | [58.145.233.0](https://vuldb.com/?ip.58.145.233.0) | 58-145-233-0.revdns.pacificinternet.com | - | High
|
||||
25024 | [58.145.234.0](https://vuldb.com/?ip.58.145.234.0) | - | - | High
|
||||
25025 | [58.145.236.0](https://vuldb.com/?ip.58.145.236.0) | 58-145-236-0.revdns.pacificinternet.com | - | High
|
||||
25026 | [58.145.240.0](https://vuldb.com/?ip.58.145.240.0) | - | - | High
|
||||
25027 | [58.146.0.0](https://vuldb.com/?ip.58.146.0.0) | h058-146-000-000.user.starcat.ne.jp | - | High
|
||||
25028 | [58.146.64.0](https://vuldb.com/?ip.58.146.64.0) | h058-146-064-000.user.starcat.ne.jp | - | High
|
||||
25029 | [58.146.96.0](https://vuldb.com/?ip.58.146.96.0) | host-589610.fivenetwork.com | - | High
|
||||
25030 | [58.146.128.0](https://vuldb.com/?ip.58.146.128.0) | 0.128.146.58.starhub.net.sg | - | High
|
||||
25031 | [58.146.192.0](https://vuldb.com/?ip.58.146.192.0) | - | - | High
|
||||
25032 | [58.147.0.0](https://vuldb.com/?ip.58.147.0.0) | - | - | High
|
||||
25033 | [58.147.128.0](https://vuldb.com/?ip.58.147.128.0) | - | - | High
|
||||
25034 | [58.147.160.0](https://vuldb.com/?ip.58.147.160.0) | - | - | High
|
||||
25035 | [58.147.168.0](https://vuldb.com/?ip.58.147.168.0) | - | - | High
|
||||
25036 | [58.147.176.0](https://vuldb.com/?ip.58.147.176.0) | - | - | High
|
||||
25037 | [58.147.184.0](https://vuldb.com/?ip.58.147.184.0) | - | - | High
|
||||
25038 | [58.147.184.4](https://vuldb.com/?ip.58.147.184.4) | - | - | High
|
||||
25039 | [58.147.184.6](https://vuldb.com/?ip.58.147.184.6) | - | - | High
|
||||
25040 | [58.147.184.8](https://vuldb.com/?ip.58.147.184.8) | - | - | High
|
||||
25041 | [58.147.184.12](https://vuldb.com/?ip.58.147.184.12) | - | - | High
|
||||
25042 | [58.147.184.14](https://vuldb.com/?ip.58.147.184.14) | - | - | High
|
||||
25043 | [58.147.184.16](https://vuldb.com/?ip.58.147.184.16) | - | - | High
|
||||
25044 | [58.147.184.24](https://vuldb.com/?ip.58.147.184.24) | - | - | High
|
||||
25045 | [58.147.184.26](https://vuldb.com/?ip.58.147.184.26) | - | - | High
|
||||
25046 | [58.147.184.28](https://vuldb.com/?ip.58.147.184.28) | - | - | High
|
||||
25047 | [58.147.184.32](https://vuldb.com/?ip.58.147.184.32) | - | - | High
|
||||
25048 | [58.147.184.34](https://vuldb.com/?ip.58.147.184.34) | - | - | High
|
||||
25049 | [58.147.184.36](https://vuldb.com/?ip.58.147.184.36) | - | - | High
|
||||
25050 | [58.147.184.40](https://vuldb.com/?ip.58.147.184.40) | - | - | High
|
||||
25051 | [58.147.184.48](https://vuldb.com/?ip.58.147.184.48) | - | - | High
|
||||
25052 | [58.147.184.50](https://vuldb.com/?ip.58.147.184.50) | - | - | High
|
||||
25053 | [58.147.184.52](https://vuldb.com/?ip.58.147.184.52) | - | - | High
|
||||
25054 | [58.147.184.56](https://vuldb.com/?ip.58.147.184.56) | - | - | High
|
||||
25055 | [58.147.184.64](https://vuldb.com/?ip.58.147.184.64) | - | - | High
|
||||
25056 | [58.147.184.128](https://vuldb.com/?ip.58.147.184.128) | - | - | High
|
||||
25057 | [58.147.185.0](https://vuldb.com/?ip.58.147.185.0) | - | - | High
|
||||
25058 | [58.147.186.0](https://vuldb.com/?ip.58.147.186.0) | - | - | High
|
||||
25059 | [58.147.188.0](https://vuldb.com/?ip.58.147.188.0) | - | - | High
|
||||
25060 | [58.147.189.0](https://vuldb.com/?ip.58.147.189.0) | - | - | High
|
||||
25061 | [58.147.189.32](https://vuldb.com/?ip.58.147.189.32) | - | - | High
|
||||
25062 | [58.147.189.48](https://vuldb.com/?ip.58.147.189.48) | - | - | High
|
||||
25063 | [58.147.189.52](https://vuldb.com/?ip.58.147.189.52) | - | - | High
|
||||
25064 | [58.147.189.54](https://vuldb.com/?ip.58.147.189.54) | - | - | High
|
||||
25065 | [58.147.189.56](https://vuldb.com/?ip.58.147.189.56) | - | - | High
|
||||
25066 | [58.147.189.64](https://vuldb.com/?ip.58.147.189.64) | - | - | High
|
||||
25067 | [58.147.189.128](https://vuldb.com/?ip.58.147.189.128) | - | - | High
|
||||
25068 | [58.147.190.0](https://vuldb.com/?ip.58.147.190.0) | - | - | High
|
||||
25069 | [58.147.192.0](https://vuldb.com/?ip.58.147.192.0) | - | - | High
|
||||
25070 | [58.148.0.0](https://vuldb.com/?ip.58.148.0.0) | - | - | High
|
||||
25071 | [58.152.0.0](https://vuldb.com/?ip.58.152.0.0) | n058152000000.netvigator.com | - | High
|
||||
25072 | [58.154.0.0](https://vuldb.com/?ip.58.154.0.0) | - | - | High
|
||||
25073 | [58.156.0.0](https://vuldb.com/?ip.58.156.0.0) | 58x156x0x0.ap58.ftth.ucom.ne.jp | - | High
|
||||
25074 | [58.176.0.0](https://vuldb.com/?ip.58.176.0.0) | - | - | High
|
||||
25075 | [58.180.0.0](https://vuldb.com/?ip.58.180.0.0) | - | - | High
|
||||
25076 | [58.181.0.0](https://vuldb.com/?ip.58.181.0.0) | - | - | High
|
||||
25077 | [58.181.96.0](https://vuldb.com/?ip.58.181.96.0) | - | - | High
|
||||
25078 | [58.181.128.0](https://vuldb.com/?ip.58.181.128.0) | - | - | High
|
||||
25079 | [58.182.0.0](https://vuldb.com/?ip.58.182.0.0) | 0.0.182.58.starhub.net.sg | - | High
|
||||
25080 | [58.183.0.0](https://vuldb.com/?ip.58.183.0.0) | - | - | High
|
||||
25081 | [58.184.0.0](https://vuldb.com/?ip.58.184.0.0) | - | - | High
|
||||
25082 | [58.185.0.0](https://vuldb.com/?ip.58.185.0.0) | - | - | High
|
||||
25083 | [58.186.0.0](https://vuldb.com/?ip.58.186.0.0) | - | - | High
|
||||
25084 | [58.186.128.0](https://vuldb.com/?ip.58.186.128.0) | - | - | High
|
||||
25085 | [58.186.160.0](https://vuldb.com/?ip.58.186.160.0) | - | - | High
|
||||
25086 | [58.186.161.0](https://vuldb.com/?ip.58.186.161.0) | - | - | High
|
||||
25087 | [58.186.161.2](https://vuldb.com/?ip.58.186.161.2) | - | - | High
|
||||
25088 | [58.186.161.4](https://vuldb.com/?ip.58.186.161.4) | - | - | High
|
||||
25089 | [58.186.161.6](https://vuldb.com/?ip.58.186.161.6) | - | - | High
|
||||
25090 | [58.186.161.8](https://vuldb.com/?ip.58.186.161.8) | - | - | High
|
||||
25091 | [58.186.161.12](https://vuldb.com/?ip.58.186.161.12) | - | - | High
|
||||
25092 | [58.186.161.16](https://vuldb.com/?ip.58.186.161.16) | - | - | High
|
||||
25093 | [58.186.161.24](https://vuldb.com/?ip.58.186.161.24) | - | - | High
|
||||
25094 | [58.186.161.26](https://vuldb.com/?ip.58.186.161.26) | - | - | High
|
||||
25095 | [58.186.161.28](https://vuldb.com/?ip.58.186.161.28) | - | - | High
|
||||
25096 | [58.186.161.32](https://vuldb.com/?ip.58.186.161.32) | - | - | High
|
||||
25097 | [58.186.161.64](https://vuldb.com/?ip.58.186.161.64) | - | - | High
|
||||
25098 | [58.186.161.128](https://vuldb.com/?ip.58.186.161.128) | - | - | High
|
||||
25099 | [58.186.162.0](https://vuldb.com/?ip.58.186.162.0) | - | - | High
|
||||
25100 | [58.186.164.0](https://vuldb.com/?ip.58.186.164.0) | - | - | High
|
||||
25101 | [58.186.168.0](https://vuldb.com/?ip.58.186.168.0) | - | - | High
|
||||
25102 | [58.186.176.0](https://vuldb.com/?ip.58.186.176.0) | - | - | High
|
||||
25103 | [58.186.192.0](https://vuldb.com/?ip.58.186.192.0) | - | - | High
|
||||
25104 | [58.187.0.0](https://vuldb.com/?ip.58.187.0.0) | - | - | High
|
||||
25105 | [58.188.0.0](https://vuldb.com/?ip.58.188.0.0) | 58-188-0-0f1.hyg2.eonet.ne.jp | - | High
|
||||
25106 | [58.192.0.0](https://vuldb.com/?ip.58.192.0.0) | - | - | High
|
||||
25107 | [58.224.0.0](https://vuldb.com/?ip.58.224.0.0) | - | - | High
|
||||
25108 | [58.240.0.0](https://vuldb.com/?ip.58.240.0.0) | - | - | High
|
||||
25109 | [59.0.0.0](https://vuldb.com/?ip.59.0.0.0) | - | - | High
|
||||
25110 | [59.32.0.0](https://vuldb.com/?ip.59.32.0.0) | 0.0.32.59.broad.hy.gd.dynamic.163data.com.cn | - | High
|
||||
25111 | [59.64.0.0](https://vuldb.com/?ip.59.64.0.0) | - | - | High
|
||||
25112 | [59.80.0.0](https://vuldb.com/?ip.59.80.0.0) | - | - | High
|
||||
25113 | [59.82.0.0](https://vuldb.com/?ip.59.82.0.0) | - | - | High
|
||||
25114 | [59.82.2.0](https://vuldb.com/?ip.59.82.2.0) | - | - | High
|
||||
25115 | [59.82.4.0](https://vuldb.com/?ip.59.82.4.0) | - | - | High
|
||||
25116 | [59.82.6.0](https://vuldb.com/?ip.59.82.6.0) | - | - | High
|
||||
25117 | [59.82.8.0](https://vuldb.com/?ip.59.82.8.0) | - | - | High
|
||||
25118 | [59.82.16.0](https://vuldb.com/?ip.59.82.16.0) | - | - | High
|
||||
25119 | [59.82.32.0](https://vuldb.com/?ip.59.82.32.0) | - | - | High
|
||||
25120 | [59.82.64.0](https://vuldb.com/?ip.59.82.64.0) | - | - | High
|
||||
25121 | [59.82.80.0](https://vuldb.com/?ip.59.82.80.0) | - | - | High
|
||||
25122 | [59.82.84.0](https://vuldb.com/?ip.59.82.84.0) | - | - | High
|
||||
25123 | [59.82.86.0](https://vuldb.com/?ip.59.82.86.0) | - | - | High
|
||||
25124 | [59.82.88.0](https://vuldb.com/?ip.59.82.88.0) | - | - | High
|
||||
25125 | [59.82.96.0](https://vuldb.com/?ip.59.82.96.0) | - | - | High
|
||||
25126 | [59.82.128.0](https://vuldb.com/?ip.59.82.128.0) | - | - | High
|
||||
25127 | [59.83.0.0](https://vuldb.com/?ip.59.83.0.0) | - | - | High
|
||||
25128 | [59.83.64.0](https://vuldb.com/?ip.59.83.64.0) | - | - | High
|
||||
25129 | [59.83.128.0](https://vuldb.com/?ip.59.83.128.0) | - | - | High
|
||||
25130 | [59.83.136.0](https://vuldb.com/?ip.59.83.136.0) | - | - | High
|
||||
25131 | [59.83.144.0](https://vuldb.com/?ip.59.83.144.0) | - | - | High
|
||||
25132 | [59.83.160.0](https://vuldb.com/?ip.59.83.160.0) | - | - | High
|
||||
25133 | [59.83.180.0](https://vuldb.com/?ip.59.83.180.0) | - | - | High
|
||||
25134 | [59.83.184.0](https://vuldb.com/?ip.59.83.184.0) | - | - | High
|
||||
25135 | [59.83.192.0](https://vuldb.com/?ip.59.83.192.0) | - | - | High
|
||||
25136 | [59.83.224.0](https://vuldb.com/?ip.59.83.224.0) | - | - | High
|
||||
25137 | [59.83.232.0](https://vuldb.com/?ip.59.83.232.0) | - | - | High
|
||||
25138 | [59.83.236.0](https://vuldb.com/?ip.59.83.236.0) | - | - | High
|
||||
25139 | [59.83.240.0](https://vuldb.com/?ip.59.83.240.0) | - | - | High
|
||||
25140 | [59.84.0.0](https://vuldb.com/?ip.59.84.0.0) | p000.net059084000.tnc.ne.jp | - | High
|
||||
25141 | [59.86.0.0](https://vuldb.com/?ip.59.86.0.0) | p000.net059086000.tnc.ne.jp | - | High
|
||||
25142 | [59.86.128.0](https://vuldb.com/?ip.59.86.128.0) | 0.net059086128.t-com.ne.jp | - | High
|
||||
25143 | [59.86.192.0](https://vuldb.com/?ip.59.86.192.0) | - | - | High
|
||||
25144 | [59.87.0.0](https://vuldb.com/?ip.59.87.0.0) | 59x87x0x0.ap59.ftth.ucom.ne.jp | - | High
|
||||
25145 | [59.88.0.0](https://vuldb.com/?ip.59.88.0.0) | - | - | High
|
||||
25146 | [59.96.0.0](https://vuldb.com/?ip.59.96.0.0) | - | - | High
|
||||
25147 | [59.102.128.0](https://vuldb.com/?ip.59.102.128.0) | - | - | High
|
||||
25148 | [59.103.0.0](https://vuldb.com/?ip.59.103.0.0) | - | - | High
|
||||
25149 | [59.104.0.0](https://vuldb.com/?ip.59.104.0.0) | - | - | High
|
||||
25150 | [59.106.0.0](https://vuldb.com/?ip.59.106.0.0) | - | - | High
|
||||
25151 | [59.107.0.0](https://vuldb.com/?ip.59.107.0.0) | - | - | High
|
||||
25152 | [59.108.0.0](https://vuldb.com/?ip.59.108.0.0) | - | - | High
|
||||
25153 | [59.112.0.0](https://vuldb.com/?ip.59.112.0.0) | 59-112-0-0.dynamic-ip.hinet.net | - | High
|
||||
25154 | [59.128.0.0](https://vuldb.com/?ip.59.128.0.0) | - | - | High
|
||||
25155 | [59.128.4.0](https://vuldb.com/?ip.59.128.4.0) | - | - | High
|
||||
25156 | [59.128.8.0](https://vuldb.com/?ip.59.128.8.0) | - | - | High
|
||||
25157 | [59.128.16.0](https://vuldb.com/?ip.59.128.16.0) | ZT016000.ppp.dion.ne.jp | - | High
|
||||
25158 | [59.128.32.0](https://vuldb.com/?ip.59.128.32.0) | ZT032000.ppp.dion.ne.jp | - | High
|
||||
25159 | [59.128.48.0](https://vuldb.com/?ip.59.128.48.0) | ZT048000.ppp.dion.ne.jp | - | High
|
||||
25160 | [59.128.56.0](https://vuldb.com/?ip.59.128.56.0) | - | - | High
|
||||
25161 | [59.128.58.0](https://vuldb.com/?ip.59.128.58.0) | - | - | High
|
||||
25162 | [59.128.59.0](https://vuldb.com/?ip.59.128.59.0) | - | - | High
|
||||
25163 | [59.128.60.0](https://vuldb.com/?ip.59.128.60.0) | - | - | High
|
||||
25164 | [59.128.64.0](https://vuldb.com/?ip.59.128.64.0) | - | - | High
|
||||
25165 | [59.128.128.0](https://vuldb.com/?ip.59.128.128.0) | - | - | High
|
||||
25166 | [59.129.0.0](https://vuldb.com/?ip.59.129.0.0) | KD059129000000.ppp-bb.dion.ne.jp | - | High
|
||||
25167 | [59.130.0.0](https://vuldb.com/?ip.59.130.0.0) | - | - | High
|
||||
25168 | [59.132.0.0](https://vuldb.com/?ip.59.132.0.0) | - | - | High
|
||||
25169 | [59.136.0.0](https://vuldb.com/?ip.59.136.0.0) | KD059136000000.ppp-bb.dion.ne.jp | - | High
|
||||
25170 | [59.144.0.0](https://vuldb.com/?ip.59.144.0.0) | - | - | High
|
||||
25171 | [59.144.16.0](https://vuldb.com/?ip.59.144.16.0) | - | - | High
|
||||
25172 | [59.144.18.0](https://vuldb.com/?ip.59.144.18.0) | - | - | High
|
||||
25173 | [59.144.18.128](https://vuldb.com/?ip.59.144.18.128) | aes-static-128.18.144.59.airtel.in | - | High
|
||||
25174 | [59.144.18.192](https://vuldb.com/?ip.59.144.18.192) | aes-static-192.18.144.59.airtel.in | - | High
|
||||
25175 | [59.144.18.224](https://vuldb.com/?ip.59.144.18.224) | aes-static-224.18.144.59.airtel.in | - | High
|
||||
25176 | [59.144.18.240](https://vuldb.com/?ip.59.144.18.240) | aes-static-240.18.144.59.airtel.in | - | High
|
||||
25177 | [59.144.18.248](https://vuldb.com/?ip.59.144.18.248) | aes-static-248.18.144.59.airtel.in | - | High
|
||||
25178 | [59.144.18.252](https://vuldb.com/?ip.59.144.18.252) | aes-static-252.18.144.59.airtel.in | - | High
|
||||
25179 | [59.144.18.254](https://vuldb.com/?ip.59.144.18.254) | aes-static-254.18.144.59.airtel.in | - | High
|
||||
25180 | [59.144.18.255](https://vuldb.com/?ip.59.144.18.255) | aes-static-255.18.144.59.airtel.in | - | High
|
||||
25181 | [59.144.19.0](https://vuldb.com/?ip.59.144.19.0) | - | - | High
|
||||
25182 | [59.144.20.0](https://vuldb.com/?ip.59.144.20.0) | - | - | High
|
||||
25183 | [59.144.24.0](https://vuldb.com/?ip.59.144.24.0) | - | - | High
|
||||
25184 | [59.144.32.0](https://vuldb.com/?ip.59.144.32.0) | - | - | High
|
||||
25185 | [59.144.64.0](https://vuldb.com/?ip.59.144.64.0) | - | - | High
|
||||
25186 | [59.144.128.0](https://vuldb.com/?ip.59.144.128.0) | - | - | High
|
||||
25187 | [59.145.0.0](https://vuldb.com/?ip.59.145.0.0) | - | - | High
|
||||
25188 | [59.145.2.0](https://vuldb.com/?ip.59.145.2.0) | - | - | High
|
||||
25189 | [59.145.3.0](https://vuldb.com/?ip.59.145.3.0) | - | - | High
|
||||
25190 | [59.145.3.128](https://vuldb.com/?ip.59.145.3.128) | - | - | High
|
||||
25191 | [59.145.3.192](https://vuldb.com/?ip.59.145.3.192) | - | - | High
|
||||
25192 | [59.145.3.224](https://vuldb.com/?ip.59.145.3.224) | - | - | High
|
||||
25193 | [59.145.3.240](https://vuldb.com/?ip.59.145.3.240) | - | - | High
|
||||
25194 | [59.145.3.248](https://vuldb.com/?ip.59.145.3.248) | - | - | High
|
||||
25195 | [59.145.3.252](https://vuldb.com/?ip.59.145.3.252) | - | - | High
|
||||
25196 | [59.145.3.255](https://vuldb.com/?ip.59.145.3.255) | - | - | High
|
||||
25197 | [59.145.4.0](https://vuldb.com/?ip.59.145.4.0) | - | - | High
|
||||
25198 | [59.145.6.0](https://vuldb.com/?ip.59.145.6.0) | - | - | High
|
||||
25199 | [59.145.6.8](https://vuldb.com/?ip.59.145.6.8) | - | - | High
|
||||
25200 | [59.145.6.12](https://vuldb.com/?ip.59.145.6.12) | - | - | High
|
||||
25201 | [59.145.6.14](https://vuldb.com/?ip.59.145.6.14) | - | - | High
|
||||
25202 | [59.145.6.16](https://vuldb.com/?ip.59.145.6.16) | - | - | High
|
||||
25203 | [59.145.6.32](https://vuldb.com/?ip.59.145.6.32) | - | - | High
|
||||
25204 | [59.145.6.40](https://vuldb.com/?ip.59.145.6.40) | - | - | High
|
||||
25205 | [59.145.6.42](https://vuldb.com/?ip.59.145.6.42) | - | - | High
|
||||
25206 | [59.145.6.44](https://vuldb.com/?ip.59.145.6.44) | - | - | High
|
||||
25207 | [59.145.6.48](https://vuldb.com/?ip.59.145.6.48) | - | - | High
|
||||
25208 | [59.145.6.64](https://vuldb.com/?ip.59.145.6.64) | - | - | High
|
||||
25209 | [59.145.6.128](https://vuldb.com/?ip.59.145.6.128) | - | - | High
|
||||
25210 | [59.145.6.192](https://vuldb.com/?ip.59.145.6.192) | - | - | High
|
||||
25211 | [59.145.6.196](https://vuldb.com/?ip.59.145.6.196) | - | - | High
|
||||
25212 | [59.145.6.197](https://vuldb.com/?ip.59.145.6.197) | - | - | High
|
||||
25213 | [59.145.6.198](https://vuldb.com/?ip.59.145.6.198) | - | - | High
|
||||
25214 | [59.145.6.200](https://vuldb.com/?ip.59.145.6.200) | - | - | High
|
||||
25215 | [59.145.6.208](https://vuldb.com/?ip.59.145.6.208) | - | - | High
|
||||
25216 | [59.145.6.224](https://vuldb.com/?ip.59.145.6.224) | - | - | High
|
||||
25217 | [59.145.7.0](https://vuldb.com/?ip.59.145.7.0) | - | - | High
|
||||
25218 | [59.145.7.16](https://vuldb.com/?ip.59.145.7.16) | - | - | High
|
||||
25219 | [59.145.7.24](https://vuldb.com/?ip.59.145.7.24) | - | - | High
|
||||
25220 | [59.145.7.28](https://vuldb.com/?ip.59.145.7.28) | - | - | High
|
||||
25221 | [59.145.7.31](https://vuldb.com/?ip.59.145.7.31) | - | - | High
|
||||
25222 | [59.145.7.35](https://vuldb.com/?ip.59.145.7.35) | - | - | High
|
||||
25223 | [59.145.7.36](https://vuldb.com/?ip.59.145.7.36) | - | - | High
|
||||
25224 | [59.145.7.40](https://vuldb.com/?ip.59.145.7.40) | - | - | High
|
||||
25225 | [59.145.7.48](https://vuldb.com/?ip.59.145.7.48) | - | - | High
|
||||
25226 | [59.145.7.52](https://vuldb.com/?ip.59.145.7.52) | - | - | High
|
||||
25227 | [59.145.7.55](https://vuldb.com/?ip.59.145.7.55) | - | - | High
|
||||
25228 | [59.145.7.56](https://vuldb.com/?ip.59.145.7.56) | - | - | High
|
||||
25229 | [59.145.7.64](https://vuldb.com/?ip.59.145.7.64) | - | - | High
|
||||
25230 | [59.145.7.68](https://vuldb.com/?ip.59.145.7.68) | - | - | High
|
||||
25231 | [59.145.7.69](https://vuldb.com/?ip.59.145.7.69) | - | - | High
|
||||
25232 | [59.145.7.70](https://vuldb.com/?ip.59.145.7.70) | - | - | High
|
||||
25233 | [59.145.7.71](https://vuldb.com/?ip.59.145.7.71) | - | - | High
|
||||
25234 | [59.145.7.72](https://vuldb.com/?ip.59.145.7.72) | - | - | High
|
||||
25235 | [59.145.7.73](https://vuldb.com/?ip.59.145.7.73) | - | - | High
|
||||
25236 | [59.145.7.74](https://vuldb.com/?ip.59.145.7.74) | - | - | High
|
||||
25237 | [59.145.7.75](https://vuldb.com/?ip.59.145.7.75) | - | - | High
|
||||
25238 | [59.145.7.76](https://vuldb.com/?ip.59.145.7.76) | - | - | High
|
||||
25239 | [59.145.7.80](https://vuldb.com/?ip.59.145.7.80) | - | - | High
|
||||
25240 | [59.145.7.96](https://vuldb.com/?ip.59.145.7.96) | - | - | High
|
||||
25241 | [59.145.7.128](https://vuldb.com/?ip.59.145.7.128) | - | - | High
|
||||
25242 | [59.145.7.144](https://vuldb.com/?ip.59.145.7.144) | - | - | High
|
||||
25243 | [59.145.7.148](https://vuldb.com/?ip.59.145.7.148) | - | - | High
|
||||
25244 | [59.145.7.150](https://vuldb.com/?ip.59.145.7.150) | - | - | High
|
||||
25245 | [59.145.7.152](https://vuldb.com/?ip.59.145.7.152) | - | - | High
|
||||
25246 | [59.145.7.160](https://vuldb.com/?ip.59.145.7.160) | - | - | High
|
||||
25247 | [59.145.7.192](https://vuldb.com/?ip.59.145.7.192) | - | - | High
|
||||
25248 | [59.145.8.0](https://vuldb.com/?ip.59.145.8.0) | - | - | High
|
||||
25249 | [59.145.12.0](https://vuldb.com/?ip.59.145.12.0) | - | - | High
|
||||
25250 | [59.145.12.4](https://vuldb.com/?ip.59.145.12.4) | - | - | High
|
||||
25251 | [59.145.12.5](https://vuldb.com/?ip.59.145.12.5) | - | - | High
|
||||
25252 | [59.145.12.6](https://vuldb.com/?ip.59.145.12.6) | - | - | High
|
||||
25253 | [59.145.12.7](https://vuldb.com/?ip.59.145.12.7) | - | - | High
|
||||
25254 | [59.145.12.8](https://vuldb.com/?ip.59.145.12.8) | - | - | High
|
||||
25255 | [59.145.12.16](https://vuldb.com/?ip.59.145.12.16) | - | - | High
|
||||
25256 | [59.145.12.32](https://vuldb.com/?ip.59.145.12.32) | - | - | High
|
||||
25257 | [59.145.12.36](https://vuldb.com/?ip.59.145.12.36) | - | - | High
|
||||
25258 | [59.145.12.40](https://vuldb.com/?ip.59.145.12.40) | - | - | High
|
||||
25259 | [59.145.12.48](https://vuldb.com/?ip.59.145.12.48) | - | - | High
|
||||
25260 | [59.145.12.64](https://vuldb.com/?ip.59.145.12.64) | - | - | High
|
||||
25261 | [59.145.12.128](https://vuldb.com/?ip.59.145.12.128) | - | - | High
|
||||
25262 | [59.145.12.136](https://vuldb.com/?ip.59.145.12.136) | - | - | High
|
||||
25263 | [59.145.12.140](https://vuldb.com/?ip.59.145.12.140) | - | - | High
|
||||
25264 | [59.145.12.141](https://vuldb.com/?ip.59.145.12.141) | - | - | High
|
||||
25265 | ... | ... | ... | ...
|
||||
24929 | ... | ... | ... | ...
|
||||
|
||||
There are 101055 more IOC items available. Please use our online service to access the data.
|
||||
There are 99711 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -25295,13 +24959,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29, CWE-50 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -25309,33 +24974,48 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.terminfo` | High
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/action/wirelessConnect` | High
|
||||
4 | File | `/admin/configurations/userInfo` | High
|
||||
5 | File | `/admin/index.php` | High
|
||||
6 | File | `/admin/services/manage_service.php` | High
|
||||
7 | File | `/api/users/admin/check` | High
|
||||
8 | File | `/backup.pl` | Medium
|
||||
9 | File | `/bin/ate` | Medium
|
||||
10 | File | `/bin/login` | Medium
|
||||
11 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
12 | File | `/cgi-bin` | Medium
|
||||
13 | File | `/cgi-bin/ping.cgi` | High
|
||||
14 | File | `/classes/Master.php` | High
|
||||
15 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
16 | File | `/classes/Master.php?f=delete_item` | High
|
||||
17 | File | `/classes/Master.php?f=delete_service` | High
|
||||
18 | File | `/classes/Master.php?f=save_service` | High
|
||||
19 | File | `/classes/Users.php` | High
|
||||
20 | File | `/dosen/data` | Medium
|
||||
21 | File | `/etc/networkd-dispatcher` | High
|
||||
22 | File | `/eval/admin/manage_class.php` | High
|
||||
23 | File | `/export` | Low
|
||||
24 | File | `/file_manager/admin/save_user.php` | High
|
||||
25 | ... | ... | ...
|
||||
1 | File | `/admin/addproduct.php` | High
|
||||
2 | File | `/admin/positions_add.php` | High
|
||||
3 | File | `/admin/read.php?mudi=announContent` | High
|
||||
4 | File | `/api/` | Low
|
||||
5 | File | `/api/upload.php` | High
|
||||
6 | File | `/api/v1/snapshots` | High
|
||||
7 | File | `/api/v2/cli/commands` | High
|
||||
8 | File | `/application/common.php#action_log` | High
|
||||
9 | File | `/authenticationendpoint/login.do` | High
|
||||
10 | File | `/bin/ate` | Medium
|
||||
11 | File | `/bin/boa` | Medium
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/bsms_ci/index.php` | High
|
||||
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
15 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
16 | File | `/cgi-bin/luci` | High
|
||||
17 | File | `/changeimage.php` | High
|
||||
18 | File | `/classes/Users.php?f=save` | High
|
||||
19 | File | `/dottie.js` | Medium
|
||||
20 | File | `/download` | Medium
|
||||
21 | File | `/DXR.axd` | Medium
|
||||
22 | File | `/env` | Low
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/ghost/preview` | High
|
||||
25 | File | `/goForm/aspForm` | High
|
||||
26 | File | `/goform/setmac` | High
|
||||
27 | File | `/goform/setMacFilterCfg` | High
|
||||
28 | File | `/hrm/employeeadd.php` | High
|
||||
29 | File | `/jobinfo/` | Medium
|
||||
30 | File | `/kelasdosen/data` | High
|
||||
31 | File | `/link/` | Low
|
||||
32 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
33 | File | `/mc` | Low
|
||||
34 | File | `/Objects/unicodeobject.c` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/owa/auth/logon.aspx` | High
|
||||
37 | File | `/paysystem/branch.php` | High
|
||||
38 | File | `/php-inventory-management-system/product.php` | High
|
||||
39 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 208 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -201,120 +201,123 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
178 | [23.129.232.160](https://vuldb.com/?ip.23.129.232.160) | - | - | High
|
||||
179 | [23.146.242.100](https://vuldb.com/?ip.23.146.242.100) | - | - | High
|
||||
180 | [23.226.77.22](https://vuldb.com/?ip.23.226.77.22) | we.love.servers.at.ioflood.net | - | High
|
||||
181 | [23.237.25.246](https://vuldb.com/?ip.23.237.25.246) | - | - | High
|
||||
182 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
|
||||
183 | [23.254.130.126](https://vuldb.com/?ip.23.254.130.126) | hwsrv-1069616.hostwindsdns.com | - | High
|
||||
184 | [23.254.227.121](https://vuldb.com/?ip.23.254.227.121) | hwsrv-1063912.hostwindsdns.com | - | High
|
||||
185 | [23.254.231.83](https://vuldb.com/?ip.23.254.231.83) | hwsrv-1070248.hostwindsdns.com | - | High
|
||||
186 | [31.41.244.135](https://vuldb.com/?ip.31.41.244.135) | - | - | High
|
||||
187 | [31.170.22.28](https://vuldb.com/?ip.31.170.22.28) | - | - | High
|
||||
188 | [31.192.236.139](https://vuldb.com/?ip.31.192.236.139) | winupdate02.pserver.ru | - | High
|
||||
189 | [31.210.20.79](https://vuldb.com/?ip.31.210.20.79) | - | - | High
|
||||
190 | [31.210.20.167](https://vuldb.com/?ip.31.210.20.167) | - | - | High
|
||||
191 | [31.210.20.192](https://vuldb.com/?ip.31.210.20.192) | - | - | High
|
||||
192 | [31.210.21.188](https://vuldb.com/?ip.31.210.21.188) | linir.top | - | High
|
||||
193 | [34.69.119.138](https://vuldb.com/?ip.34.69.119.138) | 138.119.69.34.bc.googleusercontent.com | - | Medium
|
||||
194 | [34.71.81.158](https://vuldb.com/?ip.34.71.81.158) | 158.81.71.34.bc.googleusercontent.com | - | Medium
|
||||
195 | [34.125.144.45](https://vuldb.com/?ip.34.125.144.45) | 45.144.125.34.bc.googleusercontent.com | - | Medium
|
||||
196 | [34.140.211.85](https://vuldb.com/?ip.34.140.211.85) | 85.211.140.34.bc.googleusercontent.com | - | Medium
|
||||
197 | [35.239.113.160](https://vuldb.com/?ip.35.239.113.160) | 160.113.239.35.bc.googleusercontent.com | - | Medium
|
||||
198 | [36.255.96.200](https://vuldb.com/?ip.36.255.96.200) | - | - | High
|
||||
199 | [37.0.8.17](https://vuldb.com/?ip.37.0.8.17) | stokes.springtimemartialarts.com | - | High
|
||||
200 | [37.0.8.20](https://vuldb.com/?ip.37.0.8.20) | jacksonirwin.springtimemartialarts.com | - | High
|
||||
201 | [37.0.8.67](https://vuldb.com/?ip.37.0.8.67) | willis.capitolreservations.com | - | High
|
||||
202 | [37.0.8.93](https://vuldb.com/?ip.37.0.8.93) | shawtran.capitolreservations.com | - | High
|
||||
203 | [37.0.8.191](https://vuldb.com/?ip.37.0.8.191) | frederick.athinneru.com | - | High
|
||||
204 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
|
||||
205 | [37.0.11.45](https://vuldb.com/?ip.37.0.11.45) | - | - | High
|
||||
206 | [37.0.11.246](https://vuldb.com/?ip.37.0.11.246) | - | - | High
|
||||
207 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
|
||||
208 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
209 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
210 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
211 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
212 | [37.49.230.185](https://vuldb.com/?ip.37.49.230.185) | - | - | High
|
||||
213 | [37.120.208.36](https://vuldb.com/?ip.37.120.208.36) | - | - | High
|
||||
214 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
215 | [37.120.212.235](https://vuldb.com/?ip.37.120.212.235) | - | - | High
|
||||
216 | [37.120.217.243](https://vuldb.com/?ip.37.120.217.243) | - | - | High
|
||||
217 | [37.120.247.24](https://vuldb.com/?ip.37.120.247.24) | - | - | High
|
||||
218 | [37.196.152.120](https://vuldb.com/?ip.37.196.152.120) | m37-196-152-120.cust.tele2.se | - | High
|
||||
219 | [37.221.121.20](https://vuldb.com/?ip.37.221.121.20) | chvt-mail-129.stashkeen.com | - | High
|
||||
220 | [37.221.122.76](https://vuldb.com/?ip.37.221.122.76) | server.modernizmir.net | - | High
|
||||
221 | [37.249.78.26](https://vuldb.com/?ip.37.249.78.26) | apn-37-249-78-26.dynamic.gprs.plus.pl | - | High
|
||||
222 | [38.17.51.104](https://vuldb.com/?ip.38.17.51.104) | - | - | High
|
||||
223 | [38.47.205.151](https://vuldb.com/?ip.38.47.205.151) | - | - | High
|
||||
224 | [38.105.209.167](https://vuldb.com/?ip.38.105.209.167) | vmi737189.contaboserver.net | - | High
|
||||
225 | [38.130.221.190](https://vuldb.com/?ip.38.130.221.190) | 38.130.221.190.hosted.at.cloudsouth.com | - | High
|
||||
226 | [38.132.99.156](https://vuldb.com/?ip.38.132.99.156) | - | - | High
|
||||
227 | [38.242.242.149](https://vuldb.com/?ip.38.242.242.149) | vmi1313701.contaboserver.net | - | High
|
||||
228 | [40.90.210.21](https://vuldb.com/?ip.40.90.210.21) | - | - | High
|
||||
229 | [40.113.131.31](https://vuldb.com/?ip.40.113.131.31) | - | - | High
|
||||
230 | [40.118.53.192](https://vuldb.com/?ip.40.118.53.192) | - | - | High
|
||||
231 | [40.122.131.23](https://vuldb.com/?ip.40.122.131.23) | - | - | High
|
||||
232 | [41.72.146.10](https://vuldb.com/?ip.41.72.146.10) | - | - | High
|
||||
233 | [41.141.211.80](https://vuldb.com/?ip.41.141.211.80) | - | - | High
|
||||
234 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
|
||||
235 | [41.216.183.175](https://vuldb.com/?ip.41.216.183.175) | - | - | High
|
||||
236 | [41.250.187.176](https://vuldb.com/?ip.41.250.187.176) | - | - | High
|
||||
237 | [41.251.4.158](https://vuldb.com/?ip.41.251.4.158) | - | - | High
|
||||
238 | [41.251.51.168](https://vuldb.com/?ip.41.251.51.168) | - | - | High
|
||||
239 | [43.138.160.55](https://vuldb.com/?ip.43.138.160.55) | - | - | High
|
||||
240 | [43.139.124.22](https://vuldb.com/?ip.43.139.124.22) | - | - | High
|
||||
241 | [43.154.97.109](https://vuldb.com/?ip.43.154.97.109) | - | - | High
|
||||
242 | [43.226.49.147](https://vuldb.com/?ip.43.226.49.147) | - | - | High
|
||||
243 | [43.249.30.55](https://vuldb.com/?ip.43.249.30.55) | - | - | High
|
||||
244 | [44.192.67.149](https://vuldb.com/?ip.44.192.67.149) | ec2-44-192-67-149.compute-1.amazonaws.com | - | Medium
|
||||
245 | [45.12.253.31](https://vuldb.com/?ip.45.12.253.31) | - | - | High
|
||||
246 | [45.12.253.58](https://vuldb.com/?ip.45.12.253.58) | - | - | High
|
||||
247 | [45.14.224.94](https://vuldb.com/?ip.45.14.224.94) | web117.excw.nl | - | High
|
||||
248 | [45.15.143.183](https://vuldb.com/?ip.45.15.143.183) | - | - | High
|
||||
249 | [45.15.143.191](https://vuldb.com/?ip.45.15.143.191) | - | - | High
|
||||
250 | [45.15.143.199](https://vuldb.com/?ip.45.15.143.199) | - | - | High
|
||||
251 | [45.32.99.249](https://vuldb.com/?ip.45.32.99.249) | 45.32.99.249.vultrusercontent.com | - | High
|
||||
252 | [45.32.211.35](https://vuldb.com/?ip.45.32.211.35) | 45.32.211.35.vultrusercontent.com | - | High
|
||||
253 | [45.58.190.125](https://vuldb.com/?ip.45.58.190.125) | - | - | High
|
||||
254 | [45.66.248.114](https://vuldb.com/?ip.45.66.248.114) | - | - | High
|
||||
255 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
256 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
257 | [45.76.56.26](https://vuldb.com/?ip.45.76.56.26) | 45.76.56.26.vultrusercontent.com | - | High
|
||||
258 | [45.77.142.82](https://vuldb.com/?ip.45.77.142.82) | 45.77.142.82.vultrusercontent.com | - | High
|
||||
259 | [45.80.29.139](https://vuldb.com/?ip.45.80.29.139) | hostifox.com.tr | - | High
|
||||
260 | [45.80.158.57](https://vuldb.com/?ip.45.80.158.57) | - | - | High
|
||||
261 | [45.80.158.65](https://vuldb.com/?ip.45.80.158.65) | - | - | High
|
||||
262 | [45.80.158.108](https://vuldb.com/?ip.45.80.158.108) | - | - | High
|
||||
263 | [45.80.158.114](https://vuldb.com/?ip.45.80.158.114) | - | - | High
|
||||
264 | [45.80.158.116](https://vuldb.com/?ip.45.80.158.116) | - | - | High
|
||||
265 | [45.80.158.127](https://vuldb.com/?ip.45.80.158.127) | - | - | High
|
||||
266 | [45.80.158.160](https://vuldb.com/?ip.45.80.158.160) | - | - | High
|
||||
267 | [45.80.158.237](https://vuldb.com/?ip.45.80.158.237) | - | - | High
|
||||
268 | [45.81.243.217](https://vuldb.com/?ip.45.81.243.217) | - | - | High
|
||||
269 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
270 | [45.88.67.12](https://vuldb.com/?ip.45.88.67.12) | - | - | High
|
||||
271 | [45.88.79.224](https://vuldb.com/?ip.45.88.79.224) | free.example.com | - | High
|
||||
272 | [45.92.1.24](https://vuldb.com/?ip.45.92.1.24) | - | - | High
|
||||
273 | [45.92.1.59](https://vuldb.com/?ip.45.92.1.59) | - | - | High
|
||||
274 | [45.92.1.71](https://vuldb.com/?ip.45.92.1.71) | - | - | High
|
||||
275 | [45.95.168.110](https://vuldb.com/?ip.45.95.168.110) | news.maxko.hr | - | High
|
||||
276 | [45.95.168.116](https://vuldb.com/?ip.45.95.168.116) | maxko-hosting.com | - | High
|
||||
277 | [45.95.169.112](https://vuldb.com/?ip.45.95.169.112) | xdhmhs.com | - | High
|
||||
278 | [45.119.84.166](https://vuldb.com/?ip.45.119.84.166) | - | - | High
|
||||
279 | [45.125.48.112](https://vuldb.com/?ip.45.125.48.112) | - | - | High
|
||||
280 | [45.131.1.70](https://vuldb.com/?ip.45.131.1.70) | ip.serverscity.net | - | High
|
||||
281 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
282 | [45.133.1.152](https://vuldb.com/?ip.45.133.1.152) | - | - | High
|
||||
283 | [45.133.174.122](https://vuldb.com/?ip.45.133.174.122) | - | - | High
|
||||
284 | [45.134.140.152](https://vuldb.com/?ip.45.134.140.152) | unn-45-134-140-152.datapacket.com | - | High
|
||||
285 | [45.134.142.193](https://vuldb.com/?ip.45.134.142.193) | unn-45-134-142-193.datapacket.com | - | High
|
||||
286 | [45.134.142.211](https://vuldb.com/?ip.45.134.142.211) | unn-45-134-142-211.datapacket.com | - | High
|
||||
287 | [45.136.4.99](https://vuldb.com/?ip.45.136.4.99) | host-45.136.4.99.saga.net.tr | - | High
|
||||
288 | [45.136.4.101](https://vuldb.com/?ip.45.136.4.101) | host-45.136.4.101.saga.net.tr | - | High
|
||||
289 | [45.136.6.79](https://vuldb.com/?ip.45.136.6.79) | - | - | High
|
||||
290 | [45.137.22.41](https://vuldb.com/?ip.45.137.22.41) | hosted-by.rootlayer.net | - | High
|
||||
291 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
292 | ... | ... | ... | ...
|
||||
181 | [23.229.67.133](https://vuldb.com/?ip.23.229.67.133) | gallerymethodwakebottom.as | - | High
|
||||
182 | [23.237.25.246](https://vuldb.com/?ip.23.237.25.246) | - | - | High
|
||||
183 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
|
||||
184 | [23.254.130.126](https://vuldb.com/?ip.23.254.130.126) | hwsrv-1069616.hostwindsdns.com | - | High
|
||||
185 | [23.254.227.121](https://vuldb.com/?ip.23.254.227.121) | hwsrv-1063912.hostwindsdns.com | - | High
|
||||
186 | [23.254.231.83](https://vuldb.com/?ip.23.254.231.83) | hwsrv-1070248.hostwindsdns.com | - | High
|
||||
187 | [31.41.244.135](https://vuldb.com/?ip.31.41.244.135) | - | - | High
|
||||
188 | [31.170.22.28](https://vuldb.com/?ip.31.170.22.28) | - | - | High
|
||||
189 | [31.192.236.139](https://vuldb.com/?ip.31.192.236.139) | winupdate02.pserver.ru | - | High
|
||||
190 | [31.210.20.79](https://vuldb.com/?ip.31.210.20.79) | - | - | High
|
||||
191 | [31.210.20.167](https://vuldb.com/?ip.31.210.20.167) | - | - | High
|
||||
192 | [31.210.20.192](https://vuldb.com/?ip.31.210.20.192) | - | - | High
|
||||
193 | [31.210.21.188](https://vuldb.com/?ip.31.210.21.188) | linir.top | - | High
|
||||
194 | [34.69.119.138](https://vuldb.com/?ip.34.69.119.138) | 138.119.69.34.bc.googleusercontent.com | - | Medium
|
||||
195 | [34.71.81.158](https://vuldb.com/?ip.34.71.81.158) | 158.81.71.34.bc.googleusercontent.com | - | Medium
|
||||
196 | [34.125.144.45](https://vuldb.com/?ip.34.125.144.45) | 45.144.125.34.bc.googleusercontent.com | - | Medium
|
||||
197 | [34.140.211.85](https://vuldb.com/?ip.34.140.211.85) | 85.211.140.34.bc.googleusercontent.com | - | Medium
|
||||
198 | [35.239.113.160](https://vuldb.com/?ip.35.239.113.160) | 160.113.239.35.bc.googleusercontent.com | - | Medium
|
||||
199 | [36.255.96.200](https://vuldb.com/?ip.36.255.96.200) | - | - | High
|
||||
200 | [37.0.8.17](https://vuldb.com/?ip.37.0.8.17) | stokes.springtimemartialarts.com | - | High
|
||||
201 | [37.0.8.20](https://vuldb.com/?ip.37.0.8.20) | jacksonirwin.springtimemartialarts.com | - | High
|
||||
202 | [37.0.8.67](https://vuldb.com/?ip.37.0.8.67) | willis.capitolreservations.com | - | High
|
||||
203 | [37.0.8.93](https://vuldb.com/?ip.37.0.8.93) | shawtran.capitolreservations.com | - | High
|
||||
204 | [37.0.8.191](https://vuldb.com/?ip.37.0.8.191) | frederick.athinneru.com | - | High
|
||||
205 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
|
||||
206 | [37.0.11.45](https://vuldb.com/?ip.37.0.11.45) | - | - | High
|
||||
207 | [37.0.11.246](https://vuldb.com/?ip.37.0.11.246) | - | - | High
|
||||
208 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
|
||||
209 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
210 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
211 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
212 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
213 | [37.49.230.185](https://vuldb.com/?ip.37.49.230.185) | - | - | High
|
||||
214 | [37.120.208.36](https://vuldb.com/?ip.37.120.208.36) | - | - | High
|
||||
215 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
216 | [37.120.212.235](https://vuldb.com/?ip.37.120.212.235) | - | - | High
|
||||
217 | [37.120.217.243](https://vuldb.com/?ip.37.120.217.243) | - | - | High
|
||||
218 | [37.120.247.24](https://vuldb.com/?ip.37.120.247.24) | - | - | High
|
||||
219 | [37.196.152.120](https://vuldb.com/?ip.37.196.152.120) | m37-196-152-120.cust.tele2.se | - | High
|
||||
220 | [37.221.121.20](https://vuldb.com/?ip.37.221.121.20) | chvt-mail-129.stashkeen.com | - | High
|
||||
221 | [37.221.122.76](https://vuldb.com/?ip.37.221.122.76) | server.modernizmir.net | - | High
|
||||
222 | [37.249.78.26](https://vuldb.com/?ip.37.249.78.26) | apn-37-249-78-26.dynamic.gprs.plus.pl | - | High
|
||||
223 | [38.17.51.104](https://vuldb.com/?ip.38.17.51.104) | - | - | High
|
||||
224 | [38.47.205.151](https://vuldb.com/?ip.38.47.205.151) | - | - | High
|
||||
225 | [38.105.209.167](https://vuldb.com/?ip.38.105.209.167) | vmi737189.contaboserver.net | - | High
|
||||
226 | [38.130.221.190](https://vuldb.com/?ip.38.130.221.190) | 38.130.221.190.hosted.at.cloudsouth.com | - | High
|
||||
227 | [38.132.99.156](https://vuldb.com/?ip.38.132.99.156) | - | - | High
|
||||
228 | [38.242.242.149](https://vuldb.com/?ip.38.242.242.149) | vmi1313701.contaboserver.net | - | High
|
||||
229 | [40.90.210.21](https://vuldb.com/?ip.40.90.210.21) | - | - | High
|
||||
230 | [40.113.131.31](https://vuldb.com/?ip.40.113.131.31) | - | - | High
|
||||
231 | [40.118.53.192](https://vuldb.com/?ip.40.118.53.192) | - | - | High
|
||||
232 | [40.122.131.23](https://vuldb.com/?ip.40.122.131.23) | - | - | High
|
||||
233 | [41.72.146.10](https://vuldb.com/?ip.41.72.146.10) | - | - | High
|
||||
234 | [41.141.211.80](https://vuldb.com/?ip.41.141.211.80) | - | - | High
|
||||
235 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
|
||||
236 | [41.216.183.175](https://vuldb.com/?ip.41.216.183.175) | - | - | High
|
||||
237 | [41.250.187.176](https://vuldb.com/?ip.41.250.187.176) | - | - | High
|
||||
238 | [41.251.4.158](https://vuldb.com/?ip.41.251.4.158) | - | - | High
|
||||
239 | [41.251.51.168](https://vuldb.com/?ip.41.251.51.168) | - | - | High
|
||||
240 | [43.138.160.55](https://vuldb.com/?ip.43.138.160.55) | - | - | High
|
||||
241 | [43.139.124.22](https://vuldb.com/?ip.43.139.124.22) | - | - | High
|
||||
242 | [43.154.97.109](https://vuldb.com/?ip.43.154.97.109) | - | - | High
|
||||
243 | [43.226.49.147](https://vuldb.com/?ip.43.226.49.147) | - | - | High
|
||||
244 | [43.249.30.55](https://vuldb.com/?ip.43.249.30.55) | - | - | High
|
||||
245 | [44.192.67.149](https://vuldb.com/?ip.44.192.67.149) | ec2-44-192-67-149.compute-1.amazonaws.com | - | Medium
|
||||
246 | [45.12.253.31](https://vuldb.com/?ip.45.12.253.31) | - | - | High
|
||||
247 | [45.12.253.58](https://vuldb.com/?ip.45.12.253.58) | - | - | High
|
||||
248 | [45.12.253.107](https://vuldb.com/?ip.45.12.253.107) | - | - | High
|
||||
249 | [45.14.224.94](https://vuldb.com/?ip.45.14.224.94) | web117.excw.nl | - | High
|
||||
250 | [45.15.143.183](https://vuldb.com/?ip.45.15.143.183) | - | - | High
|
||||
251 | [45.15.143.191](https://vuldb.com/?ip.45.15.143.191) | - | - | High
|
||||
252 | [45.15.143.199](https://vuldb.com/?ip.45.15.143.199) | - | - | High
|
||||
253 | [45.32.99.249](https://vuldb.com/?ip.45.32.99.249) | 45.32.99.249.vultrusercontent.com | - | High
|
||||
254 | [45.32.211.35](https://vuldb.com/?ip.45.32.211.35) | 45.32.211.35.vultrusercontent.com | - | High
|
||||
255 | [45.58.190.125](https://vuldb.com/?ip.45.58.190.125) | - | - | High
|
||||
256 | [45.66.248.114](https://vuldb.com/?ip.45.66.248.114) | - | - | High
|
||||
257 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
258 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
259 | [45.76.56.26](https://vuldb.com/?ip.45.76.56.26) | 45.76.56.26.vultrusercontent.com | - | High
|
||||
260 | [45.77.142.82](https://vuldb.com/?ip.45.77.142.82) | 45.77.142.82.vultrusercontent.com | - | High
|
||||
261 | [45.80.29.139](https://vuldb.com/?ip.45.80.29.139) | hostifox.com.tr | - | High
|
||||
262 | [45.80.158.57](https://vuldb.com/?ip.45.80.158.57) | - | - | High
|
||||
263 | [45.80.158.65](https://vuldb.com/?ip.45.80.158.65) | - | - | High
|
||||
264 | [45.80.158.108](https://vuldb.com/?ip.45.80.158.108) | - | - | High
|
||||
265 | [45.80.158.114](https://vuldb.com/?ip.45.80.158.114) | - | - | High
|
||||
266 | [45.80.158.116](https://vuldb.com/?ip.45.80.158.116) | - | - | High
|
||||
267 | [45.80.158.127](https://vuldb.com/?ip.45.80.158.127) | - | - | High
|
||||
268 | [45.80.158.160](https://vuldb.com/?ip.45.80.158.160) | - | - | High
|
||||
269 | [45.80.158.237](https://vuldb.com/?ip.45.80.158.237) | - | - | High
|
||||
270 | [45.81.243.217](https://vuldb.com/?ip.45.81.243.217) | - | - | High
|
||||
271 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
272 | [45.88.67.12](https://vuldb.com/?ip.45.88.67.12) | - | - | High
|
||||
273 | [45.88.79.224](https://vuldb.com/?ip.45.88.79.224) | free.example.com | - | High
|
||||
274 | [45.92.1.24](https://vuldb.com/?ip.45.92.1.24) | - | - | High
|
||||
275 | [45.92.1.59](https://vuldb.com/?ip.45.92.1.59) | - | - | High
|
||||
276 | [45.92.1.71](https://vuldb.com/?ip.45.92.1.71) | - | - | High
|
||||
277 | [45.95.168.110](https://vuldb.com/?ip.45.95.168.110) | news.maxko.hr | - | High
|
||||
278 | [45.95.168.116](https://vuldb.com/?ip.45.95.168.116) | maxko-hosting.com | - | High
|
||||
279 | [45.95.169.112](https://vuldb.com/?ip.45.95.169.112) | xdhmhs.com | - | High
|
||||
280 | [45.119.84.166](https://vuldb.com/?ip.45.119.84.166) | - | - | High
|
||||
281 | [45.125.48.112](https://vuldb.com/?ip.45.125.48.112) | - | - | High
|
||||
282 | [45.131.1.70](https://vuldb.com/?ip.45.131.1.70) | ip.serverscity.net | - | High
|
||||
283 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
284 | [45.133.1.152](https://vuldb.com/?ip.45.133.1.152) | - | - | High
|
||||
285 | [45.133.174.122](https://vuldb.com/?ip.45.133.174.122) | - | - | High
|
||||
286 | [45.134.140.152](https://vuldb.com/?ip.45.134.140.152) | unn-45-134-140-152.datapacket.com | - | High
|
||||
287 | [45.134.142.193](https://vuldb.com/?ip.45.134.142.193) | unn-45-134-142-193.datapacket.com | - | High
|
||||
288 | [45.134.142.211](https://vuldb.com/?ip.45.134.142.211) | unn-45-134-142-211.datapacket.com | - | High
|
||||
289 | [45.136.4.99](https://vuldb.com/?ip.45.136.4.99) | host-45.136.4.99.saga.net.tr | - | High
|
||||
290 | [45.136.4.101](https://vuldb.com/?ip.45.136.4.101) | host-45.136.4.101.saga.net.tr | - | High
|
||||
291 | [45.136.6.79](https://vuldb.com/?ip.45.136.6.79) | - | - | High
|
||||
292 | [45.137.22.41](https://vuldb.com/?ip.45.137.22.41) | hosted-by.rootlayer.net | - | High
|
||||
293 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
294 | [45.137.22.111](https://vuldb.com/?ip.45.137.22.111) | hosted-by.rootlayer.net | - | High
|
||||
295 | ... | ... | ... | ...
|
||||
|
||||
There are 1162 more IOC items available. Please use our online service to access the data.
|
||||
There are 1175 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -322,14 +325,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-29, CWE-50, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-50, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -337,37 +340,40 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=user/list` | High
|
||||
2 | File | `/admin/addproduct.php` | High
|
||||
3 | File | `/admin/ajax.php?action=save_area` | High
|
||||
4 | File | `/admin/modal_add_product.php` | High
|
||||
5 | File | `/admin/update_s6.php` | High
|
||||
6 | File | `/ajax.php?action=read_msg` | High
|
||||
7 | File | `/ajax.php?action=save_company` | High
|
||||
8 | File | `/api/login` | Medium
|
||||
9 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
10 | File | `/authenticationendpoint/login.do` | High
|
||||
11 | File | `/bin/login` | Medium
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/changeimage.php` | High
|
||||
14 | File | `/classes/Users.php?f=save` | High
|
||||
15 | File | `/DXR.axd` | Medium
|
||||
16 | File | `/env` | Low
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/WifiGuestSet` | High
|
||||
19 | File | `/HNAP1` | Low
|
||||
20 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
21 | File | `/note/index/delete` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/owa/auth/logon.aspx` | High
|
||||
24 | File | `/services/indexing/preview` | High
|
||||
25 | File | `/tmp/boa-temp` | High
|
||||
26 | File | `/userfs/bin/tcapi` | High
|
||||
27 | File | `/var/log/nginx` | High
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | ... | ... | ...
|
||||
1 | File | `/admin/addproduct.php` | High
|
||||
2 | File | `/admin/modal_add_product.php` | High
|
||||
3 | File | `/admin/positions_add.php` | High
|
||||
4 | File | `/admin/update_s6.php` | High
|
||||
5 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
6 | File | `/authenticationendpoint/login.do` | High
|
||||
7 | File | `/bin/ate` | Medium
|
||||
8 | File | `/bin/login` | Medium
|
||||
9 | File | `/cgi-bin/luci` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/changeimage.php` | High
|
||||
12 | File | `/classes/Users.php?f=save` | High
|
||||
13 | File | `/DXR.axd` | Medium
|
||||
14 | File | `/env` | Low
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/goform/WifiGuestSet` | High
|
||||
17 | File | `/HNAP1` | Low
|
||||
18 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
19 | File | `/mc` | Low
|
||||
20 | File | `/note/index/delete` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/paysystem/branch.php` | High
|
||||
24 | File | `/php-inventory-management-system/product.php` | High
|
||||
25 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
26 | File | `/send_order.cgi?parameter=restart` | High
|
||||
27 | File | `/services/indexing/preview` | High
|
||||
28 | File | `/tmp/boa-temp` | High
|
||||
29 | File | `/userfs/bin/tcapi` | High
|
||||
30 | File | `/var/log/nginx` | High
|
||||
31 | File | `/wp-admin/admin-ajax.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 241 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 270 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -522,6 +528,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/45e87ee0b025a7e4a783a6786564982e7735c8c50d0b3d84a3d5dd90ce735cfe/
|
||||
* https://bazaar.abuse.ch/sample/48d3bb7ee9b1c9f5cf62c4e4d72c51fed3564e4cec9909123f836981dfaf02a5/
|
||||
* https://bazaar.abuse.ch/sample/52af020a20265e2f5c0f8d483ecf1599142eda108d6aae3b3faf17a9aed927ab/
|
||||
* https://bazaar.abuse.ch/sample/54b6c23d9bc5f44ceed5946ffc935a88488d30a848c75568b084b9c9287a3cb2/
|
||||
* https://bazaar.abuse.ch/sample/54cbb1c3b1836e762f5b2691728b806787e2345046be361b792a0ce81f894ccd/
|
||||
* https://bazaar.abuse.ch/sample/55eb509b981d5340bc517e3dc260faf7716615dd464a1d6424afbdc4e7145c4c/
|
||||
* https://bazaar.abuse.ch/sample/61e9ed29484b8aaa84f3a4059e632ffd19b4d852c47e769394b6c2c2b9272b5b/
|
||||
|
@ -559,6 +566,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/104f03eca7632ceb0606d4e80068ea0718b4a7d5610bd7b99a40ad1b3c3935c1/
|
||||
* https://bazaar.abuse.ch/sample/111a4d926a4c6cf6eab9ad519c381db560fea5aec1ef5ad6ac427f034dbd825d/
|
||||
* https://bazaar.abuse.ch/sample/115c836232c435ab4fe25fcb4dd6e4b61ac1648f4844389fce67b232ddf9f6a0/
|
||||
* https://bazaar.abuse.ch/sample/124c02ed924e11b06b74e1b8c1290adbb1e50dfa2a7bcf95104c6425a1f82ef5/
|
||||
* https://bazaar.abuse.ch/sample/177d453cc267a310d7dc8bbf4128c558feec25095690a31ccb6c388866666bd0/
|
||||
* https://bazaar.abuse.ch/sample/212eb072938575c6c669199d58e567df5f04498c7f51c2750936494bd9c1cf6a/
|
||||
* https://bazaar.abuse.ch/sample/234f42279e4494e1fe592d5b7ee4b2722fc885d18b6d7878f079e01bb0e123fe/
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Ave Maria:
|
||||
|
||||
* [SH](https://vuldb.com/?country.sh)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -25,85 +25,89 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [2.56.57.181](https://vuldb.com/?ip.2.56.57.181) | pierce.thebestwebstore.com | - | High
|
||||
3 | [2.56.59.70](https://vuldb.com/?ip.2.56.59.70) | - | - | High
|
||||
4 | [2.56.59.131](https://vuldb.com/?ip.2.56.59.131) | - | - | High
|
||||
5 | [3.92.200.97](https://vuldb.com/?ip.3.92.200.97) | ec2-3-92-200-97.compute-1.amazonaws.com | - | Medium
|
||||
6 | [3.126.224.214](https://vuldb.com/?ip.3.126.224.214) | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
7 | [5.2.68.82](https://vuldb.com/?ip.5.2.68.82) | - | - | High
|
||||
8 | [5.161.139.79](https://vuldb.com/?ip.5.161.139.79) | static.79.139.161.5.clients.your-server.de | - | High
|
||||
9 | [5.161.206.28](https://vuldb.com/?ip.5.161.206.28) | static.28.206.161.5.clients.your-server.de | - | High
|
||||
10 | [5.206.224.164](https://vuldb.com/?ip.5.206.224.164) | sdfksdkjdfjksf.com | - | High
|
||||
11 | [8.212.151.157](https://vuldb.com/?ip.8.212.151.157) | - | - | High
|
||||
12 | [13.65.211.207](https://vuldb.com/?ip.13.65.211.207) | - | - | High
|
||||
13 | [20.38.45.196](https://vuldb.com/?ip.20.38.45.196) | - | - | High
|
||||
14 | [20.91.187.223](https://vuldb.com/?ip.20.91.187.223) | - | - | High
|
||||
15 | [20.93.112.114](https://vuldb.com/?ip.20.93.112.114) | - | - | High
|
||||
16 | [20.94.63.195](https://vuldb.com/?ip.20.94.63.195) | - | - | High
|
||||
17 | [20.98.138.214](https://vuldb.com/?ip.20.98.138.214) | - | - | High
|
||||
18 | [20.110.119.15](https://vuldb.com/?ip.20.110.119.15) | - | - | High
|
||||
19 | [20.112.127.113](https://vuldb.com/?ip.20.112.127.113) | - | - | High
|
||||
20 | [20.114.4.132](https://vuldb.com/?ip.20.114.4.132) | - | - | High
|
||||
21 | [20.115.34.57](https://vuldb.com/?ip.20.115.34.57) | - | - | High
|
||||
22 | [20.126.95.155](https://vuldb.com/?ip.20.126.95.155) | - | - | High
|
||||
23 | [20.168.33.220](https://vuldb.com/?ip.20.168.33.220) | - | - | High
|
||||
24 | [23.99.225.116](https://vuldb.com/?ip.23.99.225.116) | - | - | High
|
||||
25 | [23.226.130.102](https://vuldb.com/?ip.23.226.130.102) | 23.226.130.102.static.greencloudvps.com | - | High
|
||||
26 | [23.227.203.214](https://vuldb.com/?ip.23.227.203.214) | 23-227-203-214.static.hvvc.us | - | High
|
||||
27 | [24.152.37.45](https://vuldb.com/?ip.24.152.37.45) | 24-152-37-45.masterdaweb.com | - | High
|
||||
28 | [34.92.152.18](https://vuldb.com/?ip.34.92.152.18) | 18.152.92.34.bc.googleusercontent.com | - | Medium
|
||||
29 | [35.171.18.39](https://vuldb.com/?ip.35.171.18.39) | ec2-35-171-18-39.compute-1.amazonaws.com | - | Medium
|
||||
30 | [37.0.8.145](https://vuldb.com/?ip.37.0.8.145) | elliott.athinneru.com | - | High
|
||||
31 | [37.0.11.237](https://vuldb.com/?ip.37.0.11.237) | - | - | High
|
||||
32 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
|
||||
33 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
34 | [37.0.14.201](https://vuldb.com/?ip.37.0.14.201) | - | - | High
|
||||
35 | [37.0.14.202](https://vuldb.com/?ip.37.0.14.202) | - | - | High
|
||||
36 | [37.0.14.205](https://vuldb.com/?ip.37.0.14.205) | - | - | High
|
||||
37 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
|
||||
38 | [37.0.14.207](https://vuldb.com/?ip.37.0.14.207) | - | - | High
|
||||
39 | [37.0.14.208](https://vuldb.com/?ip.37.0.14.208) | - | - | High
|
||||
40 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
|
||||
41 | [37.0.14.211](https://vuldb.com/?ip.37.0.14.211) | - | - | High
|
||||
42 | [37.0.14.212](https://vuldb.com/?ip.37.0.14.212) | - | - | High
|
||||
43 | [37.0.14.215](https://vuldb.com/?ip.37.0.14.215) | - | - | High
|
||||
44 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
|
||||
45 | [37.0.14.217](https://vuldb.com/?ip.37.0.14.217) | - | - | High
|
||||
46 | [37.120.206.69](https://vuldb.com/?ip.37.120.206.69) | - | - | High
|
||||
47 | [37.139.129.47](https://vuldb.com/?ip.37.139.129.47) | - | - | High
|
||||
48 | [37.139.129.100](https://vuldb.com/?ip.37.139.129.100) | - | - | High
|
||||
49 | [37.220.87.3](https://vuldb.com/?ip.37.220.87.3) | ipn-37-220-87-3.artem-catv.ru | - | High
|
||||
50 | [38.117.65.122](https://vuldb.com/?ip.38.117.65.122) | 38-117-65-122.static-ip.ravand.ca | - | High
|
||||
51 | [38.132.114.178](https://vuldb.com/?ip.38.132.114.178) | - | - | High
|
||||
52 | [41.185.97.216](https://vuldb.com/?ip.41.185.97.216) | - | - | High
|
||||
53 | [41.216.183.52](https://vuldb.com/?ip.41.216.183.52) | - | - | High
|
||||
54 | [45.12.253.22](https://vuldb.com/?ip.45.12.253.22) | - | - | High
|
||||
55 | [45.12.253.146](https://vuldb.com/?ip.45.12.253.146) | - | - | High
|
||||
56 | [45.12.253.202](https://vuldb.com/?ip.45.12.253.202) | - | - | High
|
||||
57 | [45.59.119.153](https://vuldb.com/?ip.45.59.119.153) | - | - | High
|
||||
58 | [45.59.119.212](https://vuldb.com/?ip.45.59.119.212) | - | - | High
|
||||
59 | [45.66.230.108](https://vuldb.com/?ip.45.66.230.108) | - | - | High
|
||||
60 | [45.72.96.199](https://vuldb.com/?ip.45.72.96.199) | - | - | High
|
||||
61 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
62 | [45.81.150.32](https://vuldb.com/?ip.45.81.150.32) | - | - | High
|
||||
63 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
|
||||
64 | [45.87.61.139](https://vuldb.com/?ip.45.87.61.139) | - | - | High
|
||||
65 | [45.87.62.181](https://vuldb.com/?ip.45.87.62.181) | - | - | High
|
||||
66 | [45.87.63.121](https://vuldb.com/?ip.45.87.63.121) | - | - | High
|
||||
67 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
68 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
69 | [45.88.67.103](https://vuldb.com/?ip.45.88.67.103) | - | - | High
|
||||
70 | [45.88.67.145](https://vuldb.com/?ip.45.88.67.145) | - | - | High
|
||||
71 | [45.90.222.97](https://vuldb.com/?ip.45.90.222.97) | 45-90-222-97-hostedby.bcr.host | - | High
|
||||
72 | [45.127.101.18](https://vuldb.com/?ip.45.127.101.18) | - | - | High
|
||||
73 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
|
||||
74 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
|
||||
75 | [45.135.164.194](https://vuldb.com/?ip.45.135.164.194) | ibera.togeteheran.com | - | High
|
||||
76 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
|
||||
77 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
78 | [45.137.22.79](https://vuldb.com/?ip.45.137.22.79) | hosted-by.rootlayer.net | - | High
|
||||
79 | [45.137.22.143](https://vuldb.com/?ip.45.137.22.143) | hosted-by.rootlayer.net | - | High
|
||||
80 | [45.137.65.132](https://vuldb.com/?ip.45.137.65.132) | vm4266462.34ssd.had.wf | - | High
|
||||
81 | ... | ... | ... | ...
|
||||
5 | [2.58.56.250](https://vuldb.com/?ip.2.58.56.250) | powered.by.rdp.sh | - | High
|
||||
6 | [3.92.200.97](https://vuldb.com/?ip.3.92.200.97) | ec2-3-92-200-97.compute-1.amazonaws.com | - | Medium
|
||||
7 | [3.126.224.214](https://vuldb.com/?ip.3.126.224.214) | ec2-3-126-224-214.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
8 | [5.2.68.82](https://vuldb.com/?ip.5.2.68.82) | - | - | High
|
||||
9 | [5.161.139.79](https://vuldb.com/?ip.5.161.139.79) | static.79.139.161.5.clients.your-server.de | - | High
|
||||
10 | [5.161.206.28](https://vuldb.com/?ip.5.161.206.28) | static.28.206.161.5.clients.your-server.de | - | High
|
||||
11 | [5.206.224.164](https://vuldb.com/?ip.5.206.224.164) | sdfksdkjdfjksf.com | - | High
|
||||
12 | [8.212.151.157](https://vuldb.com/?ip.8.212.151.157) | - | - | High
|
||||
13 | [13.65.211.207](https://vuldb.com/?ip.13.65.211.207) | - | - | High
|
||||
14 | [20.38.45.196](https://vuldb.com/?ip.20.38.45.196) | - | - | High
|
||||
15 | [20.91.187.223](https://vuldb.com/?ip.20.91.187.223) | - | - | High
|
||||
16 | [20.93.112.114](https://vuldb.com/?ip.20.93.112.114) | - | - | High
|
||||
17 | [20.94.63.195](https://vuldb.com/?ip.20.94.63.195) | - | - | High
|
||||
18 | [20.98.138.214](https://vuldb.com/?ip.20.98.138.214) | - | - | High
|
||||
19 | [20.110.119.15](https://vuldb.com/?ip.20.110.119.15) | - | - | High
|
||||
20 | [20.112.127.113](https://vuldb.com/?ip.20.112.127.113) | - | - | High
|
||||
21 | [20.114.4.132](https://vuldb.com/?ip.20.114.4.132) | - | - | High
|
||||
22 | [20.115.34.57](https://vuldb.com/?ip.20.115.34.57) | - | - | High
|
||||
23 | [20.126.95.155](https://vuldb.com/?ip.20.126.95.155) | - | - | High
|
||||
24 | [20.168.33.220](https://vuldb.com/?ip.20.168.33.220) | - | - | High
|
||||
25 | [23.99.225.116](https://vuldb.com/?ip.23.99.225.116) | - | - | High
|
||||
26 | [23.226.130.102](https://vuldb.com/?ip.23.226.130.102) | 23.226.130.102.static.greencloudvps.com | - | High
|
||||
27 | [23.227.203.214](https://vuldb.com/?ip.23.227.203.214) | 23-227-203-214.static.hvvc.us | - | High
|
||||
28 | [24.152.37.45](https://vuldb.com/?ip.24.152.37.45) | 24-152-37-45.masterdaweb.com | - | High
|
||||
29 | [34.92.152.18](https://vuldb.com/?ip.34.92.152.18) | 18.152.92.34.bc.googleusercontent.com | - | Medium
|
||||
30 | [35.171.18.39](https://vuldb.com/?ip.35.171.18.39) | ec2-35-171-18-39.compute-1.amazonaws.com | - | Medium
|
||||
31 | [37.0.8.145](https://vuldb.com/?ip.37.0.8.145) | elliott.athinneru.com | - | High
|
||||
32 | [37.0.11.237](https://vuldb.com/?ip.37.0.11.237) | - | - | High
|
||||
33 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
|
||||
34 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
35 | [37.0.14.201](https://vuldb.com/?ip.37.0.14.201) | - | - | High
|
||||
36 | [37.0.14.202](https://vuldb.com/?ip.37.0.14.202) | - | - | High
|
||||
37 | [37.0.14.205](https://vuldb.com/?ip.37.0.14.205) | - | - | High
|
||||
38 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
|
||||
39 | [37.0.14.207](https://vuldb.com/?ip.37.0.14.207) | - | - | High
|
||||
40 | [37.0.14.208](https://vuldb.com/?ip.37.0.14.208) | - | - | High
|
||||
41 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
|
||||
42 | [37.0.14.211](https://vuldb.com/?ip.37.0.14.211) | - | - | High
|
||||
43 | [37.0.14.212](https://vuldb.com/?ip.37.0.14.212) | - | - | High
|
||||
44 | [37.0.14.215](https://vuldb.com/?ip.37.0.14.215) | - | - | High
|
||||
45 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
|
||||
46 | [37.0.14.217](https://vuldb.com/?ip.37.0.14.217) | - | - | High
|
||||
47 | [37.120.206.69](https://vuldb.com/?ip.37.120.206.69) | - | - | High
|
||||
48 | [37.139.129.47](https://vuldb.com/?ip.37.139.129.47) | - | - | High
|
||||
49 | [37.139.129.100](https://vuldb.com/?ip.37.139.129.100) | - | - | High
|
||||
50 | [37.220.87.3](https://vuldb.com/?ip.37.220.87.3) | ipn-37-220-87-3.artem-catv.ru | - | High
|
||||
51 | [38.117.65.122](https://vuldb.com/?ip.38.117.65.122) | 38-117-65-122.static-ip.ravand.ca | - | High
|
||||
52 | [38.132.114.178](https://vuldb.com/?ip.38.132.114.178) | - | - | High
|
||||
53 | [41.185.97.216](https://vuldb.com/?ip.41.185.97.216) | - | - | High
|
||||
54 | [41.216.183.52](https://vuldb.com/?ip.41.216.183.52) | - | - | High
|
||||
55 | [45.12.253.22](https://vuldb.com/?ip.45.12.253.22) | - | - | High
|
||||
56 | [45.12.253.146](https://vuldb.com/?ip.45.12.253.146) | - | - | High
|
||||
57 | [45.12.253.202](https://vuldb.com/?ip.45.12.253.202) | - | - | High
|
||||
58 | [45.59.119.153](https://vuldb.com/?ip.45.59.119.153) | - | - | High
|
||||
59 | [45.59.119.212](https://vuldb.com/?ip.45.59.119.212) | - | - | High
|
||||
60 | [45.66.230.108](https://vuldb.com/?ip.45.66.230.108) | - | - | High
|
||||
61 | [45.72.96.199](https://vuldb.com/?ip.45.72.96.199) | - | - | High
|
||||
62 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
63 | [45.81.39.89](https://vuldb.com/?ip.45.81.39.89) | - | - | High
|
||||
64 | [45.81.150.32](https://vuldb.com/?ip.45.81.150.32) | - | - | High
|
||||
65 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
|
||||
66 | [45.87.61.139](https://vuldb.com/?ip.45.87.61.139) | - | - | High
|
||||
67 | [45.87.62.181](https://vuldb.com/?ip.45.87.62.181) | - | - | High
|
||||
68 | [45.87.63.121](https://vuldb.com/?ip.45.87.63.121) | - | - | High
|
||||
69 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
70 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
71 | [45.88.67.103](https://vuldb.com/?ip.45.88.67.103) | - | - | High
|
||||
72 | [45.88.67.145](https://vuldb.com/?ip.45.88.67.145) | - | - | High
|
||||
73 | [45.90.222.97](https://vuldb.com/?ip.45.90.222.97) | 45-90-222-97-hostedby.bcr.host | - | High
|
||||
74 | [45.127.101.18](https://vuldb.com/?ip.45.127.101.18) | - | - | High
|
||||
75 | [45.132.106.37](https://vuldb.com/?ip.45.132.106.37) | vm4440858.34ssd.had.wf | - | High
|
||||
76 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
|
||||
77 | [45.135.164.194](https://vuldb.com/?ip.45.135.164.194) | ibera.togeteheran.com | - | High
|
||||
78 | [45.137.22.35](https://vuldb.com/?ip.45.137.22.35) | hosted-by.rootlayer.net | - | High
|
||||
79 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
80 | [45.137.22.79](https://vuldb.com/?ip.45.137.22.79) | hosted-by.rootlayer.net | - | High
|
||||
81 | [45.137.22.143](https://vuldb.com/?ip.45.137.22.143) | hosted-by.rootlayer.net | - | High
|
||||
82 | [45.137.65.132](https://vuldb.com/?ip.45.137.65.132) | vm4266462.34ssd.had.wf | - | High
|
||||
83 | [45.137.65.229](https://vuldb.com/?ip.45.137.65.229) | vm4437484.25ssd.had.wf | - | High
|
||||
84 | [45.137.116.170](https://vuldb.com/?ip.45.137.116.170) | vps-zap970417-5.zap-srv.com | - | High
|
||||
85 | ... | ... | ... | ...
|
||||
|
||||
There are 320 more IOC items available. Please use our online service to access the data.
|
||||
There are 338 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -111,14 +115,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -126,58 +130,76 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/admin/admin.php?module=admin_group_edit&agID` | High
|
||||
3 | File | `/admin/dl_sendmail.php` | High
|
||||
4 | File | `/admin/index.php` | High
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
3 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
4 | File | `/admin/casedetails.php` | High
|
||||
5 | File | `/admin/index2.html` | High
|
||||
6 | File | `/admin_giant/add_team_member.php` | High
|
||||
7 | File | `/api/v2/cli/commands` | High
|
||||
8 | File | `/common/info.cgi` | High
|
||||
9 | File | `/etc/shadow` | Medium
|
||||
10 | File | `/Forms/` | Low
|
||||
11 | File | `/forms/web_importTFTP` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/get_getnetworkconf.cgi` | High
|
||||
14 | File | `/goform/setmac` | High
|
||||
15 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
16 | File | `/integrations.json` | High
|
||||
17 | File | `/lists/admin/` | High
|
||||
18 | File | `/owa/auth/logon.aspx` | High
|
||||
19 | File | `/panel/uploads` | High
|
||||
20 | File | `/phppath/php` | Medium
|
||||
21 | File | `/public/plugins/` | High
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/services/details.asp` | High
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/usr/bin/pkexec` | High
|
||||
27 | File | `/var/log/postgresql` | High
|
||||
28 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
29 | File | `/wp-admin` | Medium
|
||||
30 | File | `/zm/index.php` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `123flashchat.php` | High
|
||||
33 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
34 | File | `addentry.php` | Medium
|
||||
35 | File | `admin.jcomments.php` | High
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin.php?mod=user&act=del` | High
|
||||
38 | File | `admin/login.asp` | High
|
||||
39 | File | `admin/review.php` | High
|
||||
40 | File | `affich.php` | Medium
|
||||
41 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
42 | File | `app/View/Elements/eventattribute.ctp` | High
|
||||
43 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
44 | ... | ... | ...
|
||||
6 | File | `/admin/maintenance/brand.php` | High
|
||||
7 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
8 | File | `/admin/positions_add.php` | High
|
||||
9 | File | `/admin/user/manage_user.php` | High
|
||||
10 | File | `/admin/voters_row.php` | High
|
||||
11 | File | `/ad_js.php` | Medium
|
||||
12 | File | `/agc/vicidial.php` | High
|
||||
13 | File | `/ajax.php?action=save_company` | High
|
||||
14 | File | `/ajax.php?action=save_user` | High
|
||||
15 | File | `/ajax/myshop` | Medium
|
||||
16 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
17 | File | `/api/gen/clients/{language}` | High
|
||||
18 | File | `/apply.cgi` | Medium
|
||||
19 | File | `/APR/signup.php` | High
|
||||
20 | File | `/authenticationendpoint/login.do` | High
|
||||
21 | File | `/aux` | Low
|
||||
22 | File | `/backup.pl` | Medium
|
||||
23 | File | `/cas/logout` | Medium
|
||||
24 | File | `/categorypage.php` | High
|
||||
25 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
26 | File | `/cha.php` | Medium
|
||||
27 | File | `/College/admin/teacher.php` | High
|
||||
28 | File | `/contactform/contactform.php` | High
|
||||
29 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
30 | File | `/drivers/block/floppy.c` | High
|
||||
31 | File | `/DXR.axd` | Medium
|
||||
32 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
33 | File | `/etc/config/product.ini` | High
|
||||
34 | File | `/etc/crash` | Medium
|
||||
35 | File | `/etc/shadow` | Medium
|
||||
36 | File | `/fos/admin/ajax.php` | High
|
||||
37 | File | `/goform/aspForm` | High
|
||||
38 | File | `/goform/WifiBasicSet` | High
|
||||
39 | File | `/goform/WifiGuestSet` | High
|
||||
40 | File | `/index.php` | Medium
|
||||
41 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
42 | File | `/kelasdosen/data` | High
|
||||
43 | File | `/login/index.php` | High
|
||||
44 | File | `/medicines/profile.php` | High
|
||||
45 | File | `/modules/projects/vw_files.php` | High
|
||||
46 | File | `/Moosikay/order.php` | High
|
||||
47 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
48 | File | `/nasm/nasm-parse.c` | High
|
||||
49 | File | `/ordering/admin/orders/loaddata.php` | High
|
||||
50 | File | `/ordering/admin/stockin/loaddata.php` | High
|
||||
51 | File | `/owa/auth/logon.aspx` | High
|
||||
52 | File | `/philosophy/admin/login.php` | High
|
||||
53 | File | `/php-opos/login.php` | High
|
||||
54 | File | `/priv_mgt.html` | High
|
||||
55 | File | `/queuing/index.php?page=display` | High
|
||||
56 | File | `/resources//../` | High
|
||||
57 | File | `/see_more_details.php` | High
|
||||
58 | File | `/services/indexing/preview` | High
|
||||
59 | File | `/upgrade` | Medium
|
||||
60 | File | `/user/updatePwd` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 380 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 532 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://app.any.run/tasks/88e56ff7-fd26-41d6-8f94-3812461e0cfd
|
||||
* https://app.any.run/tasks/592286eb-e429-437c-af56-3c017507573c
|
||||
* https://app.any.run/tasks/dfa82768-3bf4-4dc2-9117-0c583d8fdf10
|
||||
* https://bazaar.abuse.ch/sample/0269f5e35d84ded93ff37de9a062418de6f910f5a786806157f1a406143e83e2/
|
||||
* https://bazaar.abuse.ch/sample/7aa19913253d9a036b10df1f8f0bdb25567edda11fe99050d85a47249142bec2/
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
# BackSwap - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BackSwap](https://vuldb.com/?actor.backswap). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.backswap](https://vuldb.com/?actor.backswap)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BackSwap:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BackSwap.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.61.47.74](https://vuldb.com/?ip.5.61.47.74) | - | - | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BackSwap. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `s04.php` | Low
|
||||
2 | Argument | `server` | Low
|
||||
3 | Argument | `shopid` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -3512,361 +3512,9 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3489 | [81.173.104.130](https://vuldb.com/?ip.81.173.104.130) | - | - | High
|
||||
3490 | [81.173.104.132](https://vuldb.com/?ip.81.173.104.132) | - | - | High
|
||||
3491 | [81.173.104.136](https://vuldb.com/?ip.81.173.104.136) | - | - | High
|
||||
3492 | [81.173.104.144](https://vuldb.com/?ip.81.173.104.144) | - | - | High
|
||||
3493 | [81.173.104.160](https://vuldb.com/?ip.81.173.104.160) | - | - | High
|
||||
3494 | [81.173.104.176](https://vuldb.com/?ip.81.173.104.176) | - | - | High
|
||||
3495 | [81.173.104.188](https://vuldb.com/?ip.81.173.104.188) | - | - | High
|
||||
3496 | [81.173.104.192](https://vuldb.com/?ip.81.173.104.192) | - | - | High
|
||||
3497 | [81.173.105.0](https://vuldb.com/?ip.81.173.105.0) | - | - | High
|
||||
3498 | [81.173.105.128](https://vuldb.com/?ip.81.173.105.128) | - | - | High
|
||||
3499 | [81.173.105.144](https://vuldb.com/?ip.81.173.105.144) | - | - | High
|
||||
3500 | [81.173.105.146](https://vuldb.com/?ip.81.173.105.146) | - | - | High
|
||||
3501 | [81.173.105.148](https://vuldb.com/?ip.81.173.105.148) | - | - | High
|
||||
3502 | [81.173.105.152](https://vuldb.com/?ip.81.173.105.152) | - | - | High
|
||||
3503 | [81.173.105.160](https://vuldb.com/?ip.81.173.105.160) | - | - | High
|
||||
3504 | [81.173.105.196](https://vuldb.com/?ip.81.173.105.196) | - | - | High
|
||||
3505 | [81.173.105.200](https://vuldb.com/?ip.81.173.105.200) | - | - | High
|
||||
3506 | [81.173.105.208](https://vuldb.com/?ip.81.173.105.208) | - | - | High
|
||||
3507 | [81.173.106.0](https://vuldb.com/?ip.81.173.106.0) | - | - | High
|
||||
3508 | [81.173.106.8](https://vuldb.com/?ip.81.173.106.8) | - | - | High
|
||||
3509 | [81.173.106.14](https://vuldb.com/?ip.81.173.106.14) | - | - | High
|
||||
3510 | [81.173.106.16](https://vuldb.com/?ip.81.173.106.16) | ae7-0-grtdusix1.net.telefonicaglobalsolutions.com | - | High
|
||||
3511 | [81.173.106.24](https://vuldb.com/?ip.81.173.106.24) | be18-grtmadix2.net.telefonicaglobalsolutions.com | - | High
|
||||
3512 | [81.173.106.32](https://vuldb.com/?ip.81.173.106.32) | te0-1-0-6-grtlurem2.net.telefonicaglobalsolutions.com | - | High
|
||||
3513 | [81.173.106.42](https://vuldb.com/?ip.81.173.106.42) | be1-grtbogtm1.net.telefonicaglobalsolutions.com | - | High
|
||||
3514 | [81.173.106.44](https://vuldb.com/?ip.81.173.106.44) | be2-grtbogtm1.net.telefonicaglobalsolutions.com | - | High
|
||||
3515 | [81.173.106.48](https://vuldb.com/?ip.81.173.106.48) | - | - | High
|
||||
3516 | [81.173.106.60](https://vuldb.com/?ip.81.173.106.60) | - | - | High
|
||||
3517 | [81.173.106.66](https://vuldb.com/?ip.81.173.106.66) | - | - | High
|
||||
3518 | [81.173.106.68](https://vuldb.com/?ip.81.173.106.68) | - | - | High
|
||||
3519 | [81.173.106.78](https://vuldb.com/?ip.81.173.106.78) | - | - | High
|
||||
3520 | [81.173.106.80](https://vuldb.com/?ip.81.173.106.80) | - | - | High
|
||||
3521 | [81.173.106.82](https://vuldb.com/?ip.81.173.106.82) | - | - | High
|
||||
3522 | [81.173.106.84](https://vuldb.com/?ip.81.173.106.84) | - | - | High
|
||||
3523 | [81.173.106.88](https://vuldb.com/?ip.81.173.106.88) | - | - | High
|
||||
3524 | [81.173.106.96](https://vuldb.com/?ip.81.173.106.96) | be11-grtbogtm1.net.telefonicaglobalsolutions.com | - | High
|
||||
3525 | [81.173.106.102](https://vuldb.com/?ip.81.173.106.102) | be12-grtbogtm1.net.telefonicaglobalsolutions.com | - | High
|
||||
3526 | [81.173.106.104](https://vuldb.com/?ip.81.173.106.104) | - | - | High
|
||||
3527 | [81.173.106.112](https://vuldb.com/?ip.81.173.106.112) | - | - | High
|
||||
3528 | [81.173.106.120](https://vuldb.com/?ip.81.173.106.120) | - | - | High
|
||||
3529 | [81.173.106.122](https://vuldb.com/?ip.81.173.106.122) | - | - | High
|
||||
3530 | [81.173.106.124](https://vuldb.com/?ip.81.173.106.124) | - | - | High
|
||||
3531 | [81.173.106.128](https://vuldb.com/?ip.81.173.106.128) | - | - | High
|
||||
3532 | [81.173.106.133](https://vuldb.com/?ip.81.173.106.133) | - | - | High
|
||||
3533 | [81.173.106.134](https://vuldb.com/?ip.81.173.106.134) | - | - | High
|
||||
3534 | [81.173.106.136](https://vuldb.com/?ip.81.173.106.136) | - | - | High
|
||||
3535 | [81.173.106.147](https://vuldb.com/?ip.81.173.106.147) | - | - | High
|
||||
3536 | [81.173.106.148](https://vuldb.com/?ip.81.173.106.148) | - | - | High
|
||||
3537 | [81.173.106.152](https://vuldb.com/?ip.81.173.106.152) | - | - | High
|
||||
3538 | [81.173.106.160](https://vuldb.com/?ip.81.173.106.160) | - | - | High
|
||||
3539 | [81.173.106.176](https://vuldb.com/?ip.81.173.106.176) | - | - | High
|
||||
3540 | [81.173.106.180](https://vuldb.com/?ip.81.173.106.180) | - | - | High
|
||||
3541 | [81.173.106.186](https://vuldb.com/?ip.81.173.106.186) | - | - | High
|
||||
3542 | [81.173.106.188](https://vuldb.com/?ip.81.173.106.188) | - | - | High
|
||||
3543 | [81.173.106.194](https://vuldb.com/?ip.81.173.106.194) | - | - | High
|
||||
3544 | [81.173.106.196](https://vuldb.com/?ip.81.173.106.196) | - | - | High
|
||||
3545 | [81.173.106.200](https://vuldb.com/?ip.81.173.106.200) | - | - | High
|
||||
3546 | [81.173.106.202](https://vuldb.com/?ip.81.173.106.202) | - | - | High
|
||||
3547 | [81.173.106.205](https://vuldb.com/?ip.81.173.106.205) | - | - | High
|
||||
3548 | [81.173.106.206](https://vuldb.com/?ip.81.173.106.206) | - | - | High
|
||||
3549 | [81.173.106.208](https://vuldb.com/?ip.81.173.106.208) | - | - | High
|
||||
3550 | [81.173.106.224](https://vuldb.com/?ip.81.173.106.224) | - | - | High
|
||||
3551 | [81.173.106.228](https://vuldb.com/?ip.81.173.106.228) | - | - | High
|
||||
3552 | [81.173.106.232](https://vuldb.com/?ip.81.173.106.232) | - | - | High
|
||||
3553 | [81.173.106.240](https://vuldb.com/?ip.81.173.106.240) | - | - | High
|
||||
3554 | [81.173.107.0](https://vuldb.com/?ip.81.173.107.0) | - | - | High
|
||||
3555 | [81.173.107.32](https://vuldb.com/?ip.81.173.107.32) | - | - | High
|
||||
3556 | [81.173.107.40](https://vuldb.com/?ip.81.173.107.40) | - | - | High
|
||||
3557 | [81.173.107.48](https://vuldb.com/?ip.81.173.107.48) | - | - | High
|
||||
3558 | [81.173.107.64](https://vuldb.com/?ip.81.173.107.64) | - | - | High
|
||||
3559 | [81.173.107.128](https://vuldb.com/?ip.81.173.107.128) | - | - | High
|
||||
3560 | [81.173.107.192](https://vuldb.com/?ip.81.173.107.192) | - | - | High
|
||||
3561 | [81.173.107.208](https://vuldb.com/?ip.81.173.107.208) | - | - | High
|
||||
3562 | [81.173.107.210](https://vuldb.com/?ip.81.173.107.210) | - | - | High
|
||||
3563 | [81.173.107.212](https://vuldb.com/?ip.81.173.107.212) | - | - | High
|
||||
3564 | [81.173.107.216](https://vuldb.com/?ip.81.173.107.216) | - | - | High
|
||||
3565 | [81.173.107.224](https://vuldb.com/?ip.81.173.107.224) | - | - | High
|
||||
3566 | [81.173.108.0](https://vuldb.com/?ip.81.173.108.0) | - | - | High
|
||||
3567 | [81.173.108.128](https://vuldb.com/?ip.81.173.108.128) | - | - | High
|
||||
3568 | [81.173.108.132](https://vuldb.com/?ip.81.173.108.132) | - | - | High
|
||||
3569 | [81.173.108.135](https://vuldb.com/?ip.81.173.108.135) | - | - | High
|
||||
3570 | [81.173.108.137](https://vuldb.com/?ip.81.173.108.137) | - | - | High
|
||||
3571 | [81.173.108.138](https://vuldb.com/?ip.81.173.108.138) | - | - | High
|
||||
3572 | [81.173.108.140](https://vuldb.com/?ip.81.173.108.140) | - | - | High
|
||||
3573 | [81.173.108.148](https://vuldb.com/?ip.81.173.108.148) | - | - | High
|
||||
3574 | [81.173.108.152](https://vuldb.com/?ip.81.173.108.152) | - | - | High
|
||||
3575 | [81.173.108.154](https://vuldb.com/?ip.81.173.108.154) | - | - | High
|
||||
3576 | [81.173.108.156](https://vuldb.com/?ip.81.173.108.156) | - | - | High
|
||||
3577 | [81.173.108.160](https://vuldb.com/?ip.81.173.108.160) | - | - | High
|
||||
3578 | [81.173.108.162](https://vuldb.com/?ip.81.173.108.162) | - | - | High
|
||||
3579 | [81.173.108.167](https://vuldb.com/?ip.81.173.108.167) | - | - | High
|
||||
3580 | [81.173.108.168](https://vuldb.com/?ip.81.173.108.168) | - | - | High
|
||||
3581 | [81.173.108.172](https://vuldb.com/?ip.81.173.108.172) | - | - | High
|
||||
3582 | [81.173.108.174](https://vuldb.com/?ip.81.173.108.174) | - | - | High
|
||||
3583 | [81.173.108.176](https://vuldb.com/?ip.81.173.108.176) | - | - | High
|
||||
3584 | [81.173.108.180](https://vuldb.com/?ip.81.173.108.180) | - | - | High
|
||||
3585 | [81.173.108.182](https://vuldb.com/?ip.81.173.108.182) | - | - | High
|
||||
3586 | [81.173.108.184](https://vuldb.com/?ip.81.173.108.184) | - | - | High
|
||||
3587 | [81.173.108.187](https://vuldb.com/?ip.81.173.108.187) | - | - | High
|
||||
3588 | [81.173.108.191](https://vuldb.com/?ip.81.173.108.191) | - | - | High
|
||||
3589 | [81.173.108.192](https://vuldb.com/?ip.81.173.108.192) | - | - | High
|
||||
3590 | [81.173.108.200](https://vuldb.com/?ip.81.173.108.200) | - | - | High
|
||||
3591 | [81.173.108.204](https://vuldb.com/?ip.81.173.108.204) | - | - | High
|
||||
3592 | [81.173.108.207](https://vuldb.com/?ip.81.173.108.207) | - | - | High
|
||||
3593 | [81.173.108.208](https://vuldb.com/?ip.81.173.108.208) | - | - | High
|
||||
3594 | [81.173.108.212](https://vuldb.com/?ip.81.173.108.212) | - | - | High
|
||||
3595 | [81.173.108.217](https://vuldb.com/?ip.81.173.108.217) | - | - | High
|
||||
3596 | [81.173.108.219](https://vuldb.com/?ip.81.173.108.219) | - | - | High
|
||||
3597 | [81.173.108.221](https://vuldb.com/?ip.81.173.108.221) | - | - | High
|
||||
3598 | [81.173.108.222](https://vuldb.com/?ip.81.173.108.222) | - | - | High
|
||||
3599 | [81.173.108.224](https://vuldb.com/?ip.81.173.108.224) | - | - | High
|
||||
3600 | [81.173.109.16](https://vuldb.com/?ip.81.173.109.16) | - | - | High
|
||||
3601 | [81.173.109.32](https://vuldb.com/?ip.81.173.109.32) | - | - | High
|
||||
3602 | [81.173.109.64](https://vuldb.com/?ip.81.173.109.64) | - | - | High
|
||||
3603 | [81.173.109.128](https://vuldb.com/?ip.81.173.109.128) | - | - | High
|
||||
3604 | [81.173.109.137](https://vuldb.com/?ip.81.173.109.137) | - | - | High
|
||||
3605 | [81.173.109.138](https://vuldb.com/?ip.81.173.109.138) | - | - | High
|
||||
3606 | [81.173.109.140](https://vuldb.com/?ip.81.173.109.140) | - | - | High
|
||||
3607 | [81.173.109.144](https://vuldb.com/?ip.81.173.109.144) | - | - | High
|
||||
3608 | [81.173.109.149](https://vuldb.com/?ip.81.173.109.149) | - | - | High
|
||||
3609 | [81.173.109.150](https://vuldb.com/?ip.81.173.109.150) | - | - | High
|
||||
3610 | [81.173.109.152](https://vuldb.com/?ip.81.173.109.152) | - | - | High
|
||||
3611 | [81.173.109.160](https://vuldb.com/?ip.81.173.109.160) | - | - | High
|
||||
3612 | [81.173.109.168](https://vuldb.com/?ip.81.173.109.168) | - | - | High
|
||||
3613 | [81.173.109.172](https://vuldb.com/?ip.81.173.109.172) | - | - | High
|
||||
3614 | [81.173.109.176](https://vuldb.com/?ip.81.173.109.176) | - | - | High
|
||||
3615 | [81.173.109.184](https://vuldb.com/?ip.81.173.109.184) | - | - | High
|
||||
3616 | [81.173.109.186](https://vuldb.com/?ip.81.173.109.186) | - | - | High
|
||||
3617 | [81.173.109.188](https://vuldb.com/?ip.81.173.109.188) | - | - | High
|
||||
3618 | [81.173.109.192](https://vuldb.com/?ip.81.173.109.192) | - | - | High
|
||||
3619 | [81.173.109.201](https://vuldb.com/?ip.81.173.109.201) | - | - | High
|
||||
3620 | [81.173.109.202](https://vuldb.com/?ip.81.173.109.202) | - | - | High
|
||||
3621 | [81.173.109.204](https://vuldb.com/?ip.81.173.109.204) | - | - | High
|
||||
3622 | [81.173.109.208](https://vuldb.com/?ip.81.173.109.208) | - | - | High
|
||||
3623 | [81.173.109.224](https://vuldb.com/?ip.81.173.109.224) | - | - | High
|
||||
3624 | [81.173.110.0](https://vuldb.com/?ip.81.173.110.0) | - | - | High
|
||||
3625 | [81.173.110.8](https://vuldb.com/?ip.81.173.110.8) | - | - | High
|
||||
3626 | [81.173.110.11](https://vuldb.com/?ip.81.173.110.11) | - | - | High
|
||||
3627 | [81.173.110.12](https://vuldb.com/?ip.81.173.110.12) | - | - | High
|
||||
3628 | [81.173.110.16](https://vuldb.com/?ip.81.173.110.16) | - | - | High
|
||||
3629 | [81.173.110.32](https://vuldb.com/?ip.81.173.110.32) | - | - | High
|
||||
3630 | [81.173.110.48](https://vuldb.com/?ip.81.173.110.48) | - | - | High
|
||||
3631 | [81.173.110.64](https://vuldb.com/?ip.81.173.110.64) | - | - | High
|
||||
3632 | [81.173.110.129](https://vuldb.com/?ip.81.173.110.129) | - | - | High
|
||||
3633 | [81.173.110.131](https://vuldb.com/?ip.81.173.110.131) | - | - | High
|
||||
3634 | [81.173.110.138](https://vuldb.com/?ip.81.173.110.138) | - | - | High
|
||||
3635 | [81.173.110.142](https://vuldb.com/?ip.81.173.110.142) | - | - | High
|
||||
3636 | [81.173.110.144](https://vuldb.com/?ip.81.173.110.144) | - | - | High
|
||||
3637 | [81.173.110.153](https://vuldb.com/?ip.81.173.110.153) | - | - | High
|
||||
3638 | [81.173.110.154](https://vuldb.com/?ip.81.173.110.154) | - | - | High
|
||||
3639 | [81.173.110.156](https://vuldb.com/?ip.81.173.110.156) | - | - | High
|
||||
3640 | [81.173.110.160](https://vuldb.com/?ip.81.173.110.160) | - | - | High
|
||||
3641 | [81.173.110.163](https://vuldb.com/?ip.81.173.110.163) | - | - | High
|
||||
3642 | [81.173.110.172](https://vuldb.com/?ip.81.173.110.172) | - | - | High
|
||||
3643 | [81.173.110.180](https://vuldb.com/?ip.81.173.110.180) | - | - | High
|
||||
3644 | [81.173.110.187](https://vuldb.com/?ip.81.173.110.187) | - | - | High
|
||||
3645 | [81.173.110.188](https://vuldb.com/?ip.81.173.110.188) | - | - | High
|
||||
3646 | [81.173.110.200](https://vuldb.com/?ip.81.173.110.200) | - | - | High
|
||||
3647 | [81.173.110.209](https://vuldb.com/?ip.81.173.110.209) | - | - | High
|
||||
3648 | [81.173.110.210](https://vuldb.com/?ip.81.173.110.210) | - | - | High
|
||||
3649 | [81.173.110.212](https://vuldb.com/?ip.81.173.110.212) | - | - | High
|
||||
3650 | [81.173.110.216](https://vuldb.com/?ip.81.173.110.216) | - | - | High
|
||||
3651 | [81.173.110.224](https://vuldb.com/?ip.81.173.110.224) | - | - | High
|
||||
3652 | [81.173.111.0](https://vuldb.com/?ip.81.173.111.0) | - | - | High
|
||||
3653 | [81.173.111.12](https://vuldb.com/?ip.81.173.111.12) | - | - | High
|
||||
3654 | [81.173.111.16](https://vuldb.com/?ip.81.173.111.16) | - | - | High
|
||||
3655 | [81.173.111.32](https://vuldb.com/?ip.81.173.111.32) | - | - | High
|
||||
3656 | [81.173.111.64](https://vuldb.com/?ip.81.173.111.64) | - | - | High
|
||||
3657 | [81.173.111.96](https://vuldb.com/?ip.81.173.111.96) | - | - | High
|
||||
3658 | [81.173.111.116](https://vuldb.com/?ip.81.173.111.116) | - | - | High
|
||||
3659 | [81.173.111.120](https://vuldb.com/?ip.81.173.111.120) | - | - | High
|
||||
3660 | [81.173.111.132](https://vuldb.com/?ip.81.173.111.132) | - | - | High
|
||||
3661 | [81.173.111.136](https://vuldb.com/?ip.81.173.111.136) | - | - | High
|
||||
3662 | [81.173.111.140](https://vuldb.com/?ip.81.173.111.140) | - | - | High
|
||||
3663 | [81.173.111.144](https://vuldb.com/?ip.81.173.111.144) | - | - | High
|
||||
3664 | [81.173.111.156](https://vuldb.com/?ip.81.173.111.156) | - | - | High
|
||||
3665 | [81.173.111.166](https://vuldb.com/?ip.81.173.111.166) | - | - | High
|
||||
3666 | [81.173.111.176](https://vuldb.com/?ip.81.173.111.176) | - | - | High
|
||||
3667 | [81.173.111.188](https://vuldb.com/?ip.81.173.111.188) | - | - | High
|
||||
3668 | [81.173.111.192](https://vuldb.com/?ip.81.173.111.192) | - | - | High
|
||||
3669 | [81.173.111.198](https://vuldb.com/?ip.81.173.111.198) | - | - | High
|
||||
3670 | [81.173.111.200](https://vuldb.com/?ip.81.173.111.200) | - | - | High
|
||||
3671 | [81.173.111.212](https://vuldb.com/?ip.81.173.111.212) | - | - | High
|
||||
3672 | [81.173.111.228](https://vuldb.com/?ip.81.173.111.228) | - | - | High
|
||||
3673 | [81.173.111.245](https://vuldb.com/?ip.81.173.111.245) | - | - | High
|
||||
3674 | [81.173.111.246](https://vuldb.com/?ip.81.173.111.246) | - | - | High
|
||||
3675 | [81.173.111.248](https://vuldb.com/?ip.81.173.111.248) | - | - | High
|
||||
3676 | [81.199.62.0](https://vuldb.com/?ip.81.199.62.0) | - | - | High
|
||||
3677 | [81.201.102.244](https://vuldb.com/?ip.81.201.102.244) | - | - | High
|
||||
3678 | [81.201.102.254](https://vuldb.com/?ip.81.201.102.254) | ae43.cor03.fr2.eu.equinix.net | - | High
|
||||
3679 | [81.201.103.0](https://vuldb.com/?ip.81.201.103.0) | xe-0-0-3.cor01.ld8.eu.equinix.net | - | High
|
||||
3680 | [81.201.103.64](https://vuldb.com/?ip.81.201.103.64) | - | - | High
|
||||
3681 | [81.201.103.72](https://vuldb.com/?ip.81.201.103.72) | ae35.cor01.ld8.eu.equinix.net | - | High
|
||||
3682 | [81.201.103.80](https://vuldb.com/?ip.81.201.103.80) | ae39.cor01.ld8.eu.equinix.net | - | High
|
||||
3683 | [81.201.103.88](https://vuldb.com/?ip.81.201.103.88) | ae53.cor01.ld5.eu.equinix.net | - | High
|
||||
3684 | [81.201.103.96](https://vuldb.com/?ip.81.201.103.96) | ae57.cor01.ld5.eu.equinix.net | - | High
|
||||
3685 | [81.201.103.112](https://vuldb.com/?ip.81.201.103.112) | ae65.cor01.ld5.eu.equinix.net | - | High
|
||||
3686 | [81.201.103.124](https://vuldb.com/?ip.81.201.103.124) | - | - | High
|
||||
3687 | [81.201.103.128](https://vuldb.com/?ip.81.201.103.128) | - | - | High
|
||||
3688 | [81.201.103.144](https://vuldb.com/?ip.81.201.103.144) | - | - | High
|
||||
3689 | [81.201.103.164](https://vuldb.com/?ip.81.201.103.164) | ae41.cor03.mu3.eu.equinix.net | - | High
|
||||
3690 | [81.201.103.168](https://vuldb.com/?ip.81.201.103.168) | ae42.cor03.mu4.eu.equinix.net | - | High
|
||||
3691 | [81.201.103.176](https://vuldb.com/?ip.81.201.103.176) | ae103.cor04.hh1.eu.equinix.net | - | High
|
||||
3692 | [81.201.103.184](https://vuldb.com/?ip.81.201.103.184) | - | - | High
|
||||
3693 | [81.201.103.190](https://vuldb.com/?ip.81.201.103.190) | - | - | High
|
||||
3694 | [81.201.103.192](https://vuldb.com/?ip.81.201.103.192) | - | - | High
|
||||
3695 | [81.201.105.4](https://vuldb.com/?ip.81.201.105.4) | - | - | High
|
||||
3696 | [81.201.105.8](https://vuldb.com/?ip.81.201.105.8) | - | - | High
|
||||
3697 | [81.201.105.16](https://vuldb.com/?ip.81.201.105.16) | - | - | High
|
||||
3698 | [81.201.105.32](https://vuldb.com/?ip.81.201.105.32) | - | - | High
|
||||
3699 | [81.201.105.64](https://vuldb.com/?ip.81.201.105.64) | - | - | High
|
||||
3700 | [81.201.105.128](https://vuldb.com/?ip.81.201.105.128) | - | - | High
|
||||
3701 | [81.201.105.136](https://vuldb.com/?ip.81.201.105.136) | ae3-32.cor01.gv2.eu.equinix.net | - | High
|
||||
3702 | [81.201.105.144](https://vuldb.com/?ip.81.201.105.144) | - | - | High
|
||||
3703 | [81.201.105.160](https://vuldb.com/?ip.81.201.105.160) | ae3-32.cor01.zh4.eu.equinix.net | - | High
|
||||
3704 | [81.201.105.192](https://vuldb.com/?ip.81.201.105.192) | ae3-31.cor01.pa6.eu.equinix.net | - | High
|
||||
3705 | [81.201.105.224](https://vuldb.com/?ip.81.201.105.224) | - | - | High
|
||||
3706 | [81.201.105.240](https://vuldb.com/?ip.81.201.105.240) | ae3-32.cor01.db2.eu.equinix.net | - | High
|
||||
3707 | [81.253.182.0](https://vuldb.com/?ip.81.253.182.0) | - | - | High
|
||||
3708 | [81.253.182.32](https://vuldb.com/?ip.81.253.182.32) | - | - | High
|
||||
3709 | [81.253.182.48](https://vuldb.com/?ip.81.253.182.48) | - | - | High
|
||||
3710 | [81.253.182.56](https://vuldb.com/?ip.81.253.182.56) | - | - | High
|
||||
3711 | [81.253.182.59](https://vuldb.com/?ip.81.253.182.59) | - | - | High
|
||||
3712 | [81.253.182.60](https://vuldb.com/?ip.81.253.182.60) | - | - | High
|
||||
3713 | [81.253.182.63](https://vuldb.com/?ip.81.253.182.63) | - | - | High
|
||||
3714 | [81.253.182.64](https://vuldb.com/?ip.81.253.182.64) | - | - | High
|
||||
3715 | [81.253.182.67](https://vuldb.com/?ip.81.253.182.67) | - | - | High
|
||||
3716 | [81.253.182.68](https://vuldb.com/?ip.81.253.182.68) | - | - | High
|
||||
3717 | [81.253.182.71](https://vuldb.com/?ip.81.253.182.71) | - | - | High
|
||||
3718 | [81.253.182.72](https://vuldb.com/?ip.81.253.182.72) | - | - | High
|
||||
3719 | [81.253.182.75](https://vuldb.com/?ip.81.253.182.75) | - | - | High
|
||||
3720 | [81.253.182.76](https://vuldb.com/?ip.81.253.182.76) | - | - | High
|
||||
3721 | [81.253.182.79](https://vuldb.com/?ip.81.253.182.79) | - | - | High
|
||||
3722 | [81.253.182.80](https://vuldb.com/?ip.81.253.182.80) | - | - | High
|
||||
3723 | [81.253.182.83](https://vuldb.com/?ip.81.253.182.83) | - | - | High
|
||||
3724 | [81.253.182.84](https://vuldb.com/?ip.81.253.182.84) | - | - | High
|
||||
3725 | [81.253.182.87](https://vuldb.com/?ip.81.253.182.87) | - | - | High
|
||||
3726 | [81.253.182.88](https://vuldb.com/?ip.81.253.182.88) | - | - | High
|
||||
3727 | [81.253.182.96](https://vuldb.com/?ip.81.253.182.96) | - | - | High
|
||||
3728 | [81.253.182.128](https://vuldb.com/?ip.81.253.182.128) | - | - | High
|
||||
3729 | [81.253.182.144](https://vuldb.com/?ip.81.253.182.144) | - | - | High
|
||||
3730 | [81.253.182.148](https://vuldb.com/?ip.81.253.182.148) | - | - | High
|
||||
3731 | [81.253.182.150](https://vuldb.com/?ip.81.253.182.150) | ae23-0.nclyo201.rbci.orange.net | - | High
|
||||
3732 | [81.253.182.152](https://vuldb.com/?ip.81.253.182.152) | - | - | High
|
||||
3733 | [81.253.182.154](https://vuldb.com/?ip.81.253.182.154) | ae23-0.nclyo202.rbci.orange.net | - | High
|
||||
3734 | [81.253.182.156](https://vuldb.com/?ip.81.253.182.156) | - | - | High
|
||||
3735 | [81.253.182.160](https://vuldb.com/?ip.81.253.182.160) | - | - | High
|
||||
3736 | [81.253.182.192](https://vuldb.com/?ip.81.253.182.192) | - | - | High
|
||||
3737 | [81.253.183.0](https://vuldb.com/?ip.81.253.183.0) | - | - | High
|
||||
3738 | [81.253.183.3](https://vuldb.com/?ip.81.253.183.3) | - | - | High
|
||||
3739 | [81.253.183.4](https://vuldb.com/?ip.81.253.183.4) | - | - | High
|
||||
3740 | [81.253.183.7](https://vuldb.com/?ip.81.253.183.7) | - | - | High
|
||||
3741 | [81.253.183.8](https://vuldb.com/?ip.81.253.183.8) | - | - | High
|
||||
3742 | [81.253.183.16](https://vuldb.com/?ip.81.253.183.16) | - | - | High
|
||||
3743 | [81.253.183.20](https://vuldb.com/?ip.81.253.183.20) | - | - | High
|
||||
3744 | [81.253.183.23](https://vuldb.com/?ip.81.253.183.23) | - | - | High
|
||||
3745 | [81.253.183.24](https://vuldb.com/?ip.81.253.183.24) | - | - | High
|
||||
3746 | [81.253.183.32](https://vuldb.com/?ip.81.253.183.32) | - | - | High
|
||||
3747 | [81.253.183.64](https://vuldb.com/?ip.81.253.183.64) | - | - | High
|
||||
3748 | [81.253.183.128](https://vuldb.com/?ip.81.253.183.128) | - | - | High
|
||||
3749 | [81.253.184.0](https://vuldb.com/?ip.81.253.184.0) | - | - | High
|
||||
3750 | [81.253.184.4](https://vuldb.com/?ip.81.253.184.4) | - | - | High
|
||||
3751 | [81.253.184.6](https://vuldb.com/?ip.81.253.184.6) | - | - | High
|
||||
3752 | [81.253.184.8](https://vuldb.com/?ip.81.253.184.8) | - | - | High
|
||||
3753 | [81.253.184.16](https://vuldb.com/?ip.81.253.184.16) | - | - | High
|
||||
3754 | [81.253.184.20](https://vuldb.com/?ip.81.253.184.20) | - | - | High
|
||||
3755 | [81.253.184.22](https://vuldb.com/?ip.81.253.184.22) | - | - | High
|
||||
3756 | [81.253.184.24](https://vuldb.com/?ip.81.253.184.24) | - | - | High
|
||||
3757 | [81.253.184.32](https://vuldb.com/?ip.81.253.184.32) | - | - | High
|
||||
3758 | [81.253.184.64](https://vuldb.com/?ip.81.253.184.64) | - | - | High
|
||||
3759 | [81.253.184.96](https://vuldb.com/?ip.81.253.184.96) | - | - | High
|
||||
3760 | [81.253.184.98](https://vuldb.com/?ip.81.253.184.98) | - | - | High
|
||||
3761 | [81.253.184.100](https://vuldb.com/?ip.81.253.184.100) | - | - | High
|
||||
3762 | [81.253.184.102](https://vuldb.com/?ip.81.253.184.102) | - | - | High
|
||||
3763 | [81.253.184.104](https://vuldb.com/?ip.81.253.184.104) | - | - | High
|
||||
3764 | [81.253.184.112](https://vuldb.com/?ip.81.253.184.112) | - | - | High
|
||||
3765 | [81.253.184.116](https://vuldb.com/?ip.81.253.184.116) | - | - | High
|
||||
3766 | [81.253.184.118](https://vuldb.com/?ip.81.253.184.118) | - | - | High
|
||||
3767 | [81.253.184.120](https://vuldb.com/?ip.81.253.184.120) | - | - | High
|
||||
3768 | [81.253.184.128](https://vuldb.com/?ip.81.253.184.128) | - | - | High
|
||||
3769 | [81.253.184.160](https://vuldb.com/?ip.81.253.184.160) | - | - | High
|
||||
3770 | [81.253.184.176](https://vuldb.com/?ip.81.253.184.176) | - | - | High
|
||||
3771 | [81.253.184.178](https://vuldb.com/?ip.81.253.184.178) | - | - | High
|
||||
3772 | [81.253.184.180](https://vuldb.com/?ip.81.253.184.180) | - | - | High
|
||||
3773 | [81.253.184.182](https://vuldb.com/?ip.81.253.184.182) | - | - | High
|
||||
3774 | [81.253.184.184](https://vuldb.com/?ip.81.253.184.184) | - | - | High
|
||||
3775 | [81.253.184.188](https://vuldb.com/?ip.81.253.184.188) | - | - | High
|
||||
3776 | [81.253.184.190](https://vuldb.com/?ip.81.253.184.190) | - | - | High
|
||||
3777 | [81.253.184.192](https://vuldb.com/?ip.81.253.184.192) | - | - | High
|
||||
3778 | [81.253.184.208](https://vuldb.com/?ip.81.253.184.208) | - | - | High
|
||||
3779 | [81.253.184.216](https://vuldb.com/?ip.81.253.184.216) | - | - | High
|
||||
3780 | [81.253.184.224](https://vuldb.com/?ip.81.253.184.224) | - | - | High
|
||||
3781 | [81.253.185.0](https://vuldb.com/?ip.81.253.185.0) | - | - | High
|
||||
3782 | [82.96.1.0](https://vuldb.com/?ip.82.96.1.0) | - | - | High
|
||||
3783 | [82.96.1.8](https://vuldb.com/?ip.82.96.1.8) | - | - | High
|
||||
3784 | [82.96.1.20](https://vuldb.com/?ip.82.96.1.20) | - | - | High
|
||||
3785 | [82.96.1.24](https://vuldb.com/?ip.82.96.1.24) | - | - | High
|
||||
3786 | [82.96.1.26](https://vuldb.com/?ip.82.96.1.26) | vl1306.dk.cph.sydv.cr0.port80.se | - | High
|
||||
3787 | [82.96.1.28](https://vuldb.com/?ip.82.96.1.28) | - | - | High
|
||||
3788 | [82.96.1.31](https://vuldb.com/?ip.82.96.1.31) | - | - | High
|
||||
3789 | [82.96.1.44](https://vuldb.com/?ip.82.96.1.44) | - | - | High
|
||||
3790 | [82.96.1.48](https://vuldb.com/?ip.82.96.1.48) | - | - | High
|
||||
3791 | [82.96.1.64](https://vuldb.com/?ip.82.96.1.64) | - | - | High
|
||||
3792 | [82.96.1.76](https://vuldb.com/?ip.82.96.1.76) | - | - | High
|
||||
3793 | [82.96.1.84](https://vuldb.com/?ip.82.96.1.84) | - | - | High
|
||||
3794 | [82.96.1.88](https://vuldb.com/?ip.82.96.1.88) | - | - | High
|
||||
3795 | [82.96.1.91](https://vuldb.com/?ip.82.96.1.91) | - | - | High
|
||||
3796 | [82.96.1.92](https://vuldb.com/?ip.82.96.1.92) | - | - | High
|
||||
3797 | [82.96.1.108](https://vuldb.com/?ip.82.96.1.108) | - | - | High
|
||||
3798 | [82.96.1.112](https://vuldb.com/?ip.82.96.1.112) | - | - | High
|
||||
3799 | [82.96.1.136](https://vuldb.com/?ip.82.96.1.136) | - | - | High
|
||||
3800 | [82.96.1.144](https://vuldb.com/?ip.82.96.1.144) | - | - | High
|
||||
3801 | [82.96.1.160](https://vuldb.com/?ip.82.96.1.160) | - | - | High
|
||||
3802 | [82.96.1.172](https://vuldb.com/?ip.82.96.1.172) | - | - | High
|
||||
3803 | [82.96.1.176](https://vuldb.com/?ip.82.96.1.176) | - | - | High
|
||||
3804 | [82.96.1.184](https://vuldb.com/?ip.82.96.1.184) | - | - | High
|
||||
3805 | [82.96.1.200](https://vuldb.com/?ip.82.96.1.200) | - | - | High
|
||||
3806 | [82.99.29.0](https://vuldb.com/?ip.82.99.29.0) | - | - | High
|
||||
3807 | [82.99.29.8](https://vuldb.com/?ip.82.99.29.8) | - | - | High
|
||||
3808 | [82.99.29.24](https://vuldb.com/?ip.82.99.29.24) | - | - | High
|
||||
3809 | [82.99.29.32](https://vuldb.com/?ip.82.99.29.32) | - | - | High
|
||||
3810 | [82.99.29.40](https://vuldb.com/?ip.82.99.29.40) | - | - | High
|
||||
3811 | [82.99.29.48](https://vuldb.com/?ip.82.99.29.48) | - | - | High
|
||||
3812 | [82.99.29.60](https://vuldb.com/?ip.82.99.29.60) | - | - | High
|
||||
3813 | [82.99.29.64](https://vuldb.com/?ip.82.99.29.64) | - | - | High
|
||||
3814 | [82.99.29.72](https://vuldb.com/?ip.82.99.29.72) | - | - | High
|
||||
3815 | [82.99.29.84](https://vuldb.com/?ip.82.99.29.84) | - | - | High
|
||||
3816 | [82.99.29.88](https://vuldb.com/?ip.82.99.29.88) | - | - | High
|
||||
3817 | [82.99.29.96](https://vuldb.com/?ip.82.99.29.96) | - | - | High
|
||||
3818 | [82.99.29.112](https://vuldb.com/?ip.82.99.29.112) | - | - | High
|
||||
3819 | [82.99.29.128](https://vuldb.com/?ip.82.99.29.128) | - | - | High
|
||||
3820 | [82.138.72.0](https://vuldb.com/?ip.82.138.72.0) | - | - | High
|
||||
3821 | [82.138.72.40](https://vuldb.com/?ip.82.138.72.40) | - | - | High
|
||||
3822 | [82.138.72.48](https://vuldb.com/?ip.82.138.72.48) | - | - | High
|
||||
3823 | [82.138.72.64](https://vuldb.com/?ip.82.138.72.64) | - | - | High
|
||||
3824 | [82.138.72.128](https://vuldb.com/?ip.82.138.72.128) | - | - | High
|
||||
3825 | [82.138.72.192](https://vuldb.com/?ip.82.138.72.192) | - | - | High
|
||||
3826 | [82.138.72.196](https://vuldb.com/?ip.82.138.72.196) | - | - | High
|
||||
3827 | [82.138.72.199](https://vuldb.com/?ip.82.138.72.199) | - | - | High
|
||||
3828 | [82.138.72.200](https://vuldb.com/?ip.82.138.72.200) | - | - | High
|
||||
3829 | [82.138.72.208](https://vuldb.com/?ip.82.138.72.208) | - | - | High
|
||||
3830 | [82.138.72.224](https://vuldb.com/?ip.82.138.72.224) | - | - | High
|
||||
3831 | [82.165.233.8](https://vuldb.com/?ip.82.165.233.8) | - | - | High
|
||||
3832 | [82.165.233.16](https://vuldb.com/?ip.82.165.233.16) | - | - | High
|
||||
3833 | [82.165.233.32](https://vuldb.com/?ip.82.165.233.32) | - | - | High
|
||||
3834 | [82.165.233.42](https://vuldb.com/?ip.82.165.233.42) | ens-18-9.gw-nat.hbf5.kae.de.oneandone.net | - | High
|
||||
3835 | [82.165.233.44](https://vuldb.com/?ip.82.165.233.44) | - | - | High
|
||||
3836 | [82.165.233.48](https://vuldb.com/?ip.82.165.233.48) | - | - | High
|
||||
3837 | [82.165.233.66](https://vuldb.com/?ip.82.165.233.66) | et-0-nat-7.gw-nat.spb.muc.de.oneandone.net | - | High
|
||||
3838 | [82.165.233.72](https://vuldb.com/?ip.82.165.233.72) | ens-18-10.gw-nat.hbf5.kae.de.oneandone.net | - | High
|
||||
3839 | [82.165.233.80](https://vuldb.com/?ip.82.165.233.80) | - | - | High
|
||||
3840 | [82.165.233.98](https://vuldb.com/?ip.82.165.233.98) | et-0-nat-8.gw-nat.spb.muc.de.oneandone.net | - | High
|
||||
3841 | [82.165.233.104](https://vuldb.com/?ip.82.165.233.104) | ens-18-11.gw-nat.hbf5.kae.de.oneandone.net | - | High
|
||||
3842 | [82.165.233.112](https://vuldb.com/?ip.82.165.233.112) | - | - | High
|
||||
3843 | [82.165.233.132](https://vuldb.com/?ip.82.165.233.132) | - | - | High
|
||||
3844 | ... | ... | ... | ...
|
||||
3492 | ... | ... | ... | ...
|
||||
|
||||
There are 15370 more IOC items available. Please use our online service to access the data.
|
||||
There are 13963 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -3874,14 +3522,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -3891,55 +3539,57 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `$GIT_DIR/objects` | High
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/about/../` | Medium
|
||||
4 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
5 | File | `/admin/?page=user/manage` | High
|
||||
6 | File | `/admin/add-new.php` | High
|
||||
7 | File | `/admin/admin_manage/delete` | High
|
||||
8 | File | `/admin/doctors.php` | High
|
||||
9 | File | `/admin/main/mod-blog` | High
|
||||
10 | File | `/admin/products/manage_product.php` | High
|
||||
11 | File | `/advanced/adv_dns.xgi` | High
|
||||
12 | File | `/alarm_pi/alarmService.php` | High
|
||||
13 | File | `/alphaware/summary.php` | High
|
||||
14 | File | `/api/` | Low
|
||||
15 | File | `/api/admin/store/product/list` | High
|
||||
16 | File | `/api/blade-log/api/list` | High
|
||||
17 | File | `/api/v2/cli/commands` | High
|
||||
18 | File | `/appliance/users?action=edit` | High
|
||||
19 | File | `/authUserAction!edit.action` | High
|
||||
20 | File | `/backup.pl` | Medium
|
||||
21 | File | `/boat/login.php` | High
|
||||
22 | File | `/browse.PROJECTKEY` | High
|
||||
23 | File | `/bsms_ci/index.php/book` | High
|
||||
24 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
25 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
26 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
|
||||
27 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
28 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
29 | File | `/cmscp/ext/collect/fetch_url.do` | High
|
||||
30 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
31 | File | `/debug/pprof` | Medium
|
||||
32 | File | `/edoc/doctor/patient.php` | High
|
||||
33 | File | `/env` | Low
|
||||
34 | File | `/etc/hosts` | Medium
|
||||
35 | File | `/etc/shadow` | Medium
|
||||
36 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
37 | File | `/forms/doLogin` | High
|
||||
38 | File | `/forum/away.php` | High
|
||||
39 | File | `/home/masterConsole` | High
|
||||
40 | File | `/index.php` | Medium
|
||||
41 | File | `/Items/*/RemoteImages/Download` | High
|
||||
42 | File | `/login/index.php` | High
|
||||
43 | File | `/loginsave.php` | High
|
||||
44 | File | `/medicines/profile.php` | High
|
||||
45 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
46 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
47 | File | `/php-scrm/login.php` | High
|
||||
48 | File | `/proxy` | Low
|
||||
49 | ... | ... | ...
|
||||
3 | File | `/?p=products` | Medium
|
||||
4 | File | `/about/../` | Medium
|
||||
5 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
6 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
7 | File | `/admin/?page=user/manage` | High
|
||||
8 | File | `/admin/add-new.php` | High
|
||||
9 | File | `/admin/admin_manage/delete` | High
|
||||
10 | File | `/admin/doctors.php` | High
|
||||
11 | File | `/admin/edit_subject.php` | High
|
||||
12 | File | `/admin/main/mod-blog` | High
|
||||
13 | File | `/admin/products/manage_product.php` | High
|
||||
14 | File | `/admin/scheprofile.cgi` | High
|
||||
15 | File | `/advanced/adv_dns.xgi` | High
|
||||
16 | File | `/alphaware/summary.php` | High
|
||||
17 | File | `/api/` | Low
|
||||
18 | File | `/api/admin/store/product/list` | High
|
||||
19 | File | `/api/blade-log/api/list` | High
|
||||
20 | File | `/api/stl/actions/search` | High
|
||||
21 | File | `/api/v1/snapshots` | High
|
||||
22 | File | `/api/v2/cli/commands` | High
|
||||
23 | File | `/appliance/users?action=edit` | High
|
||||
24 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
25 | File | `/authUserAction!edit.action` | High
|
||||
26 | File | `/backup.pl` | Medium
|
||||
27 | File | `/bin/ate` | Medium
|
||||
28 | File | `/bin/boa` | Medium
|
||||
29 | File | `/boat/login.php` | High
|
||||
30 | File | `/browse.PROJECTKEY` | High
|
||||
31 | File | `/bsms_ci/index.php/book` | High
|
||||
32 | File | `/cgi-bin` | Medium
|
||||
33 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
34 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
35 | File | `/cgi-bin/supervisor/adcommand.cgi` | High
|
||||
36 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
37 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
38 | File | `/cmscp/ext/collect/fetch_url.do` | High
|
||||
39 | File | `/debug/pprof` | Medium
|
||||
40 | File | `/dev/shm` | Medium
|
||||
41 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
42 | File | `/edoc/doctor/patient.php` | High
|
||||
43 | File | `/env` | Low
|
||||
44 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
45 | File | `/forms/doLogin` | High
|
||||
46 | File | `/forum/away.php` | High
|
||||
47 | File | `/home/masterConsole` | High
|
||||
48 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
49 | File | `/index/user/user_edit.html` | High
|
||||
50 | File | `/Items/*/RemoteImages/Download` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 441 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BadPatch:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -18,8 +18,9 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [148.251.135.117](https://vuldb.com/?ip.148.251.135.117) | server.pogled.ba | - | High
|
||||
2 | [195.154.216.74](https://vuldb.com/?ip.195.154.216.74) | 195-154-216-74.rev.poneytelecom.eu | - | High
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
2 | [148.251.135.117](https://vuldb.com/?ip.148.251.135.117) | server.pogled.ba | - | High
|
||||
3 | [195.154.216.74](https://vuldb.com/?ip.195.154.216.74) | 195-154-216-74.rev.poneytelecom.eu | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -29,6 +30,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -37,16 +39,17 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/usr/local/sbin/webproject/set_param.cgi` | High
|
||||
2 | File | `includes/pages.inc.php` | High
|
||||
3 | File | `mod_proxy_fcgi.c` | High
|
||||
2 | File | `category.cfm` | Medium
|
||||
3 | File | `includes/pages.inc.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 5 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fortinet.com/blog/threat-research/badpatch-campaign-uses-python-malware.html
|
||||
* https://www.threatminer.org/report.php?q=BadPatch-PaloAltoNetworks.pdf&y=2017
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -95,7 +95,7 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `admin/admin.shtml` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 86 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 87 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -27,81 +27,83 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [3.249.5.101](https://vuldb.com/?ip.3.249.5.101) | ec2-3-249-5-101.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
5 | [5.2.79.138](https://vuldb.com/?ip.5.2.79.138) | - | - | High
|
||||
6 | [5.45.67.163](https://vuldb.com/?ip.5.45.67.163) | how-an.senateware.com | - | High
|
||||
7 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
|
||||
8 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
|
||||
9 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
|
||||
10 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
|
||||
11 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
|
||||
12 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
|
||||
13 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
|
||||
14 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
|
||||
15 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
|
||||
16 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
|
||||
17 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
|
||||
18 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
|
||||
19 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
20 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
21 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
22 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
23 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
24 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
25 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
27 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
29 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
30 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
31 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
32 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
33 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
34 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
35 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
36 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
37 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
38 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
39 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
40 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
41 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
42 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
43 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
44 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
45 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
46 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
47 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
48 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
49 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
50 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
51 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
52 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
53 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
54 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
55 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
56 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
57 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
58 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
59 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
60 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
61 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
62 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
63 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
64 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
65 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
66 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
67 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
68 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
69 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
70 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
71 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
72 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
73 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
74 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
75 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
|
||||
76 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
|
||||
77 | [45.134.174.99](https://vuldb.com/?ip.45.134.174.99) | dedicated.vsys.host | - | High
|
||||
78 | [45.138.172.80](https://vuldb.com/?ip.45.138.172.80) | - | - | High
|
||||
79 | ... | ... | ... | ...
|
||||
7 | [5.104.80.155](https://vuldb.com/?ip.5.104.80.155) | vmi1303568.contaboserver.net | - | High
|
||||
8 | [5.161.51.212](https://vuldb.com/?ip.5.161.51.212) | static.212.51.161.5.clients.your-server.de | - | High
|
||||
9 | [5.183.95.20](https://vuldb.com/?ip.5.183.95.20) | eole.andesreader.com | - | High
|
||||
10 | [5.183.95.54](https://vuldb.com/?ip.5.183.95.54) | mail.trinityhht.store | - | High
|
||||
11 | [5.183.95.165](https://vuldb.com/?ip.5.183.95.165) | - | - | High
|
||||
12 | [5.188.6.118](https://vuldb.com/?ip.5.188.6.118) | subnet.local | - | High
|
||||
13 | [5.206.224.39](https://vuldb.com/?ip.5.206.224.39) | hostname | - | High
|
||||
14 | [5.230.67.2](https://vuldb.com/?ip.5.230.67.2) | - | - | High
|
||||
15 | [5.230.70.23](https://vuldb.com/?ip.5.230.70.23) | placeholder.noezserver.de | - | High
|
||||
16 | [5.230.72.245](https://vuldb.com/?ip.5.230.72.245) | - | - | High
|
||||
17 | [5.230.73.37](https://vuldb.com/?ip.5.230.73.37) | placeholder.noezserver.de | - | High
|
||||
18 | [5.230.73.234](https://vuldb.com/?ip.5.230.73.234) | - | - | High
|
||||
19 | [5.230.74.62](https://vuldb.com/?ip.5.230.74.62) | placeholder.noezserver.de | - | High
|
||||
20 | [5.230.74.81](https://vuldb.com/?ip.5.230.74.81) | - | - | High
|
||||
21 | [13.39.160.220](https://vuldb.com/?ip.13.39.160.220) | ec2-13-39-160-220.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
22 | [13.49.57.110](https://vuldb.com/?ip.13.49.57.110) | ec2-13-49-57-110.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
23 | [13.59.168.154](https://vuldb.com/?ip.13.59.168.154) | ec2-13-59-168-154.us-east-2.compute.amazonaws.com | - | Medium
|
||||
24 | [15.188.49.63](https://vuldb.com/?ip.15.188.49.63) | ec2-15-188-49-63.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
25 | [16.162.137.220](https://vuldb.com/?ip.16.162.137.220) | ec2-16-162-137-220.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.130.242.71](https://vuldb.com/?ip.18.130.242.71) | ec2-18-130-242-71.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
27 | [18.144.70.39](https://vuldb.com/?ip.18.144.70.39) | ec2-18-144-70-39.us-west-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.159.131.20](https://vuldb.com/?ip.18.159.131.20) | ec2-18-159-131-20.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
29 | [18.159.131.209](https://vuldb.com/?ip.18.159.131.209) | ec2-18-159-131-209.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
30 | [18.191.133.139](https://vuldb.com/?ip.18.191.133.139) | ec2-18-191-133-139.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | [18.204.17.193](https://vuldb.com/?ip.18.204.17.193) | ec2-18-204-17-193.compute-1.amazonaws.com | - | Medium
|
||||
32 | [18.221.191.129](https://vuldb.com/?ip.18.221.191.129) | ec2-18-221-191-129.us-east-2.compute.amazonaws.com | - | Medium
|
||||
33 | [23.94.56.154](https://vuldb.com/?ip.23.94.56.154) | 23-94-56-154-host.colocrossing.com | - | High
|
||||
34 | [23.106.223.117](https://vuldb.com/?ip.23.106.223.117) | - | - | High
|
||||
35 | [23.163.0.34](https://vuldb.com/?ip.23.163.0.34) | hehomeset.com | - | High
|
||||
36 | [23.163.0.51](https://vuldb.com/?ip.23.163.0.51) | good-jikmoon.electmum.com | - | High
|
||||
37 | [23.163.0.149](https://vuldb.com/?ip.23.163.0.149) | lyfb-000149.lyfbuz.com | - | High
|
||||
38 | [23.163.0.168](https://vuldb.com/?ip.23.163.0.168) | tech-000168.techydrov.com | - | High
|
||||
39 | [23.163.0.228](https://vuldb.com/?ip.23.163.0.228) | scary-pencil.fluentbeam.com | - | High
|
||||
40 | [23.163.0.241](https://vuldb.com/?ip.23.163.0.241) | way2-000241.way2moveis.com | - | High
|
||||
41 | [23.227.198.243](https://vuldb.com/?ip.23.227.198.243) | 23-227-198-243.static.hvvc.us | - | High
|
||||
42 | [23.229.117.247](https://vuldb.com/?ip.23.229.117.247) | - | - | High
|
||||
43 | [34.172.205.52](https://vuldb.com/?ip.34.172.205.52) | 52.205.172.34.bc.googleusercontent.com | - | Medium
|
||||
44 | [34.219.121.232](https://vuldb.com/?ip.34.219.121.232) | ec2-34-219-121-232.us-west-2.compute.amazonaws.com | - | Medium
|
||||
45 | [34.249.53.58](https://vuldb.com/?ip.34.249.53.58) | ec2-34-249-53-58.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
46 | [35.157.43.44](https://vuldb.com/?ip.35.157.43.44) | ec2-35-157-43-44.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
47 | [35.180.225.185](https://vuldb.com/?ip.35.180.225.185) | ec2-35-180-225-185.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
48 | [35.181.59.201](https://vuldb.com/?ip.35.181.59.201) | ec2-35-181-59-201.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
49 | [35.183.14.149](https://vuldb.com/?ip.35.183.14.149) | ec2-35-183-14-149.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
50 | [37.220.31.17](https://vuldb.com/?ip.37.220.31.17) | aviation.metagroups.info | - | High
|
||||
51 | [37.220.31.54](https://vuldb.com/?ip.37.220.31.54) | d6.wve.futuristi-ccoding.com | - | High
|
||||
52 | [37.220.31.104](https://vuldb.com/?ip.37.220.31.104) | 10-4netw0rk.mynet.com.tr | - | High
|
||||
53 | [37.228.129.4](https://vuldb.com/?ip.37.228.129.4) | - | - | High
|
||||
54 | [37.235.54.42](https://vuldb.com/?ip.37.235.54.42) | 42.54.235.37.in-addr.arpa | - | High
|
||||
55 | [37.235.54.52](https://vuldb.com/?ip.37.235.54.52) | 52.54.235.37.in-addr.arpa | - | High
|
||||
56 | [37.235.54.81](https://vuldb.com/?ip.37.235.54.81) | 81.54.235.37.in-addr.arpa | - | High
|
||||
57 | [41.199.178.166](https://vuldb.com/?ip.41.199.178.166) | HOST-166-178.199.41.nile-online.net | - | High
|
||||
58 | [43.139.241.58](https://vuldb.com/?ip.43.139.241.58) | - | - | High
|
||||
59 | [43.155.77.226](https://vuldb.com/?ip.43.155.77.226) | - | - | High
|
||||
60 | [43.155.116.250](https://vuldb.com/?ip.43.155.116.250) | - | - | High
|
||||
61 | [43.239.158.5](https://vuldb.com/?ip.43.239.158.5) | - | - | High
|
||||
62 | [44.212.9.14](https://vuldb.com/?ip.44.212.9.14) | ec2-44-212-9-14.compute-1.amazonaws.com | - | Medium
|
||||
63 | [44.212.18.9](https://vuldb.com/?ip.44.212.18.9) | ec2-44-212-18-9.compute-1.amazonaws.com | - | Medium
|
||||
64 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
65 | [45.32.124.182](https://vuldb.com/?ip.45.32.124.182) | 45.32.124.182.vultrusercontent.com | - | High
|
||||
66 | [45.33.119.19](https://vuldb.com/?ip.45.33.119.19) | li1056-19.members.linode.com | - | High
|
||||
67 | [45.56.165.17](https://vuldb.com/?ip.45.56.165.17) | nordns.crowncloud.net | - | High
|
||||
68 | [45.61.136.152](https://vuldb.com/?ip.45.61.136.152) | - | - | High
|
||||
69 | [45.66.249.118](https://vuldb.com/?ip.45.66.249.118) | 7r277nw66g.shybeaveronline.com | - | High
|
||||
70 | [45.76.181.107](https://vuldb.com/?ip.45.76.181.107) | 45.76.181.107.vultrusercontent.com | - | High
|
||||
71 | [45.77.198.117](https://vuldb.com/?ip.45.77.198.117) | 45.77.198.117.vultrusercontent.com | - | High
|
||||
72 | [45.82.72.227](https://vuldb.com/?ip.45.82.72.227) | - | - | High
|
||||
73 | [45.86.163.228](https://vuldb.com/?ip.45.86.163.228) | - | - | High
|
||||
74 | [45.86.230.64](https://vuldb.com/?ip.45.86.230.64) | srv2.lg-c.net | - | High
|
||||
75 | [45.92.156.105](https://vuldb.com/?ip.45.92.156.105) | - | - | High
|
||||
76 | [45.114.129.150](https://vuldb.com/?ip.45.114.129.150) | hostedby.idfnv.net | - | High
|
||||
77 | [45.125.64.198](https://vuldb.com/?ip.45.125.64.198) | openisa.dealingdeals4us.info | - | High
|
||||
78 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
79 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
|
||||
80 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
|
||||
81 | ... | ... | ... | ...
|
||||
|
||||
There are 311 more IOC items available. Please use our online service to access the data.
|
||||
There are 318 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -161,7 +163,7 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -190,6 +192,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b58b9ebe1f519edc160ec4f56d5522caa4596230257ec75d82d93b9cfaec0c63%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b69fe3fbfcc457757958858ba0e0a6b57bad342ba6457860bd3bea89f2301328%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22b79d78b5f597cc5cfcab400f6b1abcf095fc275b8dc9640ea193f2138f53c9d5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bb05049bfe26b30bcb6c0842a1dc6d8c3b71f0b41dd778ac6c76eaf74a620483%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bba2e2f6a311fe3c985a856a2097eb0195059fba544e7acd172a38369e1d4cbe%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bbf66c82e1241be64fa8dc5412836020a4caa42dd9623b2a2dd04ddee84a8a8b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22bd45f98bb186047667196c558d28d54eab8e6980011311c2dcb9c9031eb9c2a1%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22beb4ecb5ac0bc50fcff87b5b360e935ddbee3f9207bf97c2b87b624063e8ae3a%22
|
||||
|
@ -212,6 +216,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cd155b015ea2e8d4b4ad255bde80522605cce7dd45e63a553da19eb40f4ba164%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22cd274fe56f25f49fa8b2108e8692611aed1eff06908b1929b13701a7b8121757%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d0a1ce295d8cb17121c2d53fc57720071168552b851cb8dcb48d0d8291d19495%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d2e05d4f95be739ccf38400ec3bff07850d45694b409919f7ffeeb2e045ad739%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d62e30b1ad3e4a5e6af1f3e0451ee6432c7949b73751d3a456be5b40c13a447e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d360ecb50280e8747808acda5f0e2bc9f7e29f4b60576af14284ec6aa87f676b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dbddfe3e7c9f992b12a776387ec36baef4689c90e76e70c32f5742fca707cf07%22
|
||||
|
@ -245,6 +250,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22fdffacdd96db3eb4c84ea257e4ecdfd2c18ccf184804e78315545be0026314b7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220b5b4b77e76fc323debdd6b60e05ce3c80d6d305512fd066259e25e7b91bb3b2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220bed903c9b43242ce2bf776bc1f8b826a47442ec472bf28e3d300221d45e5631%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220e7705888a9000b0a2c8ca2a4846d890920d19bd6af9c50fb34668b4673f54c7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%220ebaabf79ecaccb878e0ecc68b6c868ef047ac8735a3347ff892c3420b47803f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221af6ae62dca201286d4b11ee20fd1e8dcf343d2e8500de51f9175bcf3d12e06f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%221bd713b603ea09badad645fd38c8e9f75629d122cd81fcecd00ab2a5933feeea%22
|
||||
|
@ -260,12 +266,14 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224cf314b141acb1f2cf2a4a88d39e1d6aa7c8bda40fb44edf5c33850416bea988%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%224da0d71509226e8aed9a04e389b2a78fedd527469c1c429c634ab821d9b8ec65%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225b36c58791e18728d53b05f27abc88b93724c4ce08c3f62c749c5e563da82a14%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225c4b8f572f297bb98b1d2e47075aec68b3b9da1fb76606e07d8176edbe1338c8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d5ff125ad48581ab86d75669d2ca79c1e02de1be746508c5cdcf767fd6b1eb0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a80cb5adacc61a445d3b1962a79ed40adb62e4eaddebea7131ddbc2bfebf108%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a93688d69aeab73fb28239f0b7ccb8b15ef876d6b134c379ae36a2526d29d83%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a165551d34f38fd44b9fb1949685d14cc36220c99e0e6b05db8907229f7182d%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226af642c2cf73c24aded656e3945810dca3c5d51c28b3c7d28852463c98e76e4c%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b401e864cf63c438779b4935499f28f2f26dd685af330f311c9a80d55f6d7b5%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226b5706c23d2c44d23360638793012e5df95c88f8408ad93c71113719f9ef02a2%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226c6d464110a46f813722131e8cce268bdccfdfeb705ce25fcc51cabe0b88c8e4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226cbb0cef1838f2b253613796470b7fcc3cd4453d3f5be8220aeda52f383fb781%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226d64edc2a8867b924b85d762657e103ad3338e1bd40b3ffca92633df41e9003e%22
|
||||
|
@ -309,10 +317,13 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2296cce5f34ad1dac4100822fa1f8e4ed96d06a9aa08f98ded27891eeec656d4f7%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2298af871908ffc7c141802d96f585def4a160491c875118ef88c545ce04194cd8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%2299b3f3b85d0fc68918abbde16579009b2ebae3300d633fd0ed81d96ba98a38d8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22097cd9f2c1af35f7dd632fe16f83b9b3aef51e78f1b4393047c499ebb2be2fda%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22108f811bc2de45a7dab2156c4617ce3fa42cf3eb5abb72759839a63cefec4cad%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22225ec72ef1adf4ab077107adb2784c35ff1c0db1c0a8efcba78c3cadac4a47a8%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22354c6d8d9033668867406be1bb6238647e207cb5f2de6a776ae3d461637efa8e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22409e50ae1c3f70cf81350be6f3cd218b0c9ef15eb03439c15d53a6012bddae2f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22432ed1ee42746631cefc6d8a69c3ff06ce34c5540437c228a49a4c1c0eb3928a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22451acafcf7fbfdfa0c79d0fba2e749a795e2fb0dff66e2a70ace01cd242ff4d4%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22465b0d83b7e5e1426d3adf546c9496d63c1a6116364af2be294da83699033b4f%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22467e9ded44012e1bec85365276e90fdde7a7cd5fc459f180e2a89355a3a989bb%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22479e1f86c7200a3dc99742937c7db6f9fb75f4ee3a8bd42ad17e8132091982f3%22
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Bioload - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bioload](https://vuldb.com/?actor.bioload). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bioload](https://vuldb.com/?actor.bioload)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bioload.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -104,34 +104,34 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `/websocket/exec` | High
|
||||
35 | File | `access.conf` | Medium
|
||||
36 | File | `adclick.php` | Medium
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
39 | File | `admin.remository.php` | High
|
||||
40 | File | `admin/admin_users.php` | High
|
||||
41 | File | `admin/login.php` | High
|
||||
42 | File | `admin/upload.php` | High
|
||||
43 | File | `administers` | Medium
|
||||
44 | File | `Administrator_list.php` | High
|
||||
45 | File | `advancedsetup_websiteblocking.html` | High
|
||||
46 | File | `affich.php` | Medium
|
||||
47 | File | `ajax_mail_autoreply.php` | High
|
||||
48 | File | `ajax_save_name.php` | High
|
||||
49 | File | `album_portal.php` | High
|
||||
50 | File | `allocator.cc` | Medium
|
||||
51 | File | `announcements.php` | High
|
||||
52 | File | `ap1.com` | Low
|
||||
53 | File | `apache2/modsecurity.c` | High
|
||||
54 | File | `api_jsonrpc.php` | High
|
||||
55 | File | `app/admin/controller/Ajax.php` | High
|
||||
56 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
|
||||
57 | File | `application.php` | High
|
||||
58 | File | `apply.cgi` | Medium
|
||||
59 | File | `asp:.jpg` | Medium
|
||||
60 | File | `authfiles/login.asp` | High
|
||||
61 | File | `bb_usage_stats.php` | High
|
||||
37 | File | `addsuppliers.php` | High
|
||||
38 | File | `admin.php` | Medium
|
||||
39 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
40 | File | `admin.remository.php` | High
|
||||
41 | File | `admin/admin_users.php` | High
|
||||
42 | File | `admin/login.php` | High
|
||||
43 | File | `admin/upload.php` | High
|
||||
44 | File | `administers` | Medium
|
||||
45 | File | `Administrator_list.php` | High
|
||||
46 | File | `advancedsetup_websiteblocking.html` | High
|
||||
47 | File | `affich.php` | Medium
|
||||
48 | File | `ajax_mail_autoreply.php` | High
|
||||
49 | File | `ajax_save_name.php` | High
|
||||
50 | File | `album_portal.php` | High
|
||||
51 | File | `allocator.cc` | Medium
|
||||
52 | File | `announcements.php` | High
|
||||
53 | File | `ap1.com` | Low
|
||||
54 | File | `apache2/modsecurity.c` | High
|
||||
55 | File | `api_jsonrpc.php` | High
|
||||
56 | File | `app/admin/controller/Ajax.php` | High
|
||||
57 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
|
||||
58 | File | `application.php` | High
|
||||
59 | File | `apply.cgi` | Medium
|
||||
60 | File | `asp:.jpg` | Medium
|
||||
61 | File | `authfiles/login.asp` | High
|
||||
62 | ... | ... | ...
|
||||
|
||||
There are 545 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 547 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -42,21 +42,22 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
19 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
20 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
21 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
22 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
23 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
24 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
25 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
26 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
27 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
28 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
29 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
|
||||
30 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
31 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
|
||||
32 | [34.195.122.225](https://vuldb.com/?ip.34.195.122.225) | ec2-34-195-122-225.compute-1.amazonaws.com | - | Medium
|
||||
33 | [34.206.147.4](https://vuldb.com/?ip.34.206.147.4) | ec2-34-206-147-4.compute-1.amazonaws.com | - | Medium
|
||||
34 | ... | ... | ... | ...
|
||||
22 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
23 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
24 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
25 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
27 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
28 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
29 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
30 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
|
||||
31 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
32 | [31.184.198.83](https://vuldb.com/?ip.31.184.198.83) | - | - | High
|
||||
33 | [34.195.122.225](https://vuldb.com/?ip.34.195.122.225) | ec2-34-195-122-225.compute-1.amazonaws.com | - | Medium
|
||||
34 | [34.206.147.4](https://vuldb.com/?ip.34.206.147.4) | ec2-34-206-147-4.compute-1.amazonaws.com | - | Medium
|
||||
35 | ... | ... | ... | ...
|
||||
|
||||
There are 132 more IOC items available. Please use our online service to access the data.
|
||||
There are 134 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -89,67 +90,64 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
11 | File | `/apilog.php` | Medium
|
||||
12 | File | `/APR/login.php` | High
|
||||
13 | File | `/bin/httpd` | Medium
|
||||
14 | File | `/cgi-bin/wapopen` | High
|
||||
15 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
16 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
17 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
18 | File | `/feeds/post/publish` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
27 | File | `/index.php` | Medium
|
||||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/index.php?page=category_list` | High
|
||||
30 | File | `/items/view_item.php` | High
|
||||
31 | File | `/jobinfo/` | Medium
|
||||
32 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
33 | File | `/lookin/info` | Medium
|
||||
34 | File | `/medical/inventories.php` | High
|
||||
35 | File | `/modules/profile/index.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
39 | File | `/newsDia.php` | Medium
|
||||
40 | File | `/opac/Actions.php?a=login` | High
|
||||
41 | File | `/out.php` | Medium
|
||||
42 | File | `/php-opos/index.php` | High
|
||||
43 | File | `/PreviewHandler.ashx` | High
|
||||
44 | File | `/proxy` | Low
|
||||
45 | File | `/public/launchNewWindow.jsp` | High
|
||||
46 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
47 | File | `/reports/rwservlet` | High
|
||||
48 | File | `/reservation/add_message.php` | High
|
||||
49 | File | `/spip.php` | Medium
|
||||
50 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
51 | File | `/staff/bookdetails.php` | High
|
||||
52 | File | `/uncpath/` | Medium
|
||||
53 | File | `/user/updatePwd` | High
|
||||
54 | File | `/user/update_booking.php` | High
|
||||
55 | File | `/wireless/security.asp` | High
|
||||
56 | File | `/wp-admin/admin-ajax.php` | High
|
||||
57 | File | `01article.php` | High
|
||||
58 | File | `a-forms.php` | Medium
|
||||
59 | File | `AbstractScheduleJob.java` | High
|
||||
60 | File | `actionphp/download.File.php` | High
|
||||
61 | File | `activenews_view.asp` | High
|
||||
62 | File | `adclick.php` | Medium
|
||||
63 | File | `admin.a6mambocredits.php` | High
|
||||
64 | File | `admin.cropcanvas.php` | High
|
||||
65 | File | `admin.php` | Medium
|
||||
66 | File | `admin/abc.php` | High
|
||||
67 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
68 | File | `admin/admin/adminsave.html` | High
|
||||
69 | ... | ... | ...
|
||||
11 | File | `/APR/login.php` | High
|
||||
12 | File | `/bin/httpd` | Medium
|
||||
13 | File | `/cgi-bin/wapopen` | High
|
||||
14 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
16 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
17 | File | `/feeds/post/publish` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
20 | File | `/fos/admin/index.php?page=menu` | High
|
||||
21 | File | `/home/masterConsole` | High
|
||||
22 | File | `/home/sendBroadcast` | High
|
||||
23 | File | `/hrm/employeeadd.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
26 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
27 | File | `/index.php?page=category_list` | High
|
||||
28 | File | `/jobinfo/` | Medium
|
||||
29 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
30 | File | `/lookin/info` | Medium
|
||||
31 | File | `/Moosikay/order.php` | High
|
||||
32 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
33 | File | `/opac/Actions.php?a=login` | High
|
||||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/php-opos/index.php` | High
|
||||
36 | File | `/PreviewHandler.ashx` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
40 | File | `/reports/rwservlet` | High
|
||||
41 | File | `/reservation/add_message.php` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/uncpath/` | Medium
|
||||
44 | File | `/uploads/exam_question/` | High
|
||||
45 | File | `/user/updatePwd` | High
|
||||
46 | File | `/user/update_booking.php` | High
|
||||
47 | File | `/var/lib/docker/<remapping>` | High
|
||||
48 | File | `/wireless/security.asp` | High
|
||||
49 | File | `/wp-admin/admin-ajax.php` | High
|
||||
50 | File | `01article.php` | High
|
||||
51 | File | `a-forms.php` | Medium
|
||||
52 | File | `AbstractScheduleJob.java` | High
|
||||
53 | File | `actionphp/download.File.php` | High
|
||||
54 | File | `activenews_view.asp` | High
|
||||
55 | File | `adclick.php` | Medium
|
||||
56 | File | `admin.a6mambocredits.php` | High
|
||||
57 | File | `admin.cropcanvas.php` | High
|
||||
58 | File | `admin.php` | Medium
|
||||
59 | File | `admin/abc.php` | High
|
||||
60 | File | `admin/admin.php?action=users&mode=info&user=2` | High
|
||||
61 | File | `admin/admin/adminsave.html` | High
|
||||
62 | File | `admin/asset/grid-proxy` | High
|
||||
63 | File | `admin/auditTrail.jsf` | High
|
||||
64 | File | `admin/conf_users_edit.php` | High
|
||||
65 | File | `admin/disapprove_user.php` | High
|
||||
66 | ... | ... | ...
|
||||
|
||||
There are 603 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 574 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -170,6 +168,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/18.134.141.72
|
||||
* https://search.censys.io/hosts/18.163.6.122
|
||||
* https://search.censys.io/hosts/18.176.20.234
|
||||
* https://search.censys.io/hosts/18.176.35.161
|
||||
* https://search.censys.io/hosts/18.177.226.88
|
||||
* https://search.censys.io/hosts/18.178.244.246
|
||||
* https://search.censys.io/hosts/18.182.126.252
|
||||
|
@ -188,6 +187,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/37.119.57.169
|
||||
* https://search.censys.io/hosts/37.119.57.195
|
||||
* https://search.censys.io/hosts/43.207.8.102
|
||||
* https://search.censys.io/hosts/47.252.28.13
|
||||
* https://search.censys.io/hosts/50.16.83.73
|
||||
* https://search.censys.io/hosts/50.116.29.40
|
||||
* https://search.censys.io/hosts/51.77.112.254
|
||||
* https://search.censys.io/hosts/52.68.31.77
|
||||
|
|
|
@ -130,7 +130,7 @@ ID | Type | Indicator | Confidence
|
|||
40 | File | `admin.php` | Medium
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 353 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Clop - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Clop](https://vuldb.com/?actor.clop). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.clop](https://vuldb.com/?actor.clop)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Clop.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.29.17.1](https://vuldb.com/?ip.3.29.17.1) | ec2-3-29-17-1.me-central-1.compute.amazonaws.com | - | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.bleepingcomputer.com/news/security/clop-ransomware-tries-to-disable-windows-defender-malwarebytes/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -63,40 +63,40 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/admin/sign/out` | High
|
||||
12 | File | `/api/common/ping` | High
|
||||
13 | File | `/api/v2/open/tablesInfo` | High
|
||||
14 | File | `/asms/classes/Master.php?f=delete_img` | High
|
||||
15 | File | `/catcompany.php` | High
|
||||
16 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
17 | File | `/classes/Users.php` | High
|
||||
18 | File | `/cms/notify` | Medium
|
||||
19 | File | `/depotHead/list` | High
|
||||
20 | File | `/device/signin` | High
|
||||
21 | File | `/fusiondirectory/index.php` | High
|
||||
22 | File | `/goform/addressNat` | High
|
||||
23 | File | `/goform/fast_setting_wifi_set` | High
|
||||
24 | File | `/goform/RGFirewallEL` | High
|
||||
25 | File | `/goform/WifiBasicSet` | High
|
||||
26 | File | `/HNAP1` | Low
|
||||
27 | File | `/hslist` | Low
|
||||
28 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
29 | File | `/lists/admin/` | High
|
||||
30 | File | `/login/index.php` | High
|
||||
31 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
32 | File | `/myAccount` | Medium
|
||||
33 | File | `/note/index/delete` | High
|
||||
34 | File | `/operations/travellers.php` | High
|
||||
35 | File | `/php-sms/admin/orders/update_status.php` | High
|
||||
36 | File | `/php-sms/classes/Master.php?f=delete_service` | High
|
||||
37 | File | `/public/launchNewWindow.jsp` | High
|
||||
38 | File | `/release-x64/otfccdump+0x6b6a8f` | High
|
||||
39 | File | `/release-x64/otfccdump+0x6e7e3d` | High
|
||||
40 | File | `/release-x64/otfccdump+0x6e41a8` | High
|
||||
14 | File | `/api/wechat/app_auth` | High
|
||||
15 | File | `/asms/classes/Master.php?f=delete_img` | High
|
||||
16 | File | `/catcompany.php` | High
|
||||
17 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
18 | File | `/classes/Users.php` | High
|
||||
19 | File | `/cms/notify` | Medium
|
||||
20 | File | `/depotHead/list` | High
|
||||
21 | File | `/device/signin` | High
|
||||
22 | File | `/fusiondirectory/index.php` | High
|
||||
23 | File | `/goform/addressNat` | High
|
||||
24 | File | `/goform/fast_setting_wifi_set` | High
|
||||
25 | File | `/goform/RGFirewallEL` | High
|
||||
26 | File | `/goform/WifiBasicSet` | High
|
||||
27 | File | `/HNAP1` | Low
|
||||
28 | File | `/hslist` | Low
|
||||
29 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
30 | File | `/lists/admin/` | High
|
||||
31 | File | `/login/index.php` | High
|
||||
32 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
33 | File | `/myAccount` | Medium
|
||||
34 | File | `/note/index/delete` | High
|
||||
35 | File | `/operations/travellers.php` | High
|
||||
36 | File | `/php-sms/admin/orders/update_status.php` | High
|
||||
37 | File | `/php-sms/classes/Master.php?f=delete_service` | High
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/release-x64/otfccdump+0x6b6a8f` | High
|
||||
40 | File | `/release-x64/otfccdump+0x6e7e3d` | High
|
||||
41 | File | `/rukovoditel/index.php?module=users/login` | High
|
||||
42 | File | `/SVFE2/pages/feegroups/mcc_group.jsf` | High
|
||||
43 | File | `/sys/duplicate/check` | High
|
||||
44 | File | `/timeline2.php` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 391 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DCRat:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -25,18 +25,20 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [1.242.139.44](https://vuldb.com/?ip.1.242.139.44) | - | - | High
|
||||
3 | [5.135.83.205](https://vuldb.com/?ip.5.135.83.205) | 5-135-83-205.asyx.ru | - | High
|
||||
4 | [5.178.3.191](https://vuldb.com/?ip.5.178.3.191) | - | - | High
|
||||
5 | [20.223.128.97](https://vuldb.com/?ip.20.223.128.97) | - | - | High
|
||||
6 | [43.243.111.229](https://vuldb.com/?ip.43.243.111.229) | - | - | High
|
||||
7 | [45.77.34.211](https://vuldb.com/?ip.45.77.34.211) | 45.77.34.211.vultrusercontent.com | - | High
|
||||
8 | [45.95.19.170](https://vuldb.com/?ip.45.95.19.170) | - | - | High
|
||||
9 | [45.95.19.172](https://vuldb.com/?ip.45.95.19.172) | - | - | High
|
||||
10 | [45.95.19.173](https://vuldb.com/?ip.45.95.19.173) | - | - | High
|
||||
11 | [45.95.19.174](https://vuldb.com/?ip.45.95.19.174) | - | - | High
|
||||
12 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
|
||||
13 | [46.149.77.33](https://vuldb.com/?ip.46.149.77.33) | v1874993.hosted-by-vdsina.ru | - | High
|
||||
14 | ... | ... | ... | ...
|
||||
5 | [20.216.178.113](https://vuldb.com/?ip.20.216.178.113) | - | - | High
|
||||
6 | [20.223.128.97](https://vuldb.com/?ip.20.223.128.97) | - | - | High
|
||||
7 | [34.92.66.146](https://vuldb.com/?ip.34.92.66.146) | 146.66.92.34.bc.googleusercontent.com | - | Medium
|
||||
8 | [40.87.50.159](https://vuldb.com/?ip.40.87.50.159) | - | - | High
|
||||
9 | [43.243.111.229](https://vuldb.com/?ip.43.243.111.229) | - | - | High
|
||||
10 | [45.77.34.211](https://vuldb.com/?ip.45.77.34.211) | 45.77.34.211.vultrusercontent.com | - | High
|
||||
11 | [45.95.19.170](https://vuldb.com/?ip.45.95.19.170) | - | - | High
|
||||
12 | [45.95.19.172](https://vuldb.com/?ip.45.95.19.172) | - | - | High
|
||||
13 | [45.95.19.173](https://vuldb.com/?ip.45.95.19.173) | - | - | High
|
||||
14 | [45.95.19.174](https://vuldb.com/?ip.45.95.19.174) | - | - | High
|
||||
15 | [45.140.147.214](https://vuldb.com/?ip.45.140.147.214) | vm1329418.stark-industries.solutions | - | High
|
||||
16 | ... | ... | ... | ...
|
||||
|
||||
There are 52 more IOC items available. Please use our online service to access the data.
|
||||
There are 59 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -45,13 +47,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,54 +61,60 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
2 | File | `/adfs/ls` | Medium
|
||||
3 | File | `/admin/access` | High
|
||||
4 | File | `/admin/ajax/avatar.php` | High
|
||||
5 | File | `/admin/inventory/manage_stock.php` | High
|
||||
6 | File | `/admin/media/upload` | High
|
||||
7 | File | `/admin/options` | High
|
||||
8 | File | `/admin/show.php` | High
|
||||
9 | File | `/api/blade-log/api/list` | High
|
||||
10 | File | `/api/RecordingList/download` | High
|
||||
11 | File | `/Applications/Calculator.app/Contents/MacOS/Calculator` | High
|
||||
12 | File | `/batm/app/admin/standalone/deployments` | High
|
||||
13 | File | `/cgi-bin/go` | Medium
|
||||
14 | File | `/cgi-bin/webproc` | High
|
||||
15 | File | `/classes/conf/db.properties&config=filemanager.config.js` | High
|
||||
16 | File | `/common/info.cgi` | High
|
||||
17 | File | `/etc` | Low
|
||||
18 | File | `/exec/` | Low
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/getcfg.php` | Medium
|
||||
21 | File | `/HNAP1` | Low
|
||||
22 | File | `/Home/GetAttachment` | High
|
||||
23 | File | `/htdocs/cgibin` | High
|
||||
24 | File | `/index.php?s=/admin-tpl-del&id=` | High
|
||||
25 | File | `/my_photo_gallery/image.php` | High
|
||||
26 | File | `/new` | Low
|
||||
27 | File | `/oauth/authorized_applications.json` | High
|
||||
28 | File | `/opt/tplink/EAPController/lib/eap-web-3.2.6.jar` | High
|
||||
29 | File | `/patient/doctors.php` | High
|
||||
30 | File | `/phpinventory/editcategory.php` | High
|
||||
31 | File | `/phpinventory/edituser.php` | High
|
||||
32 | File | `/probe?target` | High
|
||||
33 | File | `/rk-responsive-contact-form/include/rk_user_list.php` | High
|
||||
34 | File | `/root/.urcaps` | High
|
||||
35 | File | `/schedules/view_schedule.php` | High
|
||||
36 | File | `/see_more_details.php` | High
|
||||
37 | File | `/service/upload` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | File | `/template/edit` | High
|
||||
40 | File | `/uncpath/` | Medium
|
||||
41 | File | `/upload` | Low
|
||||
42 | File | `/var/run/jboss-eap/` | High
|
||||
43 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
44 | File | `4.edu.php\conn\function.php` | High
|
||||
45 | File | `a1disp2.cgi/a1disp3.cgi/a1disp4.cgi` | High
|
||||
46 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/acms/admin/cargo_types/manage_cargo_type.php` | High
|
||||
3 | File | `/adfs/ls` | Medium
|
||||
4 | File | `/admin.php/Admin/adminadd.html` | High
|
||||
5 | File | `/Admin/add-student.php` | High
|
||||
6 | File | `/admin/ajax/avatar.php` | High
|
||||
7 | File | `/admin/inventory/manage_stock.php` | High
|
||||
8 | File | `/admin/media/upload` | High
|
||||
9 | File | `/admin/options` | High
|
||||
10 | File | `/admin/settings/save.php` | High
|
||||
11 | File | `/admin/show.php` | High
|
||||
12 | File | `/admin/userprofile.php` | High
|
||||
13 | File | `/api/blade-log/api/list` | High
|
||||
14 | File | `/api/RecordingList/download` | High
|
||||
15 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
16 | File | `/apply.cgi` | Medium
|
||||
17 | File | `/batm/app/admin/standalone/deployments` | High
|
||||
18 | File | `/cgi-bin/go` | Medium
|
||||
19 | File | `/cgi-bin/webproc` | High
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/classes/conf/db.properties&config=filemanager.config.js` | High
|
||||
22 | File | `/College/admin/teacher.php` | High
|
||||
23 | File | `/common/info.cgi` | High
|
||||
24 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
25 | File | `/dcim/rack-roles/` | High
|
||||
26 | File | `/exec/` | Low
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/getcfg.php` | Medium
|
||||
29 | File | `/goform/addUserName` | High
|
||||
30 | File | `/goform/aspForm` | High
|
||||
31 | File | `/goform/delAd` | High
|
||||
32 | File | `/goform/wifiSSIDset` | High
|
||||
33 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
34 | File | `/HNAP1` | Low
|
||||
35 | File | `/htdocs/cgibin` | High
|
||||
36 | File | `/inc/topBarNav.php` | High
|
||||
37 | File | `/index.asp` | Medium
|
||||
38 | File | `/index.php?s=/admin-tpl-del&id=` | High
|
||||
39 | File | `/jfinal_cms/system/role/list` | High
|
||||
40 | File | `/kelas/data` | Medium
|
||||
41 | File | `/Moosikay/order.php` | High
|
||||
42 | File | `/my_photo_gallery/image.php` | High
|
||||
43 | File | `/new` | Low
|
||||
44 | File | `/patient/doctors.php` | High
|
||||
45 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
46 | File | `/phpinventory/editcategory.php` | High
|
||||
47 | File | `/phpinventory/edituser.php` | High
|
||||
48 | File | `/probe?target` | High
|
||||
49 | File | `/schedules/view_schedule.php` | High
|
||||
50 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
51 | File | `/service/upload` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 401 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 457 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -121,13 +129,17 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/1.165.96.128
|
||||
* https://search.censys.io/hosts/1.242.139.44
|
||||
* https://search.censys.io/hosts/5.178.3.191
|
||||
* https://search.censys.io/hosts/20.216.178.113
|
||||
* https://search.censys.io/hosts/20.223.128.97
|
||||
* https://search.censys.io/hosts/34.92.66.146
|
||||
* https://search.censys.io/hosts/40.87.50.159
|
||||
* https://search.censys.io/hosts/43.243.111.229
|
||||
* https://search.censys.io/hosts/45.77.34.211
|
||||
* https://search.censys.io/hosts/45.95.19.170
|
||||
* https://search.censys.io/hosts/45.95.19.172
|
||||
* https://search.censys.io/hosts/45.95.19.173
|
||||
* https://search.censys.io/hosts/45.95.19.174
|
||||
* https://search.censys.io/hosts/47.106.131.255
|
||||
* https://search.censys.io/hosts/64.44.166.203
|
||||
* https://search.censys.io/hosts/64.176.43.239
|
||||
* https://search.censys.io/hosts/77.92.154.211
|
||||
|
@ -145,11 +157,15 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/112.213.98.87
|
||||
* https://search.censys.io/hosts/139.180.143.50
|
||||
* https://search.censys.io/hosts/142.202.242.168
|
||||
* https://search.censys.io/hosts/144.126.230.14
|
||||
* https://search.censys.io/hosts/154.53.42.53
|
||||
* https://search.censys.io/hosts/179.43.154.184
|
||||
* https://search.censys.io/hosts/179.61.251.188
|
||||
* https://search.censys.io/hosts/185.225.18.110
|
||||
* https://search.censys.io/hosts/192.99.10.207
|
||||
* https://search.censys.io/hosts/193.42.32.159
|
||||
* https://search.censys.io/hosts/198.23.212.148
|
||||
* https://search.censys.io/hosts/209.25.142.180
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tria.ge/220411-rpjwpsagg7
|
||||
* https://tria.ge/220421-rkv36sbagj
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
# Dacls RAT - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dacls RAT](https://vuldb.com/?actor.dacls_rat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dacls_rat](https://vuldb.com/?actor.dacls_rat)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dacls RAT:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dacls RAT.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.125.125.5](https://vuldb.com/?ip.1.125.125.5) | - | - | High
|
||||
2 | [23.81.246.179](https://vuldb.com/?ip.23.81.246.179) | - | - | High
|
||||
3 | [23.227.196.116](https://vuldb.com/?ip.23.227.196.116) | 23-227-196-116.static.hvvc.us | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dacls RAT_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dacls RAT. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `/out.php` | Medium
|
||||
3 | File | `/uncpath/` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 17 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.netlab.360.com/dacls-the-dual-platform-rat/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -50,19 +50,20 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/admin/dl_sendmail.php` | High
|
||||
2 | File | `/api/v2/cli/commands` | High
|
||||
3 | File | `/apply.cgi` | Medium
|
||||
4 | File | `/owa/auth/logon.aspx` | High
|
||||
5 | File | `/spip.php` | Medium
|
||||
6 | File | `/usr/bin/pkexec` | High
|
||||
7 | File | `/zm/index.php` | High
|
||||
8 | File | `admin.jcomments.php` | High
|
||||
9 | File | `admin/file-manager/attachments` | High
|
||||
10 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
11 | File | `apply.cgi` | Medium
|
||||
12 | File | `archivejson.cgi` | High
|
||||
13 | File | `base/ErrorHandler.php` | High
|
||||
14 | ... | ... | ...
|
||||
4 | File | `/DXR.axd` | Medium
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/owa/auth/logon.aspx` | High
|
||||
7 | File | `/spip.php` | Medium
|
||||
8 | File | `/usr/bin/pkexec` | High
|
||||
9 | File | `/zm/index.php` | High
|
||||
10 | File | `admin.jcomments.php` | High
|
||||
11 | File | `admin/file-manager/attachments` | High
|
||||
12 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
13 | File | `apply.cgi` | Medium
|
||||
14 | File | `archivejson.cgi` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 108 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 117 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -227,7 +227,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -236,43 +236,44 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/alphaware/summary.php` | High
|
||||
9 | File | `/api/` | Low
|
||||
10 | File | `/api/admin/store/product/list` | High
|
||||
11 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/sys_username_passwd.cmd` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/apply.cgi` | Medium
|
||||
16 | File | `/attachments` | Medium
|
||||
2 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/add-new.php` | High
|
||||
5 | File | `/admin/doctors.php` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/alphaware/summary.php` | High
|
||||
8 | File | `/api/` | Low
|
||||
9 | File | `/api/admin/store/product/list` | High
|
||||
10 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
11 | File | `/api/stl/actions/search` | High
|
||||
12 | File | `/api/sys_username_passwd.cmd` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/apply.cgi` | Medium
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/env` | Low
|
||||
25 | File | `/etc/hosts` | Medium
|
||||
26 | File | `/eval/admin/manage_class.php` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/goform/setmac` | High
|
||||
29 | File | `/goform/wizard_end` | High
|
||||
30 | File | `/medicines/profile.php` | High
|
||||
31 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
28 | File | `/goform/wizard_end` | High
|
||||
29 | File | `/medicines/profile.php` | High
|
||||
30 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
31 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
32 | File | `/proxy` | Low
|
||||
33 | File | `/reservation/add_message.php` | High
|
||||
34 | File | `/spip.php` | Medium
|
||||
35 | File | `/tmp` | Low
|
||||
36 | ... | ... | ...
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 312 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
3 | [193.106.191.116](https://vuldb.com/?ip.193.106.191.116) | - | Bolt Food | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -69,21 +69,20 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
40 | [130.237.234.51](https://vuldb.com/?ip.130.237.234.51) | - | - | High
|
||||
41 | [130.237.234.53](https://vuldb.com/?ip.130.237.234.53) | ns53.stacken.kth.se | - | High
|
||||
42 | [130.237.234.151](https://vuldb.com/?ip.130.237.234.151) | mount-kilimanjaro.stacken.kth.se | - | High
|
||||
43 | [130.237.234.152](https://vuldb.com/?ip.130.237.234.152) | snacks.stacken.kth.se | - | High
|
||||
44 | [131.188.3.200](https://vuldb.com/?ip.131.188.3.200) | reserved.rrze.uni-erlangen.de | - | High
|
||||
45 | [132.248.10.2](https://vuldb.com/?ip.132.248.10.2) | dns2.unam.mx | - | High
|
||||
46 | [132.248.204.1](https://vuldb.com/?ip.132.248.204.1) | dns1.unam.mx | - | High
|
||||
47 | [132.248.253.1](https://vuldb.com/?ip.132.248.253.1) | ve53.zc-dist.unam.mx | - | High
|
||||
48 | [133.3.5.2](https://vuldb.com/?ip.133.3.5.2) | pfdsun.kuicr.kyoto-u.ac.jp | - | High
|
||||
49 | [133.3.5.20](https://vuldb.com/?ip.133.3.5.20) | icrsun.kuicr.kyoto-u.ac.jp | - | High
|
||||
50 | [133.3.5.30](https://vuldb.com/?ip.133.3.5.30) | - | - | High
|
||||
51 | [133.3.5.33](https://vuldb.com/?ip.133.3.5.33) | sms.uji.kyoto-u.ac.jp | - | High
|
||||
52 | [133.26.135.224](https://vuldb.com/?ip.133.26.135.224) | - | - | High
|
||||
53 | [133.31.106.46](https://vuldb.com/?ip.133.31.106.46) | ci970000.ci.noda.sut.ac.jp | - | High
|
||||
54 | [133.41.145.11](https://vuldb.com/?ip.133.41.145.11) | 145-011.eduroam.hiroshima-u.ac.jp | - | High
|
||||
55 | ... | ... | ... | ...
|
||||
43 | [131.188.3.200](https://vuldb.com/?ip.131.188.3.200) | reserved.rrze.uni-erlangen.de | - | High
|
||||
44 | [132.248.10.2](https://vuldb.com/?ip.132.248.10.2) | dns2.unam.mx | - | High
|
||||
45 | [132.248.204.1](https://vuldb.com/?ip.132.248.204.1) | dns1.unam.mx | - | High
|
||||
46 | [132.248.253.1](https://vuldb.com/?ip.132.248.253.1) | ve53.zc-dist.unam.mx | - | High
|
||||
47 | [133.3.5.2](https://vuldb.com/?ip.133.3.5.2) | pfdsun.kuicr.kyoto-u.ac.jp | - | High
|
||||
48 | [133.3.5.20](https://vuldb.com/?ip.133.3.5.20) | icrsun.kuicr.kyoto-u.ac.jp | - | High
|
||||
49 | [133.3.5.30](https://vuldb.com/?ip.133.3.5.30) | - | - | High
|
||||
50 | [133.3.5.33](https://vuldb.com/?ip.133.3.5.33) | sms.uji.kyoto-u.ac.jp | - | High
|
||||
51 | [133.26.135.224](https://vuldb.com/?ip.133.26.135.224) | - | - | High
|
||||
52 | [133.31.106.46](https://vuldb.com/?ip.133.31.106.46) | ci970000.ci.noda.sut.ac.jp | - | High
|
||||
53 | [133.41.145.11](https://vuldb.com/?ip.133.41.145.11) | 145-011.eduroam.hiroshima-u.ac.jp | - | High
|
||||
54 | ... | ... | ... | ...
|
||||
|
||||
There are 214 more IOC items available. Please use our online service to access the data.
|
||||
There are 211 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
|
@ -0,0 +1,109 @@
|
|||
# Extenbro - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Extenbro](https://vuldb.com/?actor.extenbro). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.extenbro](https://vuldb.com/?actor.extenbro)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Extenbro:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Extenbro.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.86.180.227](https://vuldb.com/?ip.45.86.180.227) | vm-329a5356.na4u.ru | - | High
|
||||
2 | [116.203.6.218](https://vuldb.com/?ip.116.203.6.218) | mail.poseidon.wpsserver.de | - | High
|
||||
3 | [185.130.104.222](https://vuldb.com/?ip.185.130.104.222) | . | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Extenbro_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Extenbro. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?p=products` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/ad_js.php` | Medium
|
||||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/app/options.py` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
23 | File | `/dashboard/reports/logs/view` | High
|
||||
24 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/etc/hosts` | Medium
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/setmac` | High
|
||||
30 | File | `/goform/wizard_end` | High
|
||||
31 | File | `/manage-apartment.php` | High
|
||||
32 | File | `/medicines/profile.php` | High
|
||||
33 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
34 | File | `/pages/apply_vacancy.php` | High
|
||||
35 | File | `/proc/<PID>/mem` | High
|
||||
36 | File | `/proxy` | Low
|
||||
37 | File | `/reservation/add_message.php` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 336 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.malwarebytes.com/trojans/2019/07/extenbro-a-new-dns-changer-trojan-protecting-adware/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,63 @@
|
|||
# Eye on the Nile - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Eye on the Nile](https://vuldb.com/?actor.eye_on_the_nile). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.eye_on_the_nile](https://vuldb.com/?actor.eye_on_the_nile)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Eye on the Nile:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Eye on the Nile.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.125.230.116](https://vuldb.com/?ip.185.125.230.116) | revdns.dns.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Eye on the Nile_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Eye on the Nile. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `/out.php` | Medium
|
||||
3 | File | `/sqfs/bin/sccd` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 24 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://research.checkpoint.com/2023/stealth-soldier-backdoor-used-in-targeted-espionage-attacks-in-north-africa/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -21,12 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.130.201.24](https://vuldb.com/?ip.45.130.201.24) | - | - | High
|
||||
2 | [88.119.169.145](https://vuldb.com/?ip.88.119.169.145) | 19790-33851.bacloud.info | - | High
|
||||
3 | [88.119.169.146](https://vuldb.com/?ip.88.119.169.146) | 19790-33851.bacloud.info | - | High
|
||||
1 | [5.79.66.123](https://vuldb.com/?ip.5.79.66.123) | - | - | High
|
||||
2 | [35.176.231.198](https://vuldb.com/?ip.35.176.231.198) | ec2-35-176-231-198.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
3 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -52,44 +52,50 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin.php/Admin/adminadd.html` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/settings/save.php` | High
|
||||
5 | File | `/admin/userprofile.php` | High
|
||||
6 | File | `/apply.cgi` | Medium
|
||||
7 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
8 | File | `/College/admin/teacher.php` | High
|
||||
9 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
10 | File | `/dcim/rack-roles/` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/goform/addUserName` | High
|
||||
13 | File | `/goform/aspForm` | High
|
||||
14 | File | `/goform/delAd` | High
|
||||
15 | File | `/goform/wifiSSIDset` | High
|
||||
16 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
17 | File | `/inc/topBarNav.php` | High
|
||||
18 | File | `/index.asp` | Medium
|
||||
19 | File | `/jfinal_cms/system/role/list` | High
|
||||
20 | File | `/kelas/data` | Medium
|
||||
21 | File | `/Moosikay/order.php` | High
|
||||
22 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
23 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/webman/info.cgi` | High
|
||||
26 | ... | ... | ...
|
||||
4 | File | `/admin/orders/update_status.php` | High
|
||||
5 | File | `/admin/settings/save.php` | High
|
||||
6 | File | `/admin/userprofile.php` | High
|
||||
7 | File | `/apply.cgi` | Medium
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/College/admin/teacher.php` | High
|
||||
10 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
11 | File | `/dcim/rack-roles/` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/getcfg.php` | Medium
|
||||
14 | File | `/goform/addUserName` | High
|
||||
15 | File | `/goform/aspForm` | High
|
||||
16 | File | `/goform/delAd` | High
|
||||
17 | File | `/goform/wifiSSIDset` | High
|
||||
18 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
19 | File | `/inc/topBarNav.php` | High
|
||||
20 | File | `/index.asp` | Medium
|
||||
21 | File | `/jfinal_cms/system/role/list` | High
|
||||
22 | File | `/kelas/data` | Medium
|
||||
23 | File | `/Moosikay/order.php` | High
|
||||
24 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
25 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/webman/info.cgi` | High
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 218 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 239 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://infosec.exchange/@monitorsg/110542478917794644
|
||||
* https://infosec.exchange/@rmceoin/110424143980661661
|
||||
* https://infosec.exchange/@rmceoin/110475220406813517
|
||||
* https://infosec.exchange/@rmceoin/110492844885251537
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/threatcat_ch/status/1655819677648420864
|
||||
* https://twitter.com/threatcat_ch/status/1656899336712716289
|
||||
* https://twitter.com/threatcat_ch/status/1663795364552384512
|
||||
* https://twitter.com/threatcat_ch/status/1664643709298769920
|
||||
* https://twitter.com/threatcat_ch/status/1665706881489289217
|
||||
* https://twitter.com/threatcat_ch/status/1666706124836405248
|
||||
* https://twitter.com/threatcat_ch/status/1668596702696054785
|
||||
* https://urlscan.io/search/#ip%3A88.119.169.145
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
* [AT](https://vuldb.com/?country.at)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -133,46 +133,45 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/api/v2/cli/commands` | High
|
||||
21 | File | `/apply.cgi` | Medium
|
||||
22 | File | `/APR/login.php` | High
|
||||
23 | File | `/bin/httpd` | Medium
|
||||
24 | File | `/boat/login.php` | High
|
||||
25 | File | `/bsms_ci/index.php/book` | High
|
||||
26 | File | `/cgi-bin` | Medium
|
||||
27 | File | `/cgi-bin/wapopen` | High
|
||||
28 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
31 | File | `/feeds/post/publish` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
34 | File | `/fos/admin/index.php?page=menu` | High
|
||||
35 | File | `/home/masterConsole` | High
|
||||
36 | File | `/home/sendBroadcast` | High
|
||||
37 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
38 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
39 | File | `/index.php?page=category_list` | High
|
||||
40 | File | `/medicines/profile.php` | High
|
||||
41 | File | `/Moosikay/order.php` | High
|
||||
42 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
43 | File | `/opac/Actions.php?a=login` | High
|
||||
44 | File | `/php-opos/index.php` | High
|
||||
45 | File | `/PreviewHandler.ashx` | High
|
||||
46 | File | `/public/launchNewWindow.jsp` | High
|
||||
47 | File | `/reports/rwservlet` | High
|
||||
48 | File | `/reservation/add_message.php` | High
|
||||
49 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
50 | File | `/Session` | Medium
|
||||
51 | File | `/spip.php` | Medium
|
||||
52 | File | `/uncpath/` | Medium
|
||||
53 | File | `/user/updatePwd` | High
|
||||
54 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
55 | File | `/video-sharing-script/watch-video.php` | High
|
||||
56 | File | `/wbms/classes/Master.php?f=delete_client` | High
|
||||
57 | File | `/wireless/security.asp` | High
|
||||
58 | File | `/wp-admin/admin-ajax.php` | High
|
||||
59 | File | `/xxl-job-admin/jobinfo` | High
|
||||
60 | ... | ... | ...
|
||||
23 | File | `/bin/ate` | Medium
|
||||
24 | File | `/bin/httpd` | Medium
|
||||
25 | File | `/boat/login.php` | High
|
||||
26 | File | `/bsms_ci/index.php/book` | High
|
||||
27 | File | `/cgi-bin` | Medium
|
||||
28 | File | `/cgi-bin/wapopen` | High
|
||||
29 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
30 | File | `/debug/pprof` | Medium
|
||||
31 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
32 | File | `/env` | Low
|
||||
33 | File | `/feeds/post/publish` | High
|
||||
34 | File | `/forum/away.php` | High
|
||||
35 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
36 | File | `/fos/admin/index.php?page=menu` | High
|
||||
37 | File | `/home/masterConsole` | High
|
||||
38 | File | `/home/sendBroadcast` | High
|
||||
39 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
40 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
41 | File | `/index.php?page=category_list` | High
|
||||
42 | File | `/jobinfo/` | Medium
|
||||
43 | File | `/medicines/profile.php` | High
|
||||
44 | File | `/Moosikay/order.php` | High
|
||||
45 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
46 | File | `/opac/Actions.php?a=login` | High
|
||||
47 | File | `/php-opos/index.php` | High
|
||||
48 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
49 | File | `/PreviewHandler.ashx` | High
|
||||
50 | File | `/public/launchNewWindow.jsp` | High
|
||||
51 | File | `/reservation/add_message.php` | High
|
||||
52 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
53 | File | `/Session` | Medium
|
||||
54 | File | `/spip.php` | Medium
|
||||
55 | File | `/uncpath/` | Medium
|
||||
56 | File | `/user/updatePwd` | High
|
||||
57 | File | `/var/lib/docker/<remapping>` | High
|
||||
58 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 523 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
# FunkyBot - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FunkyBot](https://vuldb.com/?actor.funkybot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.funkybot](https://vuldb.com/?actor.funkybot)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FunkyBot:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of FunkyBot.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
2 | [108.61.187.156](https://vuldb.com/?ip.108.61.187.156) | 108.61.187.156.vultrusercontent.com | - | High
|
||||
3 | [149.28.24.166](https://vuldb.com/?ip.149.28.24.166) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _FunkyBot_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FunkyBot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.ssh/authorized_keys` | High
|
||||
2 | File | `/rom` | Low
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 18 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fortinet.com/blog/threat-research/funkybot-malware-targets-japan.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -90,7 +90,7 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `adclick.php` | Medium
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 104 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 105 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -98,13 +98,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -137,21 +137,20 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/forum/PostPrivateMessage` | High
|
||||
25 | File | `/goform/addressNat` | High
|
||||
26 | File | `/HNAP1` | Low
|
||||
27 | File | `/HNAP1/SetClientInfo` | High
|
||||
28 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
29 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
30 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
31 | File | `/modules/profile/index.php` | High
|
||||
32 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
33 | File | `/net-banking/customer_transactions.php` | High
|
||||
34 | File | `/news/*.html` | Medium
|
||||
35 | File | `/obs/book.php` | High
|
||||
36 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
37 | File | `/owa/auth/logon.aspx` | High
|
||||
38 | ... | ... | ...
|
||||
26 | File | `/goform/setmac` | High
|
||||
27 | File | `/goform/setMacFilterCfg` | High
|
||||
28 | File | `/HNAP1` | Low
|
||||
29 | File | `/HNAP1/SetClientInfo` | High
|
||||
30 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
31 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
32 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
33 | File | `/kelasdosen/data` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
36 | File | `/net-banking/customer_transactions.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -39,7 +39,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
16 | [43.249.195.178](https://vuldb.com/?ip.43.249.195.178) | - | - | High
|
||||
17 | ... | ... | ... | ...
|
||||
|
||||
There are 62 more IOC items available. Please use our online service to access the data.
|
||||
There are 63 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
|
@ -0,0 +1,58 @@
|
|||
# Graboid - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Graboid](https://vuldb.com/?actor.graboid). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.graboid](https://vuldb.com/?actor.graboid)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Graboid:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Graboid.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [47.107.191.137](https://vuldb.com/?ip.47.107.191.137) | - | - | High
|
||||
2 | [47.111.96.197](https://vuldb.com/?ip.47.111.96.197) | - | - | High
|
||||
3 | [61.18.240.160](https://vuldb.com/?ip.61.18.240.160) | cm61-18-240-160.hkcable.com.hk | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Graboid_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Graboid. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `data/gbconfiguration.dat` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://unit42.paloaltonetworks.com/graboid-first-ever-cryptojacking-worm-found-in-images-on-docker-hub/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,65 @@
|
|||
# Gwmndy - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gwmndy](https://vuldb.com/?actor.gwmndy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gwmndy](https://vuldb.com/?actor.gwmndy)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gwmndy:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gwmndy.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.125.125.5](https://vuldb.com/?ip.1.125.125.5) | - | - | High
|
||||
2 | [43.252.231.181](https://vuldb.com/?ip.43.252.231.181) | - | - | High
|
||||
3 | [47.89.9.33](https://vuldb.com/?ip.47.89.9.33) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Gwmndy_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gwmndy. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `books.php` | Medium
|
||||
2 | File | `cart.php` | Medium
|
||||
3 | File | `GpsXtraDownloader.java` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.netlab.360.com/some-fiberhome-routers-are-being-utilized-as-ssh-tunneling-proxy-nodes/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,69 @@
|
|||
# Hidden Bee - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hidden Bee](https://vuldb.com/?actor.hidden_bee). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hidden_bee](https://vuldb.com/?actor.hidden_bee)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hidden Bee:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [IO](https://vuldb.com/?country.io)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hidden Bee.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [67.198.208.110](https://vuldb.com/?ip.67.198.208.110) | graft9.firsttaskintheoffice.com | - | High
|
||||
2 | [103.35.72.223](https://vuldb.com/?ip.103.35.72.223) | - | - | High
|
||||
3 | [133.130.101.254](https://vuldb.com/?ip.133.130.101.254) | v133-130-101-254.a02a.g.tyo1.static.cnode.io | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Hidden Bee_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Hidden Bee. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `inc/config.php` | High
|
||||
2 | File | `libavcodec/cdxl.c` | High
|
||||
3 | File | `querystring.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -22,80 +22,90 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.34.176.235](https://vuldb.com/?ip.5.34.176.235) | vds1139947.hosted-by-itldc.com | - | High
|
||||
2 | [5.42.199.38](https://vuldb.com/?ip.5.42.199.38) | - | - | High
|
||||
3 | [5.44.45.83](https://vuldb.com/?ip.5.44.45.83) | vds125054.mgnhost.com | - | High
|
||||
4 | [5.44.45.204](https://vuldb.com/?ip.5.44.45.204) | vds124408.mgn-host.ru | - | High
|
||||
5 | [5.44.45.249](https://vuldb.com/?ip.5.44.45.249) | squall.werld.ru | - | High
|
||||
6 | [15.204.49.218](https://vuldb.com/?ip.15.204.49.218) | mail.mvhcudfzcgtssf.cf | - | High
|
||||
7 | [23.106.124.232](https://vuldb.com/?ip.23.106.124.232) | - | - | High
|
||||
8 | [23.227.202.77](https://vuldb.com/?ip.23.227.202.77) | 23-227-202-77.static.hvvc.us | - | High
|
||||
9 | [23.227.203.221](https://vuldb.com/?ip.23.227.203.221) | 23-227-203-221.static.hvvc.us | - | High
|
||||
10 | [31.41.44.23](https://vuldb.com/?ip.31.41.44.23) | arman.example.com | - | High
|
||||
11 | [31.41.44.27](https://vuldb.com/?ip.31.41.44.27) | awkdjaiwjdkawfhhae.example.com | - | High
|
||||
12 | [31.41.44.36](https://vuldb.com/?ip.31.41.44.36) | free.cishost.ru | - | High
|
||||
13 | [31.41.44.47](https://vuldb.com/?ip.31.41.44.47) | free.cishost.ru | - | High
|
||||
14 | [31.41.44.48](https://vuldb.com/?ip.31.41.44.48) | free.cishost.ru | - | High
|
||||
15 | [31.41.44.51](https://vuldb.com/?ip.31.41.44.51) | free.cishost.ru | - | High
|
||||
16 | [31.41.44.63](https://vuldb.com/?ip.31.41.44.63) | free.cishost.ru | - | High
|
||||
17 | [31.41.44.76](https://vuldb.com/?ip.31.41.44.76) | visionsphotographic.com | - | High
|
||||
18 | [31.41.44.85](https://vuldb.com/?ip.31.41.44.85) | free.cishost.ru | - | High
|
||||
19 | [31.41.44.87](https://vuldb.com/?ip.31.41.44.87) | free.cishost.ru | - | High
|
||||
20 | [31.41.44.90](https://vuldb.com/?ip.31.41.44.90) | free.cishost.ru | - | High
|
||||
21 | [31.41.44.92](https://vuldb.com/?ip.31.41.44.92) | free.cishost.ru | - | High
|
||||
22 | [31.41.44.106](https://vuldb.com/?ip.31.41.44.106) | free.cishost.ru | - | High
|
||||
23 | [31.41.44.107](https://vuldb.com/?ip.31.41.44.107) | free.cishost.ru | - | High
|
||||
24 | [31.41.44.108](https://vuldb.com/?ip.31.41.44.108) | free.cishost.ru | - | High
|
||||
25 | [31.41.44.109](https://vuldb.com/?ip.31.41.44.109) | free.cishost.ru | - | High
|
||||
26 | [31.41.44.110](https://vuldb.com/?ip.31.41.44.110) | kectis.com | - | High
|
||||
27 | [31.41.44.111](https://vuldb.com/?ip.31.41.44.111) | free.cishost.ru | - | High
|
||||
28 | [31.41.44.117](https://vuldb.com/?ip.31.41.44.117) | free.cishost.ru | - | High
|
||||
29 | [31.41.44.122](https://vuldb.com/?ip.31.41.44.122) | free.cishost.ru | - | High
|
||||
30 | [31.41.44.153](https://vuldb.com/?ip.31.41.44.153) | free.cishost.ru | - | High
|
||||
31 | [31.41.44.154](https://vuldb.com/?ip.31.41.44.154) | free.cishost.ru | - | High
|
||||
32 | [31.41.44.156](https://vuldb.com/?ip.31.41.44.156) | free.cishost.ru | - | High
|
||||
33 | [31.41.44.158](https://vuldb.com/?ip.31.41.44.158) | free.cishost.ru | - | High
|
||||
34 | [31.41.44.179](https://vuldb.com/?ip.31.41.44.179) | free.cishost.ru | - | High
|
||||
35 | [31.41.44.184](https://vuldb.com/?ip.31.41.44.184) | free.cishost.ru | - | High
|
||||
36 | [31.41.44.185](https://vuldb.com/?ip.31.41.44.185) | free.cishost.ru | - | High
|
||||
37 | [31.148.99.169](https://vuldb.com/?ip.31.148.99.169) | - | - | High
|
||||
38 | [31.172.83.231](https://vuldb.com/?ip.31.172.83.231) | good-nm36.ateamlevel.net | - | High
|
||||
39 | [31.207.46.10](https://vuldb.com/?ip.31.207.46.10) | xogiante.com | - | High
|
||||
40 | [31.207.46.12](https://vuldb.com/?ip.31.207.46.12) | - | - | High
|
||||
41 | [31.207.46.125](https://vuldb.com/?ip.31.207.46.125) | - | - | High
|
||||
42 | [31.214.157.31](https://vuldb.com/?ip.31.214.157.31) | vm12150.ru | - | High
|
||||
43 | [31.214.157.160](https://vuldb.com/?ip.31.214.157.160) | elijah-nascent.specbowel.net | - | High
|
||||
44 | [37.10.71.114](https://vuldb.com/?ip.37.10.71.114) | - | - | High
|
||||
45 | [37.120.206.70](https://vuldb.com/?ip.37.120.206.70) | - | - | High
|
||||
46 | [37.120.206.119](https://vuldb.com/?ip.37.120.206.119) | - | - | High
|
||||
47 | [37.120.222.178](https://vuldb.com/?ip.37.120.222.178) | - | - | High
|
||||
48 | [37.120.222.188](https://vuldb.com/?ip.37.120.222.188) | - | - | High
|
||||
49 | [37.120.239.178](https://vuldb.com/?ip.37.120.239.178) | - | - | High
|
||||
50 | [45.9.20.245](https://vuldb.com/?ip.45.9.20.245) | - | - | High
|
||||
51 | [45.11.180.140](https://vuldb.com/?ip.45.11.180.140) | boab-exchange.stuffbent.net | - | High
|
||||
52 | [45.11.181.122](https://vuldb.com/?ip.45.11.181.122) | - | - | High
|
||||
53 | [45.11.182.30](https://vuldb.com/?ip.45.11.182.30) | - | - | High
|
||||
54 | [45.11.182.165](https://vuldb.com/?ip.45.11.182.165) | - | - | High
|
||||
55 | [45.11.182.208](https://vuldb.com/?ip.45.11.182.208) | - | - | High
|
||||
56 | [45.11.183.24](https://vuldb.com/?ip.45.11.183.24) | - | - | High
|
||||
57 | [45.67.230.16](https://vuldb.com/?ip.45.67.230.16) | vm1300397.stark-industries.solutions | - | High
|
||||
58 | [45.89.67.190](https://vuldb.com/?ip.45.89.67.190) | 13ipv6.ok | - | High
|
||||
59 | [45.89.189.6](https://vuldb.com/?ip.45.89.189.6) | vds125341.mgnhost.com | - | High
|
||||
60 | [45.89.189.7](https://vuldb.com/?ip.45.89.189.7) | vds123455.mgn-host.ru | - | High
|
||||
61 | [45.90.57.19](https://vuldb.com/?ip.45.90.57.19) | kuzina.val.pserver.ru | - | High
|
||||
62 | [45.130.147.89](https://vuldb.com/?ip.45.130.147.89) | lao89.nengtanyun.cn | - | High
|
||||
63 | [45.130.151.190](https://vuldb.com/?ip.45.130.151.190) | 526204.msk-kvm.ru | - | High
|
||||
64 | [45.130.151.191](https://vuldb.com/?ip.45.130.151.191) | godaddy.com | - | High
|
||||
65 | [45.130.151.195](https://vuldb.com/?ip.45.130.151.195) | 533873.msk-kvm.ru | - | High
|
||||
66 | [45.130.151.199](https://vuldb.com/?ip.45.130.151.199) | 515904.msk-kvm.ru | - | High
|
||||
67 | [45.140.167.95](https://vuldb.com/?ip.45.140.167.95) | - | - | High
|
||||
68 | [45.147.200.47](https://vuldb.com/?ip.45.147.200.47) | mail.ofsekck.cn | - | High
|
||||
69 | [45.155.249.47](https://vuldb.com/?ip.45.155.249.47) | - | - | High
|
||||
70 | [45.155.249.49](https://vuldb.com/?ip.45.155.249.49) | - | - | High
|
||||
71 | [45.155.249.200](https://vuldb.com/?ip.45.155.249.200) | - | - | High
|
||||
72 | [45.155.249.227](https://vuldb.com/?ip.45.155.249.227) | - | - | High
|
||||
73 | ... | ... | ... | ...
|
||||
2 | [5.34.182.123](https://vuldb.com/?ip.5.34.182.123) | moar.ua | - | High
|
||||
3 | [5.42.199.38](https://vuldb.com/?ip.5.42.199.38) | - | - | High
|
||||
4 | [5.44.45.83](https://vuldb.com/?ip.5.44.45.83) | vds125054.mgnhost.com | - | High
|
||||
5 | [5.44.45.204](https://vuldb.com/?ip.5.44.45.204) | vds124408.mgn-host.ru | - | High
|
||||
6 | [5.44.45.249](https://vuldb.com/?ip.5.44.45.249) | squall.werld.ru | - | High
|
||||
7 | [15.204.49.218](https://vuldb.com/?ip.15.204.49.218) | mail.mvhcudfzcgtssf.cf | - | High
|
||||
8 | [23.95.0.100](https://vuldb.com/?ip.23.95.0.100) | 23-95-0-100-host.colocrossing.com | - | High
|
||||
9 | [23.106.124.232](https://vuldb.com/?ip.23.106.124.232) | - | - | High
|
||||
10 | [23.227.202.77](https://vuldb.com/?ip.23.227.202.77) | 23-227-202-77.static.hvvc.us | - | High
|
||||
11 | [23.227.203.221](https://vuldb.com/?ip.23.227.203.221) | 23-227-203-221.static.hvvc.us | - | High
|
||||
12 | [31.41.44.23](https://vuldb.com/?ip.31.41.44.23) | arman.example.com | - | High
|
||||
13 | [31.41.44.27](https://vuldb.com/?ip.31.41.44.27) | awkdjaiwjdkawfhhae.example.com | - | High
|
||||
14 | [31.41.44.36](https://vuldb.com/?ip.31.41.44.36) | free.cishost.ru | - | High
|
||||
15 | [31.41.44.47](https://vuldb.com/?ip.31.41.44.47) | free.cishost.ru | - | High
|
||||
16 | [31.41.44.48](https://vuldb.com/?ip.31.41.44.48) | free.cishost.ru | - | High
|
||||
17 | [31.41.44.51](https://vuldb.com/?ip.31.41.44.51) | free.cishost.ru | - | High
|
||||
18 | [31.41.44.63](https://vuldb.com/?ip.31.41.44.63) | free.cishost.ru | - | High
|
||||
19 | [31.41.44.76](https://vuldb.com/?ip.31.41.44.76) | visionsphotographic.com | - | High
|
||||
20 | [31.41.44.85](https://vuldb.com/?ip.31.41.44.85) | free.cishost.ru | - | High
|
||||
21 | [31.41.44.87](https://vuldb.com/?ip.31.41.44.87) | free.cishost.ru | - | High
|
||||
22 | [31.41.44.90](https://vuldb.com/?ip.31.41.44.90) | free.cishost.ru | - | High
|
||||
23 | [31.41.44.92](https://vuldb.com/?ip.31.41.44.92) | free.cishost.ru | - | High
|
||||
24 | [31.41.44.106](https://vuldb.com/?ip.31.41.44.106) | free.cishost.ru | - | High
|
||||
25 | [31.41.44.107](https://vuldb.com/?ip.31.41.44.107) | free.cishost.ru | - | High
|
||||
26 | [31.41.44.108](https://vuldb.com/?ip.31.41.44.108) | free.cishost.ru | - | High
|
||||
27 | [31.41.44.109](https://vuldb.com/?ip.31.41.44.109) | free.cishost.ru | - | High
|
||||
28 | [31.41.44.110](https://vuldb.com/?ip.31.41.44.110) | kectis.com | - | High
|
||||
29 | [31.41.44.111](https://vuldb.com/?ip.31.41.44.111) | free.cishost.ru | - | High
|
||||
30 | [31.41.44.117](https://vuldb.com/?ip.31.41.44.117) | free.cishost.ru | - | High
|
||||
31 | [31.41.44.122](https://vuldb.com/?ip.31.41.44.122) | free.cishost.ru | - | High
|
||||
32 | [31.41.44.153](https://vuldb.com/?ip.31.41.44.153) | free.cishost.ru | - | High
|
||||
33 | [31.41.44.154](https://vuldb.com/?ip.31.41.44.154) | free.cishost.ru | - | High
|
||||
34 | [31.41.44.156](https://vuldb.com/?ip.31.41.44.156) | free.cishost.ru | - | High
|
||||
35 | [31.41.44.158](https://vuldb.com/?ip.31.41.44.158) | free.cishost.ru | - | High
|
||||
36 | [31.41.44.179](https://vuldb.com/?ip.31.41.44.179) | free.cishost.ru | - | High
|
||||
37 | [31.41.44.184](https://vuldb.com/?ip.31.41.44.184) | free.cishost.ru | - | High
|
||||
38 | [31.41.44.185](https://vuldb.com/?ip.31.41.44.185) | free.cishost.ru | - | High
|
||||
39 | [31.148.99.169](https://vuldb.com/?ip.31.148.99.169) | - | - | High
|
||||
40 | [31.172.83.231](https://vuldb.com/?ip.31.172.83.231) | good-nm36.ateamlevel.net | - | High
|
||||
41 | [31.207.46.10](https://vuldb.com/?ip.31.207.46.10) | xogiante.com | - | High
|
||||
42 | [31.207.46.12](https://vuldb.com/?ip.31.207.46.12) | - | - | High
|
||||
43 | [31.207.46.125](https://vuldb.com/?ip.31.207.46.125) | - | - | High
|
||||
44 | [31.214.157.31](https://vuldb.com/?ip.31.214.157.31) | vm12150.ru | - | High
|
||||
45 | [31.214.157.160](https://vuldb.com/?ip.31.214.157.160) | elijah-nascent.specbowel.net | - | High
|
||||
46 | [37.10.71.114](https://vuldb.com/?ip.37.10.71.114) | - | - | High
|
||||
47 | [37.120.206.70](https://vuldb.com/?ip.37.120.206.70) | - | - | High
|
||||
48 | [37.120.206.119](https://vuldb.com/?ip.37.120.206.119) | - | - | High
|
||||
49 | [37.120.222.138](https://vuldb.com/?ip.37.120.222.138) | - | - | High
|
||||
50 | [37.120.222.178](https://vuldb.com/?ip.37.120.222.178) | - | - | High
|
||||
51 | [37.120.222.188](https://vuldb.com/?ip.37.120.222.188) | - | - | High
|
||||
52 | [37.120.239.178](https://vuldb.com/?ip.37.120.239.178) | - | - | High
|
||||
53 | [45.9.20.245](https://vuldb.com/?ip.45.9.20.245) | - | - | High
|
||||
54 | [45.11.180.140](https://vuldb.com/?ip.45.11.180.140) | boab-exchange.stuffbent.net | - | High
|
||||
55 | [45.11.180.178](https://vuldb.com/?ip.45.11.180.178) | pleased-process.eitherbar.com | - | High
|
||||
56 | [45.11.181.28](https://vuldb.com/?ip.45.11.181.28) | sourengine.com | - | High
|
||||
57 | [45.11.181.122](https://vuldb.com/?ip.45.11.181.122) | - | - | High
|
||||
58 | [45.11.182.30](https://vuldb.com/?ip.45.11.182.30) | - | - | High
|
||||
59 | [45.11.182.165](https://vuldb.com/?ip.45.11.182.165) | - | - | High
|
||||
60 | [45.11.182.208](https://vuldb.com/?ip.45.11.182.208) | - | - | High
|
||||
61 | [45.11.183.24](https://vuldb.com/?ip.45.11.183.24) | - | - | High
|
||||
62 | [45.67.230.16](https://vuldb.com/?ip.45.67.230.16) | vm1300397.stark-industries.solutions | - | High
|
||||
63 | [45.89.67.190](https://vuldb.com/?ip.45.89.67.190) | 13ipv6.ok | - | High
|
||||
64 | [45.89.189.6](https://vuldb.com/?ip.45.89.189.6) | vds125341.mgnhost.com | - | High
|
||||
65 | [45.89.189.7](https://vuldb.com/?ip.45.89.189.7) | vds123455.mgn-host.ru | - | High
|
||||
66 | [45.89.230.121](https://vuldb.com/?ip.45.89.230.121) | - | - | High
|
||||
67 | [45.90.57.19](https://vuldb.com/?ip.45.90.57.19) | kuzina.val.pserver.ru | - | High
|
||||
68 | [45.90.58.37](https://vuldb.com/?ip.45.90.58.37) | vps.hostry.com | - | High
|
||||
69 | [45.130.147.89](https://vuldb.com/?ip.45.130.147.89) | lao89.nengtanyun.cn | - | High
|
||||
70 | [45.130.151.190](https://vuldb.com/?ip.45.130.151.190) | 526204.msk-kvm.ru | - | High
|
||||
71 | [45.130.151.191](https://vuldb.com/?ip.45.130.151.191) | godaddy.com | - | High
|
||||
72 | [45.130.151.195](https://vuldb.com/?ip.45.130.151.195) | 533873.msk-kvm.ru | - | High
|
||||
73 | [45.130.151.199](https://vuldb.com/?ip.45.130.151.199) | 515904.msk-kvm.ru | - | High
|
||||
74 | [45.140.167.95](https://vuldb.com/?ip.45.140.167.95) | - | - | High
|
||||
75 | [45.147.200.47](https://vuldb.com/?ip.45.147.200.47) | mail.ofsekck.cn | - | High
|
||||
76 | [45.153.230.139](https://vuldb.com/?ip.45.153.230.139) | vm247045.pq.hosting | - | High
|
||||
77 | [45.155.249.47](https://vuldb.com/?ip.45.155.249.47) | - | - | High
|
||||
78 | [45.155.249.49](https://vuldb.com/?ip.45.155.249.49) | - | - | High
|
||||
79 | [45.155.249.65](https://vuldb.com/?ip.45.155.249.65) | - | - | High
|
||||
80 | [45.155.249.66](https://vuldb.com/?ip.45.155.249.66) | - | - | High
|
||||
81 | [45.155.249.91](https://vuldb.com/?ip.45.155.249.91) | - | - | High
|
||||
82 | [45.155.249.94](https://vuldb.com/?ip.45.155.249.94) | - | - | High
|
||||
83 | ... | ... | ... | ...
|
||||
|
||||
There are 287 more IOC items available. Please use our online service to access the data.
|
||||
There are 330 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -135,7 +145,7 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/owa/auth/logon.aspx` | High
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 125 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 127 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -146,13 +156,18 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/7c854a125b0d2613bbfcd1fb3664c03c61bc3787ec8bde6be11a2f75692da268/
|
||||
* https://bazaar.abuse.ch/sample/41ae907a2bb73794bb2cff40b429e62305847a3e1a95f188b596f1cf925c4547/
|
||||
* https://bazaar.abuse.ch/sample/47e870e2d1a123b74c470b0e01ed75ef196c714aeed8739f77ac6e56430dba35/
|
||||
* https://bazaar.abuse.ch/sample/85d535a2051a60c54a1f2f43ce8854f51a784e87a7a9a5a337567fe3296d81a6/
|
||||
* https://bazaar.abuse.ch/sample/957b7f7039ef6b3c84f374b6b602466cb196e50e477a37e012423b7a9d72aa7f/
|
||||
* https://bazaar.abuse.ch/sample/9936eb6847619d6282a4fd83722250b8a760c5431a2ee3a36fc3453565551dde/
|
||||
* https://bazaar.abuse.ch/sample/75827be0c600f93d0d23d4b8239f56eb8c7dc4ab6064ad0b79e6695157816988/
|
||||
* https://bazaar.abuse.ch/sample/632532e4c584dbacddc365e46d2ce8b219f1f6433ac8dc6d51dc7a29a1a36d35/
|
||||
* https://bazaar.abuse.ch/sample/4502918b2eb7a7ff6bc77a2d9878fae3b2389f30124d224ba92958ab13fdf39c/
|
||||
* https://bazaar.abuse.ch/sample/7796075f1ef6325830eed5369b7e5930ca514b6f32d304d51434873fcb5031e0/
|
||||
* https://bazaar.abuse.ch/sample/988177454fe3a5ba8fcdf7f3124e2c56f312b776542d3763540c254df6fe6f76/
|
||||
* https://bazaar.abuse.ch/sample/a5ea92139f59d185548e8f48d1ce65cbf54bf1e3e1930de221091017fd1d4f0a/
|
||||
* https://bazaar.abuse.ch/sample/aa4d5569f00d3fed84a25b4a1adcf28e55150e01cd5917082fa9569f774b984e/
|
||||
* https://bazaar.abuse.ch/sample/bb426461ef70ffd601cb64a687c62edda066b99a79e49d880918300da5eb6548/
|
||||
* https://bazaar.abuse.ch/sample/f4c605914a24351de6ab094e1d87d5a26d5bdaf1fbb5660095e6a4c70ca1b079/
|
||||
* https://pastebin.com/raw/8Af7kn8G
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tria.ge/220420-vbksmaegcr
|
||||
|
@ -177,6 +192,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://twitter.com/JAMESWT_MHT/status/1639161112405975042
|
||||
* https://twitter.com/JAMESWT_MHT/status/1641002609765916672
|
||||
* https://twitter.com/luc4m/status/1555095048122949632
|
||||
* https://twitter.com/reecdeep/status/1414873034234679296
|
||||
* https://twitter.com/reecdeep/status/1414878988103790593
|
||||
* https://twitter.com/reecdeep/status/1572167734678654977
|
||||
* https://twitter.com/reecdeep/status/1600087607303471105
|
||||
* https://twitter.com/reecdeep/status/1610934654726463489
|
||||
|
@ -199,6 +216,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://twitter.com/VirITeXplorer/status/1595347501032382464
|
||||
* https://www.bridewell.com/insights/news/detail/hunting-for-ursnif
|
||||
* https://www.malware-traffic-analysis.net/2023/02/03/index.html
|
||||
* https://www.virustotal.com/gui/file/dd8e986f297e66ba273d74617424abd12b38cfd242ee5e4fab670d052c6c2e69/behavior
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -9,14 +9,18 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
The following _campaigns_ are known and can be associated with IcedID:
|
||||
|
||||
* Cobalt Strike
|
||||
* Nokoyawa
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with IcedID:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -24,30 +28,298 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.61.46.161](https://vuldb.com/?ip.5.61.46.161) | - | - | High
|
||||
2 | [5.149.252.179](https://vuldb.com/?ip.5.149.252.179) | hnh7.arenal.xyz | - | High
|
||||
3 | [31.24.224.12](https://vuldb.com/?ip.31.24.224.12) | 1f18e00c.setaptr.net | - | High
|
||||
4 | [31.24.228.170](https://vuldb.com/?ip.31.24.228.170) | 31.24.228.170.static.midphase.com | - | High
|
||||
5 | [31.184.199.11](https://vuldb.com/?ip.31.184.199.11) | dalesmanager.com | - | High
|
||||
6 | [37.120.222.100](https://vuldb.com/?ip.37.120.222.100) | - | - | High
|
||||
7 | [37.252.11.221](https://vuldb.com/?ip.37.252.11.221) | - | - | High
|
||||
8 | [45.129.99.241](https://vuldb.com/?ip.45.129.99.241) | 354851-vds-mamozw.gmhost.pp.ua | - | High
|
||||
9 | [45.138.172.179](https://vuldb.com/?ip.45.138.172.179) | - | - | High
|
||||
10 | [45.147.228.198](https://vuldb.com/?ip.45.147.228.198) | - | - | High
|
||||
11 | [45.147.230.82](https://vuldb.com/?ip.45.147.230.82) | - | - | High
|
||||
12 | [45.147.230.88](https://vuldb.com/?ip.45.147.230.88) | mailnode7.bulletproof-mail.biz | - | High
|
||||
13 | [45.147.231.113](https://vuldb.com/?ip.45.147.231.113) | - | - | High
|
||||
14 | [45.153.240.135](https://vuldb.com/?ip.45.153.240.135) | - | - | High
|
||||
15 | [45.153.241.115](https://vuldb.com/?ip.45.153.241.115) | - | - | High
|
||||
16 | [46.17.98.191](https://vuldb.com/?ip.46.17.98.191) | - | - | High
|
||||
17 | [46.249.62.199](https://vuldb.com/?ip.46.249.62.199) | - | - | High
|
||||
18 | [51.195.169.87](https://vuldb.com/?ip.51.195.169.87) | ip87.ip-51-195-169.eu | - | High
|
||||
19 | [79.141.161.176](https://vuldb.com/?ip.79.141.161.176) | zzs7bp73.copycomdigital.com | - | High
|
||||
20 | [79.141.164.241](https://vuldb.com/?ip.79.141.164.241) | x6ts.mtsgamingpro.fun | - | High
|
||||
21 | [79.141.166.39](https://vuldb.com/?ip.79.141.166.39) | webimpa.com | - | High
|
||||
22 | ... | ... | ... | ...
|
||||
1 | [5.2.65.217](https://vuldb.com/?ip.5.2.65.217) | - | - | High
|
||||
2 | [5.2.67.119](https://vuldb.com/?ip.5.2.67.119) | - | - | High
|
||||
3 | [5.2.70.56](https://vuldb.com/?ip.5.2.70.56) | - | - | High
|
||||
4 | [5.2.70.89](https://vuldb.com/?ip.5.2.70.89) | - | - | High
|
||||
5 | [5.2.74.83](https://vuldb.com/?ip.5.2.74.83) | - | - | High
|
||||
6 | [5.2.75.126](https://vuldb.com/?ip.5.2.75.126) | - | - | High
|
||||
7 | [5.2.75.189](https://vuldb.com/?ip.5.2.75.189) | - | - | High
|
||||
8 | [5.2.76.156](https://vuldb.com/?ip.5.2.76.156) | - | - | High
|
||||
9 | [5.2.77.232](https://vuldb.com/?ip.5.2.77.232) | - | - | High
|
||||
10 | [5.2.78.150](https://vuldb.com/?ip.5.2.78.150) | - | - | High
|
||||
11 | [5.2.79.7](https://vuldb.com/?ip.5.2.79.7) | - | - | High
|
||||
12 | [5.2.79.218](https://vuldb.com/?ip.5.2.79.218) | - | - | High
|
||||
13 | [5.34.180.162](https://vuldb.com/?ip.5.34.180.162) | - | - | High
|
||||
14 | [5.34.181.34](https://vuldb.com/?ip.5.34.181.34) | vds-842965.hosted-by-itldc.com | - | High
|
||||
15 | [5.34.181.44](https://vuldb.com/?ip.5.34.181.44) | vds-950771.hosted-by-itldc.com | - | High
|
||||
16 | [5.39.63.101](https://vuldb.com/?ip.5.39.63.101) | - | - | High
|
||||
17 | [5.39.63.102](https://vuldb.com/?ip.5.39.63.102) | - | - | High
|
||||
18 | [5.39.222.193](https://vuldb.com/?ip.5.39.222.193) | - | - | High
|
||||
19 | [5.39.223.131](https://vuldb.com/?ip.5.39.223.131) | - | - | High
|
||||
20 | [5.39.223.134](https://vuldb.com/?ip.5.39.223.134) | - | - | High
|
||||
21 | [5.61.32.172](https://vuldb.com/?ip.5.61.32.172) | - | - | High
|
||||
22 | [5.61.34.133](https://vuldb.com/?ip.5.61.34.133) | mta3.mailup.ru | - | High
|
||||
23 | [5.61.34.153](https://vuldb.com/?ip.5.61.34.153) | - | - | High
|
||||
24 | [5.61.36.120](https://vuldb.com/?ip.5.61.36.120) | - | - | High
|
||||
25 | [5.61.36.180](https://vuldb.com/?ip.5.61.36.180) | - | - | High
|
||||
26 | [5.61.37.89](https://vuldb.com/?ip.5.61.37.89) | mailer.ampm.casino | - | High
|
||||
27 | [5.61.37.224](https://vuldb.com/?ip.5.61.37.224) | - | - | High
|
||||
28 | [5.61.40.78](https://vuldb.com/?ip.5.61.40.78) | - | - | High
|
||||
29 | [5.61.42.115](https://vuldb.com/?ip.5.61.42.115) | 0.0.0.0 | - | High
|
||||
30 | [5.61.42.123](https://vuldb.com/?ip.5.61.42.123) | stirok.ru | - | High
|
||||
31 | [5.61.42.128](https://vuldb.com/?ip.5.61.42.128) | - | - | High
|
||||
32 | [5.61.43.172](https://vuldb.com/?ip.5.61.43.172) | - | - | High
|
||||
33 | [5.61.43.191](https://vuldb.com/?ip.5.61.43.191) | b3.bareandblushy.com | - | High
|
||||
34 | [5.61.44.146](https://vuldb.com/?ip.5.61.44.146) | - | - | High
|
||||
35 | [5.61.44.218](https://vuldb.com/?ip.5.61.44.218) | - | - | High
|
||||
36 | [5.61.44.234](https://vuldb.com/?ip.5.61.44.234) | - | - | High
|
||||
37 | [5.61.45.179](https://vuldb.com/?ip.5.61.45.179) | - | - | High
|
||||
38 | [5.61.46.161](https://vuldb.com/?ip.5.61.46.161) | - | - | High
|
||||
39 | [5.61.46.164](https://vuldb.com/?ip.5.61.46.164) | - | - | High
|
||||
40 | [5.135.255.246](https://vuldb.com/?ip.5.135.255.246) | - | - | High
|
||||
41 | [5.144.132.47](https://vuldb.com/?ip.5.144.132.47) | 47-132-144-5.static.hostiran.name | - | High
|
||||
42 | [5.149.252.179](https://vuldb.com/?ip.5.149.252.179) | hnh7.arenal.xyz | - | High
|
||||
43 | [5.181.27.192](https://vuldb.com/?ip.5.181.27.192) | gcl-lon.com | - | High
|
||||
44 | [5.181.80.213](https://vuldb.com/?ip.5.181.80.213) | ip-80-213-bullethost.net | - | High
|
||||
45 | [5.181.80.215](https://vuldb.com/?ip.5.181.80.215) | anelpones.xyz | - | High
|
||||
46 | [5.181.80.218](https://vuldb.com/?ip.5.181.80.218) | ip-80-218-bullethost.net | - | High
|
||||
47 | [5.188.0.52](https://vuldb.com/?ip.5.188.0.52) | saycain.example.com | - | High
|
||||
48 | [5.188.93.137](https://vuldb.com/?ip.5.188.93.137) | free.ds | - | High
|
||||
49 | [5.196.103.145](https://vuldb.com/?ip.5.196.103.145) | - | - | High
|
||||
50 | [5.196.196.251](https://vuldb.com/?ip.5.196.196.251) | - | - | High
|
||||
51 | [5.196.196.252](https://vuldb.com/?ip.5.196.196.252) | - | - | High
|
||||
52 | [5.199.162.56](https://vuldb.com/?ip.5.199.162.56) | - | - | High
|
||||
53 | [5.199.162.81](https://vuldb.com/?ip.5.199.162.81) | - | - | High
|
||||
54 | [5.199.162.123](https://vuldb.com/?ip.5.199.162.123) | - | - | High
|
||||
55 | [5.199.162.162](https://vuldb.com/?ip.5.199.162.162) | - | - | High
|
||||
56 | [5.199.162.166](https://vuldb.com/?ip.5.199.162.166) | - | - | High
|
||||
57 | [5.199.162.174](https://vuldb.com/?ip.5.199.162.174) | - | - | High
|
||||
58 | [5.199.162.235](https://vuldb.com/?ip.5.199.162.235) | - | - | High
|
||||
59 | [5.199.168.14](https://vuldb.com/?ip.5.199.168.14) | - | - | High
|
||||
60 | [5.199.168.24](https://vuldb.com/?ip.5.199.168.24) | - | - | High
|
||||
61 | [5.199.168.34](https://vuldb.com/?ip.5.199.168.34) | - | - | High
|
||||
62 | [5.199.168.125](https://vuldb.com/?ip.5.199.168.125) | - | - | High
|
||||
63 | [5.199.168.213](https://vuldb.com/?ip.5.199.168.213) | - | - | High
|
||||
64 | [5.199.168.214](https://vuldb.com/?ip.5.199.168.214) | - | - | High
|
||||
65 | [5.199.168.255](https://vuldb.com/?ip.5.199.168.255) | - | - | High
|
||||
66 | [5.199.173.20](https://vuldb.com/?ip.5.199.173.20) | - | - | High
|
||||
67 | [5.199.173.24](https://vuldb.com/?ip.5.199.173.24) | - | - | High
|
||||
68 | [5.199.173.27](https://vuldb.com/?ip.5.199.173.27) | - | - | High
|
||||
69 | [5.199.173.29](https://vuldb.com/?ip.5.199.173.29) | - | - | High
|
||||
70 | [5.199.173.51](https://vuldb.com/?ip.5.199.173.51) | - | - | High
|
||||
71 | [5.199.173.107](https://vuldb.com/?ip.5.199.173.107) | - | - | High
|
||||
72 | [5.199.173.120](https://vuldb.com/?ip.5.199.173.120) | - | - | High
|
||||
73 | [5.199.173.141](https://vuldb.com/?ip.5.199.173.141) | - | - | High
|
||||
74 | [5.199.173.150](https://vuldb.com/?ip.5.199.173.150) | - | - | High
|
||||
75 | [5.199.173.162](https://vuldb.com/?ip.5.199.173.162) | - | - | High
|
||||
76 | [5.199.173.173](https://vuldb.com/?ip.5.199.173.173) | - | - | High
|
||||
77 | [5.199.173.210](https://vuldb.com/?ip.5.199.173.210) | - | - | High
|
||||
78 | [5.199.173.217](https://vuldb.com/?ip.5.199.173.217) | - | - | High
|
||||
79 | [5.199.173.233](https://vuldb.com/?ip.5.199.173.233) | - | - | High
|
||||
80 | [5.199.173.234](https://vuldb.com/?ip.5.199.173.234) | - | - | High
|
||||
81 | [5.199.174.189](https://vuldb.com/?ip.5.199.174.189) | - | - | High
|
||||
82 | [5.199.174.232](https://vuldb.com/?ip.5.199.174.232) | - | - | High
|
||||
83 | [5.199.174.234](https://vuldb.com/?ip.5.199.174.234) | - | - | High
|
||||
84 | [5.206.224.50](https://vuldb.com/?ip.5.206.224.50) | ko.pro | - | High
|
||||
85 | [5.206.224.239](https://vuldb.com/?ip.5.206.224.239) | aqualisbra.com | - | High
|
||||
86 | [5.206.227.5](https://vuldb.com/?ip.5.206.227.5) | jiojoip.com | - | High
|
||||
87 | [5.230.57.30](https://vuldb.com/?ip.5.230.57.30) | - | - | High
|
||||
88 | [5.230.57.194](https://vuldb.com/?ip.5.230.57.194) | - | - | High
|
||||
89 | [5.230.66.157](https://vuldb.com/?ip.5.230.66.157) | - | - | High
|
||||
90 | [5.230.67.128](https://vuldb.com/?ip.5.230.67.128) | placeholder.noezserver.de | - | High
|
||||
91 | [5.230.67.227](https://vuldb.com/?ip.5.230.67.227) | placeholder.noezserver.de | - | High
|
||||
92 | [5.230.68.22](https://vuldb.com/?ip.5.230.68.22) | pleasantly.autocraftz.biz | - | High
|
||||
93 | [5.230.68.48](https://vuldb.com/?ip.5.230.68.48) | ounahiskills.co.uk | - | High
|
||||
94 | [5.230.68.66](https://vuldb.com/?ip.5.230.68.66) | fracturedprunesurfcitync.com | - | High
|
||||
95 | [5.230.68.163](https://vuldb.com/?ip.5.230.68.163) | placeholder.noezserver.de | - | High
|
||||
96 | [5.230.70.43](https://vuldb.com/?ip.5.230.70.43) | placeholder.noezserver.de | - | High
|
||||
97 | [5.230.70.57](https://vuldb.com/?ip.5.230.70.57) | placeholder.noezserver.de | - | High
|
||||
98 | [5.230.70.135](https://vuldb.com/?ip.5.230.70.135) | placeholder.noezserver.de | - | High
|
||||
99 | [5.230.70.140](https://vuldb.com/?ip.5.230.70.140) | placeholder.noezserver.de | - | High
|
||||
100 | [5.230.70.146](https://vuldb.com/?ip.5.230.70.146) | placeholder.noezserver.de | - | High
|
||||
101 | [5.230.71.72](https://vuldb.com/?ip.5.230.71.72) | placeholder.noezserver.de | - | High
|
||||
102 | [5.230.72.37](https://vuldb.com/?ip.5.230.72.37) | placeholder.noezserver.de | - | High
|
||||
103 | [5.230.72.131](https://vuldb.com/?ip.5.230.72.131) | placeholder.noezserver.de | - | High
|
||||
104 | [5.230.72.158](https://vuldb.com/?ip.5.230.72.158) | placeholder.noezserver.de | - | High
|
||||
105 | [5.230.73.61](https://vuldb.com/?ip.5.230.73.61) | placeholder.noezserver.de | - | High
|
||||
106 | [5.230.73.139](https://vuldb.com/?ip.5.230.73.139) | - | - | High
|
||||
107 | [5.230.73.157](https://vuldb.com/?ip.5.230.73.157) | - | - | High
|
||||
108 | [5.230.73.172](https://vuldb.com/?ip.5.230.73.172) | - | - | High
|
||||
109 | [5.230.73.200](https://vuldb.com/?ip.5.230.73.200) | placeholder.noezserver.de | - | High
|
||||
110 | [5.230.73.244](https://vuldb.com/?ip.5.230.73.244) | placeholder.noezserver.de | - | High
|
||||
111 | [5.230.74.71](https://vuldb.com/?ip.5.230.74.71) | - | - | High
|
||||
112 | [5.230.74.153](https://vuldb.com/?ip.5.230.74.153) | placeholder.noezserver.de | - | High
|
||||
113 | [5.230.74.202](https://vuldb.com/?ip.5.230.74.202) | - | - | High
|
||||
114 | [5.230.74.203](https://vuldb.com/?ip.5.230.74.203) | - | - | High
|
||||
115 | [5.230.74.223](https://vuldb.com/?ip.5.230.74.223) | placeholder.noezserver.de | - | High
|
||||
116 | [5.230.74.242](https://vuldb.com/?ip.5.230.74.242) | - | - | High
|
||||
117 | [5.230.75.11](https://vuldb.com/?ip.5.230.75.11) | - | - | High
|
||||
118 | [5.230.75.134](https://vuldb.com/?ip.5.230.75.134) | placeholder.noezserver.de | - | High
|
||||
119 | [5.230.75.188](https://vuldb.com/?ip.5.230.75.188) | - | - | High
|
||||
120 | [5.230.75.247](https://vuldb.com/?ip.5.230.75.247) | ma247.manidatravel.com | - | High
|
||||
121 | [5.230.76.44](https://vuldb.com/?ip.5.230.76.44) | - | - | High
|
||||
122 | [5.230.76.198](https://vuldb.com/?ip.5.230.76.198) | - | - | High
|
||||
123 | [5.230.78.208](https://vuldb.com/?ip.5.230.78.208) | - | - | High
|
||||
124 | [5.252.23.141](https://vuldb.com/?ip.5.252.23.141) | mail.exclusive-meetingg.com | - | High
|
||||
125 | [5.252.177.10](https://vuldb.com/?ip.5.252.177.10) | no-rdns.mivocloud.com | - | High
|
||||
126 | [5.252.177.13](https://vuldb.com/?ip.5.252.177.13) | no-rdns.mivocloud.com | - | High
|
||||
127 | [5.252.177.59](https://vuldb.com/?ip.5.252.177.59) | no-rdns.mivocloud.com | - | High
|
||||
128 | [5.252.177.65](https://vuldb.com/?ip.5.252.177.65) | no-rdns.mivocloud.com | - | High
|
||||
129 | [5.252.177.103](https://vuldb.com/?ip.5.252.177.103) | no-rdns.mivocloud.com | - | High
|
||||
130 | [5.252.177.106](https://vuldb.com/?ip.5.252.177.106) | bestsevenreviews.com | - | High
|
||||
131 | [5.252.177.107](https://vuldb.com/?ip.5.252.177.107) | no-rdns.mivocloud.com | - | High
|
||||
132 | [5.252.177.233](https://vuldb.com/?ip.5.252.177.233) | 5-252-177-233.mivocloud.com | - | High
|
||||
133 | [5.252.178.142](https://vuldb.com/?ip.5.252.178.142) | no-rdns.mivocloud.com | - | High
|
||||
134 | [5.255.98.126](https://vuldb.com/?ip.5.255.98.126) | - | - | High
|
||||
135 | [5.255.99.51](https://vuldb.com/?ip.5.255.99.51) | - | - | High
|
||||
136 | [5.255.99.108](https://vuldb.com/?ip.5.255.99.108) | - | - | High
|
||||
137 | [5.255.100.8](https://vuldb.com/?ip.5.255.100.8) | - | - | High
|
||||
138 | [5.255.100.32](https://vuldb.com/?ip.5.255.100.32) | - | - | High
|
||||
139 | [5.255.100.55](https://vuldb.com/?ip.5.255.100.55) | - | - | High
|
||||
140 | [5.255.100.65](https://vuldb.com/?ip.5.255.100.65) | - | - | High
|
||||
141 | [5.255.100.207](https://vuldb.com/?ip.5.255.100.207) | chronostech.io | - | High
|
||||
142 | [5.255.100.250](https://vuldb.com/?ip.5.255.100.250) | - | - | High
|
||||
143 | [5.255.101.31](https://vuldb.com/?ip.5.255.101.31) | - | - | High
|
||||
144 | [5.255.101.68](https://vuldb.com/?ip.5.255.101.68) | - | - | High
|
||||
145 | [5.255.102.88](https://vuldb.com/?ip.5.255.102.88) | - | - | High
|
||||
146 | [5.255.102.167](https://vuldb.com/?ip.5.255.102.167) | - | - | High
|
||||
147 | [5.255.103.75](https://vuldb.com/?ip.5.255.103.75) | - | - | High
|
||||
148 | [5.255.103.108](https://vuldb.com/?ip.5.255.103.108) | - | - | High
|
||||
149 | [5.255.103.144](https://vuldb.com/?ip.5.255.103.144) | - | - | High
|
||||
150 | [5.255.103.245](https://vuldb.com/?ip.5.255.103.245) | - | - | High
|
||||
151 | [5.255.104.11](https://vuldb.com/?ip.5.255.104.11) | - | - | High
|
||||
152 | [5.255.104.22](https://vuldb.com/?ip.5.255.104.22) | - | - | High
|
||||
153 | [5.255.104.45](https://vuldb.com/?ip.5.255.104.45) | - | - | High
|
||||
154 | [5.255.104.52](https://vuldb.com/?ip.5.255.104.52) | - | - | High
|
||||
155 | [5.255.104.93](https://vuldb.com/?ip.5.255.104.93) | - | - | High
|
||||
156 | [5.255.104.97](https://vuldb.com/?ip.5.255.104.97) | - | - | High
|
||||
157 | [5.255.104.113](https://vuldb.com/?ip.5.255.104.113) | - | - | High
|
||||
158 | [5.255.104.120](https://vuldb.com/?ip.5.255.104.120) | - | - | High
|
||||
159 | [5.255.104.130](https://vuldb.com/?ip.5.255.104.130) | - | - | High
|
||||
160 | [5.255.104.143](https://vuldb.com/?ip.5.255.104.143) | - | - | High
|
||||
161 | [5.255.104.145](https://vuldb.com/?ip.5.255.104.145) | - | - | High
|
||||
162 | [5.255.104.153](https://vuldb.com/?ip.5.255.104.153) | - | - | High
|
||||
163 | [5.255.104.184](https://vuldb.com/?ip.5.255.104.184) | - | - | High
|
||||
164 | [5.255.104.220](https://vuldb.com/?ip.5.255.104.220) | - | - | High
|
||||
165 | [5.255.104.233](https://vuldb.com/?ip.5.255.104.233) | - | - | High
|
||||
166 | [5.255.105.55](https://vuldb.com/?ip.5.255.105.55) | - | - | High
|
||||
167 | [5.255.105.239](https://vuldb.com/?ip.5.255.105.239) | - | - | High
|
||||
168 | [5.255.106.72](https://vuldb.com/?ip.5.255.106.72) | - | - | High
|
||||
169 | [5.255.106.78](https://vuldb.com/?ip.5.255.106.78) | smtp.gespollas.com | - | High
|
||||
170 | [5.255.106.136](https://vuldb.com/?ip.5.255.106.136) | - | - | High
|
||||
171 | [5.255.106.240](https://vuldb.com/?ip.5.255.106.240) | - | - | High
|
||||
172 | [5.255.107.149](https://vuldb.com/?ip.5.255.107.149) | - | - | High
|
||||
173 | [5.255.109.46](https://vuldb.com/?ip.5.255.109.46) | - | - | High
|
||||
174 | [5.255.109.175](https://vuldb.com/?ip.5.255.109.175) | - | - | High
|
||||
175 | [5.255.110.177](https://vuldb.com/?ip.5.255.110.177) | - | - | High
|
||||
176 | [5.255.111.220](https://vuldb.com/?ip.5.255.111.220) | - | - | High
|
||||
177 | [5.255.113.157](https://vuldb.com/?ip.5.255.113.157) | - | - | High
|
||||
178 | [5.255.119.21](https://vuldb.com/?ip.5.255.119.21) | - | - | High
|
||||
179 | [5.255.120.33](https://vuldb.com/?ip.5.255.120.33) | - | - | High
|
||||
180 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
181 | [8.39.147.62](https://vuldb.com/?ip.8.39.147.62) | vyc1.achlycole.org.uk | - | High
|
||||
182 | [23.82.128.186](https://vuldb.com/?ip.23.82.128.186) | - | - | High
|
||||
183 | [23.82.128.215](https://vuldb.com/?ip.23.82.128.215) | - | - | High
|
||||
184 | [23.88.35.240](https://vuldb.com/?ip.23.88.35.240) | static.240.35.88.23.clients.your-server.de | - | High
|
||||
185 | [23.106.124.26](https://vuldb.com/?ip.23.106.124.26) | - | - | High
|
||||
186 | [23.106.124.168](https://vuldb.com/?ip.23.106.124.168) | - | - | High
|
||||
187 | [23.106.124.181](https://vuldb.com/?ip.23.106.124.181) | - | - | High
|
||||
188 | [23.106.215.93](https://vuldb.com/?ip.23.106.215.93) | - | - | High
|
||||
189 | [23.160.193.140](https://vuldb.com/?ip.23.160.193.140) | unknown.ip-xfer.net | - | High
|
||||
190 | [23.227.202.165](https://vuldb.com/?ip.23.227.202.165) | 23-227-202-165.static.hvvc.us | - | High
|
||||
191 | [23.227.203.131](https://vuldb.com/?ip.23.227.203.131) | 23-227-203-131.static.hvvc.us | - | High
|
||||
192 | [23.227.206.161](https://vuldb.com/?ip.23.227.206.161) | 23-227-206-161.static.hvvc.us | - | High
|
||||
193 | [23.227.206.195](https://vuldb.com/?ip.23.227.206.195) | 23-227-206-195.static.hvvc.us | - | High
|
||||
194 | [23.254.202.234](https://vuldb.com/?ip.23.254.202.234) | hwsrv-1055605.hostwindsdns.com | - | High
|
||||
195 | [23.254.211.137](https://vuldb.com/?ip.23.254.211.137) | hwsrv-1045976.hostwindsdns.com | - | High
|
||||
196 | [23.254.224.115](https://vuldb.com/?ip.23.254.224.115) | hwsrv-1031288.hostwindsdns.com | - | High
|
||||
197 | [23.254.224.148](https://vuldb.com/?ip.23.254.224.148) | client-23-254-224-148.hostwindsdns.com | - | High
|
||||
198 | [23.254.226.152](https://vuldb.com/?ip.23.254.226.152) | hwsrv-1069457.hostwindsdns.com | - | High
|
||||
199 | [23.254.229.208](https://vuldb.com/?ip.23.254.229.208) | hwsrv-1015537.hostwindsdns.com | - | High
|
||||
200 | [23.254.253.106](https://vuldb.com/?ip.23.254.253.106) | WIN-KP9WSUDC4N.com | - | High
|
||||
201 | [31.13.195.119](https://vuldb.com/?ip.31.13.195.119) | sm.cfconsult.net | - | High
|
||||
202 | [31.13.195.127](https://vuldb.com/?ip.31.13.195.127) | - | - | High
|
||||
203 | [31.24.224.12](https://vuldb.com/?ip.31.24.224.12) | 1f18e00c.setaptr.net | - | High
|
||||
204 | [31.24.228.170](https://vuldb.com/?ip.31.24.228.170) | 31.24.228.170.static.midphase.com | - | High
|
||||
205 | [31.184.199.11](https://vuldb.com/?ip.31.184.199.11) | dalesmanager.com | - | High
|
||||
206 | [37.1.192.40](https://vuldb.com/?ip.37.1.192.40) | - | - | High
|
||||
207 | [37.1.193.136](https://vuldb.com/?ip.37.1.193.136) | webcomdition.com | - | High
|
||||
208 | [37.1.195.84](https://vuldb.com/?ip.37.1.195.84) | - | - | High
|
||||
209 | [37.1.195.238](https://vuldb.com/?ip.37.1.195.238) | autoreflash.com | - | High
|
||||
210 | [37.1.205.217](https://vuldb.com/?ip.37.1.205.217) | - | - | High
|
||||
211 | [37.1.208.48](https://vuldb.com/?ip.37.1.208.48) | reveltip.com | - | High
|
||||
212 | [37.1.213.234](https://vuldb.com/?ip.37.1.213.234) | - | - | High
|
||||
213 | [37.1.221.209](https://vuldb.com/?ip.37.1.221.209) | - | - | High
|
||||
214 | [37.46.129.17](https://vuldb.com/?ip.37.46.129.17) | info50.fvds.ru | - | High
|
||||
215 | [37.61.229.95](https://vuldb.com/?ip.37.61.229.95) | zeno.igorclark.net | - | High
|
||||
216 | [37.120.222.100](https://vuldb.com/?ip.37.120.222.100) | - | - | High
|
||||
217 | [37.221.115.12](https://vuldb.com/?ip.37.221.115.12) | - | - | High
|
||||
218 | [37.235.55.75](https://vuldb.com/?ip.37.235.55.75) | 75.55.235.37.in-addr.arpa | - | High
|
||||
219 | [37.235.55.103](https://vuldb.com/?ip.37.235.55.103) | 103.55.235.37.in-addr.arpa | - | High
|
||||
220 | [37.235.56.30](https://vuldb.com/?ip.37.235.56.30) | 30.56.235.37.in-addr.arpa | - | High
|
||||
221 | [37.235.56.37](https://vuldb.com/?ip.37.235.56.37) | 37.56.235.37.in-addr.arpa | - | High
|
||||
222 | [37.235.56.94](https://vuldb.com/?ip.37.235.56.94) | 94.56.235.37.in-addr.arpa | - | High
|
||||
223 | [37.235.56.185](https://vuldb.com/?ip.37.235.56.185) | 185.56.235.37.in-addr.arpa | - | High
|
||||
224 | [37.252.5.228](https://vuldb.com/?ip.37.252.5.228) | - | - | High
|
||||
225 | [37.252.6.77](https://vuldb.com/?ip.37.252.6.77) | - | - | High
|
||||
226 | [37.252.10.231](https://vuldb.com/?ip.37.252.10.231) | - | - | High
|
||||
227 | [37.252.11.170](https://vuldb.com/?ip.37.252.11.170) | - | - | High
|
||||
228 | [37.252.11.221](https://vuldb.com/?ip.37.252.11.221) | - | - | High
|
||||
229 | [38.180.0.89](https://vuldb.com/?ip.38.180.0.89) | - | - | High
|
||||
230 | [38.180.8.107](https://vuldb.com/?ip.38.180.8.107) | - | - | High
|
||||
231 | [38.180.8.169](https://vuldb.com/?ip.38.180.8.169) | - | - | High
|
||||
232 | [45.11.19.121](https://vuldb.com/?ip.45.11.19.121) | - | - | High
|
||||
233 | [45.11.19.168](https://vuldb.com/?ip.45.11.19.168) | - | - | High
|
||||
234 | [45.12.109.136](https://vuldb.com/?ip.45.12.109.136) | kemp.strongwallsys.com | - | High
|
||||
235 | [45.12.109.195](https://vuldb.com/?ip.45.12.109.195) | ryan.earthbroadcasting.com | - | High
|
||||
236 | [45.12.109.221](https://vuldb.com/?ip.45.12.109.221) | weaver.earthbroadcasting.com | - | High
|
||||
237 | [45.12.139.90](https://vuldb.com/?ip.45.12.139.90) | - | - | High
|
||||
238 | [45.15.161.254](https://vuldb.com/?ip.45.15.161.254) | - | - | High
|
||||
239 | [45.41.204.5](https://vuldb.com/?ip.45.41.204.5) | fastshipus.xyz | - | High
|
||||
240 | [45.55.42.13](https://vuldb.com/?ip.45.55.42.13) | - | - | High
|
||||
241 | [45.55.53.206](https://vuldb.com/?ip.45.55.53.206) | - | - | High
|
||||
242 | [45.55.56.244](https://vuldb.com/?ip.45.55.56.244) | - | - | High
|
||||
243 | [45.61.136.6](https://vuldb.com/?ip.45.61.136.6) | - | - | High
|
||||
244 | [45.61.136.193](https://vuldb.com/?ip.45.61.136.193) | - | - | High
|
||||
245 | [45.61.137.159](https://vuldb.com/?ip.45.61.137.159) | - | - | High
|
||||
246 | [45.61.137.220](https://vuldb.com/?ip.45.61.137.220) | svenska.re | - | High
|
||||
247 | [45.61.138.171](https://vuldb.com/?ip.45.61.138.171) | - | - | High
|
||||
248 | [45.61.138.175](https://vuldb.com/?ip.45.61.138.175) | - | - | High
|
||||
249 | [45.61.138.181](https://vuldb.com/?ip.45.61.138.181) | - | - | High
|
||||
250 | [45.61.138.227](https://vuldb.com/?ip.45.61.138.227) | - | - | High
|
||||
251 | [45.61.139.138](https://vuldb.com/?ip.45.61.139.138) | - | - | High
|
||||
252 | [45.61.139.144](https://vuldb.com/?ip.45.61.139.144) | - | - | High
|
||||
253 | [45.61.139.179](https://vuldb.com/?ip.45.61.139.179) | - | - | High
|
||||
254 | [45.61.139.235](https://vuldb.com/?ip.45.61.139.235) | - | - | High
|
||||
255 | [45.61.139.243](https://vuldb.com/?ip.45.61.139.243) | - | - | High
|
||||
256 | [45.66.248.7](https://vuldb.com/?ip.45.66.248.7) | mta0.burjeela.gq | - | High
|
||||
257 | [45.66.248.37](https://vuldb.com/?ip.45.66.248.37) | mta0.quarrantinereport-center.gq | - | High
|
||||
258 | [45.66.248.69](https://vuldb.com/?ip.45.66.248.69) | outbound5.imaille.com | - | High
|
||||
259 | [45.66.248.71](https://vuldb.com/?ip.45.66.248.71) | - | - | High
|
||||
260 | [45.66.248.79](https://vuldb.com/?ip.45.66.248.79) | mta0.coldspikes.autos | - | High
|
||||
261 | [45.66.248.119](https://vuldb.com/?ip.45.66.248.119) | finixdeal.com | Nokoyawa | High
|
||||
262 | [45.66.248.148](https://vuldb.com/?ip.45.66.248.148) | QuanTs.defaultproduct.com | - | High
|
||||
263 | [45.66.248.244](https://vuldb.com/?ip.45.66.248.244) | mta0.axminster-carpets.cf | - | High
|
||||
264 | [45.66.249.26](https://vuldb.com/?ip.45.66.249.26) | 8axj5rsx1e.marketingforbreweries.com | - | High
|
||||
265 | [45.66.249.221](https://vuldb.com/?ip.45.66.249.221) | mta0.lizengeneering.com | - | High
|
||||
266 | [45.67.231.235](https://vuldb.com/?ip.45.67.231.235) | am-tun2.warwish.pro | - | High
|
||||
267 | [45.82.247.87](https://vuldb.com/?ip.45.82.247.87) | - | - | High
|
||||
268 | [45.82.247.121](https://vuldb.com/?ip.45.82.247.121) | - | - | High
|
||||
269 | [45.82.247.148](https://vuldb.com/?ip.45.82.247.148) | prostatehealth.click | - | High
|
||||
270 | [45.82.251.34](https://vuldb.com/?ip.45.82.251.34) | - | - | High
|
||||
271 | [45.82.251.36](https://vuldb.com/?ip.45.82.251.36) | - | - | High
|
||||
272 | [45.82.251.44](https://vuldb.com/?ip.45.82.251.44) | - | - | High
|
||||
273 | [45.86.229.46](https://vuldb.com/?ip.45.86.229.46) | - | - | High
|
||||
274 | [45.86.229.94](https://vuldb.com/?ip.45.86.229.94) | - | - | High
|
||||
275 | [45.86.229.105](https://vuldb.com/?ip.45.86.229.105) | 1lf7cf33e.northernstarmarketing.com | - | High
|
||||
276 | [45.86.229.180](https://vuldb.com/?ip.45.86.229.180) | - | - | High
|
||||
277 | [45.86.229.253](https://vuldb.com/?ip.45.86.229.253) | 32l.edUcated-352.insuranceforourfamily.com | - | High
|
||||
278 | [45.86.230.43](https://vuldb.com/?ip.45.86.230.43) | google.com | - | High
|
||||
279 | [45.86.230.141](https://vuldb.com/?ip.45.86.230.141) | mta0.ungho.cf | - | High
|
||||
280 | [45.86.230.149](https://vuldb.com/?ip.45.86.230.149) | - | - | High
|
||||
281 | [45.86.230.181](https://vuldb.com/?ip.45.86.230.181) | - | - | High
|
||||
282 | [45.86.231.210](https://vuldb.com/?ip.45.86.231.210) | - | - | High
|
||||
283 | [45.87.154.181](https://vuldb.com/?ip.45.87.154.181) | vm.solutions | - | High
|
||||
284 | [45.88.221.211](https://vuldb.com/?ip.45.88.221.211) | - | - | High
|
||||
285 | [45.89.98.138](https://vuldb.com/?ip.45.89.98.138) | ruiz.thegamersnet.com | - | High
|
||||
286 | [45.89.107.120](https://vuldb.com/?ip.45.89.107.120) | d120.lifedigitz.com | - | High
|
||||
287 | [45.92.162.84](https://vuldb.com/?ip.45.92.162.84) | butler.egnerarch.com | - | High
|
||||
288 | [45.92.163.123](https://vuldb.com/?ip.45.92.163.123) | vars-long-kks.currishfine.com | - | High
|
||||
289 | [45.92.163.233](https://vuldb.com/?ip.45.92.163.233) | landing-messy.samewaged.com | - | High
|
||||
290 | ... | ... | ... | ...
|
||||
|
||||
There are 83 more IOC items available. Please use our online service to access the data.
|
||||
There are 1154 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -55,12 +327,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -68,22 +342,65 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php?&m=Public&a=login` | High
|
||||
2 | File | `/api/` | Low
|
||||
3 | File | `/config/getuser` | High
|
||||
4 | File | `/management/api/rcx_management/global_config_query` | High
|
||||
5 | File | `/setSystemAdmin` | High
|
||||
6 | ... | ... | ...
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin.php/Admin/adminadd.html` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/admin/settings/save.php` | High
|
||||
7 | File | `/admin/userprofile.php` | High
|
||||
8 | File | `/api/` | Low
|
||||
9 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
10 | File | `/api/sys_username_passwd.cmd` | High
|
||||
11 | File | `/apply.cgi` | Medium
|
||||
12 | File | `/card_scan.php` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/College/admin/teacher.php` | High
|
||||
15 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
16 | File | `/cwc/login` | Medium
|
||||
17 | File | `/dcim/rack-roles/` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/etc/quagga` | Medium
|
||||
20 | File | `/forms/doLogin` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goform/addUserName` | High
|
||||
23 | File | `/goform/aspForm` | High
|
||||
24 | File | `/goform/delAd` | High
|
||||
25 | File | `/goform/wifiSSIDset` | High
|
||||
26 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
27 | File | `/h/calendar` | Medium
|
||||
28 | File | `/inc/topBarNav.php` | High
|
||||
29 | File | `/index.asp` | Medium
|
||||
30 | File | `/index.php` | Medium
|
||||
31 | File | `/jfinal_cms/system/role/list` | High
|
||||
32 | File | `/kelas/data` | Medium
|
||||
33 | File | `/management/api/rcx_management/global_config_query` | High
|
||||
34 | File | `/members/view_member.php` | High
|
||||
35 | File | `/mkshop/Men/profile.php` | High
|
||||
36 | File | `/Moosikay/order.php` | High
|
||||
37 | File | `/nova/bin/console` | High
|
||||
38 | File | `/nova/bin/detnet` | High
|
||||
39 | File | `/out.php` | Medium
|
||||
40 | File | `/owa/auth/logon.aspx` | High
|
||||
41 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 40 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 359 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://bazaar.abuse.ch/sample/38b742be48b426b5c89408092fb6ebdd93eefcb584b131abd9c7e3561641c3f1/
|
||||
* https://blog.malwarebytes.com/threat-analysis/2019/12/new-version-of-icedid-trojan-uses-steganographic-payloads/
|
||||
* https://blog.talosintelligence.com/2018/04/icedid-banking-trojan.html
|
||||
* https://cert.gov.ua/article/39609
|
||||
* https://gist.githubusercontent.com/myrtus0x0/0fb09259ac2b63e86200f844e1b90bb1/raw/dc6b5bafaa1ac0a50834a3d7ade19ff07eb6ddbd/IcedID_07_20_2021.txt
|
||||
* https://gist.githubusercontent.com/myrtus0x0/4bb17522271df974a6285b42214c4622/raw/e6d13ab2a0e4d789a0d19d693e9f5fc4828da553/IcedID_07_02_2021.txt
|
||||
* https://gist.githubusercontent.com/myrtus0x0/45231dd1cbb0c3673bce9a3995f19322/raw/b6d8ebfced321c338714b4e14d4271803d4fe098/IcedID_07_28_2021.txt
|
||||
* https://gist.githubusercontent.com/myrtus0x0/e8b191faa086c9b05e3978c3836fca51/raw/4550a14e8f883b81a10cbedf29782f75f138c414/IcedID_06_07_2021.txt
|
||||
* https://github.com/A-dd-Y/secops/blob/main/MalwareIOC/mwdb-icedid-c2.txt
|
||||
* https://isc.sans.edu/diary/28974
|
||||
* https://isc.sans.edu/diary/Google+ads+lead+to+fake+software+pages+pushing+IcedID+Bokbot/29344
|
||||
* https://isc.sans.edu/forums/diary/Analysis+from+March+2021+Traffic+Analysis+Quiz/27232/
|
||||
* https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
|
||||
|
@ -93,10 +410,27 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
|
||||
* https://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/
|
||||
* https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
|
||||
* https://raw.githubusercontent.com/pan-unit42/tweets/master/2021-03-24-IOCs-for-IcedID-infection-with-Cobalt-Strike.txt
|
||||
* https://raw.githubusercontent.com/pan-unit42/tweets/master/2022-08-29-IOCs-for-Monster-Libra-TA551-IcedID-with-Cobalt-Stike.txt
|
||||
* https://research.checkpoint.com/2021/melting-ice-tracking-icedid-servers-with-a-few-simple-steps/
|
||||
* https://sandnet.abuse.ch/report/5d9c2b17f30765462ff5e3eaa0931885/
|
||||
* https://thedfirreport.com/2021/07/19/icedid-and-cobalt-strike-vs-antivirus/
|
||||
* https://thedfirreport.com/2021/10/18/icedid-to-xinglocker-ransomware-in-24-hours/
|
||||
* https://thedfirreport.com/2023/05/22/icedid-macro-ends-in-nokoyawa-ransomware/
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tria.ge/220106-tlm53abdc7
|
||||
* https://tria.ge/220112-fqpb2abca2
|
||||
* https://tria.ge/220222-31shrsfdg2
|
||||
* https://tria.ge/220224-svsw8seebr
|
||||
* https://twitter.com/1ZRR4H/status/1441951333347729409
|
||||
* https://twitter.com/Kostastsale/status/1615733462388047872
|
||||
* https://twitter.com/malware_traffic/status/1577779933895659520
|
||||
* https://twitter.com/teamcymru_S2/status/1576997553169522689
|
||||
* https://twitter.com/TheDFIRReport/status/1376496307888611333
|
||||
* https://www.cyber45.com
|
||||
* https://www.cybereason.com/blog/cybereason-vs.-quantum-locker-ransomware
|
||||
* https://www.fortinet.com/blog/threat-research/icedid-malware-analysis-part-two.html
|
||||
* https://www.malware-traffic-analysis.net/2019/05/01/index.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,54 @@
|
|||
# KEYMARBLE - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [KEYMARBLE](https://vuldb.com/?actor.keymarble). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.keymarble](https://vuldb.com/?actor.keymarble)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with KEYMARBLE:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of KEYMARBLE.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [100.43.153.60](https://vuldb.com/?ip.100.43.153.60) | 100.43.153.60.static.krypt.com | - | High
|
||||
2 | [104.194.160.59](https://vuldb.com/?ip.104.194.160.59) | a.59.160.194.104.servpac.com | - | High
|
||||
3 | [212.143.21.43](https://vuldb.com/?ip.212.143.21.43) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _KEYMARBLE_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by KEYMARBLE. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | Input Value | `\0` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -279,7 +279,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -298,20 +298,23 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/admin/update_s6.php` | High
|
||||
10 | File | `/ajax.php?action=read_msg` | High
|
||||
11 | File | `/ajax.php?action=save_company` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/bin/login` | Medium
|
||||
12 | File | `/bin/login` | Medium
|
||||
13 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
14 | File | `/changeimage.php` | High
|
||||
15 | File | `/classes/Users.php?f=save` | High
|
||||
16 | File | `/DXR.axd` | Medium
|
||||
17 | File | `/ghost/preview` | High
|
||||
18 | File | `/Login/CheckLogin` | High
|
||||
19 | File | `/note/index/delete` | High
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
|
||||
22 | File | `/SystemManage/Role/GetGridJson?keyword=&page=1&rows=20` | High
|
||||
23 | ... | ... | ...
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/ghost/preview` | High
|
||||
19 | File | `/Login/CheckLogin` | High
|
||||
20 | File | `/note/index/delete` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/send_order.cgi?parameter=restart` | High
|
||||
24 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
|
||||
25 | File | `/SystemManage/Role/GetGridJson?keyword=&page=1&rows=20` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 215 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -100,7 +100,7 @@ ID | Type | Indicator | Confidence
|
|||
39 | File | `announcements.php` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 342 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -75,23 +75,22 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `/ocwbs/admin/?page=user/manage_user` | High
|
||||
30 | File | `/ofrs/admin/?page=user/manage_user` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/owa/auth/logon.aspx` | High
|
||||
33 | File | `/password.html` | High
|
||||
34 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
35 | File | `/proc/ioports` | High
|
||||
36 | File | `/property-list/property_view.php` | High
|
||||
37 | File | `/ptms/classes/Users.php` | High
|
||||
38 | File | `/resources//../` | High
|
||||
39 | File | `/rest/api/2/search` | High
|
||||
40 | File | `/s/` | Low
|
||||
41 | File | `/scripts/cpan_config` | High
|
||||
42 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
45 | File | `/sys/dict/queryTableData` | High
|
||||
46 | ... | ... | ...
|
||||
32 | File | `/password.html` | High
|
||||
33 | File | `/php_action/fetchSelectedUser.php` | High
|
||||
34 | File | `/proc/ioports` | High
|
||||
35 | File | `/property-list/property_view.php` | High
|
||||
36 | File | `/ptms/classes/Users.php` | High
|
||||
37 | File | `/resources//../` | High
|
||||
38 | File | `/rest/api/2/search` | High
|
||||
39 | File | `/s/` | Low
|
||||
40 | File | `/scripts/cpan_config` | High
|
||||
41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
44 | File | `/sys/dict/queryTableData` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 402 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -89,7 +89,7 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `cng.sys` | Low
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 201 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 203 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,110 @@
|
|||
# MadoMiner - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MadoMiner](https://vuldb.com/?actor.madominer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.madominer](https://vuldb.com/?actor.madominer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MadoMiner:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MadoMiner.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [61.130.31.174](https://vuldb.com/?ip.61.130.31.174) | - | - | High
|
||||
2 | [127.0.0.1](https://vuldb.com/?ip.127.0.0.1) | localhost | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _MadoMiner_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-29 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MadoMiner. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/upload/upload` | High
|
||||
3 | File | `/api/gen/clients/{language}` | High
|
||||
4 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
5 | File | `/config/getuser` | High
|
||||
6 | File | `/config/myfield/test.php` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/ecshop/admin/template.php` | High
|
||||
9 | File | `/example/editor` | High
|
||||
10 | File | `/file/upload/1` | High
|
||||
11 | File | `/forum/away.php` | High
|
||||
12 | File | `/forum/PostPrivateMessage` | High
|
||||
13 | File | `/HNAP1` | Low
|
||||
14 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
15 | File | `/iu-application/controllers/administration/auth.php` | High
|
||||
16 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
|
||||
17 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
18 | File | `/net-banking/customer_transactions.php` | High
|
||||
19 | File | `/obs/book.php` | High
|
||||
20 | File | `/ossn/administrator/com_installer` | High
|
||||
21 | File | `/owa/auth/logon.aspx` | High
|
||||
22 | File | `/pms/update_user.php?user_id=1` | High
|
||||
23 | File | `/requests.php` | High
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/sre/params.php` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/user/upload/upload` | High
|
||||
29 | File | `/Users` | Low
|
||||
30 | File | `/var/spool/hylafax` | High
|
||||
31 | File | `/vendor` | Low
|
||||
32 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
33 | File | `action/addproject.php` | High
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | File | `add_contestant.php` | High
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin/index.php` | High
|
||||
38 | File | `admin/make_payments.php` | High
|
||||
39 | File | `Advanced_ASUSDDNS_Content.asp` | High
|
||||
40 | File | `af_netlink.c` | Medium
|
||||
41 | File | `album_portal.php` | High
|
||||
42 | File | `api/auth.go` | Medium
|
||||
43 | File | `api_jsonrpc.php` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,67 @@
|
|||
# Maikspy - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Maikspy](https://vuldb.com/?actor.maikspy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.maikspy](https://vuldb.com/?actor.maikspy)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Maikspy:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Maikspy.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [107.180.46.243](https://vuldb.com/?ip.107.180.46.243) | 243.46.180.107.host.secureserver.net | - | High
|
||||
2 | [160.153.60.192](https://vuldb.com/?ip.160.153.60.192) | 192.60.153.160.host.secureserver.net | - | High
|
||||
3 | [192.169.217.55](https://vuldb.com/?ip.192.169.217.55) | 55.217.169.192.host.secureserver.net | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Maikspy_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Maikspy. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/see_more_details.php` | High
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `inc/config.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -92,9 +92,10 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/usr/www/ja/mnt_cmd.cgi` | High
|
||||
33 | File | `/videotalk` | Medium
|
||||
34 | ... | ... | ...
|
||||
34 | File | `/view-property.php` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 295 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 303 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Medusa - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Medusa](https://vuldb.com/?actor.medusa). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.medusa](https://vuldb.com/?actor.medusa)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Medusa.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [77.105.147.140](https://vuldb.com/?ip.77.105.147.140) | chief-slope.aeza.network | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://twitter.com/Jane_0sint/status/1670048531665518592
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,32 @@
|
|||
# Megacortex - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Megacortex](https://vuldb.com/?actor.megacortex). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.megacortex](https://vuldb.com/?actor.megacortex)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Megacortex.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.29.17.1](https://vuldb.com/?ip.3.29.17.1) | ec2-3-29-17-1.me-central-1.compute.amazonaws.com | - | Medium
|
||||
2 | [89.105.198.28](https://vuldb.com/?ip.89.105.198.28) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://news.sophos.com/en-us/2019/05/03/megacortex-ransomware-wants-to-be-the-one/
|
||||
* https://www.bleepingcomputer.com/news/security/new-megacortex-ransomware-changes-windows-passwords-threatens-to-publish-data/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,70 @@
|
|||
# Micropsia - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Micropsia](https://vuldb.com/?actor.micropsia). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.micropsia](https://vuldb.com/?actor.micropsia)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Micropsia:
|
||||
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Micropsia.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [192.169.6.59](https://vuldb.com/?ip.192.169.6.59) | nordns.crowncloud.net | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Micropsia_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Micropsia. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/login/index.php` | High
|
||||
2 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
3 | File | `arch/powerpc/kernel/entry_64.S` | High
|
||||
4 | File | `auth2-gss.c` | Medium
|
||||
5 | File | `block/bfq-iosched.c` | High
|
||||
6 | File | `cgi-bin/webcm` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 52 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,44 @@
|
|||
# Mokes and Buerak - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Mokes and Buerak](https://vuldb.com/?actor.mokes_and_buerak). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.mokes_and_buerak](https://vuldb.com/?actor.mokes_and_buerak)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mokes and Buerak:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Mokes and Buerak.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [47.245.30.255](https://vuldb.com/?ip.47.245.30.255) | - | - | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Mokes and Buerak. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `pcre2_jit_compile.c` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://securelist.com/mokes-and-buerak-distributed-under-the-guise-of-security-certificates/96324/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -58,8 +58,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-28, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-28, CWE-29, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -105,37 +105,34 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `/admin/positions_add.php` | High
|
||||
31 | File | `/admin/positions_delete.php` | High
|
||||
32 | File | `/admin/positions_row.php` | High
|
||||
33 | File | `/admin/product/manage.php` | High
|
||||
34 | File | `/admin/products/manage_product.php` | High
|
||||
35 | File | `/admin/reportupload.aspx` | High
|
||||
36 | File | `/admin/sales/index.php` | High
|
||||
37 | File | `/admin/sales/view_details.php` | High
|
||||
38 | File | `/admin/save_teacher.php` | High
|
||||
39 | File | `/admin/service.php` | High
|
||||
40 | File | `/admin/services/manage_service.php` | High
|
||||
41 | File | `/admin/update_s6.php` | High
|
||||
42 | File | `/admin/user/manage_user.php` | High
|
||||
43 | File | `/admin/voters_row.php` | High
|
||||
44 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
45 | File | `/ajax.php?action=read_msg` | High
|
||||
46 | File | `/ajax.php?action=save_company` | High
|
||||
47 | File | `/analysisProject/pagingQueryData` | High
|
||||
48 | File | `/api/stl/actions/search` | High
|
||||
49 | File | `/bilal final/edit_stud.php` | High
|
||||
50 | File | `/bilal final/login.php` | High
|
||||
51 | File | `/bin/ate` | Medium
|
||||
52 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
53 | File | `/cas/logout` | Medium
|
||||
54 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
55 | File | `/cgi-bin/ping.cgi` | High
|
||||
56 | File | `/circuits/circuit-types/` | High
|
||||
57 | File | `/circuits/provider-accounts/` | High
|
||||
58 | File | `/classes/Login.php` | High
|
||||
59 | File | `/classes/Master.php` | High
|
||||
60 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
61 | ... | ... | ...
|
||||
33 | File | `/admin/products/manage_product.php` | High
|
||||
34 | File | `/admin/reportupload.aspx` | High
|
||||
35 | File | `/admin/sales/view_details.php` | High
|
||||
36 | File | `/admin/save_teacher.php` | High
|
||||
37 | File | `/admin/service.php` | High
|
||||
38 | File | `/admin/services/manage_service.php` | High
|
||||
39 | File | `/admin/update_s6.php` | High
|
||||
40 | File | `/admin/user/manage_user.php` | High
|
||||
41 | File | `/admin/voters_row.php` | High
|
||||
42 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
43 | File | `/ajax.php?action=read_msg` | High
|
||||
44 | File | `/ajax.php?action=save_company` | High
|
||||
45 | File | `/analysisProject/pagingQueryData` | High
|
||||
46 | File | `/api/stl/actions/search` | High
|
||||
47 | File | `/bin/ate` | Medium
|
||||
48 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
49 | File | `/cas/logout` | Medium
|
||||
50 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
51 | File | `/cgi-bin/ping.cgi` | High
|
||||
52 | File | `/circuits/circuit-types/` | High
|
||||
53 | File | `/circuits/provider-accounts/` | High
|
||||
54 | File | `/classes/Login.php` | High
|
||||
55 | File | `/classes/Master.php` | High
|
||||
56 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
57 | File | `/classes/Master.php?f=delete_item` | High
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 535 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 510 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,67 @@
|
|||
# Mystic Stealer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Mystic Stealer](https://vuldb.com/?actor.mystic_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.mystic_stealer](https://vuldb.com/?actor.mystic_stealer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Mystic Stealer:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Mystic Stealer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [91.121.118.80](https://vuldb.com/?ip.91.121.118.80) | 1218.rbx.abcvg.ovh | - | High
|
||||
2 | [94.23.26.20](https://vuldb.com/?ip.94.23.26.20) | 706.rbx.abcvg.ovh | - | High
|
||||
3 | [94.130.164.47](https://vuldb.com/?ip.94.130.164.47) | static.47.164.130.94.clients.your-server.de | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Mystic Stealer_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Mystic Stealer. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/mgmt/tm/util/bash` | High
|
||||
2 | File | `adclick.php` | Medium
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zscaler.com/blogs/security-research/mystic-stealer
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -32,7 +32,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
9 | [37.120.141.190](https://vuldb.com/?ip.37.120.141.190) | - | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
|
||||
There are 35 more IOC items available. Please use our online service to access the data.
|
||||
There are 36 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -47,7 +47,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -70,35 +70,36 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/app/options.py` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/boat/login.php` | High
|
||||
17 | File | `/bsms_ci/index.php/book` | High
|
||||
18 | File | `/cgi-bin` | Medium
|
||||
19 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
22 | File | `/dashboard/reports/logs/view` | High
|
||||
23 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/etc/hosts` | Medium
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/goform/setmac` | High
|
||||
29 | File | `/goform/wizard_end` | High
|
||||
30 | File | `/horde/util/go.php` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/manage-apartment.php` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
35 | File | `/pages/apply_vacancy.php` | High
|
||||
36 | File | `/proc/<PID>/mem` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/reservation/add_message.php` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/tmp` | Low
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | ... | ... | ...
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
23 | File | `/dashboard/reports/logs/view` | High
|
||||
24 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/etc/hosts` | Medium
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/setmac` | High
|
||||
30 | File | `/goform/wizard_end` | High
|
||||
31 | File | `/horde/util/go.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/manage-apartment.php` | High
|
||||
34 | File | `/medicines/profile.php` | High
|
||||
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
36 | File | `/pages/apply_vacancy.php` | High
|
||||
37 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
38 | File | `/proc/<PID>/mem` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/reservation/add_message.php` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/tmp` | Low
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 362 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 372 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,66 @@
|
|||
# NOTROBIN - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [NOTROBIN](https://vuldb.com/?actor.notrobin). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.notrobin](https://vuldb.com/?actor.notrobin)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with NOTROBIN:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [SK](https://vuldb.com/?country.sk)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of NOTROBIN.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [80.240.31.218](https://vuldb.com/?ip.80.240.31.218) | 80.240.31.218.vultrusercontent.com | - | High
|
||||
2 | [95.179.163.186](https://vuldb.com/?ip.95.179.163.186) | 95.179.163.186.vultrusercontent.com | - | High
|
||||
3 | [127.0.0.2](https://vuldb.com/?ip.127.0.0.2) | mc20a2201.dnh.net | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _NOTROBIN_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by NOTROBIN. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/front/search.php` | High
|
||||
3 | File | `/rom-0` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -54,8 +54,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -70,10 +69,10 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin/config_save.php` | High
|
||||
4 | File | `/admin/edit_visitor.php` | High
|
||||
5 | File | `/admin/info.php` | High
|
||||
6 | File | `/admin/template.php` | High
|
||||
7 | File | `/alphaware/summary.php` | High
|
||||
8 | File | `/apply.cgi` | Medium
|
||||
9 | File | `/cfg` | Low
|
||||
6 | File | `/admin/plugin.php` | High
|
||||
7 | File | `/admin/template.php` | High
|
||||
8 | File | `/alphaware/summary.php` | High
|
||||
9 | File | `/apply.cgi` | Medium
|
||||
10 | File | `/cgi?` | Low
|
||||
11 | File | `/classes/Users.php` | High
|
||||
12 | File | `/dashboard/updatelogo.php` | High
|
||||
|
@ -85,18 +84,18 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `/goform/SysToolRestoreSet` | High
|
||||
19 | File | `/graphql` | Medium
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/jeecg-boot/jmreport/view` | High
|
||||
22 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
23 | File | `/localhost/u` | Medium
|
||||
24 | File | `/mkshop/Men/profile.php` | High
|
||||
25 | File | `/net` | Low
|
||||
26 | File | `/Noxen-master/users.php` | High
|
||||
27 | File | `/opt/bin/cli` | Medium
|
||||
28 | File | `/out.php` | Medium
|
||||
29 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
30 | File | `/public/plugins/` | High
|
||||
31 | File | `/public_html/admin/plugins/bad_behavior2/blacklist.php` | High
|
||||
32 | File | `/rom-0` | Low
|
||||
21 | File | `/jeecg-boot/jmreport/upload` | High
|
||||
22 | File | `/jeecg-boot/jmreport/view` | High
|
||||
23 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
24 | File | `/localhost/u` | Medium
|
||||
25 | File | `/mkshop/Men/profile.php` | High
|
||||
26 | File | `/net` | Low
|
||||
27 | File | `/Noxen-master/users.php` | High
|
||||
28 | File | `/opt/bin/cli` | Medium
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
31 | File | `/public/plugins/` | High
|
||||
32 | File | `/public_html/admin/plugins/bad_behavior2/blacklist.php` | High
|
||||
33 | File | `/root/run/adm.php?admin-ediy&part=exdiy` | High
|
||||
34 | File | `/setNTP.cgi` | Medium
|
||||
35 | File | `/setting/setWanIeCfg` | High
|
||||
|
@ -108,10 +107,9 @@ ID | Type | Indicator | Confidence
|
|||
41 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
42 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
43 | File | `account.php` | Medium
|
||||
44 | File | `accounts/view_details.php` | High
|
||||
45 | ... | ... | ...
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -14,7 +14,6 @@ The following _campaigns_ are known and can be associated with Naikon:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Naikon:
|
||||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
|
@ -38,15 +37,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-35, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-270, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -59,82 +57,90 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin` | Low
|
||||
4 | File | `/admin.php/appcenter/local.html?type=addon` | High
|
||||
5 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
6 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
7 | File | `/admin/?page=reminders/view_reminder` | High
|
||||
6 | File | `/admin/?page=maintenance/brand` | High
|
||||
7 | File | `/admin/?page=product/manage_product&id=2` | High
|
||||
8 | File | `/admin/?page=system_info` | High
|
||||
9 | File | `/admin/admin.php` | High
|
||||
10 | File | `/admin/ajax.php` | High
|
||||
11 | File | `/admin/assign/assign.php` | High
|
||||
12 | File | `/admin/attendance_row.php` | High
|
||||
13 | File | `/admin/ballot_up.php` | High
|
||||
14 | File | `/admin/bookings/manage_booking.php` | High
|
||||
15 | File | `/admin/bookings/view_details.php` | High
|
||||
16 | File | `/admin/budget/manage_budget.php` | High
|
||||
17 | File | `/admin/casedetails.php` | High
|
||||
18 | File | `/admin/cashadvance_row.php` | High
|
||||
19 | File | `/admin/categories/manage_category.php` | High
|
||||
20 | File | `/admin/categories/view_category.php` | High
|
||||
21 | File | `/admin/config_save.php` | High
|
||||
22 | File | `/admin/deduction_edit.php` | High
|
||||
23 | File | `/admin/departments/view_department.php` | High
|
||||
24 | File | `/admin/doctors.php` | High
|
||||
25 | File | `/admin/edit-doc.php` | High
|
||||
26 | File | `/admin/employee_add.php` | High
|
||||
27 | File | `/admin/employee_row.php` | High
|
||||
28 | File | `/admin/fields/manage_field.php` | High
|
||||
29 | File | `/admin/forgot-password.php` | High
|
||||
30 | File | `/admin/getallarticleinfo` | High
|
||||
31 | File | `/admin/index3.php` | High
|
||||
32 | File | `/admin/info_deal.php` | High
|
||||
33 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
34 | File | `/admin/login.php` | High
|
||||
35 | File | `/admin/maintenance/brand.php` | High
|
||||
36 | File | `/admin/maintenance/view_designation.php` | High
|
||||
37 | File | `/admin/manage_academic.php` | High
|
||||
38 | File | `/admin/offenses/view_details.php` | High
|
||||
39 | File | `/admin/orders/update_status.php` | High
|
||||
40 | File | `/admin/pictures` | High
|
||||
41 | File | `/admin/positions_add.php` | High
|
||||
42 | File | `/admin/positions_row.php` | High
|
||||
43 | File | `/admin/products/manage_product.php` | High
|
||||
44 | File | `/admin/products/view_product.php` | High
|
||||
45 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
46 | File | `/admin/report/index.php` | High
|
||||
47 | File | `/admin/robot/approval/list` | High
|
||||
48 | File | `/admin/sales/index.php` | High
|
||||
49 | File | `/admin/sales/manage_sale.php` | High
|
||||
50 | File | `/admin/save_teacher.php` | High
|
||||
51 | File | `/admin/service.php` | High
|
||||
52 | File | `/admin/services/manage_service.php` | High
|
||||
53 | File | `/admin/students/view_details.php` | High
|
||||
54 | File | `/admin/transactions/track_shipment.php` | High
|
||||
55 | File | `/admin/upload` | High
|
||||
56 | File | `/admin/user/manage_user.php` | High
|
||||
57 | File | `/admin/userprofile.php` | High
|
||||
58 | File | `/admin_system/api.php` | High
|
||||
59 | File | `/analysisProject/pagingQueryData` | High
|
||||
60 | File | `/api/admin/system/store/order/list` | High
|
||||
61 | File | `/api/stl/actions/search` | High
|
||||
62 | File | `/api/upload` | Medium
|
||||
63 | File | `/bin/ate` | Medium
|
||||
64 | File | `/bin/httpd` | Medium
|
||||
65 | File | `/boafrm/formFilter` | High
|
||||
66 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
67 | File | `/classes/Login.php` | High
|
||||
68 | File | `/classes/Master.php` | High
|
||||
69 | File | `/classes/Master.php?f=delete_category` | High
|
||||
70 | File | `/classes/Master.php?f=delete_img` | High
|
||||
71 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
72 | File | `/classes/Master.php?f=delete_item` | High
|
||||
73 | File | `/classes/Master.php?f=delete_service` | High
|
||||
74 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
75 | File | `/classes/Master.php?f=save_course` | High
|
||||
76 | File | `/classes/Master.php?f=save_service` | High
|
||||
77 | File | `/classes/Users.php` | High
|
||||
78 | File | `/classes/Users.phpp` | High
|
||||
79 | ... | ... | ...
|
||||
9 | File | `/admin/?page=user` | High
|
||||
10 | File | `/admin/?page=user/list` | High
|
||||
11 | File | `/admin/addproduct.php` | High
|
||||
12 | File | `/admin/admin.php` | High
|
||||
13 | File | `/admin/ajax.php` | High
|
||||
14 | File | `/admin/ajax.php?action=save_area` | High
|
||||
15 | File | `/admin/assign/assign.php` | High
|
||||
16 | File | `/admin/ballot_down.php` | High
|
||||
17 | File | `/admin/ballot_up.php` | High
|
||||
18 | File | `/admin/bookings/manage_booking.php` | High
|
||||
19 | File | `/admin/bookings/view_booking.php` | High
|
||||
20 | File | `/admin/bookings/view_details.php` | High
|
||||
21 | File | `/admin/candidates_row.php` | High
|
||||
22 | File | `/admin/casedetails.php` | High
|
||||
23 | File | `/admin/cashadvance_row.php` | High
|
||||
24 | File | `/admin/categories/manage_category.php` | High
|
||||
25 | File | `/admin/categories/view_category.php` | High
|
||||
26 | File | `/admin/configurations/userInfo` | High
|
||||
27 | File | `/admin/config_save.php` | High
|
||||
28 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
29 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
30 | File | `/admin/deduction_edit.php` | High
|
||||
31 | File | `/admin/edit-doc.php` | High
|
||||
32 | File | `/admin/edit_subject.php` | High
|
||||
33 | File | `/admin/employee_edit.php` | High
|
||||
34 | File | `/admin/fields/manage_field.php` | High
|
||||
35 | File | `/admin/forgot-password.php` | High
|
||||
36 | File | `/admin/getallarticleinfo` | High
|
||||
37 | File | `/admin/info_deal.php` | High
|
||||
38 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
39 | File | `/admin/inventory/manage_stock.php` | High
|
||||
40 | File | `/admin/login.php` | High
|
||||
41 | File | `/admin/maintenance/brand.php` | High
|
||||
42 | File | `/admin/maintenance/manage_category.php` | High
|
||||
43 | File | `/admin/manage_academic.php` | High
|
||||
44 | File | `/admin/modal_add_product.php` | High
|
||||
45 | File | `/admin/offenses/view_details.php` | High
|
||||
46 | File | `/admin/positions_add.php` | High
|
||||
47 | File | `/admin/positions_row.php` | High
|
||||
48 | File | `/admin/products/manage_product.php` | High
|
||||
49 | File | `/admin/products/view_product.php` | High
|
||||
50 | File | `/admin/read.php?mudi=announContent` | High
|
||||
51 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
52 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
53 | File | `/admin/report/index.php` | High
|
||||
54 | File | `/admin/reportupload.aspx` | High
|
||||
55 | File | `/admin/robot/approval/list` | High
|
||||
56 | File | `/admin/sales/index.php` | High
|
||||
57 | File | `/admin/sales/manage_sale.php` | High
|
||||
58 | File | `/admin/sales/view_details.php` | High
|
||||
59 | File | `/admin/save_teacher.php` | High
|
||||
60 | File | `/admin/services/manage_service.php` | High
|
||||
61 | File | `/admin/services/view_service.php` | High
|
||||
62 | File | `/admin/students/view_details.php` | High
|
||||
63 | File | `/admin/suppliers/view_details.php` | High
|
||||
64 | File | `/admin/transactions/track_shipment.php` | High
|
||||
65 | File | `/admin/update_s6.php` | High
|
||||
66 | File | `/admin/upload` | High
|
||||
67 | File | `/admin/user/manage_user.php` | High
|
||||
68 | File | `/admin/userprofile.php` | High
|
||||
69 | File | `/admin_system/api.php` | High
|
||||
70 | File | `/ajax.php?action=read_msg` | High
|
||||
71 | File | `/ajax.php?action=save_company` | High
|
||||
72 | File | `/analysisProject/pagingQueryData` | High
|
||||
73 | File | `/api/admin/store/product/list` | High
|
||||
74 | File | `/api/admin/store/product/save` | High
|
||||
75 | File | `/api/admin/system/store/order/list` | High
|
||||
76 | File | `/api/login` | Medium
|
||||
77 | File | `/api/stl/actions/search` | High
|
||||
78 | File | `/api/upload` | Medium
|
||||
79 | File | `/api/wechat/app_auth` | High
|
||||
80 | File | `/app/admin/users/print-user.php` | High
|
||||
81 | File | `/author/list?limit=10&offset=0&order=desc` | High
|
||||
82 | File | `/boafrm/formFilter` | High
|
||||
83 | File | `/booking/show_bookings/` | High
|
||||
84 | File | `/bsenordering/index.php` | High
|
||||
85 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
86 | File | `/cache/` | Low
|
||||
87 | ... | ... | ...
|
||||
|
||||
There are 691 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 767 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with NetSupportManager RAT:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -25,25 +25,29 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [5.45.74.233](https://vuldb.com/?ip.5.45.74.233) | zmta37.corpresponse.com | - | High
|
||||
3 | [5.45.83.127](https://vuldb.com/?ip.5.45.83.127) | - | - | High
|
||||
4 | [5.252.176.69](https://vuldb.com/?ip.5.252.176.69) | 5-252-176-69.mivocloud.com | - | High
|
||||
5 | [5.252.179.13](https://vuldb.com/?ip.5.252.179.13) | 5-252-179-13.mivocloud.com | - | High
|
||||
6 | [5.252.179.89](https://vuldb.com/?ip.5.252.179.89) | no-rdns.mivocloud.com | - | High
|
||||
7 | [5.252.179.93](https://vuldb.com/?ip.5.252.179.93) | no-rdns.mivocloud.com | - | High
|
||||
8 | [23.227.193.80](https://vuldb.com/?ip.23.227.193.80) | 23-227-193-80.static.hvvc.us | - | High
|
||||
9 | [45.11.180.120](https://vuldb.com/?ip.45.11.180.120) | - | - | High
|
||||
10 | [45.15.157.144](https://vuldb.com/?ip.45.15.157.144) | - | - | High
|
||||
11 | [45.61.136.72](https://vuldb.com/?ip.45.61.136.72) | - | - | High
|
||||
12 | [45.61.138.73](https://vuldb.com/?ip.45.61.138.73) | - | - | High
|
||||
13 | [45.76.172.113](https://vuldb.com/?ip.45.76.172.113) | 45.76.172.113.vultrusercontent.com | - | High
|
||||
14 | [45.77.31.210](https://vuldb.com/?ip.45.77.31.210) | 45.77.31.210.vultrusercontent.com | - | High
|
||||
15 | [46.17.106.230](https://vuldb.com/?ip.46.17.106.230) | vds2364993.my-ihor.ru | - | High
|
||||
16 | [46.21.159.165](https://vuldb.com/?ip.46.21.159.165) | 165.159.21.46.swiftway.net | - | High
|
||||
17 | [46.161.40.59](https://vuldb.com/?ip.46.161.40.59) | - | - | High
|
||||
18 | [51.195.53.204](https://vuldb.com/?ip.51.195.53.204) | ip204.ip-51-195-53.eu | - | High
|
||||
19 | [62.173.140.156](https://vuldb.com/?ip.62.173.140.156) | spetstroymsk77.example.com | - | High
|
||||
20 | [62.173.154.94](https://vuldb.com/?ip.62.173.154.94) | yurisleptsov.example.com | - | High
|
||||
21 | ... | ... | ... | ...
|
||||
5 | [5.252.179.5](https://vuldb.com/?ip.5.252.179.5) | 5-252-179-5.mivocloud.com | - | High
|
||||
6 | [5.252.179.13](https://vuldb.com/?ip.5.252.179.13) | 5-252-179-13.mivocloud.com | - | High
|
||||
7 | [5.252.179.17](https://vuldb.com/?ip.5.252.179.17) | mail-good-treat.livewirearea.com | - | High
|
||||
8 | [5.252.179.50](https://vuldb.com/?ip.5.252.179.50) | no-rdns.mivocloud.com | - | High
|
||||
9 | [5.252.179.60](https://vuldb.com/?ip.5.252.179.60) | no-rdns.mivocloud.com | - | High
|
||||
10 | [5.252.179.89](https://vuldb.com/?ip.5.252.179.89) | no-rdns.mivocloud.com | - | High
|
||||
11 | [5.252.179.93](https://vuldb.com/?ip.5.252.179.93) | no-rdns.mivocloud.com | - | High
|
||||
12 | [5.252.179.97](https://vuldb.com/?ip.5.252.179.97) | 5-252-179-97.mivocloud.com | - | High
|
||||
13 | [5.252.179.111](https://vuldb.com/?ip.5.252.179.111) | 5-252-179-111.mivocloud.com | - | High
|
||||
14 | [23.163.0.13](https://vuldb.com/?ip.23.163.0.13) | ht087348.fronews.com | - | High
|
||||
15 | [23.227.193.80](https://vuldb.com/?ip.23.227.193.80) | 23-227-193-80.static.hvvc.us | - | High
|
||||
16 | [37.61.213.242](https://vuldb.com/?ip.37.61.213.242) | - | - | High
|
||||
17 | [45.11.180.120](https://vuldb.com/?ip.45.11.180.120) | - | - | High
|
||||
18 | [45.15.157.144](https://vuldb.com/?ip.45.15.157.144) | - | - | High
|
||||
19 | [45.61.136.72](https://vuldb.com/?ip.45.61.136.72) | - | - | High
|
||||
20 | [45.61.138.73](https://vuldb.com/?ip.45.61.138.73) | - | - | High
|
||||
21 | [45.76.172.113](https://vuldb.com/?ip.45.76.172.113) | 45.76.172.113.vultrusercontent.com | - | High
|
||||
22 | [45.77.31.210](https://vuldb.com/?ip.45.77.31.210) | 45.77.31.210.vultrusercontent.com | - | High
|
||||
23 | [45.133.203.205](https://vuldb.com/?ip.45.133.203.205) | - | - | High
|
||||
24 | [46.17.106.110](https://vuldb.com/?ip.46.17.106.110) | zaphim2.ru | - | High
|
||||
25 | ... | ... | ... | ...
|
||||
|
||||
There are 80 more IOC items available. Please use our online service to access the data.
|
||||
There are 98 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -51,13 +55,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 12 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -65,70 +68,25 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES(X86)%\Teradici\PCoIP.exe` | High
|
||||
2 | File | `/.vnc/sesman_${username}_passwd` | High
|
||||
3 | File | `/addnews.html` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/index.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
8 | File | `/apply.cgi` | Medium
|
||||
9 | File | `/cwc/login` | Medium
|
||||
10 | File | `/etc/luminex/pkgmgr` | High
|
||||
11 | File | `/etc/quantum/quantum.conf` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/getcfg.php` | Medium
|
||||
14 | File | `/iwguestbook/admin/badwords_edit.asp` | High
|
||||
15 | File | `/iwguestbook/admin/messages_edit.asp` | High
|
||||
16 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
17 | File | `/members/index.php` | High
|
||||
18 | File | `/MIME/INBOX-MM-1/` | High
|
||||
19 | File | `/mkshope/login.php` | High
|
||||
20 | File | `/php_action/createUser.php` | High
|
||||
21 | File | `/proc/self/environ` | High
|
||||
22 | File | `/rom-0` | Low
|
||||
23 | File | `/services/details.asp` | High
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/user/updatePwd` | High
|
||||
28 | File | `/usr/bin/at` | Medium
|
||||
29 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
30 | File | `/var/log/nginx` | High
|
||||
31 | File | `/way4acs/enroll` | High
|
||||
32 | File | `/wp-admin/admin-ajax.php` | High
|
||||
33 | File | `/wp-admin/admin.php?page=slickquiz-scores&id` | High
|
||||
34 | File | `/wp-content/uploads/photo-gallery/` | High
|
||||
35 | File | `7786/tcp` | Medium
|
||||
36 | File | `12122006-djtest.doc` | High
|
||||
37 | File | `abitwhizzy.php` | High
|
||||
38 | File | `acc.php` | Low
|
||||
39 | File | `AccessPoint.aspx` | High
|
||||
40 | File | `activate.php` | Medium
|
||||
41 | File | `activenews_search.asp` | High
|
||||
42 | File | `addpost1.asp` | Medium
|
||||
43 | File | `addshowsform.php` | High
|
||||
44 | File | `add_quiz.php` | Medium
|
||||
45 | File | `admin.loudmouth.php` | High
|
||||
46 | File | `admin.php` | Medium
|
||||
47 | File | `admin.pl` | Medium
|
||||
48 | File | `admin/conf_users_edit.php` | High
|
||||
49 | File | `admin/dashboard.php` | High
|
||||
50 | File | `admin/haber_ekle.asp` | High
|
||||
51 | File | `admin/index.php` | High
|
||||
52 | File | `admin/modules_data.php` | High
|
||||
53 | File | `admin/skins.php` | High
|
||||
54 | File | `admin/specials.php` | High
|
||||
55 | File | `admin_events.php` | High
|
||||
56 | File | `agent_subaffiliates.pl` | High
|
||||
57 | File | `ajax.php` | Medium
|
||||
58 | File | `ajax_invoice.php` | High
|
||||
59 | File | `app/topic/action/admin/topic.php` | High
|
||||
60 | File | `appserv/main.php` | High
|
||||
61 | File | `articulo.php` | Medium
|
||||
62 | ... | ... | ...
|
||||
1 | File | `/admin/index2.html` | High
|
||||
2 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
3 | File | `/apply.cgi` | Medium
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/include/makecvs.php` | High
|
||||
6 | File | `/out.php` | Medium
|
||||
7 | File | `/rapi/read_url` | High
|
||||
8 | File | `/requests.php` | High
|
||||
9 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
10 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
11 | File | `add.php` | Low
|
||||
12 | File | `admin/index.php` | High
|
||||
13 | File | `appserv/main.php` | High
|
||||
14 | File | `base/ErrorHandler.php` | High
|
||||
15 | File | `browser/thumbnails/render_widget_snapshot_taker.cc` | High
|
||||
16 | File | `cat.asp` | Low
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 547 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 133 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -136,15 +94,19 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://bazaar.abuse.ch/sample/1a9b3968a2f3a4ae0c9c51e6fc41a48829ac4a0fa118a7530c36715638ef0209/
|
||||
* https://bazaar.abuse.ch/sample/26cad4ec29bc07d7b2c32c94dbbef397391babf1c78cc533950b325aaf11bba8/
|
||||
* https://bazaar.abuse.ch/sample/759e159da0592063bb0eb967dd45802caa0a1538867994868d5b883f099286a5/
|
||||
* https://bazaar.abuse.ch/sample/2174b4c58eb43aac8e5e0061ff0bc45125f4cb64404d552fe25ea6ac1777113d/
|
||||
* https://bazaar.abuse.ch/sample/c9e6dc44db59f1883e850babac21890e5723d2627a623c47f709e3bb7d073e35/
|
||||
* https://infosec.exchange/@malware_traffic/109762477310102114
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/AnFam17/status/1671789322259800064
|
||||
* https://twitter.com/BroadAnalysis/status/1544348111488929796
|
||||
* https://twitter.com/Iamdeadlyz/status/1626286411879190528
|
||||
* https://twitter.com/phage_nz/status/1562229369669828608
|
||||
* https://twitter.com/pollo290987/status/1562087034948386817
|
||||
* https://twitter.com/pollo290987/status/1654206717251530753
|
||||
* https://twitter.com/StopMalvertisin/status/1648223628067237890
|
||||
* https://urlhaus.abuse.ch/host/navitainer.net/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -73,7 +73,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -106,47 +106,47 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `/appliance/users?action=edit` | High
|
||||
16 | File | `/apply.cgi` | Medium
|
||||
17 | File | `/backup.pl` | Medium
|
||||
18 | File | `/cgi-bin/webviewer_login_page` | High
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/College/admin/teacher.php` | High
|
||||
21 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
22 | File | `/dashboard/updatelogo.php` | High
|
||||
23 | File | `/dcim/rack-roles/` | High
|
||||
24 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
25 | File | `/edoc/doctor/patient.php` | High
|
||||
26 | File | `/etc/ldap.conf` | High
|
||||
27 | File | `/etc/shadow` | Medium
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/goform/addUserName` | High
|
||||
30 | File | `/goform/aspForm` | High
|
||||
31 | File | `/goform/delAd` | High
|
||||
32 | File | `/goform/wifiSSIDset` | High
|
||||
33 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
34 | File | `/h/calendar` | Medium
|
||||
35 | File | `/h/compose` | Medium
|
||||
36 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
37 | File | `/inc/topBarNav.php` | High
|
||||
38 | File | `/index.asp` | Medium
|
||||
39 | File | `/index.php` | Medium
|
||||
40 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
41 | File | `/jfinal_cms/system/role/list` | High
|
||||
42 | File | `/kelas/data` | Medium
|
||||
43 | File | `/kelasdosen/data` | High
|
||||
44 | File | `/loginVaLidation.php` | High
|
||||
45 | File | `/manage-apartment.php` | High
|
||||
46 | File | `/manager/index.php` | High
|
||||
47 | File | `/mkshop/Men/profile.php` | High
|
||||
48 | File | `/Moosikay/order.php` | High
|
||||
49 | File | `/Noxen-master/users.php` | High
|
||||
50 | File | `/opac/Actions.php?a=login` | High
|
||||
51 | File | `/osm/REGISTER.cmd` | High
|
||||
52 | File | `/pages/animals.php` | High
|
||||
53 | File | `/php-scrm/login.php` | High
|
||||
54 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
55 | File | `/php-sms/classes/Master.php` | High
|
||||
18 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
19 | File | `/College/admin/teacher.php` | High
|
||||
20 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
21 | File | `/dashboard/updatelogo.php` | High
|
||||
22 | File | `/dcim/rack-roles/` | High
|
||||
23 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
24 | File | `/edoc/doctor/patient.php` | High
|
||||
25 | File | `/etc/ldap.conf` | High
|
||||
26 | File | `/etc/shadow` | Medium
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/goform/addUserName` | High
|
||||
29 | File | `/goform/aspForm` | High
|
||||
30 | File | `/goform/delAd` | High
|
||||
31 | File | `/goform/wifiSSIDset` | High
|
||||
32 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
33 | File | `/h/calendar` | Medium
|
||||
34 | File | `/h/compose` | Medium
|
||||
35 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
36 | File | `/inc/topBarNav.php` | High
|
||||
37 | File | `/index.asp` | Medium
|
||||
38 | File | `/index.php` | Medium
|
||||
39 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
40 | File | `/jfinal_cms/system/role/list` | High
|
||||
41 | File | `/kelas/data` | Medium
|
||||
42 | File | `/kelasdosen/data` | High
|
||||
43 | File | `/loginVaLidation.php` | High
|
||||
44 | File | `/manage-apartment.php` | High
|
||||
45 | File | `/manager/index.php` | High
|
||||
46 | File | `/mkshop/Men/profile.php` | High
|
||||
47 | File | `/Moosikay/order.php` | High
|
||||
48 | File | `/Noxen-master/users.php` | High
|
||||
49 | File | `/opac/Actions.php?a=login` | High
|
||||
50 | File | `/osm/REGISTER.cmd` | High
|
||||
51 | File | `/pages/animals.php` | High
|
||||
52 | File | `/php-scrm/login.php` | High
|
||||
53 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
54 | File | `/php-sms/classes/Master.php` | High
|
||||
55 | File | `/php-sms/classes/SystemSettings.php` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 487 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 485 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,60 @@
|
|||
# Nodster - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Nodster](https://vuldb.com/?actor.nodster). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.nodster](https://vuldb.com/?actor.nodster)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Nodster:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Nodster.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [176.9.117.194](https://vuldb.com/?ip.176.9.117.194) | static.194.117.9.176.clients.your-server.de | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Nodster_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Nodster. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `inc/filebrowser/browser.php` | High
|
||||
2 | File | `redirect.do` | Medium
|
||||
3 | Argument | `file` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/trojan.js.nodster.a
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,75 @@
|
|||
# Not Petya - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Not Petya](https://vuldb.com/?actor.not_petya). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.not_petya](https://vuldb.com/?actor.not_petya)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Not Petya:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Not Petya.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [159.148.186.214](https://vuldb.com/?ip.159.148.186.214) | whattimeisnow.net | - | High
|
||||
2 | [176.31.182.167](https://vuldb.com/?ip.176.31.182.167) | ns3292767.ip-176-31-182.eu | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Not Petya_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Not Petya. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/manager?action=getlogcat` | High
|
||||
3 | File | `/spip.php` | Medium
|
||||
4 | File | `/tmp` | Low
|
||||
5 | File | `admin/admin.php` | High
|
||||
6 | File | `admin/conf_users_edit.php` | High
|
||||
7 | File | `admin/developer/` | High
|
||||
8 | File | `admin/index.php` | High
|
||||
9 | File | `admin/ueditor/uploadFile` | High
|
||||
10 | File | `ajaxRequest/methodCall.do` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 79 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Nymaim:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [RO](https://vuldb.com/?country.ro)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,9 +30,13 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
7 | [46.47.98.128](https://vuldb.com/?ip.46.47.98.128) | 46-47-98-128.stz.ddns.bulsat.com | - | High
|
||||
8 | [46.238.18.157](https://vuldb.com/?ip.46.238.18.157) | ip-46-238-18-157.home.megalan.bg | - | High
|
||||
9 | [47.91.242.212](https://vuldb.com/?ip.47.91.242.212) | - | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
10 | [50.22.169.26](https://vuldb.com/?ip.50.22.169.26) | 1a.a9.1632.ip4.static.sl-reverse.com | - | High
|
||||
11 | [51.218.181.145](https://vuldb.com/?ip.51.218.181.145) | - | - | High
|
||||
12 | [52.85.144.32](https://vuldb.com/?ip.52.85.144.32) | server-52-85-144-32.iad89.r.cloudfront.net | - | High
|
||||
13 | [52.114.128.43](https://vuldb.com/?ip.52.114.128.43) | - | - | High
|
||||
14 | ... | ... | ... | ...
|
||||
|
||||
There are 36 more IOC items available. Please use our online service to access the data.
|
||||
There are 52 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -40,12 +44,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-25, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -57,35 +61,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `//` | Low
|
||||
4 | File | `/admin/doctors/view_doctor.php` | High
|
||||
5 | File | `/appliance/users?action=edit` | High
|
||||
6 | File | `/backup.pl` | Medium
|
||||
7 | File | `/bin/boa` | Medium
|
||||
8 | File | `/classes/Master.php?f=delete_reservation` | High
|
||||
9 | File | `/config/getuser` | High
|
||||
10 | File | `/data-service/users/` | High
|
||||
11 | File | `/DXR.axd` | Medium
|
||||
12 | File | `/goform/formWPS` | High
|
||||
13 | File | `/IISADMPWD` | Medium
|
||||
14 | File | `/inc/campaign/count_of_send.php` | High
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/js/app.js` | Medium
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/mgmt/tm/util/bash` | High
|
||||
19 | File | `/northstar/Portal/processlogin.jsp` | High
|
||||
20 | File | `/public/plugins/` | High
|
||||
21 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
22 | File | `/registration.php` | High
|
||||
23 | File | `/rest/api/1.0/issues/{id}/ActionsAndOperations` | High
|
||||
24 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
25 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
27 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
28 | ... | ... | ...
|
||||
2 | File | `.travis.yml` | Medium
|
||||
3 | File | `/+CSCOE+/logon.html` | High
|
||||
4 | File | `/?p=products` | Medium
|
||||
5 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
6 | File | `/admin/?page=user/manage` | High
|
||||
7 | File | `/admin/add-new.php` | High
|
||||
8 | File | `/admin/doctors.php` | High
|
||||
9 | File | `/admin/submit-articles` | High
|
||||
10 | File | `/alphaware/summary.php` | High
|
||||
11 | File | `/api/` | Low
|
||||
12 | File | `/api/admin/store/product/list` | High
|
||||
13 | File | `/api/stl/actions/search` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/backup.pl` | Medium
|
||||
17 | File | `/bin/ate` | Medium
|
||||
18 | File | `/bin/boa` | Medium
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/bsms_ci/index.php/book` | High
|
||||
21 | File | `/cgi-bin` | Medium
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/classes/Master.php?f=delete_reservation` | High
|
||||
24 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
25 | File | `/debug/pprof` | Medium
|
||||
26 | File | `/DXR.axd` | Medium
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/formWPS` | High
|
||||
31 | File | `/goform/wizard_end` | High
|
||||
32 | File | `/inc/campaign/count_of_send.php` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/mgmt/tm/util/bash` | High
|
||||
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
36 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
41 | File | `/shell` | Low
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/templates/importinline.vm` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 235 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 377 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -101,6 +121,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/07/threat-roundup-0625-0702.html
|
||||
* https://blog.talosintelligence.com/2021/08/threat-roundup-0730-0806.html
|
||||
* https://tria.ge/221114-t9vvtagh7t
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with OceanLotus:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with OceanLotus:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -52,7 +52,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
23 | [46.183.223.106](https://vuldb.com/?ip.46.183.223.106) | ip-223-106.dataclub.info | - | High
|
||||
24 | ... | ... | ... | ...
|
||||
|
||||
There are 92 more IOC items available. Please use our online service to access the data.
|
||||
There are 91 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -98,7 +98,7 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `admin/languages.php` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 205 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 204 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
# Operation Star Cruiser - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Operation Star Cruiser](https://vuldb.com/?actor.operation_star_cruiser). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.operation_star_cruiser](https://vuldb.com/?actor.operation_star_cruiser)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Operation Star Cruiser.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [104.222.231.91](https://vuldb.com/?ip.104.222.231.91) | - | - | High
|
||||
2 | [104.222.238.216](https://vuldb.com/?ip.104.222.238.216) | - | - | High
|
||||
3 | [104.224.219.107](https://vuldb.com/?ip.104.224.219.107) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -74,7 +74,7 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `/question/ask` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 201 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 203 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# POWERTRASH - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [POWERTRASH](https://vuldb.com/?actor.powertrash). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.powertrash](https://vuldb.com/?actor.powertrash)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of POWERTRASH.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.39.204.19](https://vuldb.com/?ip.185.39.204.19) | tuu.ip-ptr.tech | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://twitter.com/TLP_R3D/status/1671437049658761217
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -95,11 +95,9 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
65 | [46.165.248.236](https://vuldb.com/?ip.46.165.248.236) | - | - | High
|
||||
66 | [46.165.248.237](https://vuldb.com/?ip.46.165.248.237) | - | - | High
|
||||
67 | [46.165.248.238](https://vuldb.com/?ip.46.165.248.238) | - | - | High
|
||||
68 | [46.165.248.239](https://vuldb.com/?ip.46.165.248.239) | - | - | High
|
||||
69 | [46.165.248.240](https://vuldb.com/?ip.46.165.248.240) | - | - | High
|
||||
70 | ... | ... | ... | ...
|
||||
68 | ... | ... | ... | ...
|
||||
|
||||
There are 275 more IOC items available. Please use our online service to access the data.
|
||||
There are 270 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -124,10 +122,10 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
3 | File | `/api/gen/clients/{language}` | High
|
||||
4 | File | `/app/options.py` | High
|
||||
5 | File | `/apply_noauth.cgi` | High
|
||||
2 | File | `/ajax.php?action=read_msg` | High
|
||||
3 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
4 | File | `/api/gen/clients/{language}` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/bin/httpd` | Medium
|
||||
7 | File | `/cgi-bin/wapopen` | High
|
||||
8 | File | `/ci_spms/admin/category` | High
|
||||
|
@ -162,10 +160,9 @@ ID | Type | Indicator | Confidence
|
|||
37 | File | `/s/` | Low
|
||||
38 | File | `/scripts/cpan_config` | High
|
||||
39 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
40 | File | `/shell` | Low
|
||||
41 | ... | ... | ...
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 346 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,15 +21,16 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [38.54.33.239](https://vuldb.com/?ip.38.54.33.239) | - | - | High
|
||||
2 | [45.85.235.39](https://vuldb.com/?ip.45.85.235.39) | - | - | High
|
||||
3 | [45.154.24.57](https://vuldb.com/?ip.45.154.24.57) | - | - | High
|
||||
4 | [67.21.33.188](https://vuldb.com/?ip.67.21.33.188) | oy5bj6thee.ah1556.com | - | High
|
||||
5 | [67.21.33.208](https://vuldb.com/?ip.67.21.33.208) | rcs92zewb1.absolutehomecarekent.com | - | High
|
||||
6 | [76.115.120.231](https://vuldb.com/?ip.76.115.120.231) | c-76-115-120-231.hsd1.or.comcast.net | - | High
|
||||
7 | [81.254.128.85](https://vuldb.com/?ip.81.254.128.85) | lfbn-lil-1-546-85.w81-254.abo.wanadoo.fr | - | High
|
||||
8 | [85.215.162.167](https://vuldb.com/?ip.85.215.162.167) | ip85.215.162.167.pbiaas.com | - | High
|
||||
9 | ... | ... | ... | ...
|
||||
1 | [8.20.255.249](https://vuldb.com/?ip.8.20.255.249) | - | - | High
|
||||
2 | [38.54.33.239](https://vuldb.com/?ip.38.54.33.239) | - | - | High
|
||||
3 | [45.85.235.39](https://vuldb.com/?ip.45.85.235.39) | - | - | High
|
||||
4 | [45.154.24.57](https://vuldb.com/?ip.45.154.24.57) | - | - | High
|
||||
5 | [67.21.33.188](https://vuldb.com/?ip.67.21.33.188) | oy5bj6thee.ah1556.com | - | High
|
||||
6 | [67.21.33.208](https://vuldb.com/?ip.67.21.33.208) | rcs92zewb1.absolutehomecarekent.com | - | High
|
||||
7 | [76.115.120.231](https://vuldb.com/?ip.76.115.120.231) | c-76-115-120-231.hsd1.or.comcast.net | - | High
|
||||
8 | [81.254.128.85](https://vuldb.com/?ip.81.254.128.85) | lfbn-lil-1-546-85.w81-254.abo.wanadoo.fr | - | High
|
||||
9 | [85.215.162.167](https://vuldb.com/?ip.85.215.162.167) | ip85.215.162.167.pbiaas.com | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
|
||||
There are 34 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -61,7 +62,7 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/proc/self/environ` | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 53 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 56 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/newsDia.php` | Medium
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 57 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 59 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -90,40 +90,40 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `/admin/products/manage_product.php` | High
|
||||
29 | File | `/admin/products/view_product.php` | High
|
||||
30 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
31 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
32 | File | `/admin/report/index.php` | High
|
||||
33 | File | `/admin/reportupload.aspx` | High
|
||||
34 | File | `/admin/sales/manage_sale.php` | High
|
||||
35 | File | `/admin/service.php` | High
|
||||
36 | File | `/admin/services/manage_service.php` | High
|
||||
37 | File | `/admin/services/view_service.php` | High
|
||||
38 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
39 | File | `/admin/update_s6.php` | High
|
||||
40 | File | `/admin/user/manage_user.php` | High
|
||||
41 | File | `/admin/userprofile.php` | High
|
||||
42 | File | `/admin_area/login_transfer.php` | High
|
||||
43 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
44 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
45 | File | `/ajax.php?action=read_msg` | High
|
||||
46 | File | `/ajax.php?action=save_company` | High
|
||||
47 | File | `/ajax/update_certificate` | High
|
||||
48 | File | `/alphaware/details.php` | High
|
||||
49 | File | `/api/stl/actions/search` | High
|
||||
50 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
51 | File | `/cgi-bin/ping.cgi` | High
|
||||
52 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
53 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
54 | File | `/changeimage.php` | High
|
||||
55 | File | `/classes/Login.php` | High
|
||||
56 | File | `/classes/Master.php` | High
|
||||
57 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
58 | File | `/classes/Master.php?f=delete_item` | High
|
||||
59 | File | `/classes/Master.php?f=delete_service` | High
|
||||
60 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
61 | File | `/classes/Master.php?f=save_course` | High
|
||||
31 | File | `/admin/reg.php` | High
|
||||
32 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
33 | File | `/admin/report/index.php` | High
|
||||
34 | File | `/admin/reportupload.aspx` | High
|
||||
35 | File | `/admin/sales/manage_sale.php` | High
|
||||
36 | File | `/admin/service.php` | High
|
||||
37 | File | `/admin/services/manage_service.php` | High
|
||||
38 | File | `/admin/services/view_service.php` | High
|
||||
39 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
40 | File | `/admin/update_s6.php` | High
|
||||
41 | File | `/admin/user/manage_user.php` | High
|
||||
42 | File | `/admin/userprofile.php` | High
|
||||
43 | File | `/admin_area/login_transfer.php` | High
|
||||
44 | File | `/adms/admin/?page=user/manage_user` | High
|
||||
45 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
46 | File | `/ajax.php?action=read_msg` | High
|
||||
47 | File | `/ajax.php?action=save_company` | High
|
||||
48 | File | `/ajax/update_certificate` | High
|
||||
49 | File | `/alphaware/details.php` | High
|
||||
50 | File | `/api/stl/actions/search` | High
|
||||
51 | File | `/booking/show_bookings/` | High
|
||||
52 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
53 | File | `/cgi-bin/ping.cgi` | High
|
||||
54 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
55 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
56 | File | `/changeimage.php` | High
|
||||
57 | File | `/classes/Login.php` | High
|
||||
58 | File | `/classes/Master.php` | High
|
||||
59 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
60 | File | `/classes/Master.php?f=delete_item` | High
|
||||
61 | File | `/classes/Master.php?f=delete_service` | High
|
||||
62 | ... | ... | ...
|
||||
|
||||
There are 541 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 545 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
@ -27,48 +27,54 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [3.71.116.67](https://vuldb.com/?ip.3.71.116.67) | ec2-3-71-116-67.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
5 | [3.83.129.253](https://vuldb.com/?ip.3.83.129.253) | ec2-3-83-129-253.compute-1.amazonaws.com | - | Medium
|
||||
6 | [3.121.208.125](https://vuldb.com/?ip.3.121.208.125) | ec2-3-121-208-125.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
7 | [5.161.113.202](https://vuldb.com/?ip.5.161.113.202) | static.202.113.161.5.clients.your-server.de | - | High
|
||||
8 | [5.181.166.139](https://vuldb.com/?ip.5.181.166.139) | - | - | High
|
||||
9 | [13.233.24.14](https://vuldb.com/?ip.13.233.24.14) | ec2-13-233-24-14.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
10 | [14.32.99.105](https://vuldb.com/?ip.14.32.99.105) | - | - | High
|
||||
11 | [14.225.204.247](https://vuldb.com/?ip.14.225.204.247) | static.vnpt.vn | - | High
|
||||
12 | [14.225.254.32](https://vuldb.com/?ip.14.225.254.32) | - | - | High
|
||||
13 | [15.165.236.45](https://vuldb.com/?ip.15.165.236.45) | ec2-15-165-236-45.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
14 | [15.204.13.245](https://vuldb.com/?ip.15.204.13.245) | ip245.ip-15-204-13.us | - | High
|
||||
15 | [20.123.197.130](https://vuldb.com/?ip.20.123.197.130) | - | - | High
|
||||
16 | [20.218.120.153](https://vuldb.com/?ip.20.218.120.153) | - | - | High
|
||||
17 | [20.223.155.39](https://vuldb.com/?ip.20.223.155.39) | - | - | High
|
||||
18 | [20.231.104.157](https://vuldb.com/?ip.20.231.104.157) | - | - | High
|
||||
19 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
|
||||
20 | [27.11.235.246](https://vuldb.com/?ip.27.11.235.246) | - | - | High
|
||||
21 | [27.72.56.186](https://vuldb.com/?ip.27.72.56.186) | dynamic-ip-adsl.viettel.vn | - | High
|
||||
22 | [31.7.63.14](https://vuldb.com/?ip.31.7.63.14) | rack223ch.idfnv.ne | - | High
|
||||
23 | [34.96.240.37](https://vuldb.com/?ip.34.96.240.37) | 37.240.96.34.bc.googleusercontent.com | - | Medium
|
||||
24 | [34.125.93.181](https://vuldb.com/?ip.34.125.93.181) | 181.93.125.34.bc.googleusercontent.com | - | Medium
|
||||
25 | [35.79.36.216](https://vuldb.com/?ip.35.79.36.216) | ec2-35-79-36-216.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
26 | [35.157.111.131](https://vuldb.com/?ip.35.157.111.131) | ec2-35-157-111-131.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
27 | [35.177.17.33](https://vuldb.com/?ip.35.177.17.33) | ec2-35-177-17-33.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
28 | [37.0.11.118](https://vuldb.com/?ip.37.0.11.118) | - | - | High
|
||||
29 | [37.0.14.205](https://vuldb.com/?ip.37.0.14.205) | - | - | High
|
||||
30 | [37.48.117.136](https://vuldb.com/?ip.37.48.117.136) | - | - | High
|
||||
31 | [37.120.206.86](https://vuldb.com/?ip.37.120.206.86) | - | - | High
|
||||
32 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
33 | [38.242.128.85](https://vuldb.com/?ip.38.242.128.85) | vmi1149994.contaboserver.net | - | High
|
||||
34 | [39.107.242.96](https://vuldb.com/?ip.39.107.242.96) | - | - | High
|
||||
35 | [40.117.196.252](https://vuldb.com/?ip.40.117.196.252) | - | - | High
|
||||
36 | [41.79.11.214](https://vuldb.com/?ip.41.79.11.214) | - | - | High
|
||||
37 | [41.102.117.114](https://vuldb.com/?ip.41.102.117.114) | - | - | High
|
||||
38 | [41.232.207.130](https://vuldb.com/?ip.41.232.207.130) | host-41.232.207.130.tedata.net | - | High
|
||||
39 | [41.234.44.38](https://vuldb.com/?ip.41.234.44.38) | host-41.234.44.38.tedata.net | - | High
|
||||
40 | [41.234.46.29](https://vuldb.com/?ip.41.234.46.29) | host-41.234.46.29.tedata.net | - | High
|
||||
41 | [42.192.132.19](https://vuldb.com/?ip.42.192.132.19) | - | - | High
|
||||
42 | [43.154.232.190](https://vuldb.com/?ip.43.154.232.190) | - | - | High
|
||||
43 | [43.240.48.46](https://vuldb.com/?ip.43.240.48.46) | - | - | High
|
||||
44 | [45.12.213.244](https://vuldb.com/?ip.45.12.213.244) | vm2521174.52ssd.had.wf | - | High
|
||||
45 | [45.14.13.20](https://vuldb.com/?ip.45.14.13.20) | free.example.com | - | High
|
||||
46 | ... | ... | ... | ...
|
||||
7 | [5.61.44.125](https://vuldb.com/?ip.5.61.44.125) | - | - | High
|
||||
8 | [5.102.157.70](https://vuldb.com/?ip.5.102.157.70) | - | - | High
|
||||
9 | [5.161.113.202](https://vuldb.com/?ip.5.161.113.202) | static.202.113.161.5.clients.your-server.de | - | High
|
||||
10 | [5.161.184.38](https://vuldb.com/?ip.5.161.184.38) | static.38.184.161.5.clients.your-server.de | - | High
|
||||
11 | [5.181.166.139](https://vuldb.com/?ip.5.181.166.139) | - | - | High
|
||||
12 | [13.233.24.14](https://vuldb.com/?ip.13.233.24.14) | ec2-13-233-24-14.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
13 | [14.32.99.105](https://vuldb.com/?ip.14.32.99.105) | - | - | High
|
||||
14 | [14.225.204.247](https://vuldb.com/?ip.14.225.204.247) | static.vnpt.vn | - | High
|
||||
15 | [14.225.254.32](https://vuldb.com/?ip.14.225.254.32) | - | - | High
|
||||
16 | [15.165.236.45](https://vuldb.com/?ip.15.165.236.45) | ec2-15-165-236-45.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
17 | [15.204.13.245](https://vuldb.com/?ip.15.204.13.245) | ip245.ip-15-204-13.us | - | High
|
||||
18 | [20.123.197.130](https://vuldb.com/?ip.20.123.197.130) | - | - | High
|
||||
19 | [20.218.120.153](https://vuldb.com/?ip.20.218.120.153) | - | - | High
|
||||
20 | [20.223.155.39](https://vuldb.com/?ip.20.223.155.39) | - | - | High
|
||||
21 | [20.231.104.157](https://vuldb.com/?ip.20.231.104.157) | - | - | High
|
||||
22 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
|
||||
23 | [27.11.235.246](https://vuldb.com/?ip.27.11.235.246) | - | - | High
|
||||
24 | [27.72.56.186](https://vuldb.com/?ip.27.72.56.186) | dynamic-ip-adsl.viettel.vn | - | High
|
||||
25 | [31.7.63.14](https://vuldb.com/?ip.31.7.63.14) | rack223ch.idfnv.ne | - | High
|
||||
26 | [31.220.15.249](https://vuldb.com/?ip.31.220.15.249) | - | - | High
|
||||
27 | [34.96.240.37](https://vuldb.com/?ip.34.96.240.37) | 37.240.96.34.bc.googleusercontent.com | - | Medium
|
||||
28 | [34.125.93.181](https://vuldb.com/?ip.34.125.93.181) | 181.93.125.34.bc.googleusercontent.com | - | Medium
|
||||
29 | [34.146.234.67](https://vuldb.com/?ip.34.146.234.67) | 67.234.146.34.bc.googleusercontent.com | - | Medium
|
||||
30 | [35.79.36.216](https://vuldb.com/?ip.35.79.36.216) | ec2-35-79-36-216.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
31 | [35.157.111.131](https://vuldb.com/?ip.35.157.111.131) | ec2-35-157-111-131.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
32 | [35.177.17.33](https://vuldb.com/?ip.35.177.17.33) | ec2-35-177-17-33.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
33 | [37.0.11.118](https://vuldb.com/?ip.37.0.11.118) | - | - | High
|
||||
34 | [37.0.14.205](https://vuldb.com/?ip.37.0.14.205) | - | - | High
|
||||
35 | [37.48.117.136](https://vuldb.com/?ip.37.48.117.136) | - | - | High
|
||||
36 | [37.120.206.86](https://vuldb.com/?ip.37.120.206.86) | - | - | High
|
||||
37 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
38 | [38.242.128.85](https://vuldb.com/?ip.38.242.128.85) | vmi1149994.contaboserver.net | - | High
|
||||
39 | [39.107.242.96](https://vuldb.com/?ip.39.107.242.96) | - | - | High
|
||||
40 | [40.117.196.252](https://vuldb.com/?ip.40.117.196.252) | - | - | High
|
||||
41 | [41.79.11.214](https://vuldb.com/?ip.41.79.11.214) | - | - | High
|
||||
42 | [41.102.117.114](https://vuldb.com/?ip.41.102.117.114) | - | - | High
|
||||
43 | [41.143.172.69](https://vuldb.com/?ip.41.143.172.69) | - | - | High
|
||||
44 | [41.232.207.130](https://vuldb.com/?ip.41.232.207.130) | host-41.232.207.130.tedata.net | - | High
|
||||
45 | [41.234.44.38](https://vuldb.com/?ip.41.234.44.38) | host-41.234.44.38.tedata.net | - | High
|
||||
46 | [41.234.46.29](https://vuldb.com/?ip.41.234.46.29) | host-41.234.46.29.tedata.net | - | High
|
||||
47 | [42.192.132.19](https://vuldb.com/?ip.42.192.132.19) | - | - | High
|
||||
48 | [43.154.232.190](https://vuldb.com/?ip.43.154.232.190) | - | - | High
|
||||
49 | [43.240.48.46](https://vuldb.com/?ip.43.240.48.46) | - | - | High
|
||||
50 | [45.12.213.244](https://vuldb.com/?ip.45.12.213.244) | vm2521174.52ssd.had.wf | - | High
|
||||
51 | [45.14.13.20](https://vuldb.com/?ip.45.14.13.20) | free.example.com | - | High
|
||||
52 | ... | ... | ... | ...
|
||||
|
||||
There are 178 more IOC items available. Please use our online service to access the data.
|
||||
There are 206 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -76,13 +82,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -90,33 +96,38 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
2 | File | `/admin/?page=user/list` | High
|
||||
3 | File | `/admin/addproduct.php` | High
|
||||
4 | File | `/admin/ajax.php?action=save_area` | High
|
||||
5 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
6 | File | `/admin/modal_add_product.php` | High
|
||||
7 | File | `/admin/reportupload.aspx` | High
|
||||
8 | File | `/admin/update_s6.php` | High
|
||||
9 | File | `/ajax.php?action=read_msg` | High
|
||||
10 | File | `/ajax.php?action=save_company` | High
|
||||
11 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
1 | File | `/admin/?page=user/list` | High
|
||||
2 | File | `/admin/addproduct.php` | High
|
||||
3 | File | `/admin/ajax.php?action=save_area` | High
|
||||
4 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
5 | File | `/admin/modal_add_product.php` | High
|
||||
6 | File | `/admin/reportupload.aspx` | High
|
||||
7 | File | `/admin/update_s6.php` | High
|
||||
8 | File | `/ajax.php?action=read_msg` | High
|
||||
9 | File | `/ajax.php?action=save_company` | High
|
||||
10 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
11 | File | `/authenticationendpoint/login.do` | High
|
||||
12 | File | `/bin/login` | Medium
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/changeimage.php` | High
|
||||
15 | File | `/classes/Users.php?f=save` | High
|
||||
16 | File | `/DXR.axd` | Medium
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/HNAP1` | Low
|
||||
19 | File | `/Login/CheckLogin` | High
|
||||
20 | File | `/note/index/delete` | High
|
||||
21 | File | `/owa/auth/logon.aspx` | High
|
||||
22 | File | `/SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc` | High
|
||||
23 | File | `/SystemManage/Role/GetGridJson?keyword=&page=1&rows=20` | High
|
||||
24 | File | `/SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc` | High
|
||||
25 | ... | ... | ...
|
||||
13 | File | `/cgi-bin/luci` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/changeimage.php` | High
|
||||
16 | File | `/classes/Users.php?f=save` | High
|
||||
17 | File | `/DXR.axd` | Medium
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/HNAP1` | Low
|
||||
20 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
21 | File | `/mc` | Low
|
||||
22 | File | `/note/index/delete` | High
|
||||
23 | File | `/owa/auth/logon.aspx` | High
|
||||
24 | File | `/php-inventory-management-system/product.php` | High
|
||||
25 | File | `/send_order.cgi?parameter=restart` | High
|
||||
26 | File | `/tmp/boa-temp` | High
|
||||
27 | File | `/userfs/bin/tcapi` | High
|
||||
28 | File | `/var/log/nginx` | High
|
||||
29 | File | `/wp-admin/admin-ajax.php` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 254 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -124,8 +135,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://app.any.run/tasks/089e71c3-a8ec-4837-832c-f11bb556df64/
|
||||
* https://app.any.run/tasks/1b81e1ee-d29a-4e74-87a7-8414c70fcae2
|
||||
* https://app.any.run/tasks/2a8ea228-8fd7-4d3e-ab72-b5c67f9381b4
|
||||
* https://app.any.run/tasks/77c2cda1-c294-4ab4-a3b4-281e55e49ef0/
|
||||
* https://app.any.run/tasks/acefc9eb-a4be-4593-b715-91c71644088c
|
||||
* https://app.any.run/tasks/dc07af29-b227-406c-80f3-437198cf053c
|
||||
* https://bazaar.abuse.ch/sample/67e056d8f7e8d81f2228b6ccc2e8797042bb4803803afa1d64eb0c43eadd0a63/
|
||||
* https://bazaar.abuse.ch/sample/cbe3da3ca7ef71d66700647008807306e0829d6e683bee35fc7a9cac064d01a5/
|
||||
* https://bazaar.abuse.ch/sample/cf4e53b7758ebb9a9470cb6fd3a2c69fcd96e045534ab80a44eac752c09e50f0/
|
||||
* https://threatfox.abuse.ch
|
||||
|
|
|
@ -4,68 +4,35 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.raspberry_robin](https://vuldb.com/?actor.raspberry_robin)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Raspberry Robin:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Raspberry Robin.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [37.223.74.108](https://vuldb.com/?ip.37.223.74.108) | - | - | High
|
||||
2 | [46.11.6.104](https://vuldb.com/?ip.46.11.6.104) | - | - | High
|
||||
3 | [46.11.83.236](https://vuldb.com/?ip.46.11.83.236) | - | - | High
|
||||
4 | [46.11.88.157](https://vuldb.com/?ip.46.11.88.157) | - | - | High
|
||||
5 | [46.11.88.251](https://vuldb.com/?ip.46.11.88.251) | - | - | High
|
||||
6 | [46.217.252.5](https://vuldb.com/?ip.46.217.252.5) | - | - | High
|
||||
7 | [46.217.252.172](https://vuldb.com/?ip.46.217.252.172) | - | - | High
|
||||
8 | [46.246.235.240](https://vuldb.com/?ip.46.246.235.240) | 46.246.235.240.dsl.dyn.forthnet.gr | - | High
|
||||
9 | [47.62.21.60](https://vuldb.com/?ip.47.62.21.60) | 47-62-21-60.red-acceso.airtel.net | - | High
|
||||
10 | [47.62.80.170](https://vuldb.com/?ip.47.62.80.170) | 47-62-80-170.red-acceso.airtel.net | - | High
|
||||
11 | [62.117.214.168](https://vuldb.com/?ip.62.117.214.168) | 62.117.214.168.dyn.user.ono.com | - | High
|
||||
12 | [77.0.14.225](https://vuldb.com/?ip.77.0.14.225) | dynamic-077-000-014-225.77.0.pool.telefonica.de | - | High
|
||||
13 | [77.0.54.234](https://vuldb.com/?ip.77.0.54.234) | dynamic-077-000-054-234.77.0.pool.telefonica.de | - | High
|
||||
14 | ... | ... | ... | ...
|
||||
1 | [1.163.239.22](https://vuldb.com/?ip.1.163.239.22) | 1-163-239-22.dynamic-ip.hinet.net | - | High
|
||||
2 | [1.175.74.58](https://vuldb.com/?ip.1.175.74.58) | 1-175-74-58.dynamic-ip.hinet.net | - | High
|
||||
3 | [1.175.125.217](https://vuldb.com/?ip.1.175.125.217) | 1-175-125-217.dynamic-ip.hinet.net | - | High
|
||||
4 | [1.175.137.191](https://vuldb.com/?ip.1.175.137.191) | 1-175-137-191.dynamic-ip.hinet.net | - | High
|
||||
5 | [1.175.153.226](https://vuldb.com/?ip.1.175.153.226) | 1-175-153-226.dynamic-ip.hinet.net | - | High
|
||||
6 | [31.17.3.210](https://vuldb.com/?ip.31.17.3.210) | ip1f1103d2.dynamic.kabel-deutschland.de | - | High
|
||||
7 | [37.223.74.108](https://vuldb.com/?ip.37.223.74.108) | - | - | High
|
||||
8 | [46.11.6.104](https://vuldb.com/?ip.46.11.6.104) | - | - | High
|
||||
9 | [46.11.83.236](https://vuldb.com/?ip.46.11.83.236) | - | - | High
|
||||
10 | [46.11.88.157](https://vuldb.com/?ip.46.11.88.157) | - | - | High
|
||||
11 | [46.11.88.251](https://vuldb.com/?ip.46.11.88.251) | - | - | High
|
||||
12 | [46.217.252.5](https://vuldb.com/?ip.46.217.252.5) | - | - | High
|
||||
13 | [46.217.252.172](https://vuldb.com/?ip.46.217.252.172) | - | - | High
|
||||
14 | [46.246.235.240](https://vuldb.com/?ip.46.246.235.240) | 46.246.235.240.dsl.dyn.forthnet.gr | - | High
|
||||
15 | [47.62.21.60](https://vuldb.com/?ip.47.62.21.60) | 47-62-21-60.red-acceso.airtel.net | - | High
|
||||
16 | [47.62.80.170](https://vuldb.com/?ip.47.62.80.170) | 47-62-80-170.red-acceso.airtel.net | - | High
|
||||
17 | [58.136.1.101](https://vuldb.com/?ip.58.136.1.101) | - | - | High
|
||||
18 | [58.136.239.28](https://vuldb.com/?ip.58.136.239.28) | - | - | High
|
||||
19 | [58.177.98.79](https://vuldb.com/?ip.58.177.98.79) | 058177098079.ctinets.com | - | High
|
||||
20 | [61.68.74.170](https://vuldb.com/?ip.61.68.74.170) | 61-68-74-170.tpgi.com.au | - | High
|
||||
21 | ... | ... | ... | ...
|
||||
|
||||
There are 50 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Raspberry Robin_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Raspberry Robin. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
4 | File | `/server-info` | Medium
|
||||
5 | File | `/usr/bin/pkexec` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 36 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 81 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -73,6 +40,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
|
||||
* https://1275.ru/ioc/191/raspberry-robin-worm-iocs/
|
||||
* https://1275.ru/ioc/365/raspberry-robin-worm-iocs-part-2/
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/DTCERT/status/1565664874633564162
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,55 @@
|
|||
# Rattlesnake - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Rattlesnake](https://vuldb.com/?actor.rattlesnake). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.rattlesnake](https://vuldb.com/?actor.rattlesnake)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Rattlesnake:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Rattlesnake.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [37.139.29.117](https://vuldb.com/?ip.37.139.29.117) | - | - | High
|
||||
2 | [188.241.68.144](https://vuldb.com/?ip.188.241.68.144) | epwigtaghn.ru | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Rattlesnake_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Rattlesnake. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `kbdint.c` | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -68,9 +68,10 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `auth-gss2.c` | Medium
|
||||
18 | File | `bcbadmSettings.jsp` | High
|
||||
19 | File | `books.php` | Medium
|
||||
20 | ... | ... | ...
|
||||
20 | File | `cgi.c` | Low
|
||||
21 | ... | ... | ...
|
||||
|
||||
There are 168 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 169 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -829,9 +829,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
806 | [45.150.67.126](https://vuldb.com/?ip.45.150.67.126) | example.com | - | High
|
||||
807 | [45.150.67.128](https://vuldb.com/?ip.45.150.67.128) | vpn2529md.com | - | High
|
||||
808 | [45.150.67.151](https://vuldb.com/?ip.45.150.67.151) | vm1279157.stark-industries.solutions | - | High
|
||||
809 | ... | ... | ... | ...
|
||||
809 | [45.150.67.236](https://vuldb.com/?ip.45.150.67.236) | licher2.lone.example.com | - | High
|
||||
810 | ... | ... | ... | ...
|
||||
|
||||
There are 3234 more IOC items available. Please use our online service to access the data.
|
||||
There are 3235 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -864,54 +865,54 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/maintenance/brand.php` | High
|
||||
9 | File | `/admin/maintenance/view_designation.php` | High
|
||||
10 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
11 | File | `/admin/user/manage_user.php` | High
|
||||
12 | File | `/admin/userprofile.php` | High
|
||||
13 | File | `/admin/voters_row.php` | High
|
||||
14 | File | `/ajax.php?action=save_company` | High
|
||||
15 | File | `/ajax.php?action=save_user` | High
|
||||
16 | File | `/ajax/myshop` | Medium
|
||||
17 | File | `/alerts/alertConfigField.php` | High
|
||||
18 | File | `/api/stl/actions/search` | High
|
||||
19 | File | `/api/v2/cli/commands` | High
|
||||
20 | File | `/authenticationendpoint/login.do` | High
|
||||
21 | File | `/backup.pl` | Medium
|
||||
22 | File | `/cas/logout` | Medium
|
||||
23 | File | `/cgi-bin` | Medium
|
||||
24 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
25 | File | `/contactform/contactform.php` | High
|
||||
26 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
27 | File | `/dcim/rack-roles/` | High
|
||||
28 | File | `/DXR.axd` | Medium
|
||||
29 | File | `/env` | Low
|
||||
30 | File | `/feeds/post/publish` | High
|
||||
31 | File | `/film-rating.php` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/goform/WifiGuestSet` | High
|
||||
34 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
35 | File | `/inc/topBarNav.php` | High
|
||||
36 | File | `/index.php` | Medium
|
||||
37 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
38 | File | `/index.php?page=category_list` | High
|
||||
39 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
40 | File | `/jobinfo/` | Medium
|
||||
41 | File | `/kelas/data` | Medium
|
||||
42 | File | `/kelasdosen/data` | High
|
||||
43 | File | `/librarian/bookdetails.php` | High
|
||||
44 | File | `/mantis/view_all_bug_page.php` | High
|
||||
45 | File | `/modules/projects/vw_files.php` | High
|
||||
46 | File | `/Moosikay/order.php` | High
|
||||
47 | File | `/nasm/nasm-parse.c` | High
|
||||
48 | File | `/opac/Actions.php?a=login` | High
|
||||
49 | File | `/out.php` | Medium
|
||||
50 | File | `/PreviewHandler.ashx` | High
|
||||
51 | File | `/reservation/add_message.php` | High
|
||||
52 | File | `/see_more_details.php` | High
|
||||
53 | File | `/services/indexing/preview` | High
|
||||
54 | File | `/student/bookdetails.php` | High
|
||||
55 | File | `/upgrade` | Medium
|
||||
11 | File | `/admin/positions_add.php` | High
|
||||
12 | File | `/admin/user/manage_user.php` | High
|
||||
13 | File | `/admin/userprofile.php` | High
|
||||
14 | File | `/admin/voters_row.php` | High
|
||||
15 | File | `/ajax.php?action=save_company` | High
|
||||
16 | File | `/ajax.php?action=save_user` | High
|
||||
17 | File | `/ajax/myshop` | Medium
|
||||
18 | File | `/alerts/alertConfigField.php` | High
|
||||
19 | File | `/api/stl/actions/search` | High
|
||||
20 | File | `/api/v2/cli/commands` | High
|
||||
21 | File | `/authenticationendpoint/login.do` | High
|
||||
22 | File | `/backup.pl` | Medium
|
||||
23 | File | `/cas/logout` | Medium
|
||||
24 | File | `/cgi-bin` | Medium
|
||||
25 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
26 | File | `/contactform/contactform.php` | High
|
||||
27 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
28 | File | `/dcim/rack-roles/` | High
|
||||
29 | File | `/DXR.axd` | Medium
|
||||
30 | File | `/env` | Low
|
||||
31 | File | `/feeds/post/publish` | High
|
||||
32 | File | `/film-rating.php` | High
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/goform/WifiGuestSet` | High
|
||||
35 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
36 | File | `/inc/topBarNav.php` | High
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
39 | File | `/index.php?page=category_list` | High
|
||||
40 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
41 | File | `/jobinfo/` | Medium
|
||||
42 | File | `/kelas/data` | Medium
|
||||
43 | File | `/kelasdosen/data` | High
|
||||
44 | File | `/librarian/bookdetails.php` | High
|
||||
45 | File | `/mantis/view_all_bug_page.php` | High
|
||||
46 | File | `/modules/projects/vw_files.php` | High
|
||||
47 | File | `/Moosikay/order.php` | High
|
||||
48 | File | `/nasm/nasm-parse.c` | High
|
||||
49 | File | `/opac/Actions.php?a=login` | High
|
||||
50 | File | `/out.php` | Medium
|
||||
51 | File | `/PreviewHandler.ashx` | High
|
||||
52 | File | `/reservation/add_message.php` | High
|
||||
53 | File | `/see_more_details.php` | High
|
||||
54 | File | `/services/indexing/preview` | High
|
||||
55 | File | `/student/bookdetails.php` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 490 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 489 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -951,6 +952,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://app.any.run/tasks/82ec3045-fea7-4e48-bdb0-3b4387daf0ea
|
||||
* https://app.any.run/tasks/83ddae45-68bc-4863-9740-899497396e5c
|
||||
* https://app.any.run/tasks/91f32395-7c7e-41a9-8174-4e651c4715dc/
|
||||
* https://app.any.run/tasks/173b2306-33e2-4682-b1fa-e87457e7c8ab
|
||||
* https://app.any.run/tasks/524dba93-413b-40c0-8e80-71f9a878ee1c
|
||||
* https://app.any.run/tasks/532df5b1-d120-415d-9bd1-7ac9883f8e25
|
||||
* https://app.any.run/tasks/856e6eb5-9f60-46ff-a46c-7d7cbf704f02
|
||||
|
|
|
@ -41,218 +41,228 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
12 | [5.181.234.145](https://vuldb.com/?ip.5.181.234.145) | - | - | High
|
||||
13 | [5.206.227.115](https://vuldb.com/?ip.5.206.227.115) | 1877 | - | High
|
||||
14 | [5.249.226.166](https://vuldb.com/?ip.5.249.226.166) | uw19.uniweb.no | - | High
|
||||
15 | [8.253.139.120](https://vuldb.com/?ip.8.253.139.120) | - | - | High
|
||||
16 | [10.11.0.5](https://vuldb.com/?ip.10.11.0.5) | - | - | High
|
||||
17 | [10.15.0.17](https://vuldb.com/?ip.10.15.0.17) | - | - | High
|
||||
18 | [10.15.0.18](https://vuldb.com/?ip.10.15.0.18) | - | - | High
|
||||
19 | [10.15.0.19](https://vuldb.com/?ip.10.15.0.19) | - | - | High
|
||||
20 | [10.15.0.23](https://vuldb.com/?ip.10.15.0.23) | - | - | High
|
||||
21 | [10.15.0.30](https://vuldb.com/?ip.10.15.0.30) | - | - | High
|
||||
22 | [10.16.0.13](https://vuldb.com/?ip.10.16.0.13) | - | - | High
|
||||
23 | [10.16.0.30](https://vuldb.com/?ip.10.16.0.30) | - | - | High
|
||||
24 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
25 | [13.107.42.12](https://vuldb.com/?ip.13.107.42.12) | 1drv.ms | - | High
|
||||
26 | [13.107.42.13](https://vuldb.com/?ip.13.107.42.13) | - | - | High
|
||||
27 | [13.107.43.12](https://vuldb.com/?ip.13.107.43.12) | - | - | High
|
||||
28 | [13.107.43.13](https://vuldb.com/?ip.13.107.43.13) | - | - | High
|
||||
29 | [13.225.214.71](https://vuldb.com/?ip.13.225.214.71) | server-13-225-214-71.ewr50.r.cloudfront.net | - | High
|
||||
30 | [13.225.214.91](https://vuldb.com/?ip.13.225.214.91) | server-13-225-214-91.ewr50.r.cloudfront.net | - | High
|
||||
31 | [13.225.214.108](https://vuldb.com/?ip.13.225.214.108) | server-13-225-214-108.ewr50.r.cloudfront.net | - | High
|
||||
32 | [13.225.230.20](https://vuldb.com/?ip.13.225.230.20) | server-13-225-230-20.jfk51.r.cloudfront.net | - | High
|
||||
33 | [13.250.255.10](https://vuldb.com/?ip.13.250.255.10) | ec2-13-250-255-10.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
34 | [15.197.142.173](https://vuldb.com/?ip.15.197.142.173) | a4ec4c6ea1c92e2e6.awsglobalaccelerator.com | - | High
|
||||
35 | [15.235.53.10](https://vuldb.com/?ip.15.235.53.10) | ns5012329.ip-15-235-53.net | - | High
|
||||
36 | [15.237.137.33](https://vuldb.com/?ip.15.237.137.33) | ec2-15-237-137-33.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
37 | [18.214.132.216](https://vuldb.com/?ip.18.214.132.216) | ec2-18-214-132-216.compute-1.amazonaws.com | - | Medium
|
||||
38 | [18.218.132.40](https://vuldb.com/?ip.18.218.132.40) | ec2-18-218-132-40.us-east-2.compute.amazonaws.com | - | Medium
|
||||
39 | [20.7.43.70](https://vuldb.com/?ip.20.7.43.70) | - | - | High
|
||||
40 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
41 | [20.38.32.202](https://vuldb.com/?ip.20.38.32.202) | - | - | High
|
||||
42 | [20.42.73.27](https://vuldb.com/?ip.20.42.73.27) | - | - | High
|
||||
43 | [20.69.164.162](https://vuldb.com/?ip.20.69.164.162) | - | - | High
|
||||
44 | [20.106.76.138](https://vuldb.com/?ip.20.106.76.138) | - | - | High
|
||||
45 | [20.106.94.110](https://vuldb.com/?ip.20.106.94.110) | - | - | High
|
||||
46 | [20.110.185.77](https://vuldb.com/?ip.20.110.185.77) | - | - | High
|
||||
47 | [20.110.197.26](https://vuldb.com/?ip.20.110.197.26) | - | - | High
|
||||
48 | [20.112.83.244](https://vuldb.com/?ip.20.112.83.244) | - | - | High
|
||||
49 | [20.114.21.181](https://vuldb.com/?ip.20.114.21.181) | - | - | High
|
||||
50 | [20.124.111.166](https://vuldb.com/?ip.20.124.111.166) | - | - | High
|
||||
51 | [20.190.151.7](https://vuldb.com/?ip.20.190.151.7) | - | - | High
|
||||
52 | [20.190.151.8](https://vuldb.com/?ip.20.190.151.8) | - | - | High
|
||||
53 | [20.190.151.68](https://vuldb.com/?ip.20.190.151.68) | - | - | High
|
||||
54 | [20.190.151.70](https://vuldb.com/?ip.20.190.151.70) | - | - | High
|
||||
55 | [20.190.151.131](https://vuldb.com/?ip.20.190.151.131) | - | - | High
|
||||
56 | [20.190.151.132](https://vuldb.com/?ip.20.190.151.132) | - | - | High
|
||||
57 | [20.190.151.133](https://vuldb.com/?ip.20.190.151.133) | - | - | High
|
||||
58 | [20.190.152.21](https://vuldb.com/?ip.20.190.152.21) | - | - | High
|
||||
59 | [20.190.154.139](https://vuldb.com/?ip.20.190.154.139) | - | - | High
|
||||
60 | [20.225.154.34](https://vuldb.com/?ip.20.225.154.34) | - | - | High
|
||||
61 | [20.251.10.189](https://vuldb.com/?ip.20.251.10.189) | - | - | High
|
||||
62 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
63 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
64 | [23.19.227.82](https://vuldb.com/?ip.23.19.227.82) | - | - | High
|
||||
65 | [23.19.227.171](https://vuldb.com/?ip.23.19.227.171) | - | - | High
|
||||
66 | [23.19.227.243](https://vuldb.com/?ip.23.19.227.243) | - | - | High
|
||||
67 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
68 | [23.21.205.229](https://vuldb.com/?ip.23.21.205.229) | ec2-23-21-205-229.compute-1.amazonaws.com | - | Medium
|
||||
69 | [23.21.213.140](https://vuldb.com/?ip.23.21.213.140) | ec2-23-21-213-140.compute-1.amazonaws.com | - | Medium
|
||||
70 | [23.38.131.139](https://vuldb.com/?ip.23.38.131.139) | a23-38-131-139.deploy.static.akamaitechnologies.com | - | High
|
||||
71 | [23.46.239.18](https://vuldb.com/?ip.23.46.239.18) | a23-46-239-18.deploy.static.akamaitechnologies.com | - | High
|
||||
72 | [23.56.9.181](https://vuldb.com/?ip.23.56.9.181) | a23-56-9-181.deploy.static.akamaitechnologies.com | - | High
|
||||
73 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
|
||||
74 | [23.82.12.29](https://vuldb.com/?ip.23.82.12.29) | - | - | High
|
||||
75 | [23.105.131.132](https://vuldb.com/?ip.23.105.131.132) | mail132.nessfist.com | - | High
|
||||
76 | [23.105.131.141](https://vuldb.com/?ip.23.105.131.141) | mail141.nessfist.com | - | High
|
||||
77 | [23.105.131.186](https://vuldb.com/?ip.23.105.131.186) | mail186.nessfist.com | - | High
|
||||
78 | [23.105.131.193](https://vuldb.com/?ip.23.105.131.193) | - | - | High
|
||||
79 | [23.105.131.206](https://vuldb.com/?ip.23.105.131.206) | mail206.nessfist.com | - | High
|
||||
80 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | - | - | High
|
||||
81 | [23.105.131.211](https://vuldb.com/?ip.23.105.131.211) | mail211.nessfist.com | - | High
|
||||
82 | [23.105.131.220](https://vuldb.com/?ip.23.105.131.220) | mail220.nessfist.com | - | High
|
||||
83 | [23.105.131.222](https://vuldb.com/?ip.23.105.131.222) | - | - | High
|
||||
84 | [23.105.131.235](https://vuldb.com/?ip.23.105.131.235) | mail235.nessfist.com | - | High
|
||||
85 | [23.105.131.238](https://vuldb.com/?ip.23.105.131.238) | mail238.nessfist.com | - | High
|
||||
86 | [23.105.131.244](https://vuldb.com/?ip.23.105.131.244) | mail244.nessfist.com | - | High
|
||||
87 | [23.106.124.111](https://vuldb.com/?ip.23.106.124.111) | - | - | High
|
||||
88 | [23.146.242.71](https://vuldb.com/?ip.23.146.242.71) | - | - | High
|
||||
89 | [23.146.242.110](https://vuldb.com/?ip.23.146.242.110) | - | - | High
|
||||
90 | [23.196.74.222](https://vuldb.com/?ip.23.196.74.222) | a23-196-74-222.deploy.static.akamaitechnologies.com | - | High
|
||||
91 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
|
||||
92 | [23.199.63.83](https://vuldb.com/?ip.23.199.63.83) | a23-199-63-83.deploy.static.akamaitechnologies.com | - | High
|
||||
93 | [23.223.37.181](https://vuldb.com/?ip.23.223.37.181) | a23-223-37-181.deploy.static.akamaitechnologies.com | - | High
|
||||
94 | [23.226.128.197](https://vuldb.com/?ip.23.226.128.197) | 23.226.128.197.static.quadranet.com | - | High
|
||||
95 | [23.227.38.74](https://vuldb.com/?ip.23.227.38.74) | - | - | High
|
||||
96 | [31.3.152.100](https://vuldb.com/?ip.31.3.152.100) | 100.152.3.31.in-addr.arpa | - | High
|
||||
97 | [31.192.232.48](https://vuldb.com/?ip.31.192.232.48) | lindaj18.barber.pserver.space | - | High
|
||||
98 | [31.210.20.56](https://vuldb.com/?ip.31.210.20.56) | - | - | High
|
||||
99 | [31.210.20.130](https://vuldb.com/?ip.31.210.20.130) | - | - | High
|
||||
100 | [31.210.20.224](https://vuldb.com/?ip.31.210.20.224) | - | - | High
|
||||
101 | [31.210.20.236](https://vuldb.com/?ip.31.210.20.236) | - | - | High
|
||||
102 | [31.210.21.205](https://vuldb.com/?ip.31.210.21.205) | lit4.top | - | High
|
||||
103 | [34.96.116.138](https://vuldb.com/?ip.34.96.116.138) | 138.116.96.34.bc.googleusercontent.com | - | Medium
|
||||
104 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
105 | [34.117.168.233](https://vuldb.com/?ip.34.117.168.233) | 233.168.117.34.bc.googleusercontent.com | - | Medium
|
||||
106 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
||||
107 | [34.197.12.81](https://vuldb.com/?ip.34.197.12.81) | ec2-34-197-12-81.compute-1.amazonaws.com | - | Medium
|
||||
108 | [34.202.33.33](https://vuldb.com/?ip.34.202.33.33) | ec2-34-202-33-33.compute-1.amazonaws.com | - | Medium
|
||||
109 | [34.239.194.181](https://vuldb.com/?ip.34.239.194.181) | ec2-34-239-194-181.compute-1.amazonaws.com | - | Medium
|
||||
110 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
111 | [35.214.144.124](https://vuldb.com/?ip.35.214.144.124) | 124.144.214.35.bc.googleusercontent.com | - | Medium
|
||||
112 | [37.0.10.217](https://vuldb.com/?ip.37.0.10.217) | - | - | High
|
||||
113 | [37.0.11.114](https://vuldb.com/?ip.37.0.11.114) | - | - | High
|
||||
114 | [37.0.11.230](https://vuldb.com/?ip.37.0.11.230) | - | - | High
|
||||
115 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
|
||||
116 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
117 | [37.0.14.199](https://vuldb.com/?ip.37.0.14.199) | - | - | High
|
||||
118 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
119 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
120 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
|
||||
121 | [37.0.14.207](https://vuldb.com/?ip.37.0.14.207) | - | - | High
|
||||
122 | [37.0.14.209](https://vuldb.com/?ip.37.0.14.209) | - | - | High
|
||||
123 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
|
||||
124 | [37.0.14.211](https://vuldb.com/?ip.37.0.14.211) | - | - | High
|
||||
125 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
|
||||
126 | [37.0.14.217](https://vuldb.com/?ip.37.0.14.217) | - | - | High
|
||||
127 | [37.1.206.16](https://vuldb.com/?ip.37.1.206.16) | free.ispiria.net | - | High
|
||||
128 | [37.1.206.146](https://vuldb.com/?ip.37.1.206.146) | - | - | High
|
||||
129 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
|
||||
130 | [37.46.150.211](https://vuldb.com/?ip.37.46.150.211) | convert-concern.needratio.com | - | High
|
||||
131 | [37.120.138.222](https://vuldb.com/?ip.37.120.138.222) | - | - | High
|
||||
132 | [37.120.155.179](https://vuldb.com/?ip.37.120.155.179) | - | - | High
|
||||
133 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
134 | [37.120.217.243](https://vuldb.com/?ip.37.120.217.243) | - | - | High
|
||||
135 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
|
||||
136 | [37.139.64.106](https://vuldb.com/?ip.37.139.64.106) | - | - | High
|
||||
137 | [37.139.128.4](https://vuldb.com/?ip.37.139.128.4) | - | - | High
|
||||
138 | [37.139.128.24](https://vuldb.com/?ip.37.139.128.24) | - | - | High
|
||||
139 | [37.139.129.142](https://vuldb.com/?ip.37.139.129.142) | - | - | High
|
||||
140 | [37.230.130.153](https://vuldb.com/?ip.37.230.130.153) | - | - | High
|
||||
141 | [37.230.178.57](https://vuldb.com/?ip.37.230.178.57) | - | - | High
|
||||
142 | [37.235.1.174](https://vuldb.com/?ip.37.235.1.174) | resolver1.freedns.zone.powered.by.virtexxa.com | - | High
|
||||
143 | [37.235.1.177](https://vuldb.com/?ip.37.235.1.177) | resolver2.freedns.zone.powered.by.virtexxa.com | - | High
|
||||
144 | [38.26.191.78](https://vuldb.com/?ip.38.26.191.78) | - | - | High
|
||||
145 | [38.68.53.190](https://vuldb.com/?ip.38.68.53.190) | - | - | High
|
||||
146 | [38.242.134.118](https://vuldb.com/?ip.38.242.134.118) | vmi997441.contaboserver.net | - | High
|
||||
147 | [38.242.246.175](https://vuldb.com/?ip.38.242.246.175) | vmi838644.contaboserver.net | - | High
|
||||
148 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
|
||||
149 | [40.126.28.12](https://vuldb.com/?ip.40.126.28.12) | - | - | High
|
||||
150 | [40.126.28.22](https://vuldb.com/?ip.40.126.28.22) | - | - | High
|
||||
151 | [41.190.3.209](https://vuldb.com/?ip.41.190.3.209) | www.9mobile.com.ng | - | High
|
||||
152 | [41.216.183.96](https://vuldb.com/?ip.41.216.183.96) | - | - | High
|
||||
153 | [41.216.183.195](https://vuldb.com/?ip.41.216.183.195) | - | - | High
|
||||
154 | [41.216.183.226](https://vuldb.com/?ip.41.216.183.226) | - | - | High
|
||||
155 | [43.226.229.83](https://vuldb.com/?ip.43.226.229.83) | - | - | High
|
||||
156 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
157 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
|
||||
158 | [45.15.143.148](https://vuldb.com/?ip.45.15.143.148) | - | - | High
|
||||
159 | [45.62.170.248](https://vuldb.com/?ip.45.62.170.248) | - | - | High
|
||||
160 | [45.66.151.212](https://vuldb.com/?ip.45.66.151.212) | - | - | High
|
||||
161 | [45.74.32.12](https://vuldb.com/?ip.45.74.32.12) | - | - | High
|
||||
162 | [45.81.39.21](https://vuldb.com/?ip.45.81.39.21) | - | - | High
|
||||
163 | [45.81.243.246](https://vuldb.com/?ip.45.81.243.246) | - | - | High
|
||||
164 | [45.82.84.10](https://vuldb.com/?ip.45.82.84.10) | 45.82.84.10.deltahost-ptr | - | High
|
||||
165 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
|
||||
166 | [45.87.61.104](https://vuldb.com/?ip.45.87.61.104) | - | - | High
|
||||
167 | [45.88.66.122](https://vuldb.com/?ip.45.88.66.122) | runningegg.xyz | - | High
|
||||
168 | [45.90.222.204](https://vuldb.com/?ip.45.90.222.204) | 45-90-222-204-hostedby.bcr.host | - | High
|
||||
169 | [45.95.168.62](https://vuldb.com/?ip.45.95.168.62) | maxko-hosting.com | - | High
|
||||
170 | [45.128.234.54](https://vuldb.com/?ip.45.128.234.54) | - | - | High
|
||||
171 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
|
||||
172 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
173 | [45.133.1.72](https://vuldb.com/?ip.45.133.1.72) | - | - | High
|
||||
174 | [45.133.174.55](https://vuldb.com/?ip.45.133.174.55) | - | - | High
|
||||
175 | [45.133.174.77](https://vuldb.com/?ip.45.133.174.77) | - | - | High
|
||||
176 | [45.133.174.177](https://vuldb.com/?ip.45.133.174.177) | - | - | High
|
||||
177 | [45.133.174.187](https://vuldb.com/?ip.45.133.174.187) | - | - | High
|
||||
178 | [45.137.22.52](https://vuldb.com/?ip.45.137.22.52) | hosted-by.rootlayer.net | - | High
|
||||
179 | [45.137.22.77](https://vuldb.com/?ip.45.137.22.77) | mail.governorsperic.xyz | - | High
|
||||
180 | [45.137.22.101](https://vuldb.com/?ip.45.137.22.101) | hosted-by.rootlayer.net | - | High
|
||||
181 | [45.137.22.104](https://vuldb.com/?ip.45.137.22.104) | hosted-by.rootlayer.net | - | High
|
||||
182 | [45.137.22.107](https://vuldb.com/?ip.45.137.22.107) | hosted-by.rootlayer.net | - | High
|
||||
183 | [45.137.22.116](https://vuldb.com/?ip.45.137.22.116) | hosted-by.rootlayer.net | - | High
|
||||
184 | [45.137.22.236](https://vuldb.com/?ip.45.137.22.236) | hosted-by.rootlayer.net | - | High
|
||||
185 | [45.137.22.248](https://vuldb.com/?ip.45.137.22.248) | hosted-by.rootlayer.net | - | High
|
||||
186 | [45.137.116.253](https://vuldb.com/?ip.45.137.116.253) | rs-zap1025641-3.zap-srv.com | - | High
|
||||
187 | [45.137.118.105](https://vuldb.com/?ip.45.137.118.105) | - | - | High
|
||||
188 | [45.138.16.39](https://vuldb.com/?ip.45.138.16.39) | - | - | High
|
||||
189 | [45.138.172.94](https://vuldb.com/?ip.45.138.172.94) | - | - | High
|
||||
190 | [45.139.105.174](https://vuldb.com/?ip.45.139.105.174) | - | - | High
|
||||
191 | [45.144.225.112](https://vuldb.com/?ip.45.144.225.112) | - | - | High
|
||||
192 | [45.144.225.213](https://vuldb.com/?ip.45.144.225.213) | - | - | High
|
||||
193 | [45.144.225.221](https://vuldb.com/?ip.45.144.225.221) | - | - | High
|
||||
194 | [45.148.17.62](https://vuldb.com/?ip.45.148.17.62) | mail.spokel.se | - | High
|
||||
195 | [45.154.4.64](https://vuldb.com/?ip.45.154.4.64) | - | - | High
|
||||
196 | [45.155.165.117](https://vuldb.com/?ip.45.155.165.117) | - | - | High
|
||||
197 | [45.155.165.139](https://vuldb.com/?ip.45.155.165.139) | - | - | High
|
||||
198 | [45.155.165.160](https://vuldb.com/?ip.45.155.165.160) | - | - | High
|
||||
199 | [46.2.255.122](https://vuldb.com/?ip.46.2.255.122) | - | - | High
|
||||
200 | [46.8.211.72](https://vuldb.com/?ip.46.8.211.72) | - | - | High
|
||||
201 | [46.105.127.143](https://vuldb.com/?ip.46.105.127.143) | ns385442.ip-46-105-127.eu | - | High
|
||||
202 | [46.183.216.163](https://vuldb.com/?ip.46.183.216.163) | tagoe.lstartanalystconcepts.org.uk | - | High
|
||||
203 | [46.183.217.11](https://vuldb.com/?ip.46.183.217.11) | raimis.comanchor.com | - | High
|
||||
204 | [46.183.220.61](https://vuldb.com/?ip.46.183.220.61) | ip-220-61.dataclub.info | - | High
|
||||
205 | [46.183.220.67](https://vuldb.com/?ip.46.183.220.67) | ip-220-67.dataclub.info | - | High
|
||||
206 | [46.183.220.203](https://vuldb.com/?ip.46.183.220.203) | ip-220-203.dataclub.info | - | High
|
||||
207 | [46.183.223.57](https://vuldb.com/?ip.46.183.223.57) | ip-223-57.dataclub.info | - | High
|
||||
208 | [46.243.147.194](https://vuldb.com/?ip.46.243.147.194) | - | - | High
|
||||
209 | [46.243.239.36](https://vuldb.com/?ip.46.243.239.36) | - | - | High
|
||||
210 | [46.243.239.153](https://vuldb.com/?ip.46.243.239.153) | - | - | High
|
||||
211 | [46.243.249.150](https://vuldb.com/?ip.46.243.249.150) | - | - | High
|
||||
212 | [46.246.80.68](https://vuldb.com/?ip.46.246.80.68) | c-46-246-80-68.ip4.frootvpn.com | - | High
|
||||
213 | [47.254.172.117](https://vuldb.com/?ip.47.254.172.117) | - | - | High
|
||||
214 | [50.16.234.229](https://vuldb.com/?ip.50.16.234.229) | ec2-50-16-234-229.compute-1.amazonaws.com | - | Medium
|
||||
215 | [50.63.202.36](https://vuldb.com/?ip.50.63.202.36) | ip-50-63-202-36.ip.secureserver.net | - | High
|
||||
216 | [51.15.229.127](https://vuldb.com/?ip.51.15.229.127) | 127-229-15-51.instances.scw.cloud | - | High
|
||||
217 | [51.75.209.242](https://vuldb.com/?ip.51.75.209.242) | ip242.ip-51-75-209.eu | - | High
|
||||
218 | [51.75.209.245](https://vuldb.com/?ip.51.75.209.245) | ip245.ip-51-75-209.eu | - | High
|
||||
219 | [51.81.193.203](https://vuldb.com/?ip.51.81.193.203) | ip203.ip-51-81-193.us | - | High
|
||||
220 | [51.91.236.193](https://vuldb.com/?ip.51.91.236.193) | cluster028.hosting.ovh.net | - | High
|
||||
221 | [51.103.16.165](https://vuldb.com/?ip.51.103.16.165) | - | - | High
|
||||
222 | [51.161.212.232](https://vuldb.com/?ip.51.161.212.232) | ip232.ip-51-161-212.net | - | High
|
||||
223 | [51.195.57.234](https://vuldb.com/?ip.51.195.57.234) | ip234.ip-51-195-57.eu | - | High
|
||||
224 | ... | ... | ... | ...
|
||||
15 | [5.253.114.108](https://vuldb.com/?ip.5.253.114.108) | - | - | High
|
||||
16 | [6.43.51.17](https://vuldb.com/?ip.6.43.51.17) | - | - | High
|
||||
17 | [8.253.139.120](https://vuldb.com/?ip.8.253.139.120) | - | - | High
|
||||
18 | [10.11.0.5](https://vuldb.com/?ip.10.11.0.5) | - | - | High
|
||||
19 | [10.15.0.17](https://vuldb.com/?ip.10.15.0.17) | - | - | High
|
||||
20 | [10.15.0.18](https://vuldb.com/?ip.10.15.0.18) | - | - | High
|
||||
21 | [10.15.0.19](https://vuldb.com/?ip.10.15.0.19) | - | - | High
|
||||
22 | [10.15.0.23](https://vuldb.com/?ip.10.15.0.23) | - | - | High
|
||||
23 | [10.15.0.30](https://vuldb.com/?ip.10.15.0.30) | - | - | High
|
||||
24 | [10.16.0.13](https://vuldb.com/?ip.10.16.0.13) | - | - | High
|
||||
25 | [10.16.0.18](https://vuldb.com/?ip.10.16.0.18) | - | - | High
|
||||
26 | [10.16.0.30](https://vuldb.com/?ip.10.16.0.30) | - | - | High
|
||||
27 | [10.140.226.6](https://vuldb.com/?ip.10.140.226.6) | - | - | High
|
||||
28 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
29 | [13.107.42.12](https://vuldb.com/?ip.13.107.42.12) | 1drv.ms | - | High
|
||||
30 | [13.107.42.13](https://vuldb.com/?ip.13.107.42.13) | - | - | High
|
||||
31 | [13.107.43.12](https://vuldb.com/?ip.13.107.43.12) | - | - | High
|
||||
32 | [13.107.43.13](https://vuldb.com/?ip.13.107.43.13) | - | - | High
|
||||
33 | [13.225.214.71](https://vuldb.com/?ip.13.225.214.71) | server-13-225-214-71.ewr50.r.cloudfront.net | - | High
|
||||
34 | [13.225.214.91](https://vuldb.com/?ip.13.225.214.91) | server-13-225-214-91.ewr50.r.cloudfront.net | - | High
|
||||
35 | [13.225.214.108](https://vuldb.com/?ip.13.225.214.108) | server-13-225-214-108.ewr50.r.cloudfront.net | - | High
|
||||
36 | [13.225.230.20](https://vuldb.com/?ip.13.225.230.20) | server-13-225-230-20.jfk51.r.cloudfront.net | - | High
|
||||
37 | [13.250.255.10](https://vuldb.com/?ip.13.250.255.10) | ec2-13-250-255-10.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
38 | [15.197.142.173](https://vuldb.com/?ip.15.197.142.173) | a4ec4c6ea1c92e2e6.awsglobalaccelerator.com | - | High
|
||||
39 | [15.235.53.10](https://vuldb.com/?ip.15.235.53.10) | ns5012329.ip-15-235-53.net | - | High
|
||||
40 | [15.237.137.33](https://vuldb.com/?ip.15.237.137.33) | ec2-15-237-137-33.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
41 | [18.214.132.216](https://vuldb.com/?ip.18.214.132.216) | ec2-18-214-132-216.compute-1.amazonaws.com | - | Medium
|
||||
42 | [18.218.132.40](https://vuldb.com/?ip.18.218.132.40) | ec2-18-218-132-40.us-east-2.compute.amazonaws.com | - | Medium
|
||||
43 | [20.7.43.70](https://vuldb.com/?ip.20.7.43.70) | - | - | High
|
||||
44 | [20.36.253.92](https://vuldb.com/?ip.20.36.253.92) | - | - | High
|
||||
45 | [20.38.32.202](https://vuldb.com/?ip.20.38.32.202) | - | - | High
|
||||
46 | [20.42.73.27](https://vuldb.com/?ip.20.42.73.27) | - | - | High
|
||||
47 | [20.69.164.162](https://vuldb.com/?ip.20.69.164.162) | - | - | High
|
||||
48 | [20.106.76.138](https://vuldb.com/?ip.20.106.76.138) | - | - | High
|
||||
49 | [20.106.94.110](https://vuldb.com/?ip.20.106.94.110) | - | - | High
|
||||
50 | [20.110.185.77](https://vuldb.com/?ip.20.110.185.77) | - | - | High
|
||||
51 | [20.110.197.26](https://vuldb.com/?ip.20.110.197.26) | - | - | High
|
||||
52 | [20.112.83.244](https://vuldb.com/?ip.20.112.83.244) | - | - | High
|
||||
53 | [20.114.21.181](https://vuldb.com/?ip.20.114.21.181) | - | - | High
|
||||
54 | [20.124.111.166](https://vuldb.com/?ip.20.124.111.166) | - | - | High
|
||||
55 | [20.190.151.7](https://vuldb.com/?ip.20.190.151.7) | - | - | High
|
||||
56 | [20.190.151.8](https://vuldb.com/?ip.20.190.151.8) | - | - | High
|
||||
57 | [20.190.151.68](https://vuldb.com/?ip.20.190.151.68) | - | - | High
|
||||
58 | [20.190.151.70](https://vuldb.com/?ip.20.190.151.70) | - | - | High
|
||||
59 | [20.190.151.131](https://vuldb.com/?ip.20.190.151.131) | - | - | High
|
||||
60 | [20.190.151.132](https://vuldb.com/?ip.20.190.151.132) | - | - | High
|
||||
61 | [20.190.151.133](https://vuldb.com/?ip.20.190.151.133) | - | - | High
|
||||
62 | [20.190.152.21](https://vuldb.com/?ip.20.190.152.21) | - | - | High
|
||||
63 | [20.190.154.139](https://vuldb.com/?ip.20.190.154.139) | - | - | High
|
||||
64 | [20.225.154.34](https://vuldb.com/?ip.20.225.154.34) | - | - | High
|
||||
65 | [20.251.10.189](https://vuldb.com/?ip.20.251.10.189) | - | - | High
|
||||
66 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
67 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
68 | [23.19.227.82](https://vuldb.com/?ip.23.19.227.82) | - | - | High
|
||||
69 | [23.19.227.171](https://vuldb.com/?ip.23.19.227.171) | - | - | High
|
||||
70 | [23.19.227.243](https://vuldb.com/?ip.23.19.227.243) | - | - | High
|
||||
71 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
72 | [23.21.205.229](https://vuldb.com/?ip.23.21.205.229) | ec2-23-21-205-229.compute-1.amazonaws.com | - | Medium
|
||||
73 | [23.21.213.140](https://vuldb.com/?ip.23.21.213.140) | ec2-23-21-213-140.compute-1.amazonaws.com | - | Medium
|
||||
74 | [23.38.131.139](https://vuldb.com/?ip.23.38.131.139) | a23-38-131-139.deploy.static.akamaitechnologies.com | - | High
|
||||
75 | [23.46.239.18](https://vuldb.com/?ip.23.46.239.18) | a23-46-239-18.deploy.static.akamaitechnologies.com | - | High
|
||||
76 | [23.56.9.181](https://vuldb.com/?ip.23.56.9.181) | a23-56-9-181.deploy.static.akamaitechnologies.com | - | High
|
||||
77 | [23.78.173.83](https://vuldb.com/?ip.23.78.173.83) | a23-78-173-83.deploy.static.akamaitechnologies.com | - | High
|
||||
78 | [23.82.12.29](https://vuldb.com/?ip.23.82.12.29) | - | - | High
|
||||
79 | [23.105.131.132](https://vuldb.com/?ip.23.105.131.132) | mail132.nessfist.com | - | High
|
||||
80 | [23.105.131.141](https://vuldb.com/?ip.23.105.131.141) | mail141.nessfist.com | - | High
|
||||
81 | [23.105.131.186](https://vuldb.com/?ip.23.105.131.186) | mail186.nessfist.com | - | High
|
||||
82 | [23.105.131.193](https://vuldb.com/?ip.23.105.131.193) | - | - | High
|
||||
83 | [23.105.131.206](https://vuldb.com/?ip.23.105.131.206) | mail206.nessfist.com | - | High
|
||||
84 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | - | - | High
|
||||
85 | [23.105.131.211](https://vuldb.com/?ip.23.105.131.211) | mail211.nessfist.com | - | High
|
||||
86 | [23.105.131.220](https://vuldb.com/?ip.23.105.131.220) | mail220.nessfist.com | - | High
|
||||
87 | [23.105.131.222](https://vuldb.com/?ip.23.105.131.222) | - | - | High
|
||||
88 | [23.105.131.235](https://vuldb.com/?ip.23.105.131.235) | mail235.nessfist.com | - | High
|
||||
89 | [23.105.131.238](https://vuldb.com/?ip.23.105.131.238) | mail238.nessfist.com | - | High
|
||||
90 | [23.105.131.244](https://vuldb.com/?ip.23.105.131.244) | mail244.nessfist.com | - | High
|
||||
91 | [23.106.124.111](https://vuldb.com/?ip.23.106.124.111) | - | - | High
|
||||
92 | [23.146.242.71](https://vuldb.com/?ip.23.146.242.71) | - | - | High
|
||||
93 | [23.146.242.110](https://vuldb.com/?ip.23.146.242.110) | - | - | High
|
||||
94 | [23.196.74.222](https://vuldb.com/?ip.23.196.74.222) | a23-196-74-222.deploy.static.akamaitechnologies.com | - | High
|
||||
95 | [23.199.63.11](https://vuldb.com/?ip.23.199.63.11) | a23-199-63-11.deploy.static.akamaitechnologies.com | - | High
|
||||
96 | [23.199.63.83](https://vuldb.com/?ip.23.199.63.83) | a23-199-63-83.deploy.static.akamaitechnologies.com | - | High
|
||||
97 | [23.223.37.181](https://vuldb.com/?ip.23.223.37.181) | a23-223-37-181.deploy.static.akamaitechnologies.com | - | High
|
||||
98 | [23.226.128.197](https://vuldb.com/?ip.23.226.128.197) | 23.226.128.197.static.quadranet.com | - | High
|
||||
99 | [23.227.38.74](https://vuldb.com/?ip.23.227.38.74) | - | - | High
|
||||
100 | [24.152.37.94](https://vuldb.com/?ip.24.152.37.94) | 24-152-37-94.masterdaweb.com | - | High
|
||||
101 | [31.3.152.100](https://vuldb.com/?ip.31.3.152.100) | 100.152.3.31.in-addr.arpa | - | High
|
||||
102 | [31.192.232.48](https://vuldb.com/?ip.31.192.232.48) | lindaj18.barber.pserver.space | - | High
|
||||
103 | [31.210.20.56](https://vuldb.com/?ip.31.210.20.56) | - | - | High
|
||||
104 | [31.210.20.130](https://vuldb.com/?ip.31.210.20.130) | - | - | High
|
||||
105 | [31.210.20.224](https://vuldb.com/?ip.31.210.20.224) | - | - | High
|
||||
106 | [31.210.20.236](https://vuldb.com/?ip.31.210.20.236) | - | - | High
|
||||
107 | [31.210.21.205](https://vuldb.com/?ip.31.210.21.205) | lit4.top | - | High
|
||||
108 | [34.96.116.138](https://vuldb.com/?ip.34.96.116.138) | 138.116.96.34.bc.googleusercontent.com | - | Medium
|
||||
109 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
110 | [34.117.168.233](https://vuldb.com/?ip.34.117.168.233) | 233.168.117.34.bc.googleusercontent.com | - | Medium
|
||||
111 | [34.192.250.175](https://vuldb.com/?ip.34.192.250.175) | ec2-34-192-250-175.compute-1.amazonaws.com | - | Medium
|
||||
112 | [34.197.12.81](https://vuldb.com/?ip.34.197.12.81) | ec2-34-197-12-81.compute-1.amazonaws.com | - | Medium
|
||||
113 | [34.202.33.33](https://vuldb.com/?ip.34.202.33.33) | ec2-34-202-33-33.compute-1.amazonaws.com | - | Medium
|
||||
114 | [34.239.194.181](https://vuldb.com/?ip.34.239.194.181) | ec2-34-239-194-181.compute-1.amazonaws.com | - | Medium
|
||||
115 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
116 | [35.214.144.124](https://vuldb.com/?ip.35.214.144.124) | 124.144.214.35.bc.googleusercontent.com | - | Medium
|
||||
117 | [37.0.10.217](https://vuldb.com/?ip.37.0.10.217) | - | - | High
|
||||
118 | [37.0.11.114](https://vuldb.com/?ip.37.0.11.114) | - | - | High
|
||||
119 | [37.0.11.230](https://vuldb.com/?ip.37.0.11.230) | - | - | High
|
||||
120 | [37.0.14.195](https://vuldb.com/?ip.37.0.14.195) | - | - | High
|
||||
121 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
122 | [37.0.14.199](https://vuldb.com/?ip.37.0.14.199) | - | - | High
|
||||
123 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
124 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
125 | [37.0.14.206](https://vuldb.com/?ip.37.0.14.206) | - | - | High
|
||||
126 | [37.0.14.207](https://vuldb.com/?ip.37.0.14.207) | - | - | High
|
||||
127 | [37.0.14.209](https://vuldb.com/?ip.37.0.14.209) | - | - | High
|
||||
128 | [37.0.14.210](https://vuldb.com/?ip.37.0.14.210) | host-37-0-14-210.static.deli-one.co.uk | - | High
|
||||
129 | [37.0.14.211](https://vuldb.com/?ip.37.0.14.211) | - | - | High
|
||||
130 | [37.0.14.216](https://vuldb.com/?ip.37.0.14.216) | - | - | High
|
||||
131 | [37.0.14.217](https://vuldb.com/?ip.37.0.14.217) | - | - | High
|
||||
132 | [37.1.206.16](https://vuldb.com/?ip.37.1.206.16) | free.ispiria.net | - | High
|
||||
133 | [37.1.206.146](https://vuldb.com/?ip.37.1.206.146) | - | - | High
|
||||
134 | [37.19.193.217](https://vuldb.com/?ip.37.19.193.217) | unn-37-19-193-217.cdn77.com | - | High
|
||||
135 | [37.46.150.211](https://vuldb.com/?ip.37.46.150.211) | convert-concern.needratio.com | - | High
|
||||
136 | [37.120.138.222](https://vuldb.com/?ip.37.120.138.222) | - | - | High
|
||||
137 | [37.120.155.179](https://vuldb.com/?ip.37.120.155.179) | - | - | High
|
||||
138 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
139 | [37.120.217.243](https://vuldb.com/?ip.37.120.217.243) | - | - | High
|
||||
140 | [37.123.118.150](https://vuldb.com/?ip.37.123.118.150) | - | - | High
|
||||
141 | [37.139.64.106](https://vuldb.com/?ip.37.139.64.106) | - | - | High
|
||||
142 | [37.139.128.4](https://vuldb.com/?ip.37.139.128.4) | - | - | High
|
||||
143 | [37.139.128.24](https://vuldb.com/?ip.37.139.128.24) | - | - | High
|
||||
144 | [37.139.129.142](https://vuldb.com/?ip.37.139.129.142) | - | - | High
|
||||
145 | [37.230.130.153](https://vuldb.com/?ip.37.230.130.153) | - | - | High
|
||||
146 | [37.230.178.57](https://vuldb.com/?ip.37.230.178.57) | - | - | High
|
||||
147 | [37.235.1.174](https://vuldb.com/?ip.37.235.1.174) | resolver1.freedns.zone.powered.by.virtexxa.com | - | High
|
||||
148 | [37.235.1.177](https://vuldb.com/?ip.37.235.1.177) | resolver2.freedns.zone.powered.by.virtexxa.com | - | High
|
||||
149 | [38.26.191.78](https://vuldb.com/?ip.38.26.191.78) | - | - | High
|
||||
150 | [38.68.53.190](https://vuldb.com/?ip.38.68.53.190) | - | - | High
|
||||
151 | [38.242.134.118](https://vuldb.com/?ip.38.242.134.118) | vmi997441.contaboserver.net | - | High
|
||||
152 | [38.242.246.175](https://vuldb.com/?ip.38.242.246.175) | vmi838644.contaboserver.net | - | High
|
||||
153 | [40.126.26.134](https://vuldb.com/?ip.40.126.26.134) | - | - | High
|
||||
154 | [40.126.28.12](https://vuldb.com/?ip.40.126.28.12) | - | - | High
|
||||
155 | [40.126.28.22](https://vuldb.com/?ip.40.126.28.22) | - | - | High
|
||||
156 | [41.190.3.209](https://vuldb.com/?ip.41.190.3.209) | www.9mobile.com.ng | - | High
|
||||
157 | [41.216.183.96](https://vuldb.com/?ip.41.216.183.96) | - | - | High
|
||||
158 | [41.216.183.195](https://vuldb.com/?ip.41.216.183.195) | - | - | High
|
||||
159 | [41.216.183.226](https://vuldb.com/?ip.41.216.183.226) | - | - | High
|
||||
160 | [43.226.229.83](https://vuldb.com/?ip.43.226.229.83) | - | - | High
|
||||
161 | [44.230.27.49](https://vuldb.com/?ip.44.230.27.49) | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | - | Medium
|
||||
162 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
|
||||
163 | [45.12.253.190](https://vuldb.com/?ip.45.12.253.190) | - | - | High
|
||||
164 | [45.15.143.148](https://vuldb.com/?ip.45.15.143.148) | - | - | High
|
||||
165 | [45.62.170.248](https://vuldb.com/?ip.45.62.170.248) | - | - | High
|
||||
166 | [45.66.151.212](https://vuldb.com/?ip.45.66.151.212) | - | - | High
|
||||
167 | [45.67.231.82](https://vuldb.com/?ip.45.67.231.82) | vm906070.stark-industries.solutions | - | High
|
||||
168 | [45.74.32.12](https://vuldb.com/?ip.45.74.32.12) | - | - | High
|
||||
169 | [45.81.39.21](https://vuldb.com/?ip.45.81.39.21) | - | - | High
|
||||
170 | [45.81.243.246](https://vuldb.com/?ip.45.81.243.246) | - | - | High
|
||||
171 | [45.82.84.10](https://vuldb.com/?ip.45.82.84.10) | 45.82.84.10.deltahost-ptr | - | High
|
||||
172 | [45.83.129.166](https://vuldb.com/?ip.45.83.129.166) | - | - | High
|
||||
173 | [45.87.61.104](https://vuldb.com/?ip.45.87.61.104) | - | - | High
|
||||
174 | [45.88.66.122](https://vuldb.com/?ip.45.88.66.122) | runningegg.xyz | - | High
|
||||
175 | [45.90.222.204](https://vuldb.com/?ip.45.90.222.204) | 45-90-222-204-hostedby.bcr.host | - | High
|
||||
176 | [45.95.168.62](https://vuldb.com/?ip.45.95.168.62) | maxko-hosting.com | - | High
|
||||
177 | [45.128.234.54](https://vuldb.com/?ip.45.128.234.54) | - | - | High
|
||||
178 | [45.133.1.34](https://vuldb.com/?ip.45.133.1.34) | - | - | High
|
||||
179 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
180 | [45.133.1.72](https://vuldb.com/?ip.45.133.1.72) | - | - | High
|
||||
181 | [45.133.174.55](https://vuldb.com/?ip.45.133.174.55) | - | - | High
|
||||
182 | [45.133.174.77](https://vuldb.com/?ip.45.133.174.77) | - | - | High
|
||||
183 | [45.133.174.177](https://vuldb.com/?ip.45.133.174.177) | - | - | High
|
||||
184 | [45.133.174.187](https://vuldb.com/?ip.45.133.174.187) | - | - | High
|
||||
185 | [45.137.22.52](https://vuldb.com/?ip.45.137.22.52) | hosted-by.rootlayer.net | - | High
|
||||
186 | [45.137.22.77](https://vuldb.com/?ip.45.137.22.77) | mail.governorsperic.xyz | - | High
|
||||
187 | [45.137.22.101](https://vuldb.com/?ip.45.137.22.101) | hosted-by.rootlayer.net | - | High
|
||||
188 | [45.137.22.104](https://vuldb.com/?ip.45.137.22.104) | hosted-by.rootlayer.net | - | High
|
||||
189 | [45.137.22.107](https://vuldb.com/?ip.45.137.22.107) | hosted-by.rootlayer.net | - | High
|
||||
190 | [45.137.22.116](https://vuldb.com/?ip.45.137.22.116) | hosted-by.rootlayer.net | - | High
|
||||
191 | [45.137.22.236](https://vuldb.com/?ip.45.137.22.236) | hosted-by.rootlayer.net | - | High
|
||||
192 | [45.137.22.248](https://vuldb.com/?ip.45.137.22.248) | hosted-by.rootlayer.net | - | High
|
||||
193 | [45.137.116.253](https://vuldb.com/?ip.45.137.116.253) | rs-zap1025641-3.zap-srv.com | - | High
|
||||
194 | [45.137.118.105](https://vuldb.com/?ip.45.137.118.105) | - | - | High
|
||||
195 | [45.138.16.39](https://vuldb.com/?ip.45.138.16.39) | - | - | High
|
||||
196 | [45.138.172.94](https://vuldb.com/?ip.45.138.172.94) | - | - | High
|
||||
197 | [45.139.105.174](https://vuldb.com/?ip.45.139.105.174) | - | - | High
|
||||
198 | [45.141.152.68](https://vuldb.com/?ip.45.141.152.68) | 45-141-152-68.pool.ovpn.com | - | High
|
||||
199 | [45.144.225.112](https://vuldb.com/?ip.45.144.225.112) | - | - | High
|
||||
200 | [45.144.225.213](https://vuldb.com/?ip.45.144.225.213) | - | - | High
|
||||
201 | [45.144.225.221](https://vuldb.com/?ip.45.144.225.221) | - | - | High
|
||||
202 | [45.148.17.62](https://vuldb.com/?ip.45.148.17.62) | mail.spokel.se | - | High
|
||||
203 | [45.154.4.64](https://vuldb.com/?ip.45.154.4.64) | - | - | High
|
||||
204 | [45.155.165.117](https://vuldb.com/?ip.45.155.165.117) | - | - | High
|
||||
205 | [45.155.165.139](https://vuldb.com/?ip.45.155.165.139) | - | - | High
|
||||
206 | [45.155.165.160](https://vuldb.com/?ip.45.155.165.160) | - | - | High
|
||||
207 | [46.2.255.122](https://vuldb.com/?ip.46.2.255.122) | - | - | High
|
||||
208 | [46.8.211.72](https://vuldb.com/?ip.46.8.211.72) | - | - | High
|
||||
209 | [46.105.127.143](https://vuldb.com/?ip.46.105.127.143) | ns385442.ip-46-105-127.eu | - | High
|
||||
210 | [46.183.216.163](https://vuldb.com/?ip.46.183.216.163) | tagoe.lstartanalystconcepts.org.uk | - | High
|
||||
211 | [46.183.217.11](https://vuldb.com/?ip.46.183.217.11) | raimis.comanchor.com | - | High
|
||||
212 | [46.183.220.61](https://vuldb.com/?ip.46.183.220.61) | ip-220-61.dataclub.info | - | High
|
||||
213 | [46.183.220.67](https://vuldb.com/?ip.46.183.220.67) | ip-220-67.dataclub.info | - | High
|
||||
214 | [46.183.220.203](https://vuldb.com/?ip.46.183.220.203) | ip-220-203.dataclub.info | - | High
|
||||
215 | [46.183.223.57](https://vuldb.com/?ip.46.183.223.57) | ip-223-57.dataclub.info | - | High
|
||||
216 | [46.243.147.194](https://vuldb.com/?ip.46.243.147.194) | - | - | High
|
||||
217 | [46.243.239.36](https://vuldb.com/?ip.46.243.239.36) | - | - | High
|
||||
218 | [46.243.239.153](https://vuldb.com/?ip.46.243.239.153) | - | - | High
|
||||
219 | [46.243.249.150](https://vuldb.com/?ip.46.243.249.150) | - | - | High
|
||||
220 | [46.246.6.9](https://vuldb.com/?ip.46.246.6.9) | c-46-246-6-9.ip4.frootvpn.com | - | High
|
||||
221 | [46.246.80.68](https://vuldb.com/?ip.46.246.80.68) | c-46-246-80-68.ip4.frootvpn.com | - | High
|
||||
222 | [47.254.172.117](https://vuldb.com/?ip.47.254.172.117) | - | - | High
|
||||
223 | [50.16.234.229](https://vuldb.com/?ip.50.16.234.229) | ec2-50-16-234-229.compute-1.amazonaws.com | - | Medium
|
||||
224 | [50.63.202.36](https://vuldb.com/?ip.50.63.202.36) | ip-50-63-202-36.ip.secureserver.net | - | High
|
||||
225 | [51.15.229.127](https://vuldb.com/?ip.51.15.229.127) | 127-229-15-51.instances.scw.cloud | - | High
|
||||
226 | [51.75.209.242](https://vuldb.com/?ip.51.75.209.242) | ip242.ip-51-75-209.eu | - | High
|
||||
227 | [51.75.209.245](https://vuldb.com/?ip.51.75.209.245) | ip245.ip-51-75-209.eu | - | High
|
||||
228 | [51.81.193.203](https://vuldb.com/?ip.51.81.193.203) | ip203.ip-51-81-193.us | - | High
|
||||
229 | [51.91.236.193](https://vuldb.com/?ip.51.91.236.193) | cluster028.hosting.ovh.net | - | High
|
||||
230 | [51.103.16.165](https://vuldb.com/?ip.51.103.16.165) | - | - | High
|
||||
231 | [51.161.212.232](https://vuldb.com/?ip.51.161.212.232) | ip232.ip-51-161-212.net | - | High
|
||||
232 | [51.195.57.234](https://vuldb.com/?ip.51.195.57.234) | ip234.ip-51-195-57.eu | - | High
|
||||
233 | [51.210.137.26](https://vuldb.com/?ip.51.210.137.26) | ip26.ip-51-210-137.eu | - | High
|
||||
234 | ... | ... | ... | ...
|
||||
|
||||
There are 891 more IOC items available. Please use our online service to access the data.
|
||||
There are 933 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -260,7 +270,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-27, CWE-36, CWE-37, CWE-50 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
@ -275,12 +285,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?ajax-request=jnews` | High
|
||||
2 | File | `/admin/delete_user.php` | High
|
||||
3 | File | `/admin/index2.html` | High
|
||||
4 | File | `/admin/products/manage_product.php` | High
|
||||
5 | File | `/admin/userprofile.php` | High
|
||||
6 | File | `/administrator/components/table_manager/` | High
|
||||
1 | File | `/admin/edit_subject.php` | High
|
||||
2 | File | `/admin/index2.html` | High
|
||||
3 | File | `/admin/products/manage_product.php` | High
|
||||
4 | File | `/admin/userprofile.php` | High
|
||||
5 | File | `/administrator/components/table_manager/` | High
|
||||
6 | File | `/api/login` | Medium
|
||||
7 | File | `/blog/blog.php` | High
|
||||
8 | File | `/BRS_netgear_success.html` | High
|
||||
9 | File | `/cgi-bin-sdb/ExportSettings.sh` | High
|
||||
|
@ -290,40 +300,39 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/databases/database/list` | High
|
||||
14 | File | `/dcim/rack-roles/` | High
|
||||
15 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
16 | File | `/edoc/doctor/patient.php` | High
|
||||
17 | File | `/etc/sudoers` | Medium
|
||||
18 | File | `/ext/phar/phar_object.c` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/goform/aspForm` | High
|
||||
21 | File | `/inc/topBarNav.php` | High
|
||||
22 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
23 | File | `/iwgallery/pictures/details.asp` | High
|
||||
24 | File | `/kelas/data` | Medium
|
||||
25 | File | `/kelasdosen/data` | High
|
||||
26 | File | `/librarian/bookdetails.php` | High
|
||||
27 | File | `/mcategory.php` | High
|
||||
28 | File | `/messageboard/view.php` | High
|
||||
29 | File | `/mhds/clinic/view_details.php` | High
|
||||
30 | File | `/MIME/INBOX-MM-1/` | High
|
||||
31 | File | `/movie.php` | Medium
|
||||
32 | File | `/osm/REGISTER.cmd` | High
|
||||
33 | File | `/out.php` | Medium
|
||||
34 | File | `/reservation/add_message.php` | High
|
||||
35 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
36 | File | `/reviewer_0/admins/assessments/pretest/questions-view.php` | High
|
||||
37 | File | `/rom-0` | Low
|
||||
38 | File | `/sbin/orthrus` | High
|
||||
39 | File | `/sbin/rtspd` | Medium
|
||||
40 | File | `/textpattern/index.php` | High
|
||||
41 | File | `/tmp` | Low
|
||||
42 | File | `/uncpath/` | Medium
|
||||
43 | File | `/usr/bin/at` | Medium
|
||||
44 | File | `/var/www/video/mp4ts` | High
|
||||
45 | File | `/wabt/bin/poc.wasm` | High
|
||||
46 | File | `/wp-admin/admin-ajax.php` | High
|
||||
47 | ... | ... | ...
|
||||
16 | File | `/ext/phar/phar_object.c` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/goform/aspForm` | High
|
||||
19 | File | `/inc/topBarNav.php` | High
|
||||
20 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
21 | File | `/iwgallery/pictures/details.asp` | High
|
||||
22 | File | `/kelas/data` | Medium
|
||||
23 | File | `/kelasdosen/data` | High
|
||||
24 | File | `/librarian/bookdetails.php` | High
|
||||
25 | File | `/mcategory.php` | High
|
||||
26 | File | `/messageboard/view.php` | High
|
||||
27 | File | `/mhds/clinic/view_details.php` | High
|
||||
28 | File | `/MIME/INBOX-MM-1/` | High
|
||||
29 | File | `/movie.php` | Medium
|
||||
30 | File | `/osm/REGISTER.cmd` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
33 | File | `/sbin/orthrus` | High
|
||||
34 | File | `/sbin/rtspd` | Medium
|
||||
35 | File | `/send_order.cgi?parameter=restart` | High
|
||||
36 | File | `/textpattern/index.php` | High
|
||||
37 | File | `/tmp` | Low
|
||||
38 | File | `/uncpath/` | Medium
|
||||
39 | File | `/var/www/video/mp4ts` | High
|
||||
40 | File | `/view-pass-detail.php` | High
|
||||
41 | File | `/wp-admin/admin-ajax.php` | High
|
||||
42 | File | `123flashchat.php` | High
|
||||
43 | File | `404.php` | Low
|
||||
44 | File | `ActiveServices.java` | High
|
||||
45 | File | `adclick.php` | Medium
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 404 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 396 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -345,10 +354,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/0c0a9b0df586ceb12e6b76f86473a2bf2db7cb9d8101dc90217959e9d12d48b4/
|
||||
* https://bazaar.abuse.ch/sample/0ca246e6325bfa1bd4aa4f743a259d4c3553a316a44665a5a21d5d5132b893c0/
|
||||
* https://bazaar.abuse.ch/sample/0d0f9ca99e1de30499a97020eb01a4cda5744eadff4faf56a79f8080c515002c/
|
||||
* https://bazaar.abuse.ch/sample/0d771bed67134df3cfcbafe953d9378ca9a40ba93f05f726b9286638a08318e4/
|
||||
* https://bazaar.abuse.ch/sample/0d537286511634e32a07e7b3e21113b5f96205f4dfb5cf99b4ca139e1af9a5a8/
|
||||
* https://bazaar.abuse.ch/sample/0ef3738b3a12244f1d7f008f729234c3ebf09060a991d156500cdfda696958ed/
|
||||
* https://bazaar.abuse.ch/sample/0f27e5f647e28a535aa0ab9dde5c707150431f10c62d12f1e192ea02d698b3e4/
|
||||
* https://bazaar.abuse.ch/sample/0f94dbc5795808376e1f58af647fe522762836503be7c601a76a59b538f8e9f1/
|
||||
* https://bazaar.abuse.ch/sample/0f611b87697a816d5b37f745fa94c89315327ba3458c190fe41efd891ccd5196/
|
||||
* https://bazaar.abuse.ch/sample/0fe89951109e6ef6331f9c96ee018493fdfc88e063a8a42e0ec369c9514c95d6/
|
||||
* https://bazaar.abuse.ch/sample/0005221f680e052526e38e898d16b9bc7c943c7525684215374e0798835d021d/
|
||||
* https://bazaar.abuse.ch/sample/01b1f2041aaba6815657a7a7409a0843868459fa3cabf0c377a83862ac88a27f/
|
||||
|
@ -359,6 +370,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/0263f401d5624ac940224924776925bf38008ebdda2ea5135e66db9c3e5758ad/
|
||||
* https://bazaar.abuse.ch/sample/03541b2cf3bf022eda584b9ead6b6edeb7a47e8ccaa99b2415ee56694c9868cb/
|
||||
* https://bazaar.abuse.ch/sample/039336033932a8d182cf4f3d4fa93a738d2b1a2ccd9c6bdcb961c0cfad8d7aba/
|
||||
* https://bazaar.abuse.ch/sample/0457877267dc59b12e52c15a7167ab493eb2a25cfb5daefb6c008144e9da5f43/
|
||||
* https://bazaar.abuse.ch/sample/051552af5a1c92a6fbe46493e399e441727e9d65dbdf5e702210f218c256a305/
|
||||
* https://bazaar.abuse.ch/sample/0621145f12965ae3092c5cf0114eb7948b342d3273bb53b75faecaad02d987fb/
|
||||
* https://bazaar.abuse.ch/sample/08c829e7056b8e022539076acbc962dea072e6506184d4036b785cb0e4592371/
|
||||
|
@ -384,6 +396,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/3a573796b5e6f1cc3a92eef7e268fa4e74aeddf34f5dd62f7b02109fe560ecd2/
|
||||
* https://bazaar.abuse.ch/sample/3bf1e10ec328ccd9d99e88e2767686851c501426c946ba4e86248d409e880b35/
|
||||
* https://bazaar.abuse.ch/sample/3bf702bc7bf2ff4c9688b572fbf657112d7c6e6adc76f1ca2ff8247a6e304497/
|
||||
* https://bazaar.abuse.ch/sample/3c2b603e5f2c4bf67f3e240cff2daa7ffca9703ce808e9893f446963ff72eb1e/
|
||||
* https://bazaar.abuse.ch/sample/3ce969a94f4bc8dec526e3551626d7e3639bae986304deba85e8f29f039fe345/
|
||||
* https://bazaar.abuse.ch/sample/3d4ffcd1cd594f452ad1c374933eea8dd36d21a6d01372cc7f1afc636d26fa72/
|
||||
* https://bazaar.abuse.ch/sample/3e95a3d6fa66dde612e6c43e15acd6e7b825ddb520ea562ad8f256190f2d21b8/
|
||||
|
@ -434,6 +447,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/8b634e4b3e83df2eca465217d91ae46505587a6392171790883c619f8c599f05/
|
||||
* https://bazaar.abuse.ch/sample/8c10d08c8a744ec9d6380e1482ceaa6fa3108dbe176405d31a351b0852bf3435/
|
||||
* https://bazaar.abuse.ch/sample/8c40b3231173a6f2ced3ae964beb7b38c87b683c396fd6c67899eaae9ad73f4c/
|
||||
* https://bazaar.abuse.ch/sample/8c80ec1c91dcd77ea0be5d0e53e289a6bc0ed764a12f9262ba979f579bb25591/
|
||||
* https://bazaar.abuse.ch/sample/8e5008a722fca288f7d181187530843867073db7d7d15c4681669608bf41dbfe/
|
||||
* https://bazaar.abuse.ch/sample/8ed64df164d8b7875da48a0cfb46b23e1eca448efd5d8b142c0c94e2ece367fe/
|
||||
* https://bazaar.abuse.ch/sample/9abc6ddcc2996af46ee685ba210218589355a295a78eda3a7b5cc353c84f41dd/
|
||||
|
@ -443,8 +457,10 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/9d524a914beb136ee8fdb96a99e046babcb3494c9f52b9f5ed5bf0c057beeb84/
|
||||
* https://bazaar.abuse.ch/sample/9d6522fa46c7e1a5ce5020bf380198b6356c3d70f298a7f03e0394d8bfd632fd/
|
||||
* https://bazaar.abuse.ch/sample/9e04041dd5e56b2a13ff2128934b2c2e1f9d0c37bb0b96132c658d30d66a83d9/
|
||||
* https://bazaar.abuse.ch/sample/9ec972333e8ee5a045f432e0d9829a85b10361f717c57482c322d7077e237b3d/
|
||||
* https://bazaar.abuse.ch/sample/9ef247402ff781f7f8c5f01d6e611d2e2350e2a421530e1774d3cc4050637540/
|
||||
* https://bazaar.abuse.ch/sample/11c95b5581d535f6231f157c2c33237ce4abbb8ad64e733d74e2c36ae90bc13a/
|
||||
* https://bazaar.abuse.ch/sample/16bb974c71635d85ce58284f8e17291ac46bf7c2972e3235fcf60c1a1c0ed681/
|
||||
* https://bazaar.abuse.ch/sample/17bb1028f9d0ed56ea18c4c3ebde034d105532bc191f9214e1f5971a747f6447/
|
||||
* https://bazaar.abuse.ch/sample/18f8c880b862e8ee63d989445d174cd01a66921845ebf094035e677246bd84c8/
|
||||
* https://bazaar.abuse.ch/sample/18f51c19c22914e634d9cfcd86018e676e91d1c4a9293c247a3c9da84dce3f60/
|
||||
|
@ -464,6 +480,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/43e1f1635e1cca717e2d9598e708ded20f6e9236f68ab9d3a28b83e49c71fd32/
|
||||
* https://bazaar.abuse.ch/sample/45b0d876c0cd4f0d9f397f8a4029d71e55b4d13813ccea024dc492d2ae868214/
|
||||
* https://bazaar.abuse.ch/sample/45f3e6d6f40de19bca584dfafdfac7a3f5fb9b481717a0997d9f9c2d78d58fad/
|
||||
* https://bazaar.abuse.ch/sample/46f34cde2327b419337554aba74d7b380c82d8cfb761cb538d44b1c3e2447430/
|
||||
* https://bazaar.abuse.ch/sample/47fb3f47c7d8d30d6bc605805e10fa9c60af5c0516b93e475c030da9144a715d/
|
||||
* https://bazaar.abuse.ch/sample/55f447e7b379e9332e0a455094ae5b45385f5ac2c2c1cc7234faa198f088e7c5/
|
||||
* https://bazaar.abuse.ch/sample/56c0cea73bf798f06be6c3cd0c834c0c7446a65e26be683ca66ec0347818fb15/
|
||||
|
@ -480,6 +497,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/66bb1d3c8d8183b438da1c02e02428d069b37a078f62eded9eed110d9b9a427a/
|
||||
* https://bazaar.abuse.ch/sample/73f87dc14d15addd846f2073187ac64be665ce79f618fff31c981ac95a51d288/
|
||||
* https://bazaar.abuse.ch/sample/73f93753808172cbab4fbca1e6d8beb8426cf57d1ff000973864d79db32f1054/
|
||||
* https://bazaar.abuse.ch/sample/74c7371f4ee7b52bb7c9c79610027e6e927e3bfca8ef841407e1610f72f11aa2/
|
||||
* https://bazaar.abuse.ch/sample/76bf90f97131f4b187fbdfce5a1f02224e30a752782cbcd7f9a5d90a043de128/
|
||||
* https://bazaar.abuse.ch/sample/77a473ec97a05675a95eda5114ca1e90fd09ccc75941aa6ecd26d2159312688b/
|
||||
* https://bazaar.abuse.ch/sample/79fd22e1bb6fa5e88488288e2472fc4323948ae21b5ea4ad0a9692b0ebb8b835/
|
||||
|
@ -544,6 +562,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/69506d94e34defa3a35ad549bcb235b2001579de3910a80565b114ea6db7f6d4/
|
||||
* https://bazaar.abuse.ch/sample/74615bedcd52ff089b0ed9dede11c46cd27de39b0b52c309ad71175e79e53868/
|
||||
* https://bazaar.abuse.ch/sample/76518f1a30196708a3e2e9bfa561adc3abb2b942058325c453add5f5e7a39304/
|
||||
* https://bazaar.abuse.ch/sample/88487a1a199fd2edca3ed2c60997116aa4ce1f63f2fba7b68be0ad9b96ca88be/
|
||||
* https://bazaar.abuse.ch/sample/89557a031bb8f7131e9768921c7fb68ccde4fba3836fd4dba94ceea08ca9bb39/
|
||||
* https://bazaar.abuse.ch/sample/236295fb5aef2564336196bce9faa74a2887ce6b5a7c28fe2709700d0abd0a42/
|
||||
* https://bazaar.abuse.ch/sample/596479cd77e25e5d6dbf0b421afff049390813cc254ae90f86af00a10bdf6f90/
|
||||
|
@ -556,6 +575,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/6454523a7bb0aec9d2c66c43447ea65bfe8cff6659b4b4fea26d8919571de430/
|
||||
* https://bazaar.abuse.ch/sample/41231403c901ea25abd1132ec834bc3dc5904c29c5afa8ad3f55c019e68059d8/
|
||||
* https://bazaar.abuse.ch/sample/56795470a3bd1762459af050088e74f3a693ba31980aa545f7a0bca1024f457c/
|
||||
* https://bazaar.abuse.ch/sample/202577211d7d1710869244007ccb21c8fdf3140c3445481ca6e839da82fef962/
|
||||
* https://bazaar.abuse.ch/sample/6534823922c1889047e2edc0aab14482758d7dbdd296941403ae7657cb248e05/
|
||||
* https://bazaar.abuse.ch/sample/38455251726a64db957d8e30e6c1dc1ca2b10c35691dadbcf3bf8172babe94e3/
|
||||
* https://bazaar.abuse.ch/sample/a0bb5a244b144a8e10087fd70a04580c3bb8c4c8add7da671a06f10020473004/
|
||||
|
@ -574,12 +594,15 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/a82398e3798998a98573b4255a7e2c5a6db73ffd724dbc463e293026815f206e/
|
||||
* https://bazaar.abuse.ch/sample/a317273e6fa660452328fb81cfadc412986c383355c4725090f359305ed3903a/
|
||||
* https://bazaar.abuse.ch/sample/a6897640eab3e69312d27fafdc793508125ae4117d102cc0f29f74699bb28c3e/
|
||||
* https://bazaar.abuse.ch/sample/a5568136305ea90dcc7d03b44a8797a2c3355ea741d509ee8a62a339159c8e73/
|
||||
* https://bazaar.abuse.ch/sample/aa2caafd9a1d53df2112c9081fb5686e04283be0da13d94bacdfc8c9addf0c34/
|
||||
* https://bazaar.abuse.ch/sample/aa6646da5d47bbfffce88075205a5e6c1af6107a9dae7dec98b14e7c3d022219/
|
||||
* https://bazaar.abuse.ch/sample/ad9af80e85ce89d8ea05b7094f9f956e5afd7aa08ad49c048fe79c240a8b15a8/
|
||||
* https://bazaar.abuse.ch/sample/aecb74252f3ae4e3d912c1983de70c06ac29c69b287b31e45d29fbee0ccb5772/
|
||||
* https://bazaar.abuse.ch/sample/af0954828fe65381b0f1adb7ac6f852b776a622a8ec3d422b5d721e8e29de1b7/
|
||||
* https://bazaar.abuse.ch/sample/b1b0fa6f46557e5804b683bc76db76dd71246753726ce7645ab3804ec1d68a44/
|
||||
* https://bazaar.abuse.ch/sample/b1f4aa9a46b55d5ade9fd65f2afb175c39be592dc5907611b9db5f86a65d91a1/
|
||||
* https://bazaar.abuse.ch/sample/b5a72e2705d54b0c562e3e68bed8d3652570666182a236b491f724200d3e38db/
|
||||
* https://bazaar.abuse.ch/sample/b8fae7f95981a7ef822808a3421cb6b779d993cb7b24b2bcfd5ce5b0665169ea/
|
||||
* https://bazaar.abuse.ch/sample/b9e467b94e968b2fb26ae2384d400eb37afd49b857644a754918d2d412eb74cc/
|
||||
* https://bazaar.abuse.ch/sample/b61f6b794f38f736e90ae8aa04e5f71acc8d5470c08ef8841c16087b6710a388/
|
||||
|
@ -588,6 +611,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/b76e862dccd0da9b40dccf294bef402dc7a34185449bf55b022eb79dc8ce6e23/
|
||||
* https://bazaar.abuse.ch/sample/b84d775cf5de9234ec178e4a94c5c459f0c6e8ad3bffc977ba20b116b4d9d88e/
|
||||
* https://bazaar.abuse.ch/sample/b95ffbf8be23388df6b0d5c48cecdb091b6bbe2e00e002b8bac2cbfb7402d387/
|
||||
* https://bazaar.abuse.ch/sample/b2397a2aaec3b27ba8d1fa6747dcf9504e8ee7081bf3edea5e382db804656cae/
|
||||
* https://bazaar.abuse.ch/sample/b8908a0b052b5b590fa61f9c1014a80fe328f38c25b7a89f012c8312516d5aee/
|
||||
* https://bazaar.abuse.ch/sample/b391377f05186b4da5b4a52f02f25bffc5f76615e93ad600f86a6300a17e3879/
|
||||
* https://bazaar.abuse.ch/sample/b732982c4bcbf62d6fbab3b1e1ddd3764a8f99a17d1e8f679632f891b65c03ce/
|
||||
|
@ -605,6 +629,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/bfe422f569af77aa4f5b1b9f1e85f6c89b7ca62540c368d5e5b152f68154a478/
|
||||
* https://bazaar.abuse.ch/sample/c0a5183fb178f4734580069f8697419dd8883a88bf69e57a2edb109d15d5cc9d/
|
||||
* https://bazaar.abuse.ch/sample/c046fc938166fd34c8041ff7c93f98f0ac3f68486aa844178e720c14dbbde625/
|
||||
* https://bazaar.abuse.ch/sample/c1a82c6f221c8285b77caf7af892cb54cb62970ad9952d8bd715ec12fb4e2d8e/
|
||||
* https://bazaar.abuse.ch/sample/c4ec288c3ae80a59a799b95facdccf7a1678f8d4d354d2c07019f078c2d90988/
|
||||
* https://bazaar.abuse.ch/sample/c6d5c5389f6a7d7fadca1c538b5408898454aaf5011910e90549e81fb03c0a1c/
|
||||
* https://bazaar.abuse.ch/sample/c7a99feac21b0b8954a435f3ffa5e816dc3ea0342ec0899357cf352732a5fa57/
|
||||
|
@ -647,6 +672,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/e7f1796834e6d4938ee55b5396069d12d9fce56e5c885d6d1f72a8451add0806/
|
||||
* https://bazaar.abuse.ch/sample/e303ae23d963f2247b113f3a228b2b5421bd9dd563a286db2bd88c4e94d2b1e1/
|
||||
* https://bazaar.abuse.ch/sample/e3344c82354520a10c7f3e9833f07d340855193cb8d71647ee5315434db969e8/
|
||||
* https://bazaar.abuse.ch/sample/ea7e6b5688313cb532684ecc61a1438a40bbd32a0eb1ee7b1810086cb705aa09/
|
||||
* https://bazaar.abuse.ch/sample/ea209f6ba95920038ac83985be8bcffc1fda49631ed3142cfdd9f2acd52584b1/
|
||||
* https://bazaar.abuse.ch/sample/eb230cdf91b308f560ec54d1d84ea90b4d6637be9d747d884892c97d9af58825/
|
||||
* https://bazaar.abuse.ch/sample/ebe0b8890392475537625aeefaec22b5f0115011e135117d7afd9325eb47fad8/
|
||||
|
@ -659,6 +685,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/edd76f4398cd937c508d229a8482add54c2ec8efe84a6881af90bbd40d8b8601/
|
||||
* https://bazaar.abuse.ch/sample/ee3e1ff02ef8c163c2472764b0f380528809ab305de242bd049c0f99c8ffdddd/
|
||||
* https://bazaar.abuse.ch/sample/ee7f3f56d2d8f4af4cb4d130578c31e47bf88a2a7a366ac8b9234001ccecf0f7/
|
||||
* https://bazaar.abuse.ch/sample/ee548086db277e0febd2797b582a734ac451a9cd050540d2a1fd08afa6232721/
|
||||
* https://bazaar.abuse.ch/sample/ef25d7d0ecfdebce118e6c9357ea63f0da9089f74d39805d22514743dfc76cb8/
|
||||
* https://bazaar.abuse.ch/sample/efe38e24a3e9e5e0b6728cd3c25e36b51dee90ec0587b908a03335cf0f6757cb/
|
||||
* https://bazaar.abuse.ch/sample/f0a04b49bc377c4af90de446c13ab304b2ec2265343bae49ae1fa23a029cd86d/
|
||||
|
@ -681,6 +708,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/f540cc413a46d1c64542c9935d831de6e9908c1bd86e490ed66d47afb8f742f8/
|
||||
* https://bazaar.abuse.ch/sample/f92693be20b760d1f24228bf91056368c06f33faeaf8fad6517115036d1f37c6/
|
||||
* https://bazaar.abuse.ch/sample/f642554d96d59ef2acca7fd25683ccdc228eff38d38af5eef93f62c49cd60dd2/
|
||||
* https://bazaar.abuse.ch/sample/f814529a6f2e2a29f76d24db2fa858674a3088d6593b0cf4bf75eef4eb4dfe03/
|
||||
* https://bazaar.abuse.ch/sample/f198970271e10830bafa86eccc5ce43e5075a15ed43f4e1924d0e8e0824f218b/
|
||||
* https://bazaar.abuse.ch/sample/f5231414600e6239f0928f88a018e349d0856aa14b133905ab8fa05b6288d225/
|
||||
* https://bazaar.abuse.ch/sample/fb96ca5c0b97a8832fdcac5ec79c03255b29e602c30575bca2f2a054cb3d4397/
|
||||
|
@ -827,6 +855,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://twitter.com/phage_nz/status/1404992038030897163
|
||||
* https://twitter.com/Racco42/status/1612697711475572738
|
||||
* https://twitter.com/reecdeep/status/1655565717347893254
|
||||
* https://www.fortinet.com/blog/threat-research/new-variant-of-remcos-rat-observed-in-the-wild.html
|
||||
* https://www.joesandbox.com/analysis/604253/0/html
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -25,61 +25,64 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [3.12.70.100](https://vuldb.com/?ip.3.12.70.100) | ec2-3-12-70-100.us-east-2.compute.amazonaws.com | - | Medium
|
||||
3 | [3.12.113.100](https://vuldb.com/?ip.3.12.113.100) | ec2-3-12-113-100.us-east-2.compute.amazonaws.com | - | Medium
|
||||
4 | [3.19.132.170](https://vuldb.com/?ip.3.19.132.170) | ec2-3-19-132-170.us-east-2.compute.amazonaws.com | - | Medium
|
||||
5 | [3.21.214.24](https://vuldb.com/?ip.3.21.214.24) | ec2-3-21-214-24.us-east-2.compute.amazonaws.com | - | Medium
|
||||
6 | [3.65.94.188](https://vuldb.com/?ip.3.65.94.188) | ec2-3-65-94-188.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
7 | [3.121.141.12](https://vuldb.com/?ip.3.121.141.12) | ec2-3-121-141-12.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
8 | [3.128.165.237](https://vuldb.com/?ip.3.128.165.237) | ec2-3-128-165-237.us-east-2.compute.amazonaws.com | - | Medium
|
||||
9 | [3.131.227.105](https://vuldb.com/?ip.3.131.227.105) | ec2-3-131-227-105.us-east-2.compute.amazonaws.com | - | Medium
|
||||
10 | [3.132.230.8](https://vuldb.com/?ip.3.132.230.8) | ec2-3-132-230-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
11 | [3.134.198.51](https://vuldb.com/?ip.3.134.198.51) | ec2-3-134-198-51.us-east-2.compute.amazonaws.com | - | Medium
|
||||
12 | [3.138.120.116](https://vuldb.com/?ip.3.138.120.116) | ec2-3-138-120-116.us-east-2.compute.amazonaws.com | - | Medium
|
||||
13 | [3.140.197.153](https://vuldb.com/?ip.3.140.197.153) | ec2-3-140-197-153.us-east-2.compute.amazonaws.com | - | Medium
|
||||
14 | [3.141.110.210](https://vuldb.com/?ip.3.141.110.210) | ec2-3-141-110-210.us-east-2.compute.amazonaws.com | - | Medium
|
||||
15 | [3.144.4.92](https://vuldb.com/?ip.3.144.4.92) | ec2-3-144-4-92.us-east-2.compute.amazonaws.com | - | Medium
|
||||
16 | [3.218.78.81](https://vuldb.com/?ip.3.218.78.81) | ec2-3-218-78-81.compute-1.amazonaws.com | - | Medium
|
||||
17 | [3.249.18.59](https://vuldb.com/?ip.3.249.18.59) | ec2-3-249-18-59.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
18 | [3.249.151.135](https://vuldb.com/?ip.3.249.151.135) | ec2-3-249-151-135.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
19 | [3.249.161.113](https://vuldb.com/?ip.3.249.161.113) | ec2-3-249-161-113.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
20 | [3.249.212.201](https://vuldb.com/?ip.3.249.212.201) | ec2-3-249-212-201.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
21 | [3.250.59.127](https://vuldb.com/?ip.3.250.59.127) | ec2-3-250-59-127.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
22 | [3.252.219.5](https://vuldb.com/?ip.3.252.219.5) | ec2-3-252-219-5.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
23 | [3.253.101.91](https://vuldb.com/?ip.3.253.101.91) | ec2-3-253-101-91.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
24 | [3.253.111.92](https://vuldb.com/?ip.3.253.111.92) | ec2-3-253-111-92.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
25 | [5.45.118.168](https://vuldb.com/?ip.5.45.118.168) | testsuite | - | High
|
||||
26 | [8.219.195.188](https://vuldb.com/?ip.8.219.195.188) | - | - | High
|
||||
27 | [12.181.65.210](https://vuldb.com/?ip.12.181.65.210) | - | - | High
|
||||
28 | [13.37.231.184](https://vuldb.com/?ip.13.37.231.184) | ec2-13-37-231-184.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
29 | [13.50.105.97](https://vuldb.com/?ip.13.50.105.97) | ec2-13-50-105-97.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
30 | [13.58.85.225](https://vuldb.com/?ip.13.58.85.225) | ec2-13-58-85-225.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | [13.59.98.191](https://vuldb.com/?ip.13.59.98.191) | ec2-13-59-98-191.us-east-2.compute.amazonaws.com | - | Medium
|
||||
32 | [13.87.92.152](https://vuldb.com/?ip.13.87.92.152) | - | - | High
|
||||
33 | [15.184.211.28](https://vuldb.com/?ip.15.184.211.28) | ec2-15-184-211-28.me-south-1.compute.amazonaws.com | - | Medium
|
||||
34 | [15.222.6.75](https://vuldb.com/?ip.15.222.6.75) | ec2-15-222-6-75.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
35 | [18.117.104.228](https://vuldb.com/?ip.18.117.104.228) | ec2-18-117-104-228.us-east-2.compute.amazonaws.com | - | Medium
|
||||
36 | [18.118.140.42](https://vuldb.com/?ip.18.118.140.42) | ec2-18-118-140-42.us-east-2.compute.amazonaws.com | - | Medium
|
||||
37 | [18.119.78.203](https://vuldb.com/?ip.18.119.78.203) | ec2-18-119-78-203.us-east-2.compute.amazonaws.com | - | Medium
|
||||
38 | [18.133.125.105](https://vuldb.com/?ip.18.133.125.105) | ec2-18-133-125-105.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
39 | [18.143.148.26](https://vuldb.com/?ip.18.143.148.26) | ec2-18-143-148-26.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
40 | [18.188.0.172](https://vuldb.com/?ip.18.188.0.172) | ec2-18-188-0-172.us-east-2.compute.amazonaws.com | - | Medium
|
||||
41 | [18.188.231.17](https://vuldb.com/?ip.18.188.231.17) | ec2-18-188-231-17.us-east-2.compute.amazonaws.com | - | Medium
|
||||
42 | [18.189.1.24](https://vuldb.com/?ip.18.189.1.24) | ec2-18-189-1-24.us-east-2.compute.amazonaws.com | - | Medium
|
||||
43 | [18.189.124.58](https://vuldb.com/?ip.18.189.124.58) | ec2-18-189-124-58.us-east-2.compute.amazonaws.com | - | Medium
|
||||
44 | [18.190.119.137](https://vuldb.com/?ip.18.190.119.137) | ec2-18-190-119-137.us-east-2.compute.amazonaws.com | - | Medium
|
||||
45 | [18.196.231.230](https://vuldb.com/?ip.18.196.231.230) | ec2-18-196-231-230.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
46 | [18.202.28.86](https://vuldb.com/?ip.18.202.28.86) | ec2-18-202-28-86.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
47 | [18.204.142.71](https://vuldb.com/?ip.18.204.142.71) | egress.relaysecure.com | - | High
|
||||
48 | [18.208.213.147](https://vuldb.com/?ip.18.208.213.147) | ec2-18-208-213-147.compute-1.amazonaws.com | - | Medium
|
||||
49 | [18.218.44.20](https://vuldb.com/?ip.18.218.44.20) | ec2-18-218-44-20.us-east-2.compute.amazonaws.com | - | Medium
|
||||
50 | [18.220.53.56](https://vuldb.com/?ip.18.220.53.56) | ec2-18-220-53-56.us-east-2.compute.amazonaws.com | - | Medium
|
||||
51 | [18.221.160.80](https://vuldb.com/?ip.18.221.160.80) | ec2-18-221-160-80.us-east-2.compute.amazonaws.com | - | Medium
|
||||
52 | [18.222.81.233](https://vuldb.com/?ip.18.222.81.233) | ec2-18-222-81-233.us-east-2.compute.amazonaws.com | - | Medium
|
||||
53 | [18.222.116.178](https://vuldb.com/?ip.18.222.116.178) | ec2-18-222-116-178.us-east-2.compute.amazonaws.com | - | Medium
|
||||
54 | [20.13.154.2](https://vuldb.com/?ip.20.13.154.2) | - | - | High
|
||||
55 | [20.14.18.67](https://vuldb.com/?ip.20.14.18.67) | - | - | High
|
||||
56 | [20.49.161.22](https://vuldb.com/?ip.20.49.161.22) | - | - | High
|
||||
57 | ... | ... | ... | ...
|
||||
5 | [3.20.119.241](https://vuldb.com/?ip.3.20.119.241) | ec2-3-20-119-241.us-east-2.compute.amazonaws.com | - | Medium
|
||||
6 | [3.21.214.24](https://vuldb.com/?ip.3.21.214.24) | ec2-3-21-214-24.us-east-2.compute.amazonaws.com | - | Medium
|
||||
7 | [3.65.94.188](https://vuldb.com/?ip.3.65.94.188) | ec2-3-65-94-188.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
8 | [3.121.141.12](https://vuldb.com/?ip.3.121.141.12) | ec2-3-121-141-12.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
9 | [3.128.165.237](https://vuldb.com/?ip.3.128.165.237) | ec2-3-128-165-237.us-east-2.compute.amazonaws.com | - | Medium
|
||||
10 | [3.131.227.105](https://vuldb.com/?ip.3.131.227.105) | ec2-3-131-227-105.us-east-2.compute.amazonaws.com | - | Medium
|
||||
11 | [3.132.230.8](https://vuldb.com/?ip.3.132.230.8) | ec2-3-132-230-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
12 | [3.133.158.78](https://vuldb.com/?ip.3.133.158.78) | ec2-3-133-158-78.us-east-2.compute.amazonaws.com | - | Medium
|
||||
13 | [3.134.198.51](https://vuldb.com/?ip.3.134.198.51) | ec2-3-134-198-51.us-east-2.compute.amazonaws.com | - | Medium
|
||||
14 | [3.138.120.116](https://vuldb.com/?ip.3.138.120.116) | ec2-3-138-120-116.us-east-2.compute.amazonaws.com | - | Medium
|
||||
15 | [3.140.197.153](https://vuldb.com/?ip.3.140.197.153) | ec2-3-140-197-153.us-east-2.compute.amazonaws.com | - | Medium
|
||||
16 | [3.141.110.210](https://vuldb.com/?ip.3.141.110.210) | ec2-3-141-110-210.us-east-2.compute.amazonaws.com | - | Medium
|
||||
17 | [3.144.4.92](https://vuldb.com/?ip.3.144.4.92) | ec2-3-144-4-92.us-east-2.compute.amazonaws.com | - | Medium
|
||||
18 | [3.218.78.81](https://vuldb.com/?ip.3.218.78.81) | ec2-3-218-78-81.compute-1.amazonaws.com | - | Medium
|
||||
19 | [3.249.18.59](https://vuldb.com/?ip.3.249.18.59) | ec2-3-249-18-59.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
20 | [3.249.151.135](https://vuldb.com/?ip.3.249.151.135) | ec2-3-249-151-135.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
21 | [3.249.161.113](https://vuldb.com/?ip.3.249.161.113) | ec2-3-249-161-113.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
22 | [3.249.212.201](https://vuldb.com/?ip.3.249.212.201) | ec2-3-249-212-201.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
23 | [3.250.59.127](https://vuldb.com/?ip.3.250.59.127) | ec2-3-250-59-127.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
24 | [3.252.219.5](https://vuldb.com/?ip.3.252.219.5) | ec2-3-252-219-5.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
25 | [3.253.101.91](https://vuldb.com/?ip.3.253.101.91) | ec2-3-253-101-91.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
26 | [3.253.111.92](https://vuldb.com/?ip.3.253.111.92) | ec2-3-253-111-92.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
27 | [5.45.118.168](https://vuldb.com/?ip.5.45.118.168) | testsuite | - | High
|
||||
28 | [5.78.75.82](https://vuldb.com/?ip.5.78.75.82) | static.82.75.78.5.clients.your-server.de | - | High
|
||||
29 | [8.219.195.188](https://vuldb.com/?ip.8.219.195.188) | - | - | High
|
||||
30 | [12.181.65.210](https://vuldb.com/?ip.12.181.65.210) | - | - | High
|
||||
31 | [13.37.231.184](https://vuldb.com/?ip.13.37.231.184) | ec2-13-37-231-184.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
32 | [13.50.105.97](https://vuldb.com/?ip.13.50.105.97) | ec2-13-50-105-97.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
33 | [13.58.85.225](https://vuldb.com/?ip.13.58.85.225) | ec2-13-58-85-225.us-east-2.compute.amazonaws.com | - | Medium
|
||||
34 | [13.59.98.191](https://vuldb.com/?ip.13.59.98.191) | ec2-13-59-98-191.us-east-2.compute.amazonaws.com | - | Medium
|
||||
35 | [13.59.198.138](https://vuldb.com/?ip.13.59.198.138) | ec2-13-59-198-138.us-east-2.compute.amazonaws.com | - | Medium
|
||||
36 | [13.87.92.152](https://vuldb.com/?ip.13.87.92.152) | - | - | High
|
||||
37 | [15.184.211.28](https://vuldb.com/?ip.15.184.211.28) | ec2-15-184-211-28.me-south-1.compute.amazonaws.com | - | Medium
|
||||
38 | [15.222.6.75](https://vuldb.com/?ip.15.222.6.75) | ec2-15-222-6-75.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
39 | [18.117.104.228](https://vuldb.com/?ip.18.117.104.228) | ec2-18-117-104-228.us-east-2.compute.amazonaws.com | - | Medium
|
||||
40 | [18.118.140.42](https://vuldb.com/?ip.18.118.140.42) | ec2-18-118-140-42.us-east-2.compute.amazonaws.com | - | Medium
|
||||
41 | [18.119.78.203](https://vuldb.com/?ip.18.119.78.203) | ec2-18-119-78-203.us-east-2.compute.amazonaws.com | - | Medium
|
||||
42 | [18.133.125.105](https://vuldb.com/?ip.18.133.125.105) | ec2-18-133-125-105.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
43 | [18.143.148.26](https://vuldb.com/?ip.18.143.148.26) | ec2-18-143-148-26.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
44 | [18.188.0.172](https://vuldb.com/?ip.18.188.0.172) | ec2-18-188-0-172.us-east-2.compute.amazonaws.com | - | Medium
|
||||
45 | [18.188.231.17](https://vuldb.com/?ip.18.188.231.17) | ec2-18-188-231-17.us-east-2.compute.amazonaws.com | - | Medium
|
||||
46 | [18.189.1.24](https://vuldb.com/?ip.18.189.1.24) | ec2-18-189-1-24.us-east-2.compute.amazonaws.com | - | Medium
|
||||
47 | [18.189.124.58](https://vuldb.com/?ip.18.189.124.58) | ec2-18-189-124-58.us-east-2.compute.amazonaws.com | - | Medium
|
||||
48 | [18.190.119.137](https://vuldb.com/?ip.18.190.119.137) | ec2-18-190-119-137.us-east-2.compute.amazonaws.com | - | Medium
|
||||
49 | [18.196.231.230](https://vuldb.com/?ip.18.196.231.230) | ec2-18-196-231-230.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
50 | [18.202.28.86](https://vuldb.com/?ip.18.202.28.86) | ec2-18-202-28-86.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
51 | [18.204.142.71](https://vuldb.com/?ip.18.204.142.71) | egress.relaysecure.com | - | High
|
||||
52 | [18.208.213.147](https://vuldb.com/?ip.18.208.213.147) | ec2-18-208-213-147.compute-1.amazonaws.com | - | Medium
|
||||
53 | [18.217.73.143](https://vuldb.com/?ip.18.217.73.143) | ec2-18-217-73-143.us-east-2.compute.amazonaws.com | - | Medium
|
||||
54 | [18.218.44.20](https://vuldb.com/?ip.18.218.44.20) | ec2-18-218-44-20.us-east-2.compute.amazonaws.com | - | Medium
|
||||
55 | [18.220.53.56](https://vuldb.com/?ip.18.220.53.56) | ec2-18-220-53-56.us-east-2.compute.amazonaws.com | - | Medium
|
||||
56 | [18.221.160.80](https://vuldb.com/?ip.18.221.160.80) | ec2-18-221-160-80.us-east-2.compute.amazonaws.com | - | Medium
|
||||
57 | [18.222.81.233](https://vuldb.com/?ip.18.222.81.233) | ec2-18-222-81-233.us-east-2.compute.amazonaws.com | - | Medium
|
||||
58 | [18.222.116.178](https://vuldb.com/?ip.18.222.116.178) | ec2-18-222-116-178.us-east-2.compute.amazonaws.com | - | Medium
|
||||
59 | [20.13.154.2](https://vuldb.com/?ip.20.13.154.2) | - | - | High
|
||||
60 | ... | ... | ... | ...
|
||||
|
||||
There are 223 more IOC items available. Please use our online service to access the data.
|
||||
There are 234 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -115,12 +118,14 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/3.12.70.100
|
||||
* https://search.censys.io/hosts/3.12.113.100
|
||||
* https://search.censys.io/hosts/3.19.132.170
|
||||
* https://search.censys.io/hosts/3.20.119.241
|
||||
* https://search.censys.io/hosts/3.21.214.24
|
||||
* https://search.censys.io/hosts/3.65.94.188
|
||||
* https://search.censys.io/hosts/3.121.141.12
|
||||
* https://search.censys.io/hosts/3.128.165.237
|
||||
* https://search.censys.io/hosts/3.131.227.105
|
||||
* https://search.censys.io/hosts/3.132.230.8
|
||||
* https://search.censys.io/hosts/3.133.158.78
|
||||
* https://search.censys.io/hosts/3.134.198.51
|
||||
* https://search.censys.io/hosts/3.138.120.116
|
||||
* https://search.censys.io/hosts/3.140.197.153
|
||||
|
@ -136,12 +141,14 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/3.253.101.91
|
||||
* https://search.censys.io/hosts/3.253.111.92
|
||||
* https://search.censys.io/hosts/5.45.118.168
|
||||
* https://search.censys.io/hosts/5.78.75.82
|
||||
* https://search.censys.io/hosts/8.219.195.188
|
||||
* https://search.censys.io/hosts/12.181.65.210
|
||||
* https://search.censys.io/hosts/13.37.231.184
|
||||
* https://search.censys.io/hosts/13.50.105.97
|
||||
* https://search.censys.io/hosts/13.58.85.225
|
||||
* https://search.censys.io/hosts/13.59.98.191
|
||||
* https://search.censys.io/hosts/13.59.198.138
|
||||
* https://search.censys.io/hosts/13.87.92.152
|
||||
* https://search.censys.io/hosts/15.184.211.28
|
||||
* https://search.censys.io/hosts/15.222.6.75
|
||||
|
@ -159,6 +166,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/18.202.28.86
|
||||
* https://search.censys.io/hosts/18.204.142.71
|
||||
* https://search.censys.io/hosts/18.208.213.147
|
||||
* https://search.censys.io/hosts/18.217.73.143
|
||||
* https://search.censys.io/hosts/18.218.44.20
|
||||
* https://search.censys.io/hosts/18.220.53.56
|
||||
* https://search.censys.io/hosts/18.221.160.80
|
||||
|
@ -191,6 +199,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/34.252.16.250
|
||||
* https://search.censys.io/hosts/34.254.63.103
|
||||
* https://search.censys.io/hosts/35.171.153.152
|
||||
* https://search.censys.io/hosts/35.179.16.154
|
||||
* https://search.censys.io/hosts/35.180.123.217
|
||||
* https://search.censys.io/hosts/35.180.238.137
|
||||
* https://search.censys.io/hosts/35.242.163.216
|
||||
|
@ -245,6 +254,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/62.182.159.155
|
||||
* https://search.censys.io/hosts/63.32.112.45
|
||||
* https://search.censys.io/hosts/63.33.70.163
|
||||
* https://search.censys.io/hosts/63.35.181.86
|
||||
* https://search.censys.io/hosts/64.73.162.11
|
||||
* https://search.censys.io/hosts/64.226.68.20
|
||||
* https://search.censys.io/hosts/64.226.100.189
|
||||
|
@ -260,6 +270,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/78.47.126.26
|
||||
* https://search.censys.io/hosts/78.128.99.215
|
||||
* https://search.censys.io/hosts/80.85.155.43
|
||||
* https://search.censys.io/hosts/80.85.156.184
|
||||
* https://search.censys.io/hosts/82.65.153.201
|
||||
* https://search.censys.io/hosts/86.3.50.68
|
||||
* https://search.censys.io/hosts/86.105.227.103
|
||||
|
@ -284,6 +295,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/104.194.222.50
|
||||
* https://search.censys.io/hosts/104.237.11.5
|
||||
* https://search.censys.io/hosts/107.148.131.107
|
||||
* https://search.censys.io/hosts/107.175.172.171
|
||||
* https://search.censys.io/hosts/109.120.182.2
|
||||
* https://search.censys.io/hosts/109.248.6.221
|
||||
* https://search.censys.io/hosts/109.248.6.246
|
||||
|
@ -312,6 +324,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/138.197.186.95
|
||||
* https://search.censys.io/hosts/139.162.138.252
|
||||
* https://search.censys.io/hosts/139.162.185.21
|
||||
* https://search.censys.io/hosts/139.177.189.73
|
||||
* https://search.censys.io/hosts/142.93.242.149
|
||||
* https://search.censys.io/hosts/143.198.0.217
|
||||
* https://search.censys.io/hosts/143.198.11.108
|
||||
|
@ -326,6 +339,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/157.245.113.142
|
||||
* https://search.censys.io/hosts/157.245.118.196
|
||||
* https://search.censys.io/hosts/159.65.130.138
|
||||
* https://search.censys.io/hosts/159.65.193.223
|
||||
* https://search.censys.io/hosts/159.89.136.178
|
||||
* https://search.censys.io/hosts/159.203.143.27
|
||||
* https://search.censys.io/hosts/159.223.76.66
|
||||
|
@ -350,6 +364,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/172.96.137.14
|
||||
* https://search.censys.io/hosts/172.96.137.139
|
||||
* https://search.censys.io/hosts/172.96.137.149
|
||||
* https://search.censys.io/hosts/172.104.149.134
|
||||
* https://search.censys.io/hosts/172.104.239.242
|
||||
* https://search.censys.io/hosts/172.105.122.176
|
||||
* https://search.censys.io/hosts/173.82.120.231
|
||||
|
@ -387,9 +402,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/209.222.17.15
|
||||
* https://search.censys.io/hosts/213.32.72.95
|
||||
* https://search.censys.io/hosts/213.227.155.89
|
||||
* https://search.censys.io/hosts/213.227.155.115
|
||||
* https://search.censys.io/hosts/213.232.235.37
|
||||
* https://search.censys.io/hosts/216.238.108.203
|
||||
* https://search.censys.io/hosts/216.238.111.216
|
||||
* https://search.censys.io/hosts/217.182.253.107
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -70,38 +70,37 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/api/admin/system/store/order/list` | High
|
||||
6 | File | `/apply_noauth.cgi` | High
|
||||
7 | File | `/auth/fn.php` | Medium
|
||||
8 | File | `/bin/sh` | Low
|
||||
9 | File | `/cgi-bin/ExportLogs.sh` | High
|
||||
10 | File | `/classes/Master.php?f=save_service` | High
|
||||
11 | File | `/classes/Users.php?f=save` | High
|
||||
12 | File | `/common/sysFile/list` | High
|
||||
13 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
14 | File | `/data/remove` | Medium
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/Default/Bd` | Medium
|
||||
17 | File | `/dist/index.js` | High
|
||||
18 | File | `/editor/index.php` | High
|
||||
19 | File | `/Electron/download` | High
|
||||
20 | File | `/etc/openstack-dashboard/local_settings` | High
|
||||
21 | File | `/etc/passwd` | Medium
|
||||
22 | File | `/goform/addressNat` | High
|
||||
23 | File | `/goForm/aspForm` | High
|
||||
24 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
25 | File | `/include/Model/Upload.php` | High
|
||||
26 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
27 | File | `/kruxton/sales_report.php` | High
|
||||
28 | File | `/message/form/` | High
|
||||
29 | File | `/nasm/nasm-token.re` | High
|
||||
30 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
31 | File | `/param.file.tgz` | High
|
||||
32 | File | `/php-jms/updateBlankTxtview.php` | High
|
||||
33 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
34 | File | `/rrdp` | Low
|
||||
35 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
36 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
37 | ... | ... | ...
|
||||
8 | File | `/bin/ate` | Medium
|
||||
9 | File | `/bin/sh` | Low
|
||||
10 | File | `/cgi-bin/ExportLogs.sh` | High
|
||||
11 | File | `/classes/Master.php?f=delete_category` | High
|
||||
12 | File | `/classes/Master.php?f=save_service` | High
|
||||
13 | File | `/classes/Users.php?f=save` | High
|
||||
14 | File | `/common/sysFile/list` | High
|
||||
15 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
16 | File | `/data/remove` | Medium
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/Default/Bd` | Medium
|
||||
19 | File | `/dist/index.js` | High
|
||||
20 | File | `/editor/index.php` | High
|
||||
21 | File | `/Electron/download` | High
|
||||
22 | File | `/etc/openstack-dashboard/local_settings` | High
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
24 | File | `/goform/addressNat` | High
|
||||
25 | File | `/goForm/aspForm` | High
|
||||
26 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
27 | File | `/include/Model/Upload.php` | High
|
||||
28 | File | `/js/player/dmplayer/dmku/index.php` | High
|
||||
29 | File | `/kruxton/sales_report.php` | High
|
||||
30 | File | `/message/form/` | High
|
||||
31 | File | `/nasm/nasm-token.re` | High
|
||||
32 | File | `/news/*.html` | Medium
|
||||
33 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
34 | File | `/param.file.tgz` | High
|
||||
35 | File | `/php-jms/updateBlankTxtview.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -51,25 +51,26 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
28 | [37.120.247.13](https://vuldb.com/?ip.37.120.247.13) | - | - | High
|
||||
29 | [37.221.114.90](https://vuldb.com/?ip.37.221.114.90) | - | - | High
|
||||
30 | [45.9.168.40](https://vuldb.com/?ip.45.9.168.40) | - | - | High
|
||||
31 | [45.61.168.73](https://vuldb.com/?ip.45.61.168.73) | - | - | High
|
||||
32 | [45.66.230.68](https://vuldb.com/?ip.45.66.230.68) | - | - | High
|
||||
33 | [45.66.230.138](https://vuldb.com/?ip.45.66.230.138) | - | - | High
|
||||
34 | [45.87.61.211](https://vuldb.com/?ip.45.87.61.211) | - | - | High
|
||||
35 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
36 | [45.88.67.229](https://vuldb.com/?ip.45.88.67.229) | - | - | High
|
||||
37 | [45.95.169.160](https://vuldb.com/?ip.45.95.169.160) | - | - | High
|
||||
38 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
39 | [45.133.1.72](https://vuldb.com/?ip.45.133.1.72) | - | - | High
|
||||
40 | [45.133.174.157](https://vuldb.com/?ip.45.133.174.157) | - | - | High
|
||||
41 | [45.137.22.89](https://vuldb.com/?ip.45.137.22.89) | hosted-by.rootlayer.net | - | High
|
||||
42 | [45.137.22.131](https://vuldb.com/?ip.45.137.22.131) | hosted-by.rootlayer.net | - | High
|
||||
43 | [45.137.22.141](https://vuldb.com/?ip.45.137.22.141) | hosted-by.rootlayer.net | - | High
|
||||
44 | [45.137.22.150](https://vuldb.com/?ip.45.137.22.150) | hosted-by.rootlayer.net | - | High
|
||||
45 | [45.137.22.170](https://vuldb.com/?ip.45.137.22.170) | hosted-by.rootlayer.net | - | High
|
||||
46 | [45.137.22.251](https://vuldb.com/?ip.45.137.22.251) | hosted-by.rootlayer.net | - | High
|
||||
47 | ... | ... | ... | ...
|
||||
31 | [45.12.253.130](https://vuldb.com/?ip.45.12.253.130) | - | - | High
|
||||
32 | [45.61.168.73](https://vuldb.com/?ip.45.61.168.73) | - | - | High
|
||||
33 | [45.66.230.68](https://vuldb.com/?ip.45.66.230.68) | - | - | High
|
||||
34 | [45.66.230.138](https://vuldb.com/?ip.45.66.230.138) | - | - | High
|
||||
35 | [45.87.61.211](https://vuldb.com/?ip.45.87.61.211) | - | - | High
|
||||
36 | [45.88.67.63](https://vuldb.com/?ip.45.88.67.63) | - | - | High
|
||||
37 | [45.88.67.229](https://vuldb.com/?ip.45.88.67.229) | - | - | High
|
||||
38 | [45.95.169.160](https://vuldb.com/?ip.45.95.169.160) | - | - | High
|
||||
39 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
40 | [45.133.1.72](https://vuldb.com/?ip.45.133.1.72) | - | - | High
|
||||
41 | [45.133.174.157](https://vuldb.com/?ip.45.133.174.157) | - | - | High
|
||||
42 | [45.137.22.89](https://vuldb.com/?ip.45.137.22.89) | hosted-by.rootlayer.net | - | High
|
||||
43 | [45.137.22.131](https://vuldb.com/?ip.45.137.22.131) | hosted-by.rootlayer.net | - | High
|
||||
44 | [45.137.22.141](https://vuldb.com/?ip.45.137.22.141) | hosted-by.rootlayer.net | - | High
|
||||
45 | [45.137.22.150](https://vuldb.com/?ip.45.137.22.150) | hosted-by.rootlayer.net | - | High
|
||||
46 | [45.137.22.170](https://vuldb.com/?ip.45.137.22.170) | hosted-by.rootlayer.net | - | High
|
||||
47 | [45.137.22.251](https://vuldb.com/?ip.45.137.22.251) | hosted-by.rootlayer.net | - | High
|
||||
48 | ... | ... | ... | ...
|
||||
|
||||
There are 185 more IOC items available. Please use our online service to access the data.
|
||||
There are 186 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -84,7 +85,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -102,60 +103,61 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/index2.html` | High
|
||||
9 | File | `/admin/maintenance/brand.php` | High
|
||||
10 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
11 | File | `/admin/user/manage_user.php` | High
|
||||
12 | File | `/admin/voters_row.php` | High
|
||||
13 | File | `/ad_js.php` | Medium
|
||||
14 | File | `/agc/vicidial.php` | High
|
||||
15 | File | `/ajax.php?action=save_company` | High
|
||||
16 | File | `/ajax.php?action=save_user` | High
|
||||
17 | File | `/ajax/myshop` | Medium
|
||||
18 | File | `/alphaware/summary.php` | High
|
||||
19 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
20 | File | `/api/` | Low
|
||||
21 | File | `/api/admin/store/product/list` | High
|
||||
22 | File | `/api/gen/clients/{language}` | High
|
||||
23 | File | `/api/stl/actions/search` | High
|
||||
24 | File | `/api/v2/cli/commands` | High
|
||||
25 | File | `/APR/signup.php` | High
|
||||
26 | File | `/authenticationendpoint/login.do` | High
|
||||
27 | File | `/aux` | Low
|
||||
28 | File | `/backup.pl` | Medium
|
||||
29 | File | `/boat/login.php` | High
|
||||
30 | File | `/cas/logout` | Medium
|
||||
31 | File | `/categorypage.php` | High
|
||||
32 | File | `/cgi-bin` | Medium
|
||||
33 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
34 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
35 | File | `/cha.php` | Medium
|
||||
36 | File | `/College/admin/teacher.php` | High
|
||||
37 | File | `/contactform/contactform.php` | High
|
||||
38 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
39 | File | `/debug/pprof` | Medium
|
||||
40 | File | `/drivers/block/floppy.c` | High
|
||||
41 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
42 | File | `/env` | Low
|
||||
43 | File | `/etc/config/product.ini` | High
|
||||
44 | File | `/etc/shadow` | Medium
|
||||
45 | File | `/eval/admin/manage_class.php` | High
|
||||
46 | File | `/fos/admin/ajax.php` | High
|
||||
47 | File | `/goform/aspForm` | High
|
||||
48 | File | `/goform/WifiGuestSet` | High
|
||||
49 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
50 | File | `/kelasdosen/data` | High
|
||||
51 | File | `/modules/projects/vw_files.php` | High
|
||||
52 | File | `/Moosikay/order.php` | High
|
||||
53 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
54 | File | `/nasm/nasm-parse.c` | High
|
||||
55 | File | `/ordering/admin/orders/loaddata.php` | High
|
||||
56 | File | `/ordering/admin/stockin/loaddata.php` | High
|
||||
57 | File | `/philosophy/admin/login.php` | High
|
||||
58 | File | `/php-opos/login.php` | High
|
||||
59 | File | `/priv_mgt.html` | High
|
||||
60 | File | `/reservation/add_message.php` | High
|
||||
61 | File | `/resources//../` | High
|
||||
62 | ... | ... | ...
|
||||
11 | File | `/admin/positions_add.php` | High
|
||||
12 | File | `/admin/user/manage_user.php` | High
|
||||
13 | File | `/admin/voters_row.php` | High
|
||||
14 | File | `/ad_js.php` | Medium
|
||||
15 | File | `/agc/vicidial.php` | High
|
||||
16 | File | `/ajax.php?action=save_company` | High
|
||||
17 | File | `/ajax.php?action=save_user` | High
|
||||
18 | File | `/ajax/myshop` | Medium
|
||||
19 | File | `/alphaware/summary.php` | High
|
||||
20 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
21 | File | `/api/` | Low
|
||||
22 | File | `/api/admin/store/product/list` | High
|
||||
23 | File | `/api/gen/clients/{language}` | High
|
||||
24 | File | `/api/stl/actions/search` | High
|
||||
25 | File | `/api/v2/cli/commands` | High
|
||||
26 | File | `/APR/signup.php` | High
|
||||
27 | File | `/authenticationendpoint/login.do` | High
|
||||
28 | File | `/aux` | Low
|
||||
29 | File | `/backup.pl` | Medium
|
||||
30 | File | `/bin/ate` | Medium
|
||||
31 | File | `/boat/login.php` | High
|
||||
32 | File | `/cas/logout` | Medium
|
||||
33 | File | `/categorypage.php` | High
|
||||
34 | File | `/cgi-bin` | Medium
|
||||
35 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
36 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
37 | File | `/cha.php` | Medium
|
||||
38 | File | `/College/admin/teacher.php` | High
|
||||
39 | File | `/contactform/contactform.php` | High
|
||||
40 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
41 | File | `/debug/pprof` | Medium
|
||||
42 | File | `/drivers/block/floppy.c` | High
|
||||
43 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
44 | File | `/env` | Low
|
||||
45 | File | `/etc/shadow` | Medium
|
||||
46 | File | `/eval/admin/manage_class.php` | High
|
||||
47 | File | `/fos/admin/ajax.php` | High
|
||||
48 | File | `/goform/aspForm` | High
|
||||
49 | File | `/goform/WifiGuestSet` | High
|
||||
50 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
51 | File | `/kelasdosen/data` | High
|
||||
52 | File | `/modules/projects/vw_files.php` | High
|
||||
53 | File | `/Moosikay/order.php` | High
|
||||
54 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
55 | File | `/nasm/nasm-parse.c` | High
|
||||
56 | File | `/ordering/admin/orders/loaddata.php` | High
|
||||
57 | File | `/ordering/admin/stockin/loaddata.php` | High
|
||||
58 | File | `/philosophy/admin/login.php` | High
|
||||
59 | File | `/php-opos/login.php` | High
|
||||
60 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
61 | File | `/priv_mgt.html` | High
|
||||
62 | File | `/reservation/add_message.php` | High
|
||||
63 | ... | ... | ...
|
||||
|
||||
There are 547 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 549 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Saefko - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Saefko](https://vuldb.com/?actor.saefko). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.saefko](https://vuldb.com/?actor.saefko)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Saefko.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.121.182.157](https://vuldb.com/?ip.3.121.182.157) | ec2-3-121-182-157.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.zscaler.com/blogs/research/saefko-new-multi-layered-rat
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,9 +21,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.163.45.248](https://vuldb.com/?ip.185.163.45.248) | no-rdns.mivocloud.com | - | High
|
||||
2 | [194.180.174.20](https://vuldb.com/?ip.194.180.174.20) | 194-180-174-20.mivocloud.com | - | High
|
||||
3 | [194.180.174.56](https://vuldb.com/?ip.194.180.174.56) | no-rdns.mivocloud.com | - | High
|
||||
1 | [5.181.156.79](https://vuldb.com/?ip.5.181.156.79) | 5-181-156-79.mivocloud.com | - | High
|
||||
2 | [5.181.156.250](https://vuldb.com/?ip.5.181.156.250) | no-rdns.mivocloud.com | - | High
|
||||
3 | [45.77.122.108](https://vuldb.com/?ip.45.77.122.108) | 45.77.122.108.vultrusercontent.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -37,7 +40,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -45,28 +48,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/admin_login.php` | High
|
||||
2 | File | `/api/addusers` | High
|
||||
3 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
4 | File | `/apply.cgi` | Medium
|
||||
5 | File | `/debug/pprof` | Medium
|
||||
6 | File | `/etc/config/rpcd` | High
|
||||
7 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
8 | File | `/public/login.htm` | High
|
||||
9 | File | `/rapi/read_url` | High
|
||||
10 | File | `/sendKey` | Medium
|
||||
11 | File | `/setSystemAdmin` | High
|
||||
12 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
13 | File | `adclick.php` | Medium
|
||||
14 | File | `admin/Login.php` | High
|
||||
15 | ... | ... | ...
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/admin_login.php` | High
|
||||
3 | File | `/api/addusers` | High
|
||||
4 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
5 | File | `/apply.cgi` | Medium
|
||||
6 | File | `/debug/pprof` | Medium
|
||||
7 | File | `/etc/config/rpcd` | High
|
||||
8 | File | `/login` | Low
|
||||
9 | File | `/OA_HTML/cabo/jsps/a.jsp` | High
|
||||
10 | File | `/public/login.htm` | High
|
||||
11 | File | `/rapi/read_url` | High
|
||||
12 | File | `/sendKey` | Medium
|
||||
13 | File | `/setSystemAdmin` | High
|
||||
14 | File | `/tmp` | Low
|
||||
15 | File | `/type.php` | Medium
|
||||
16 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
17 | File | `adclick.php` | Medium
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 119 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 147 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://bazaar.abuse.ch/sample/58514fa7288607858aae17799ded4bb96d5f9b78733ad1ca2cece597d5516d44/
|
||||
* https://bazaar.abuse.ch/sample/bac78c78e97c8458437ffcbb31b4a54a141200a8cb656eac2dcab06691bc4a91/
|
||||
* https://bazaar.abuse.ch/sample/be31a5c1391bbc1c62d8f2c9fbebb9147ba69371fd8e7fcf81fcb5a9ac6ddf73/
|
||||
* https://bazaar.abuse.ch/sample/d53c9d7349bdbee8f73709c263cb08c2ca721365bb0670993b81fe2fd9200bac/
|
||||
* https://bazaar.abuse.ch/sample/d6372afdd18503ab17f18ebec05254727c7a0377d425bc74e4ae12ffe6243c4c/
|
||||
* https://bazaar.abuse.ch/sample/f60f32ec899bcb92fd50491a8c32f0548afbd4dc02462dfa373d484b4b161a86/
|
||||
* https://threatfox.abuse.ch
|
||||
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
# Skygofree - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Skygofree](https://vuldb.com/?actor.skygofree). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.skygofree](https://vuldb.com/?actor.skygofree)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Skygofree:
|
||||
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Skygofree.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [54.67.109.199](https://vuldb.com/?ip.54.67.109.199) | ec2-54-67-109-199.us-west-1.compute.amazonaws.com | - | Medium
|
||||
2 | [79.3.197.89](https://vuldb.com/?ip.79.3.197.89) | host-79-3-197-89.business.telecomitalia.it | - | High
|
||||
3 | [217.194.13.133](https://vuldb.com/?ip.217.194.13.133) | vm3810.cloud.seeweb.it | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Skygofree_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Skygofree. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `AudioSource.cpp` | High
|
||||
2 | File | `avrc_pars_tg.cc` | High
|
||||
3 | File | `core.c` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 21 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cyber45.com
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -136,9 +136,11 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
113 | [45.9.148.212](https://vuldb.com/?ip.45.9.148.212) | - | - | High
|
||||
114 | [45.9.148.252](https://vuldb.com/?ip.45.9.148.252) | - | - | High
|
||||
115 | [45.9.150.109](https://vuldb.com/?ip.45.9.150.109) | - | - | High
|
||||
116 | ... | ... | ... | ...
|
||||
116 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
117 | [45.14.224.102](https://vuldb.com/?ip.45.14.224.102) | hosted-by.spectraip.net | - | High
|
||||
118 | ... | ... | ... | ...
|
||||
|
||||
There are 460 more IOC items available. Please use our online service to access the data.
|
||||
There are 467 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -147,7 +149,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
@ -205,19 +207,19 @@ ID | Type | Indicator | Confidence
|
|||
42 | File | `/ServletAPI/accounts/login` | High
|
||||
43 | File | `/uncpath/` | Medium
|
||||
44 | File | `/user/updatePwd` | High
|
||||
45 | File | `/webman/info.cgi` | High
|
||||
46 | File | `/wireless/security.asp` | High
|
||||
47 | File | `/wp-admin/admin-ajax.php` | High
|
||||
48 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
49 | File | `01article.php` | High
|
||||
50 | File | `a-forms.php` | Medium
|
||||
51 | File | `acloudCosAction.php.SQL` | High
|
||||
52 | File | `activenews_view.asp` | High
|
||||
53 | File | `ActiveServices.java` | High
|
||||
54 | File | `adclick.php` | Medium
|
||||
45 | File | `/var/lib/docker/<remapping>` | High
|
||||
46 | File | `/webman/info.cgi` | High
|
||||
47 | File | `/wireless/security.asp` | High
|
||||
48 | File | `/wp-admin/admin-ajax.php` | High
|
||||
49 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
50 | File | `01article.php` | High
|
||||
51 | File | `a-forms.php` | Medium
|
||||
52 | File | `acloudCosAction.php.SQL` | High
|
||||
53 | File | `activenews_view.asp` | High
|
||||
54 | File | `ActiveServices.java` | High
|
||||
55 | ... | ... | ...
|
||||
|
||||
There are 482 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 481 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -286,6 +288,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/45.120.52.149
|
||||
* https://search.censys.io/hosts/45.134.83.252
|
||||
* https://search.censys.io/hosts/45.142.166.93
|
||||
* https://search.censys.io/hosts/45.152.114.93
|
||||
* https://search.censys.io/hosts/45.154.14.194
|
||||
* https://search.censys.io/hosts/45.227.255.185
|
||||
* https://search.censys.io/hosts/45.227.255.217
|
||||
|
@ -303,6 +306,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/51.178.81.117
|
||||
* https://search.censys.io/hosts/52.40.129.127
|
||||
* https://search.censys.io/hosts/52.53.230.115
|
||||
* https://search.censys.io/hosts/52.70.185.38
|
||||
* https://search.censys.io/hosts/54.152.37.54
|
||||
* https://search.censys.io/hosts/54.165.231.50
|
||||
* https://search.censys.io/hosts/54.197.29.26
|
||||
|
@ -331,11 +335,14 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/93.95.229.168
|
||||
* https://search.censys.io/hosts/95.164.46.194
|
||||
* https://search.censys.io/hosts/95.170.68.91
|
||||
* https://search.censys.io/hosts/95.214.27.241
|
||||
* https://search.censys.io/hosts/95.216.192.109
|
||||
* https://search.censys.io/hosts/97.107.134.18
|
||||
* https://search.censys.io/hosts/101.35.172.163
|
||||
* https://search.censys.io/hosts/101.35.234.201
|
||||
* https://search.censys.io/hosts/101.35.253.83
|
||||
* https://search.censys.io/hosts/101.36.121.133
|
||||
* https://search.censys.io/hosts/101.37.91.112
|
||||
* https://search.censys.io/hosts/101.43.156.89
|
||||
* https://search.censys.io/hosts/103.56.19.196
|
||||
* https://search.censys.io/hosts/103.87.10.156
|
||||
|
@ -363,6 +370,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/119.91.77.189
|
||||
* https://search.censys.io/hosts/120.24.42.20
|
||||
* https://search.censys.io/hosts/121.199.2.153
|
||||
* https://search.censys.io/hosts/123.57.39.29
|
||||
* https://search.censys.io/hosts/124.71.84.65
|
||||
* https://search.censys.io/hosts/128.199.38.50
|
||||
* https://search.censys.io/hosts/129.211.212.112
|
||||
|
@ -381,6 +389,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/139.177.203.214
|
||||
* https://search.censys.io/hosts/139.224.50.7
|
||||
* https://search.censys.io/hosts/139.224.254.195
|
||||
* https://search.censys.io/hosts/140.82.6.222
|
||||
* https://search.censys.io/hosts/140.238.226.66
|
||||
* https://search.censys.io/hosts/141.164.45.81
|
||||
* https://search.censys.io/hosts/141.164.50.44
|
||||
|
@ -389,6 +398,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/143.110.155.198
|
||||
* https://search.censys.io/hosts/143.110.240.214
|
||||
* https://search.censys.io/hosts/143.110.252.93
|
||||
* https://search.censys.io/hosts/143.198.40.42
|
||||
* https://search.censys.io/hosts/143.244.185.237
|
||||
* https://search.censys.io/hosts/144.22.135.107
|
||||
* https://search.censys.io/hosts/144.22.230.36
|
||||
|
@ -407,6 +417,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/157.245.96.88
|
||||
* https://search.censys.io/hosts/158.247.217.247
|
||||
* https://search.censys.io/hosts/159.65.62.90
|
||||
* https://search.censys.io/hosts/159.223.189.221
|
||||
* https://search.censys.io/hosts/161.35.214.132
|
||||
* https://search.censys.io/hosts/162.33.177.72
|
||||
* https://search.censys.io/hosts/162.33.177.203
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -28,23 +28,26 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.9.224.217](https://vuldb.com/?ip.5.9.224.217) | static.217.224.9.5.clients.your-server.de | - | High
|
||||
2 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | Tsunami | High
|
||||
3 | [5.196.8.173](https://vuldb.com/?ip.5.196.8.173) | vps-b5645e9a.vps.ovh.net | - | High
|
||||
4 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
5 | [20.45.1.107](https://vuldb.com/?ip.20.45.1.107) | - | - | High
|
||||
6 | [23.0.48.75](https://vuldb.com/?ip.23.0.48.75) | a23-0-48-75.deploy.static.akamaitechnologies.com | - | High
|
||||
7 | [23.0.209.167](https://vuldb.com/?ip.23.0.209.167) | a23-0-209-167.deploy.static.akamaitechnologies.com | - | High
|
||||
8 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
9 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
|
||||
10 | [23.13.211.142](https://vuldb.com/?ip.23.13.211.142) | a23-13-211-142.deploy.static.akamaitechnologies.com | - | High
|
||||
11 | [23.20.239.12](https://vuldb.com/?ip.23.20.239.12) | ec2-23-20-239-12.compute-1.amazonaws.com | - | Medium
|
||||
12 | [23.66.61.153](https://vuldb.com/?ip.23.66.61.153) | a23-66-61-153.deploy.static.akamaitechnologies.com | - | High
|
||||
13 | [23.193.177.127](https://vuldb.com/?ip.23.193.177.127) | a23-193-177-127.deploy.static.akamaitechnologies.com | - | High
|
||||
14 | [23.218.40.161](https://vuldb.com/?ip.23.218.40.161) | a23-218-40-161.deploy.static.akamaitechnologies.com | - | High
|
||||
15 | [23.221.48.201](https://vuldb.com/?ip.23.221.48.201) | a23-221-48-201.deploy.static.akamaitechnologies.com | - | High
|
||||
16 | ... | ... | ... | ...
|
||||
2 | [5.101.0.32](https://vuldb.com/?ip.5.101.0.32) | - | - | High
|
||||
3 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | Tsunami | High
|
||||
4 | [5.196.8.173](https://vuldb.com/?ip.5.196.8.173) | vps-b5645e9a.vps.ovh.net | - | High
|
||||
5 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
6 | [20.45.1.107](https://vuldb.com/?ip.20.45.1.107) | - | - | High
|
||||
7 | [23.0.48.75](https://vuldb.com/?ip.23.0.48.75) | a23-0-48-75.deploy.static.akamaitechnologies.com | - | High
|
||||
8 | [23.0.209.167](https://vuldb.com/?ip.23.0.209.167) | a23-0-209-167.deploy.static.akamaitechnologies.com | - | High
|
||||
9 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
10 | [23.6.69.99](https://vuldb.com/?ip.23.6.69.99) | a23-6-69-99.deploy.static.akamaitechnologies.com | - | High
|
||||
11 | [23.13.211.142](https://vuldb.com/?ip.23.13.211.142) | a23-13-211-142.deploy.static.akamaitechnologies.com | - | High
|
||||
12 | [23.20.239.12](https://vuldb.com/?ip.23.20.239.12) | ec2-23-20-239-12.compute-1.amazonaws.com | - | Medium
|
||||
13 | [23.66.61.153](https://vuldb.com/?ip.23.66.61.153) | a23-66-61-153.deploy.static.akamaitechnologies.com | - | High
|
||||
14 | [23.193.177.127](https://vuldb.com/?ip.23.193.177.127) | a23-193-177-127.deploy.static.akamaitechnologies.com | - | High
|
||||
15 | [23.218.40.161](https://vuldb.com/?ip.23.218.40.161) | a23-218-40-161.deploy.static.akamaitechnologies.com | - | High
|
||||
16 | [23.221.48.201](https://vuldb.com/?ip.23.221.48.201) | a23-221-48-201.deploy.static.akamaitechnologies.com | - | High
|
||||
17 | [27.102.67.144](https://vuldb.com/?ip.27.102.67.144) | - | - | High
|
||||
18 | [31.13.65.36](https://vuldb.com/?ip.31.13.65.36) | edge-star-mini-shv-01-atl3.facebook.com | - | High
|
||||
19 | ... | ... | ... | ...
|
||||
|
||||
There are 62 more IOC items available. Please use our online service to access the data.
|
||||
There are 73 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -57,9 +60,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -67,67 +71,69 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `.pref.xml` | Medium
|
||||
3 | File | `/admin/admin_login.php` | High
|
||||
4 | File | `/admin/edit-doc.php` | High
|
||||
5 | File | `/admin/profile/save_profile` | High
|
||||
6 | File | `/aux` | Low
|
||||
7 | File | `/cgi-bin/koha/acqui/supplier.pl?op=enter` | High
|
||||
8 | File | `/cgi-bin/luci` | High
|
||||
9 | File | `/ClickAndBanexDemo/admin/admin.asp` | High
|
||||
10 | File | `/config.cgi?webmin` | High
|
||||
11 | File | `/config/getuser` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/etc/config/rpcd` | High
|
||||
14 | File | `/etc/gsissh/sshd_config` | High
|
||||
15 | File | `/etc/passwd` | Medium
|
||||
16 | File | `/gateway/services/EdgeServiceImpl` | High
|
||||
17 | File | `/getcfg.php` | Medium
|
||||
18 | File | `/goform/dir_setWanWifi` | High
|
||||
19 | File | `/goform/telnet` | High
|
||||
20 | File | `/goform/WanParameterSetting` | High
|
||||
21 | File | `/HNAP1` | Low
|
||||
22 | File | `/include/makecvs.php` | High
|
||||
23 | File | `/js/app.js` | Medium
|
||||
24 | File | `/knomi/analyze` | High
|
||||
25 | File | `/mgmt/tm/util/bash` | High
|
||||
26 | File | `/monitoring` | Medium
|
||||
27 | File | `/opt/pia/ruby/64/ruby` | High
|
||||
28 | File | `/Pwrchute` | Medium
|
||||
29 | File | `/reports/rwservlet` | High
|
||||
30 | File | `/scripts/iisadmin/bdir.htr` | High
|
||||
31 | File | `/setSystemAdmin` | High
|
||||
32 | File | `/skyboxview-softwareupdate/services/CollectorSoftwareUpdate` | High
|
||||
33 | File | `/tmp` | Low
|
||||
34 | File | `/tmp/csman/0` | Medium
|
||||
35 | File | `/ui/cbpc/login` | High
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
38 | File | `/var/hnap/timestamp` | High
|
||||
39 | File | `/vloggers_merch/admin/?page=product/manage_product` | High
|
||||
40 | File | `/webmail/` | Medium
|
||||
41 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
42 | File | `/wp-content/plugins/forum-server/feed.php` | High
|
||||
43 | File | `/{ADMIN-FILE}/` | High
|
||||
44 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
45 | File | `address.html` | Medium
|
||||
46 | File | `adm/systools.asp` | High
|
||||
47 | File | `admin/admin_login.php` | High
|
||||
48 | File | `admin/dashboard.php` | High
|
||||
49 | ... | ... | ...
|
||||
1 | File | `.pref.xml` | Medium
|
||||
2 | File | `/acms/classes/Master.php?f=delete_cargo` | High
|
||||
3 | File | `/admin.add` | Medium
|
||||
4 | File | `/admin.php/news/admin/topic/save` | High
|
||||
5 | File | `/admin/admin_login.php` | High
|
||||
6 | File | `/admin/comn/service/update.json` | High
|
||||
7 | File | `/admin/edit-doc.php` | High
|
||||
8 | File | `/admin/profile/save_profile` | High
|
||||
9 | File | `/api/v2/labels/` | High
|
||||
10 | File | `/aux` | Low
|
||||
11 | File | `/cgi-bin/koha/acqui/supplier.pl?op=enter` | High
|
||||
12 | File | `/cgi-bin/luci` | High
|
||||
13 | File | `/config.cgi?webmin` | High
|
||||
14 | File | `/config/getuser` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/dev/shm` | Medium
|
||||
17 | File | `/dl/dl_print.php` | High
|
||||
18 | File | `/etc/gsissh/sshd_config` | High
|
||||
19 | File | `/etc/passwd` | Medium
|
||||
20 | File | `/gateway/services/EdgeServiceImpl` | High
|
||||
21 | File | `/getcfg.php` | Medium
|
||||
22 | File | `/goform/dir_setWanWifi` | High
|
||||
23 | File | `/goform/telnet` | High
|
||||
24 | File | `/goform/WanParameterSetting` | High
|
||||
25 | File | `/HNAP1` | Low
|
||||
26 | File | `/include/makecvs.php` | High
|
||||
27 | File | `/info.xml` | Medium
|
||||
28 | File | `/js/app.js` | Medium
|
||||
29 | File | `/knomi/analyze` | High
|
||||
30 | File | `/mgmt/tm/util/bash` | High
|
||||
31 | File | `/monitoring` | Medium
|
||||
32 | File | `/ofcms/company-c-47` | High
|
||||
33 | File | `/opac/Actions.php?a=login` | High
|
||||
34 | File | `/opt/pia/ruby/64/ruby` | High
|
||||
35 | File | `/Pwrchute` | Medium
|
||||
36 | File | `/scripts/iisadmin/bdir.htr` | High
|
||||
37 | File | `/spip.php` | Medium
|
||||
38 | File | `/tmp/csman/0` | Medium
|
||||
39 | File | `/ui/cbpc/login` | High
|
||||
40 | File | `/uncpath/` | Medium
|
||||
41 | File | `/usr/sbin/httpd` | High
|
||||
42 | File | `/util/print.c` | High
|
||||
43 | File | `/var/hnap/timestamp` | High
|
||||
44 | File | `/vloggers_merch/admin/?page=product/manage_product` | High
|
||||
45 | File | `/web/MCmsAction.java` | High
|
||||
46 | File | `/webmail/` | Medium
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 423 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 409 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://bazaar.abuse.ch/sample/5bbe4ff9dc3e2fb44d356785216d39faa2ea386b1a5227798aea9c2d18b8b3fa/
|
||||
* https://bazaar.abuse.ch/sample/5e30a88fb1c9a45bd6697990493098ca05e87b2560172ae89e9811ea887ff8b4/#intel
|
||||
* https://blog.talosintelligence.com/2020/01/threat-roundup-0124-0131.html
|
||||
* https://blog.talosintelligence.com/2021/07/threat-roundup-0716-0723.html
|
||||
* https://community.blueliv.com/#!/s/6333fa0182df417ed0331a1d
|
||||
* https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/
|
||||
* https://research.checkpoint.com/2019/2019-resurgence-of-smokeloader/
|
||||
* https://threatfox.abuse.ch
|
||||
* https://tria.ge/220511-fxrezafgg2
|
||||
* https://unit42.paloaltonetworks.com/analysis-of-smoke-loader-in-new-tsunami-campaign/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -57,42 +57,44 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin/?page=user/manage` | High
|
||||
4 | File | `/admin/lab.php` | High
|
||||
5 | File | `/admin/login.php` | High
|
||||
6 | File | `/ajax.php?action=read_msg` | High
|
||||
7 | File | `/assets/components/gallery/connector.php` | High
|
||||
8 | File | `/bsms_ci/index.php` | High
|
||||
9 | File | `/cms/category/list` | High
|
||||
10 | File | `/College/admin/teacher.php` | High
|
||||
11 | File | `/Default/Bd` | Medium
|
||||
12 | File | `/editbrand.php` | High
|
||||
13 | File | `/employeeview.php` | High
|
||||
14 | File | `/etc/target` | Medium
|
||||
15 | File | `/export` | Low
|
||||
16 | File | `/getcfg.php` | Medium
|
||||
17 | File | `/goform/WriteFacMac` | High
|
||||
18 | File | `/home/kickPlayer` | High
|
||||
19 | File | `/home/masterConsole` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/lists/admin/user.php` | High
|
||||
22 | File | `/mkshop/Men/profile.php` | High
|
||||
23 | File | `/movie.php` | Medium
|
||||
24 | File | `/news-portal-script/information.php` | High
|
||||
25 | File | `/pages/apply_vacancy.php` | High
|
||||
26 | File | `/param.file.tgz` | High
|
||||
27 | File | `/rest/api/2/user/picker` | High
|
||||
28 | File | `/tmp` | Low
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/var/log/nginx` | High
|
||||
31 | File | `/wireless/basic.asp` | High
|
||||
32 | File | `/wireless/guestnetwork.asp` | High
|
||||
33 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
34 | File | `/_vti_pvt/access.cnf` | High
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `admin.php3` | Medium
|
||||
37 | File | `admin/abc.php` | High
|
||||
38 | File | `admin/add_payment.php` | High
|
||||
39 | ... | ... | ...
|
||||
6 | File | `/admin/read.php?mudi=announContent` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/wechat/app_auth` | High
|
||||
9 | File | `/assets/components/gallery/connector.php` | High
|
||||
10 | File | `/bsms_ci/index.php` | High
|
||||
11 | File | `/cms/category/list` | High
|
||||
12 | File | `/College/admin/teacher.php` | High
|
||||
13 | File | `/Default/Bd` | Medium
|
||||
14 | File | `/editbrand.php` | High
|
||||
15 | File | `/employeeview.php` | High
|
||||
16 | File | `/etc/target` | Medium
|
||||
17 | File | `/export` | Low
|
||||
18 | File | `/getcfg.php` | Medium
|
||||
19 | File | `/goform/WriteFacMac` | High
|
||||
20 | File | `/home/kickPlayer` | High
|
||||
21 | File | `/home/masterConsole` | High
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/lists/admin/user.php` | High
|
||||
24 | File | `/mkshop/Men/profile.php` | High
|
||||
25 | File | `/movie.php` | Medium
|
||||
26 | File | `/news-portal-script/information.php` | High
|
||||
27 | File | `/pages/apply_vacancy.php` | High
|
||||
28 | File | `/param.file.tgz` | High
|
||||
29 | File | `/paysystem/branch.php` | High
|
||||
30 | File | `/rest/api/2/user/picker` | High
|
||||
31 | File | `/send_order.cgi?parameter=restart` | High
|
||||
32 | File | `/tmp` | Low
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/var/log/nginx` | High
|
||||
35 | File | `/wireless/basic.asp` | High
|
||||
36 | File | `/wireless/guestnetwork.asp` | High
|
||||
37 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
38 | File | `/_vti_pvt/access.cnf` | High
|
||||
39 | File | `adclick.php` | Medium
|
||||
40 | File | `admin.php3` | Medium
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 338 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 353 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -70,19 +70,19 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/spip.php` | Medium
|
||||
6 | File | `/Tools/tools_admin.htm` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `adm/krgourl.php` | High
|
||||
9 | File | `admin.php` | Medium
|
||||
10 | File | `admin/conf_users_edit.php` | High
|
||||
11 | File | `administers` | Medium
|
||||
12 | File | `application\User\Controller\ProfileController.class.php` | High
|
||||
13 | File | `banner-edit.php` | High
|
||||
14 | File | `btif_hd.cc` | Medium
|
||||
15 | File | `catchsegv` | Medium
|
||||
16 | File | `classes/SystemSettings.php` | High
|
||||
17 | File | `classified.php` | High
|
||||
8 | File | `addentry.php` | Medium
|
||||
9 | File | `adm/krgourl.php` | High
|
||||
10 | File | `admin.php` | Medium
|
||||
11 | File | `admin/conf_users_edit.php` | High
|
||||
12 | File | `administers` | Medium
|
||||
13 | File | `application\User\Controller\ProfileController.class.php` | High
|
||||
14 | File | `banner-edit.php` | High
|
||||
15 | File | `btif_hd.cc` | Medium
|
||||
16 | File | `catchsegv` | Medium
|
||||
17 | File | `classes/SystemSettings.php` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 150 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 151 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -22,24 +22,25 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.39.221.47](https://vuldb.com/?ip.5.39.221.47) | - | - | High
|
||||
2 | [5.61.41.136](https://vuldb.com/?ip.5.61.41.136) | - | - | High
|
||||
3 | [5.101.78.2](https://vuldb.com/?ip.5.101.78.2) | - | - | High
|
||||
4 | [5.183.95.197](https://vuldb.com/?ip.5.183.95.197) | - | - | High
|
||||
5 | [5.199.174.179](https://vuldb.com/?ip.5.199.174.179) | - | - | High
|
||||
6 | [5.199.174.223](https://vuldb.com/?ip.5.199.174.223) | - | - | High
|
||||
7 | [20.115.47.118](https://vuldb.com/?ip.20.115.47.118) | - | - | High
|
||||
8 | [23.95.44.228](https://vuldb.com/?ip.23.95.44.228) | 23-95-44-228-host.colocrossing.com | - | High
|
||||
9 | [23.137.249.215](https://vuldb.com/?ip.23.137.249.215) | - | - | High
|
||||
10 | [23.227.202.22](https://vuldb.com/?ip.23.227.202.22) | 23-227-202-22.static.hvvc.us | - | High
|
||||
11 | [31.41.244.183](https://vuldb.com/?ip.31.41.244.183) | - | - | High
|
||||
12 | [31.44.185.6](https://vuldb.com/?ip.31.44.185.6) | - | - | High
|
||||
13 | [34.171.171.32](https://vuldb.com/?ip.34.171.171.32) | 32.171.171.34.bc.googleusercontent.com | - | Medium
|
||||
14 | [45.11.57.142](https://vuldb.com/?ip.45.11.57.142) | dedicated.vsys.host | - | High
|
||||
15 | [45.15.156.48](https://vuldb.com/?ip.45.15.156.48) | - | - | High
|
||||
16 | [45.32.132.182](https://vuldb.com/?ip.45.32.132.182) | 45.32.132.182.vultrusercontent.com | - | High
|
||||
17 | ... | ... | ... | ...
|
||||
2 | [5.42.65.67](https://vuldb.com/?ip.5.42.65.67) | - | - | High
|
||||
3 | [5.45.127.115](https://vuldb.com/?ip.5.45.127.115) | s0b7731cb.fastvps-server.com | - | High
|
||||
4 | [5.61.41.136](https://vuldb.com/?ip.5.61.41.136) | - | - | High
|
||||
5 | [5.101.78.2](https://vuldb.com/?ip.5.101.78.2) | - | - | High
|
||||
6 | [5.183.95.197](https://vuldb.com/?ip.5.183.95.197) | - | - | High
|
||||
7 | [5.199.174.179](https://vuldb.com/?ip.5.199.174.179) | - | - | High
|
||||
8 | [5.199.174.223](https://vuldb.com/?ip.5.199.174.223) | - | - | High
|
||||
9 | [20.115.47.118](https://vuldb.com/?ip.20.115.47.118) | - | - | High
|
||||
10 | [23.95.44.228](https://vuldb.com/?ip.23.95.44.228) | 23-95-44-228-host.colocrossing.com | - | High
|
||||
11 | [23.137.249.215](https://vuldb.com/?ip.23.137.249.215) | - | - | High
|
||||
12 | [23.227.202.22](https://vuldb.com/?ip.23.227.202.22) | 23-227-202-22.static.hvvc.us | - | High
|
||||
13 | [31.41.244.183](https://vuldb.com/?ip.31.41.244.183) | - | - | High
|
||||
14 | [31.44.185.6](https://vuldb.com/?ip.31.44.185.6) | - | - | High
|
||||
15 | [34.171.171.32](https://vuldb.com/?ip.34.171.171.32) | 32.171.171.34.bc.googleusercontent.com | - | Medium
|
||||
16 | [45.11.57.142](https://vuldb.com/?ip.45.11.57.142) | dedicated.vsys.host | - | High
|
||||
17 | [45.15.156.48](https://vuldb.com/?ip.45.15.156.48) | - | - | High
|
||||
18 | ... | ... | ... | ...
|
||||
|
||||
There are 63 more IOC items available. Please use our online service to access the data.
|
||||
There are 66 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -54,7 +55,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -101,24 +102,26 @@ ID | Type | Indicator | Confidence
|
|||
37 | File | `/param.file.tgz` | High
|
||||
38 | File | `/php-jms/review_se_result.php` | High
|
||||
39 | File | `/plesk-site-preview/` | High
|
||||
40 | File | `/project/PROJECTNAME/reports/` | High
|
||||
41 | File | `/school/model/get_admin_profile.php` | High
|
||||
42 | File | `/services/prefs.php` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/Status/wan_button_action.asp` | High
|
||||
45 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
46 | File | `/template/edit` | High
|
||||
47 | File | `/text/pdf/PdfReader.java` | High
|
||||
48 | File | `/timeline2.php` | High
|
||||
49 | File | `/ucms/chk.php` | High
|
||||
40 | File | `/pms/admin/crimes/manage_crime.php` | High
|
||||
41 | File | `/project/PROJECTNAME/reports/` | High
|
||||
42 | File | `/school/model/get_admin_profile.php` | High
|
||||
43 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/Status/wan_button_action.asp` | High
|
||||
46 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
47 | File | `/template/edit` | High
|
||||
48 | File | `/text/pdf/PdfReader.java` | High
|
||||
49 | File | `/timeline2.php` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 433 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 438 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://app.any.run/tasks/6b4a52a0-4bbe-4c57-a196-a7c0e3425220/
|
||||
* https://app.any.run/tasks/e6fbe61e-e881-4b8f-8a2b-cd226715c389/
|
||||
* https://bazaar.abuse.ch/sample/040aa152e739826874a268f4ffb8be80dd256e7817cdb2c25329d25a5264671e/
|
||||
* https://bazaar.abuse.ch/sample/2a1ba880f0cacda99db3eed861bc738a3f8ec6cac2518da431c446851fb4f923/
|
||||
* https://bazaar.abuse.ch/sample/4aec64f64812b8ed41eebe2d561d166b6dc9c16f2a856f7d10408ec83f493c06/
|
||||
|
@ -132,6 +135,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/742a97dbebd3f760b215186d04655dfcaf3846b40d3390a2db9bd7ee5f3d3266/
|
||||
* https://bazaar.abuse.ch/sample/998b16d93ed1043b616cddfcae2cbe10b6f4ae05b9bbd1abed4a99ad11205444/
|
||||
* https://bazaar.abuse.ch/sample/49763b5871eae34139060e486a62817242212a549593a1875a5221655b510334/
|
||||
* https://bazaar.abuse.ch/sample/835089cc52af94cdcdf26ab335f8a4fe4719071746539acf472579fa2fc8e4f9/
|
||||
* https://bazaar.abuse.ch/sample/a2bf4098b65e0efb8bc9cba70cfb5e36d01de5f591d100bb429a5dc3ef6c3bc3/
|
||||
* https://bazaar.abuse.ch/sample/ca958072c2483f5cfab83972b3e5a25a163eed2d0d6df7d310ddf200a6fec53c/
|
||||
* https://bazaar.abuse.ch/sample/f0c40cd7b07913d9ed925ebc130d4263850aeb2e16c32c47214d2b5989bbf4f5/
|
||||
|
|
|
@ -20,8 +20,8 @@ There are 1 more campaign items available. Please use our online service to acce
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TA551:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
@ -72,63 +72,67 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/?page=user/list` | High
|
||||
2 | File | `/admin/api/admin/articles/` | High
|
||||
3 | File | `/admin/api/theme-edit/` | High
|
||||
4 | File | `/admin/budget/manage_budget.php` | High
|
||||
5 | File | `/admin/categories/view_category.php` | High
|
||||
6 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
7 | File | `/Admin/createClass.php` | High
|
||||
8 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
9 | File | `/admin/departments/view_department.php` | High
|
||||
10 | File | `/admin/edit_subject.php` | High
|
||||
11 | File | `/admin/maintenance/view_designation.php` | High
|
||||
12 | File | `/admin/modal_add_product.php` | High
|
||||
13 | File | `/admin/problem_judge.php` | High
|
||||
14 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
15 | File | `/admin/sales/manage_sale.php` | High
|
||||
16 | File | `/admin/sales/view_details.php` | High
|
||||
17 | File | `/admin/suppliers/view_details.php` | High
|
||||
18 | File | `/admin/user/manage_user.php` | High
|
||||
19 | File | `/admin/userprofile.php` | High
|
||||
20 | File | `/admin/voters_row.php` | High
|
||||
21 | File | `/ajax.php?action=read_msg` | High
|
||||
22 | File | `/ajax.php?action=save_company` | High
|
||||
23 | File | `/api/browserextension/UpdatePassword/` | High
|
||||
24 | File | `/api/stl/actions/search` | High
|
||||
25 | File | `/application/views/themeOptions/update.php` | High
|
||||
26 | File | `/attachments` | Medium
|
||||
27 | File | `/balance/service/list` | High
|
||||
28 | File | `/bin/ate` | Medium
|
||||
29 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
30 | File | `/cgi-bin/ping.cgi` | High
|
||||
31 | File | `/classes/Users.php` | High
|
||||
32 | File | `/config/myfield/test.php` | High
|
||||
33 | File | `/data/app` | Medium
|
||||
34 | File | `/dev/snd/seq` | Medium
|
||||
35 | File | `/diagnostic/login.php` | High
|
||||
36 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
37 | File | `/etc/gsissh/sshd_config` | High
|
||||
38 | File | `/etc/master.passwd` | High
|
||||
39 | File | `/etc/passwd` | Medium
|
||||
40 | File | `/file_manager/admin/save_user.php` | High
|
||||
41 | File | `/goForm/aspForm` | High
|
||||
42 | File | `/goform/WifiBasicSet` | High
|
||||
43 | File | `/hrm/controller/login.php` | High
|
||||
44 | File | `/kelas/data` | Medium
|
||||
45 | File | `/login` | Low
|
||||
46 | File | `/logs/sql-error.log` | High
|
||||
47 | File | `/matkul/data` | Medium
|
||||
48 | File | `/mogu-picture/file/uploadPicsByUrl` | High
|
||||
49 | File | `/pages/save_user.php` | High
|
||||
50 | File | `/password/reset` | High
|
||||
51 | File | `/plugin/getList` | High
|
||||
52 | File | `/register/abort` | High
|
||||
53 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
54 | File | `/rukovoditel/index.php?module=logs/view&type=php` | High
|
||||
55 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
56 | ... | ... | ...
|
||||
2 | File | `/admin/addproduct.php` | High
|
||||
3 | File | `/admin/api/admin/articles/` | High
|
||||
4 | File | `/admin/api/theme-edit/` | High
|
||||
5 | File | `/admin/budget/manage_budget.php` | High
|
||||
6 | File | `/admin/categories/view_category.php` | High
|
||||
7 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
8 | File | `/Admin/createClass.php` | High
|
||||
9 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
10 | File | `/admin/departments/view_department.php` | High
|
||||
11 | File | `/admin/edit_subject.php` | High
|
||||
12 | File | `/admin/maintenance/view_designation.php` | High
|
||||
13 | File | `/admin/modal_add_product.php` | High
|
||||
14 | File | `/admin/problem_judge.php` | High
|
||||
15 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
16 | File | `/admin/sales/manage_sale.php` | High
|
||||
17 | File | `/admin/sales/view_details.php` | High
|
||||
18 | File | `/admin/suppliers/view_details.php` | High
|
||||
19 | File | `/admin/user/manage_user.php` | High
|
||||
20 | File | `/admin/userprofile.php` | High
|
||||
21 | File | `/admin/voters_row.php` | High
|
||||
22 | File | `/ajax.php?action=read_msg` | High
|
||||
23 | File | `/ajax.php?action=save_company` | High
|
||||
24 | File | `/api/browserextension/UpdatePassword/` | High
|
||||
25 | File | `/api/stl/actions/search` | High
|
||||
26 | File | `/application/views/themeOptions/update.php` | High
|
||||
27 | File | `/attachments` | Medium
|
||||
28 | File | `/balance/service/list` | High
|
||||
29 | File | `/bin/ate` | Medium
|
||||
30 | File | `/booking/show_bookings/` | High
|
||||
31 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
32 | File | `/cgi-bin/ping.cgi` | High
|
||||
33 | File | `/changeimage.php` | High
|
||||
34 | File | `/classes/Users.php` | High
|
||||
35 | File | `/classes/Users.php?f=save` | High
|
||||
36 | File | `/config/myfield/test.php` | High
|
||||
37 | File | `/dev/snd/seq` | Medium
|
||||
38 | File | `/diagnostic/login.php` | High
|
||||
39 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
40 | File | `/etc/gsissh/sshd_config` | High
|
||||
41 | File | `/etc/master.passwd` | High
|
||||
42 | File | `/etc/passwd` | Medium
|
||||
43 | File | `/file_manager/admin/save_user.php` | High
|
||||
44 | File | `/goForm/aspForm` | High
|
||||
45 | File | `/goform/RgDhcp` | High
|
||||
46 | File | `/goform/RgTime` | High
|
||||
47 | File | `/goform/WifiBasicSet` | High
|
||||
48 | File | `/hrm/controller/login.php` | High
|
||||
49 | File | `/kelas/data` | Medium
|
||||
50 | File | `/login` | Low
|
||||
51 | File | `/logs/sql-error.log` | High
|
||||
52 | File | `/matkul/data` | Medium
|
||||
53 | File | `/mogu-picture/file/uploadPicsByUrl` | High
|
||||
54 | File | `/pages/save_user.php` | High
|
||||
55 | File | `/password/reset` | High
|
||||
56 | File | `/paysystem/branch.php` | High
|
||||
57 | File | `/plugin/getList` | High
|
||||
58 | File | `/register/abort` | High
|
||||
59 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 492 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 521 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue