Update January 2023
This commit is contained in:
parent
d310d3c976
commit
3899a47ea9
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [TK](https://vuldb.com/?country.tk)
|
||||
* [BR](https://vuldb.com/?country.br)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
@ -69,26 +69,27 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/ebics-server/ebics.aspx` | High
|
||||
13 | File | `/esbus/servlet/GetSQLData` | High
|
||||
14 | File | `/film-rating.php` | High
|
||||
15 | File | `/goform/formLogin` | High
|
||||
16 | File | `/HNAP1` | Low
|
||||
17 | File | `/horde/util/go.php` | High
|
||||
18 | File | `/ishttpd/localweb/java/` | High
|
||||
19 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
20 | File | `/mcategory.php` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/p` | Low
|
||||
23 | File | `/pages/processlogin.php` | High
|
||||
24 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
25 | File | `/services/Card/findUser` | High
|
||||
26 | File | `/template/edit` | High
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/usr/bin/uucp` | High
|
||||
29 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
|
||||
30 | File | `/v1/tokens` | Medium
|
||||
31 | File | `/web/google_analytics.php` | High
|
||||
32 | ... | ... | ...
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/goform/formLogin` | High
|
||||
17 | File | `/HNAP1` | Low
|
||||
18 | File | `/horde/util/go.php` | High
|
||||
19 | File | `/ishttpd/localweb/java/` | High
|
||||
20 | File | `/KK_LS9ReportingPortal/GetData` | High
|
||||
21 | File | `/mcategory.php` | High
|
||||
22 | File | `/out.php` | Medium
|
||||
23 | File | `/p` | Low
|
||||
24 | File | `/pages/processlogin.php` | High
|
||||
25 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
26 | File | `/services/Card/findUser` | High
|
||||
27 | File | `/template/edit` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/usr/bin/uucp` | High
|
||||
30 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
|
||||
31 | File | `/v1/tokens` | Medium
|
||||
32 | File | `/web/google_analytics.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 276 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 280 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -55,4 +55,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -17,7 +17,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
|
|
@ -130,7 +130,8 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
24 | File | `/REBOOTSYSTEM` | High
|
||||
25 | File | `/replication` | Medium
|
||||
26 | ... | ... | ...
|
||||
26 | File | `/RestAPI` | Medium
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -80,15 +80,15 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin/?page=system_info/contact_info` | High
|
||||
4 | File | `/admin/dl_sendmail.php` | High
|
||||
5 | File | `/admin/submit-articles` | High
|
||||
6 | File | `/ad_js.php` | Medium
|
||||
7 | File | `/Ap4RtpAtom.cpp` | High
|
||||
8 | File | `/api/v2/cli/commands` | High
|
||||
9 | File | `/app/options.py` | High
|
||||
10 | File | `/attachments` | Medium
|
||||
11 | File | `/bsms/?page=manage_account` | High
|
||||
3 | File | `/admin/dl_sendmail.php` | High
|
||||
4 | File | `/admin/submit-articles` | High
|
||||
5 | File | `/ad_js.php` | Medium
|
||||
6 | File | `/Ap4RtpAtom.cpp` | High
|
||||
7 | File | `/api/v2/cli/commands` | High
|
||||
8 | File | `/app/options.py` | High
|
||||
9 | File | `/attachments` | Medium
|
||||
10 | File | `/bsms/?page=manage_account` | High
|
||||
11 | File | `/bsms_ci/index.php/book` | High
|
||||
12 | File | `/cgi-bin/login.cgi` | High
|
||||
13 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
14 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
|
@ -97,22 +97,21 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/etc/hosts` | Medium
|
||||
20 | File | `/fuel/sitevariables/delete/4` | High
|
||||
21 | File | `/goform/aspForm` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/fuel/sitevariables/delete/4` | High
|
||||
22 | File | `/goform/setmac` | High
|
||||
23 | File | `/goform/wizard_end` | High
|
||||
24 | File | `/hprms/admin/doctors/manage_doctor.php` | High
|
||||
25 | File | `/index/jobfairol/show/` | High
|
||||
26 | File | `/librarian/bookdetails.php` | High
|
||||
27 | File | `/manage-apartment.php` | High
|
||||
28 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
29 | File | `/pages/apply_vacancy.php` | High
|
||||
30 | File | `/proc/<PID>/mem` | High
|
||||
31 | File | `/project/PROJECTNAME/reports/` | High
|
||||
32 | File | `/proxy` | Low
|
||||
33 | ... | ... | ...
|
||||
28 | File | `/medicines/profile.php` | High
|
||||
29 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
30 | File | `/pages/apply_vacancy.php` | High
|
||||
31 | File | `/proc/<PID>/mem` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 280 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 272 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -91,7 +91,7 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `/replication` | Medium
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 255 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -79,4 +79,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -69,4 +69,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -68,7 +68,7 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/uncpath/` | Medium
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 97 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 99 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -49,4 +49,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -32,4 +32,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -28,4 +28,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -61,4 +61,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -28,4 +28,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -84,4 +84,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IL](https://vuldb.com/?country.il)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -71,23 +71,23 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/config.cgi?webmin` | High
|
||||
8 | File | `/filemanager/upload.php` | High
|
||||
9 | File | `/forum/away.php` | High
|
||||
10 | File | `/idm/admin/changeself.jsp` | High
|
||||
11 | File | `/idm/includes/helpServer.jsp` | High
|
||||
12 | File | `/if.cgi` | Low
|
||||
13 | File | `/include/chart_generator.php` | High
|
||||
14 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
15 | File | `/modules/profile/index.php` | High
|
||||
16 | File | `/news.dtl.php` | High
|
||||
17 | File | `/product_list.php` | High
|
||||
18 | File | `/setup` | Low
|
||||
19 | File | `/spip.php` | Medium
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/VPortal/mgtconsole/Subscriptions.jsp` | High
|
||||
22 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
23 | File | `/_vti_pvt/access.cnf` | High
|
||||
24 | File | `5.2.9\syscrb.exe` | High
|
||||
25 | File | `a-b-membres.php` | High
|
||||
26 | File | `account.asp` | Medium
|
||||
10 | File | `/hrm/employeeadd.php` | High
|
||||
11 | File | `/idm/admin/changeself.jsp` | High
|
||||
12 | File | `/idm/includes/helpServer.jsp` | High
|
||||
13 | File | `/if.cgi` | Low
|
||||
14 | File | `/include/chart_generator.php` | High
|
||||
15 | File | `/mifs/c/i/reg/reg.html` | High
|
||||
16 | File | `/modules/profile/index.php` | High
|
||||
17 | File | `/news.dtl.php` | High
|
||||
18 | File | `/product_list.php` | High
|
||||
19 | File | `/setup` | Low
|
||||
20 | File | `/spip.php` | Medium
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/VPortal/mgtconsole/Subscriptions.jsp` | High
|
||||
23 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
24 | File | `/_vti_pvt/access.cnf` | High
|
||||
25 | File | `5.2.9\syscrb.exe` | High
|
||||
26 | File | `a-b-membres.php` | High
|
||||
27 | File | `act.php` | Low
|
||||
28 | File | `adclick.php` | Medium
|
||||
29 | File | `admin` | Low
|
||||
|
@ -122,10 +122,9 @@ ID | Type | Indicator | Confidence
|
|||
58 | File | `cgi-bin/DownloadCfg/RouterCfm.cfg` | High
|
||||
59 | File | `Cgi/private.py` | High
|
||||
60 | File | `city.asp` | Medium
|
||||
61 | File | `class.ajax.php` | High
|
||||
62 | ... | ... | ...
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 542 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 535 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -142,4 +141,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -62,4 +62,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -61,4 +61,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -75,52 +75,51 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
22 | File | `/fos/admin/index.php?page=menu` | High
|
||||
23 | File | `/hrm/employeeadd.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/Items/*/RemoteImages/Download` | High
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lists/admin/` | High
|
||||
30 | File | `/lookin/info` | Medium
|
||||
31 | File | `/MagickCore/image.c` | High
|
||||
32 | File | `/manager/index.php` | High
|
||||
33 | File | `/medical/inventories.php` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/sacco_shield/manage_user.php` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
48 | File | `/user/update_booking.php` | High
|
||||
49 | File | `/WEB-INF/web.xml` | High
|
||||
50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
51 | File | `/Wedding-Management/package_detail.php` | High
|
||||
52 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
53 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
54 | File | `01article.php` | High
|
||||
55 | File | `AbstractScheduleJob.java` | High
|
||||
56 | File | `actionphp/download.File.php` | High
|
||||
57 | File | `AdClass.php` | Medium
|
||||
58 | File | `adclick.php` | Medium
|
||||
59 | File | `addtocart.asp` | High
|
||||
60 | ... | ... | ...
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/hrm/employeeadd.php` | High
|
||||
23 | File | `/hrm/employeeview.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/lists/admin/` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/MagickCore/image.c` | High
|
||||
31 | File | `/manager/index.php` | High
|
||||
32 | File | `/medical/inventories.php` | High
|
||||
33 | File | `/modules/profile/index.php` | High
|
||||
34 | File | `/modules/projects/vw_files.php` | High
|
||||
35 | File | `/modules/public/calendar.php` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/public/launchNewWindow.jsp` | High
|
||||
40 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
41 | File | `/reports/rwservlet` | High
|
||||
42 | File | `/sacco_shield/manage_user.php` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
45 | File | `/staff/bookdetails.php` | High
|
||||
46 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
47 | File | `/user/update_booking.php` | High
|
||||
48 | File | `/WEB-INF/web.xml` | High
|
||||
49 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
50 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
52 | File | `01article.php` | High
|
||||
53 | File | `AbstractScheduleJob.java` | High
|
||||
54 | File | `actionphp/download.File.php` | High
|
||||
55 | File | `AdClass.php` | Medium
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | File | `addtocart.asp` | High
|
||||
58 | File | `admin.php` | Medium
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 527 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 512 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [AG](https://vuldb.com/?country.ag)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -49,7 +49,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -120,9 +120,10 @@ ID | Type | Indicator | Confidence
|
|||
57 | File | `bin/named/query.c` | High
|
||||
58 | File | `blank.php` | Medium
|
||||
59 | File | `blocklayered-ajax.php` | High
|
||||
60 | ... | ... | ...
|
||||
60 | File | `bluegate_seo.inc.php` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 523 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 530 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -139,4 +140,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -41,4 +41,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -177,12 +177,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -190,65 +190,69 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `/?admin/user.html` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
13 | File | `/apilog.php` | Medium
|
||||
14 | File | `/cgi-bin/kerbynet` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/connectors/index.php` | High
|
||||
17 | File | `/demo/module/?module=HERE` | High
|
||||
18 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/showbad.php` | High
|
||||
8 | File | `/apilog.php` | Medium
|
||||
9 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/connectors/index.php` | High
|
||||
12 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
13 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
14 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
17 | File | `/fos/admin/index.php?page=menu` | High
|
||||
18 | File | `/hrm/employeeadd.php` | High
|
||||
19 | File | `/hrm/employeeview.php` | High
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/info.cgi` | Medium
|
||||
22 | File | `/Items/*/RemoteImages/Download` | High
|
||||
23 | File | `/items/view_item.php` | High
|
||||
24 | File | `/lists/admin/` | High
|
||||
25 | File | `/MagickCore/image.c` | High
|
||||
26 | File | `/manager/index.php` | High
|
||||
27 | File | `/medical/inventories.php` | High
|
||||
28 | File | `/mgmt/tm/util/bash` | High
|
||||
29 | File | `/mkshop/Men/profile.php` | High
|
||||
30 | File | `/mobile/downloadfile.aspx` | High
|
||||
31 | File | `/modules/profile/index.php` | High
|
||||
32 | File | `/modules/projects/vw_files.php` | High
|
||||
33 | File | `/modules/public/calendar.php` | High
|
||||
34 | File | `/net/nfc/netlink.c` | High
|
||||
35 | File | `/newsDia.php` | Medium
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/outgoing.php` | High
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
21 | File | `/items/view_item.php` | High
|
||||
22 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
23 | File | `/lookin/info` | Medium
|
||||
24 | File | `/manager/index.php` | High
|
||||
25 | File | `/medical/inventories.php` | High
|
||||
26 | File | `/mkshop/Men/profile.php` | High
|
||||
27 | File | `/mobile/downloadfile.aspx` | High
|
||||
28 | File | `/modules/profile/index.php` | High
|
||||
29 | File | `/modules/projects/vw_files.php` | High
|
||||
30 | File | `/modules/public/calendar.php` | High
|
||||
31 | File | `/net/nfc/netlink.c` | High
|
||||
32 | File | `/newsDia.php` | Medium
|
||||
33 | File | `/out.php` | Medium
|
||||
34 | File | `/outgoing.php` | High
|
||||
35 | File | `/proxy` | Low
|
||||
36 | File | `/public/launchNewWindow.jsp` | High
|
||||
37 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
38 | File | `/reports/rwservlet` | High
|
||||
39 | File | `/sacco_shield/manage_user.php` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
42 | File | `/staff/bookdetails.php` | High
|
||||
43 | File | `/staff/delete.php` | High
|
||||
44 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
45 | File | `/user/update_booking.php` | High
|
||||
46 | File | `/WEB-INF/web.xml` | High
|
||||
47 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
48 | File | `/Wedding-Management/package_detail.php` | High
|
||||
49 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
50 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
51 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
52 | File | `AdClass.php` | Medium
|
||||
53 | File | `adclick.php` | Medium
|
||||
54 | File | `addtocart.asp` | High
|
||||
55 | File | `admin.jcomments.php` | High
|
||||
56 | File | `admin.php` | Medium
|
||||
57 | ... | ... | ...
|
||||
44 | File | `/user/update_booking.php` | High
|
||||
45 | File | `/WEB-INF/web.xml` | High
|
||||
46 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
47 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
48 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
49 | File | `01article.php` | High
|
||||
50 | File | `AbstractScheduleJob.java` | High
|
||||
51 | File | `actionphp/download.File.php` | High
|
||||
52 | File | `adclick.php` | Medium
|
||||
53 | File | `addtocart.asp` | High
|
||||
54 | File | `admin.jcomments.php` | High
|
||||
55 | File | `admin.php` | Medium
|
||||
56 | File | `admin/admin/adminsave.html` | High
|
||||
57 | File | `admin/conf_users_edit.php` | High
|
||||
58 | File | `admin/panels/entry/admin.entry.list.php` | High
|
||||
59 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
60 | File | `admincp.php` | Medium
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 499 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 530 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -265,4 +269,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -76,4 +76,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -73,4 +73,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -97,4 +97,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -38,7 +38,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -104,7 +104,7 @@ ID | Type | Indicator | Confidence
|
|||
52 | File | `blocklayered-ajax.php` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 457 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 465 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -121,4 +121,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -29,4 +29,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -17,11 +17,11 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [46.55.222.24](https://vuldb.com/?ip.46.55.222.24) | - | - | High
|
||||
2 | [82.116.211.16](https://vuldb.com/?ip.82.116.211.16) | is.ouc.ac.cy | - | High
|
||||
3 | [93.186.181.62](https://vuldb.com/?ip.93.186.181.62) | - | - | High
|
||||
2 | [74.125.155.201](https://vuldb.com/?ip.74.125.155.201) | - | - | High
|
||||
3 | [82.116.211.16](https://vuldb.com/?ip.82.116.211.16) | is.ouc.ac.cy | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -36,6 +36,7 @@ ID | Type | Indicator | Confidence
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
|
||||
* https://blog.talosintelligence.com/2020/10/threat-roundup-1016-1023.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
@ -46,4 +47,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [WF](https://vuldb.com/?country.wf)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -42,7 +42,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -56,22 +56,24 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/GponForm/device_Form?script/` | High
|
||||
5 | File | `/index.php?/manage/channel/addchannel` | High
|
||||
6 | File | `/opac/Actions.php?a=login` | High
|
||||
7 | File | `/spip.php` | Medium
|
||||
8 | File | `/var/log/nginx` | High
|
||||
9 | File | `/wp-admin/admin-ajax.php` | High
|
||||
10 | File | `actions/beats_uploader.php` | High
|
||||
11 | File | `actions/vote_channel.php` | High
|
||||
12 | File | `Admin/ADM_Pagina.php` | High
|
||||
13 | File | `admin/article.php` | High
|
||||
14 | File | `admin/dashboard.php` | High
|
||||
15 | File | `Admin/edit-admin.php` | High
|
||||
16 | File | `admin/show.php?rec=update` | High
|
||||
17 | File | `allow/block` | Medium
|
||||
18 | File | `AlUpdate.exe` | Medium
|
||||
19 | File | `app/admin/controller/api/Update.php` | High
|
||||
20 | ... | ... | ...
|
||||
7 | File | `/opt/tms/bin/cli` | High
|
||||
8 | File | `/spip.php` | Medium
|
||||
9 | File | `/var/log/nginx` | High
|
||||
10 | File | `/wp-admin/admin-ajax.php` | High
|
||||
11 | File | `actions/beats_uploader.php` | High
|
||||
12 | File | `actions/vote_channel.php` | High
|
||||
13 | File | `Admin/ADM_Pagina.php` | High
|
||||
14 | File | `admin/article.php` | High
|
||||
15 | File | `admin/dashboard.php` | High
|
||||
16 | File | `Admin/edit-admin.php` | High
|
||||
17 | File | `admin/partials/ajax/add_field_to_form.php` | High
|
||||
18 | File | `admin/show.php?rec=update` | High
|
||||
19 | File | `allow/block` | Medium
|
||||
20 | File | `AlUpdate.exe` | Medium
|
||||
21 | File | `app/admin/controller/api/Update.php` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 167 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 184 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -88,4 +90,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 26 more country items available. Please use our online service to access the data.
|
||||
There are 33 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -428,11 +428,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80, CWE-87 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -440,67 +440,72 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `/?admin/user.html` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/login.php` | High
|
||||
7 | File | `/Admin/login.php` | High
|
||||
8 | File | `/admin/showbad.php` | High
|
||||
9 | File | `/admin/students/manage.php` | High
|
||||
10 | File | `/admin/students/view_student.php` | High
|
||||
11 | File | `/api/addusers` | High
|
||||
12 | File | `/api/user/upsert/<uuid>` | High
|
||||
13 | File | `/apilog.php` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dashboard/updatelogo.php` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/h/calendar` | Medium
|
||||
19 | File | `/h/compose` | Medium
|
||||
20 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
21 | File | `/index.php` | Medium
|
||||
22 | File | `/items/view_item.php` | High
|
||||
23 | File | `/loginVaLidation.php` | High
|
||||
24 | File | `/manage-apartment.php` | High
|
||||
25 | File | `/manager/index.php` | High
|
||||
26 | File | `/medical/inventories.php` | High
|
||||
27 | File | `/mkshop/Men/profile.php` | High
|
||||
28 | File | `/mobile/downloadfile.aspx` | High
|
||||
29 | File | `/modules/profile/index.php` | High
|
||||
30 | File | `/modules/projects/vw_files.php` | High
|
||||
31 | File | `/modules/public/calendar.php` | High
|
||||
32 | File | `/net/nfc/netlink.c` | High
|
||||
33 | File | `/newsDia.php` | Medium
|
||||
34 | File | `/Noxen-master/users.php` | High
|
||||
35 | File | `/opac/Actions.php?a=login` | High
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/outgoing.php` | High
|
||||
38 | File | `/pages/animals.php` | High
|
||||
1 | File | `.../gogo/` | Medium
|
||||
2 | File | `.github/workflows/combine-prs.yml` | High
|
||||
3 | File | `/?admin/user.html` | High
|
||||
4 | File | `/Admin/add-student.php` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/students/manage.php` | High
|
||||
8 | File | `/api/user/upsert/<uuid>` | High
|
||||
9 | File | `/apilog.php` | Medium
|
||||
10 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/connectors/index.php` | High
|
||||
13 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
14 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
15 | File | `/etc/ldap.conf` | High
|
||||
16 | File | `/etc/shadow` | Medium
|
||||
17 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
20 | File | `/fos/admin/index.php?page=menu` | High
|
||||
21 | File | `/h/calendar` | Medium
|
||||
22 | File | `/h/compose` | Medium
|
||||
23 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/medical/inventories.php` | High
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/net/nfc/netlink.c` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/opac/Actions.php?a=login` | High
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/php-sms/classes/Master.php` | High
|
||||
40 | File | `/php-sms/classes/SystemSettings.php` | High
|
||||
41 | File | `/php_action/createOrder.php` | High
|
||||
42 | File | `/php_action/editProductImage.php` | High
|
||||
43 | File | `/public/launchNewWindow.jsp` | High
|
||||
44 | File | `/public/login.htm` | High
|
||||
45 | File | `/ResiotQueryDBActive` | High
|
||||
46 | File | `/sacco_shield/manage_user.php` | High
|
||||
47 | File | `/SetTriggerWPS/PIN` | High
|
||||
48 | File | `/spip.php` | Medium
|
||||
49 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
50 | File | `/src/png2swf.c` | High
|
||||
51 | File | `/staff/bookdetails.php` | High
|
||||
52 | File | `/staff/delete.php` | High
|
||||
43 | File | `/proxy` | Low
|
||||
44 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
45 | File | `/reports/rwservlet` | High
|
||||
46 | File | `/ResiotQueryDBActive` | High
|
||||
47 | File | `/sacco_shield/manage_user.php` | High
|
||||
48 | File | `/SetTriggerWPS/PIN` | High
|
||||
49 | File | `/spip.php` | Medium
|
||||
50 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
51 | File | `/src/png2swf.c` | High
|
||||
52 | File | `/staff/bookdetails.php` | High
|
||||
53 | File | `/tos/index.php?app/app_start_stop` | High
|
||||
54 | File | `/uncpath/` | Medium
|
||||
55 | File | `/user/update_booking.php` | High
|
||||
56 | File | `/WEB-INF/web.xml` | High
|
||||
57 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
58 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
59 | ... | ... | ...
|
||||
54 | File | `/user/update_booking.php` | High
|
||||
55 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
56 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
57 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
58 | File | `/wp-admin/admin-ajax.php` | High
|
||||
59 | File | `01article.php` | High
|
||||
60 | File | `AbstractScheduleJob.java` | High
|
||||
61 | File | `actionphp/download.File.php` | High
|
||||
62 | File | `adclick.php` | Medium
|
||||
63 | File | `add-patient.php` | High
|
||||
64 | ... | ... | ...
|
||||
|
||||
There are 514 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 562 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -517,4 +522,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -32,4 +32,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -23,6 +23,14 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Aveo_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Aveo. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
@ -47,4 +55,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -43,12 +43,13 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/iwguestbook/admin/badwords_edit.asp` | High
|
||||
2 | File | `/iwguestbook/admin/messages_edit.asp` | High
|
||||
3 | File | `admin/dashboard.php` | High
|
||||
4 | ... | ... | ...
|
||||
1 | File | `/cwc/login` | Medium
|
||||
2 | File | `/iwguestbook/admin/badwords_edit.asp` | High
|
||||
3 | File | `/iwguestbook/admin/messages_edit.asp` | High
|
||||
4 | File | `admin/dashboard.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 22 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 25 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -65,4 +66,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -62,4 +62,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -41,10 +41,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,20 +59,24 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/auparse/auparse.c` | High
|
||||
5 | File | `/aux` | Low
|
||||
6 | File | `/BindAccount/SuccessTips.js` | High
|
||||
7 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
8 | File | `/login.html` | Medium
|
||||
9 | File | `/medical/inventories.php` | High
|
||||
10 | File | `/pages.php` | Medium
|
||||
11 | File | `/pages/save_user.php` | High
|
||||
12 | File | `/patient/doctors.php` | High
|
||||
13 | File | `/rom-0` | Low
|
||||
14 | File | `/uncpath/` | Medium
|
||||
15 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
16 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
17 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
18 | ... | ... | ...
|
||||
7 | File | `/goform/QuickIndex` | High
|
||||
8 | File | `/goform/setMacFilterCfg` | High
|
||||
9 | File | `/goform/WifiBasicSet` | High
|
||||
10 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
11 | File | `/login.html` | Medium
|
||||
12 | File | `/medical/inventories.php` | High
|
||||
13 | File | `/pages.php` | Medium
|
||||
14 | File | `/pages/save_user.php` | High
|
||||
15 | File | `/patient/doctors.php` | High
|
||||
16 | File | `/rom-0` | Low
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
19 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
20 | File | `/vloggers_merch/classes/Master.php?f=delete_order` | High
|
||||
21 | File | `abm.aspx` | Medium
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 150 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 185 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -92,4 +97,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -64,4 +64,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BadPatch:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -19,18 +20,27 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [148.251.135.117](https://vuldb.com/?ip.148.251.135.117) | server.pogled.ba | - | High
|
||||
2 | [195.154.216.74](https://vuldb.com/?ip.195.154.216.74) | 195-154-216-74.rev.poneytelecom.eu | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BadPatch_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-269 | Execution with Unnecessary Privileges | High
|
||||
2 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BadPatch. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `includes/pages.inc.php` | High
|
||||
2 | File | `setup.cgi` | Medium
|
||||
3 | Argument | `PagePrefix` | Medium
|
||||
1 | File | `/usr/local/sbin/webproject/set_param.cgi` | High
|
||||
2 | File | `includes/pages.inc.php` | High
|
||||
3 | File | `setup.cgi` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 2 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -47,4 +57,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -111,9 +111,10 @@ ID | Type | Indicator | Confidence
|
|||
52 | File | `auth.php` | Medium
|
||||
53 | File | `bin/named/query.c` | High
|
||||
54 | File | `blank.php` | Medium
|
||||
55 | ... | ... | ...
|
||||
55 | File | `blocklayered-ajax.php` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 480 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 487 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -130,4 +131,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -52,9 +52,9 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
|
@ -66,72 +66,67 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/conferences/list/` | High
|
||||
4 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/reports.php` | High
|
||||
9 | File | `/admin/showbad.php` | High
|
||||
10 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
11 | File | `/apilog.php` | Medium
|
||||
12 | File | `/bsms/?page=products` | High
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/cgi-bin/kerbynet` | High
|
||||
14 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
17 | File | `/connectors/index.php` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
20 | File | `/filemanager/php/connector.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/include/chart_generator.php` | High
|
||||
23 | File | `/index.php` | Medium
|
||||
24 | File | `/info.cgi` | Medium
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/lists/admin/` | High
|
||||
28 | File | `/MagickCore/image.c` | High
|
||||
29 | File | `/manager/index.php` | High
|
||||
30 | File | `/medical/inventories.php` | High
|
||||
31 | File | `/mgmt/tm/util/bash` | High
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/modx/manager/index.php` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/sacco_shield/manage_user.php` | High
|
||||
40 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
43 | File | `/staff/bookdetails.php` | High
|
||||
44 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
45 | File | `/user/update_booking.php` | High
|
||||
46 | File | `/usr/bin/pkexec` | High
|
||||
47 | File | `/WEB-INF/web.xml` | High
|
||||
48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
49 | File | `/Wedding-Management/package_detail.php` | High
|
||||
50 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
52 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
53 | File | `AdClass.php` | Medium
|
||||
54 | File | `adclick.php` | Medium
|
||||
55 | File | `add.exe` | Low
|
||||
56 | File | `addtocart.asp` | High
|
||||
57 | File | `admin.php` | Medium
|
||||
58 | File | `admin.php?m=Food&a=addsave` | High
|
||||
59 | File | `admin/conf_users_edit.php` | High
|
||||
60 | File | `admin/index.php` | High
|
||||
61 | File | `admin/limits.php` | High
|
||||
62 | File | `admincp.php` | Medium
|
||||
63 | File | `admincp/search.php?do=dosearch` | High
|
||||
64 | ... | ... | ...
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
18 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
19 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
22 | File | `/fos/admin/index.php?page=menu` | High
|
||||
23 | File | `/hrm/employeeadd.php` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/Items/*/RemoteImages/Download` | High
|
||||
27 | File | `/items/view_item.php` | High
|
||||
28 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
29 | File | `/lists/admin/` | High
|
||||
30 | File | `/lookin/info` | Medium
|
||||
31 | File | `/MagickCore/image.c` | High
|
||||
32 | File | `/manager/index.php` | High
|
||||
33 | File | `/medical/inventories.php` | High
|
||||
34 | File | `/modules/profile/index.php` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/newsDia.php` | Medium
|
||||
38 | File | `/out.php` | Medium
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/public/launchNewWindow.jsp` | High
|
||||
41 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
42 | File | `/reports/rwservlet` | High
|
||||
43 | File | `/sacco_shield/manage_user.php` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
48 | File | `/user/update_booking.php` | High
|
||||
49 | File | `/WEB-INF/web.xml` | High
|
||||
50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
51 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `AbstractScheduleJob.java` | High
|
||||
55 | File | `actionphp/download.File.php` | High
|
||||
56 | File | `AdClass.php` | Medium
|
||||
57 | File | `adclick.php` | Medium
|
||||
58 | File | `addtocart.asp` | High
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 561 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -148,4 +143,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -57,7 +58,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -73,29 +74,27 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/debug/pprof` | Medium
|
||||
7 | File | `/export` | Low
|
||||
8 | File | `/file?action=download&file` | High
|
||||
9 | File | `/medical/inventories.php` | High
|
||||
10 | File | `/monitoring` | Medium
|
||||
11 | File | `/NAGErrors` | Medium
|
||||
9 | File | `/hardware` | Medium
|
||||
10 | File | `/medical/inventories.php` | High
|
||||
11 | File | `/monitoring` | Medium
|
||||
12 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
13 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
14 | File | `/plugins/servlet/audit/resource` | High
|
||||
15 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
16 | File | `/replication` | Medium
|
||||
17 | File | `/RestAPI` | Medium
|
||||
18 | File | `/tmp` | Low
|
||||
19 | File | `/tmp/speedtest_urls.xml` | High
|
||||
20 | File | `/tmp/zarafa-vacation-*` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/upload` | Low
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/tmp/zarafa-vacation-*` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/user/loader.php?api=1` | High
|
||||
23 | File | `/var/log/nginx` | High
|
||||
24 | File | `/var/run/watchman.pid` | High
|
||||
25 | File | `/viewer/krpano.html` | High
|
||||
26 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
27 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
28 | File | `admin\model\catalog\download.php` | High
|
||||
29 | ... | ... | ...
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 245 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -112,4 +111,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -52,22 +52,23 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/kerbynet` | High
|
||||
2 | File | `/cgi-bin/supervisor/CloudSetup.cgi` | High
|
||||
3 | File | `/domain/add` | Medium
|
||||
4 | File | `/etc/sudoers` | Medium
|
||||
5 | File | `/index.php/weblinks-categories` | High
|
||||
6 | File | `/plain` | Low
|
||||
7 | File | `/show_group_members.php` | High
|
||||
8 | File | `/web/google_analytics.php` | High
|
||||
9 | File | `album_portal.php` | High
|
||||
10 | File | `al_initialize.php` | High
|
||||
11 | File | `archive_endian.h` | High
|
||||
12 | File | `bmp.c` | Low
|
||||
13 | File | `cgi-bin/jc.cgi` | High
|
||||
14 | File | `checklogin.php` | High
|
||||
15 | File | `cmd.exe` | Low
|
||||
16 | ... | ... | ...
|
||||
3 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
4 | File | `/domain/add` | Medium
|
||||
5 | File | `/etc/sudoers` | Medium
|
||||
6 | File | `/index.php/weblinks-categories` | High
|
||||
7 | File | `/plain` | Low
|
||||
8 | File | `/show_group_members.php` | High
|
||||
9 | File | `/SysInfo.htm` | Medium
|
||||
10 | File | `/web/google_analytics.php` | High
|
||||
11 | File | `album_portal.php` | High
|
||||
12 | File | `al_initialize.php` | High
|
||||
13 | File | `archive_endian.h` | High
|
||||
14 | File | `bmp.c` | Low
|
||||
15 | File | `cgi-bin/jc.cgi` | High
|
||||
16 | File | `checklogin.php` | High
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 129 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 136 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -85,4 +86,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -315,31 +315,39 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/admin/users.php?source=edit_user&id=1` | High
|
||||
13 | File | `/administrator/alerts/alertLightbox.php` | High
|
||||
14 | File | `/administrator/templates/default/html/windows/right.php` | High
|
||||
15 | File | `/apps/acs-commons/content/page-compare.html` | High
|
||||
16 | File | `/demo/module/?module=HERE` | High
|
||||
17 | File | `/download/set.cgi` | High
|
||||
15 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
16 | File | `/Default/Bd` | Medium
|
||||
17 | File | `/demo/module/?module=HERE` | High
|
||||
18 | File | `/downloadmaster/dm_apply.cgi?action_mode=initial&download_type=General&special_cgi=get_language` | High
|
||||
19 | File | `/dvcset/sysset/set.cgi` | High
|
||||
20 | File | `/employeeview.php` | High
|
||||
21 | File | `/etc/sudoers` | Medium
|
||||
22 | File | `/filemanager/php/connector.php` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/goform/SysToolReboot` | High
|
||||
25 | File | `/goform/WifiExtraSet` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
|
||||
28 | File | `/mkshop/Men/profile.php` | High
|
||||
29 | File | `/mngset/authset` | High
|
||||
30 | File | `/mobile/downloadfile.aspx` | High
|
||||
31 | File | `/net/nfc/netlink.c` | High
|
||||
32 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
33 | File | `/outgoing.php` | High
|
||||
34 | File | `/php_action/editProductImage.php` | High
|
||||
35 | File | `/presale/join` | High
|
||||
36 | File | `/public/launchNewWindow.jsp` | High
|
||||
37 | ... | ... | ...
|
||||
19 | File | `/employeeview.php` | High
|
||||
20 | File | `/etc/sudoers` | Medium
|
||||
21 | File | `/filemanager/php/connector.php` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/goform/SysToolReboot` | High
|
||||
24 | File | `/goform/WifiExtraSet` | High
|
||||
25 | File | `/hrm/controller/employee.php` | High
|
||||
26 | File | `/hrm/employeeadd.php` | High
|
||||
27 | File | `/hrm/employeeview.php` | High
|
||||
28 | File | `/index.php` | Medium
|
||||
29 | File | `/index.php?m=admin&c=custom&a=plugindelhandle` | High
|
||||
30 | File | `/mkshop/Men/profile.php` | High
|
||||
31 | File | `/mobile/downloadfile.aspx` | High
|
||||
32 | File | `/net/nfc/netlink.c` | High
|
||||
33 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
34 | File | `/outgoing.php` | High
|
||||
35 | File | `/php_action/editProductImage.php` | High
|
||||
36 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
37 | File | `/rest/api/1.0/issues/{id}/ActionsAndOperations` | High
|
||||
38 | File | `/secure/admin/RestoreDefaults.jspa` | High
|
||||
39 | File | `/services/Card/findUser` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/staff/delete.php` | High
|
||||
42 | File | `/uncpath/` | Medium
|
||||
43 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||
44 | File | `/Videos/Id/hls/PlaylistId/SegmentId.SegmentContainer` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -356,4 +364,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -63,4 +63,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -58,4 +58,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,6 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BeamWinHTTP:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,7 +35,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
There are 13 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -42,96 +47,100 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin.php` | Medium
|
||||
3 | File | `/admin/doctors/view_doctor.php` | High
|
||||
4 | File | `/admin/modules/bibliography/index.php` | High
|
||||
5 | File | `/adminlogin.asp` | High
|
||||
6 | File | `/app/controller/Books.php` | High
|
||||
7 | File | `/aqpg/users/login.php` | High
|
||||
8 | File | `/controller/Index.php` | High
|
||||
9 | File | `/coreframe/app/content/admin/content.php` | High
|
||||
10 | File | `/dl/dl_print.php` | High
|
||||
11 | File | `/etc/master.passwd` | High
|
||||
12 | File | `/etc/passwd` | Medium
|
||||
13 | File | `/Hospital-Management-System-master/contact.php` | High
|
||||
14 | File | `/include/friends.inc.php` | High
|
||||
15 | File | `/members/view_member.php` | High
|
||||
16 | File | `/servlet/webacc` | High
|
||||
17 | File | `/sitemagic/upgrade.php` | High
|
||||
18 | File | `/userui/ticket_list.php` | High
|
||||
19 | File | `/wp-admin/options-general.php` | High
|
||||
20 | File | `/zm/index.php` | High
|
||||
21 | File | `abook_database.php` | High
|
||||
22 | File | `accounts/inc/include.php` | High
|
||||
23 | File | `adaptive-images-script.php` | High
|
||||
24 | File | `additem.asp` | Medium
|
||||
25 | File | `addtocart.asp` | High
|
||||
26 | File | `adherents/subscription/info.php` | High
|
||||
27 | File | `admin.asp` | Medium
|
||||
28 | File | `admin.php` | Medium
|
||||
29 | File | `admin/admin.php` | High
|
||||
30 | File | `admin/admin_users.php` | High
|
||||
31 | File | `admin/general.php` | High
|
||||
32 | File | `admin/header.php` | High
|
||||
33 | File | `admin/inc/change_action.php` | High
|
||||
34 | File | `admin/index.php` | High
|
||||
35 | File | `admin/info.php` | High
|
||||
36 | File | `admin/login.asp` | High
|
||||
37 | File | `admin/manage-comments.php` | High
|
||||
38 | File | `admin/manage-news.php` | High
|
||||
39 | File | `admin/plugin-settings.php` | High
|
||||
40 | File | `admin/specials.php` | High
|
||||
41 | File | `admin:de` | Medium
|
||||
42 | File | `admincp/auth/checklogin.php` | High
|
||||
43 | File | `admincp/auth/secure.php` | High
|
||||
44 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
45 | File | `administrator/index.php` | High
|
||||
46 | File | `admin_login.asp` | High
|
||||
47 | File | `adv_search.asp` | High
|
||||
48 | File | `ajax_url.php` | Medium
|
||||
49 | File | `album_portal.php` | High
|
||||
50 | File | `al_initialize.php` | High
|
||||
51 | File | `anjel.index.php` | High
|
||||
52 | File | `annonces-p-f.php` | High
|
||||
53 | File | `announce.php` | Medium
|
||||
54 | File | `announcement.php` | High
|
||||
55 | File | `announcements.php` | High
|
||||
56 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
57 | File | `application/config/config.php` | High
|
||||
58 | File | `apply.cgi` | Medium
|
||||
59 | File | `apps/app_article/controller/rating.php` | High
|
||||
60 | File | `article.php` | Medium
|
||||
61 | File | `articles.php` | Medium
|
||||
62 | File | `artikel_anzeige.php` | High
|
||||
63 | File | `auktion.cgi` | Medium
|
||||
64 | File | `auth.php` | Medium
|
||||
65 | File | `authfiles/login.asp` | High
|
||||
66 | File | `basket.php` | Medium
|
||||
67 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
|
||||
68 | File | `books.php` | Medium
|
||||
69 | File | `browse-category.php` | High
|
||||
70 | File | `browse.php` | Medium
|
||||
71 | File | `browse_videos.php` | High
|
||||
72 | File | `BrudaNews/BrudaGB` | High
|
||||
73 | File | `bwlist_inc.html` | High
|
||||
74 | File | `calendar.php` | Medium
|
||||
75 | File | `callme_page.php` | High
|
||||
76 | File | `cart.php` | Medium
|
||||
77 | File | `cart_add.php` | Medium
|
||||
78 | File | `case.filemanager.php` | High
|
||||
79 | File | `catalog.php` | Medium
|
||||
80 | File | `catalogshop.php` | High
|
||||
81 | File | `catalogue.asp` | High
|
||||
82 | File | `category.cfm` | Medium
|
||||
83 | File | `category.php` | Medium
|
||||
84 | File | `category_list.php` | High
|
||||
85 | File | `cgi-bin/awstats.pl` | High
|
||||
86 | File | `channel.asp` | Medium
|
||||
87 | File | `ChooseCpSearch.php` | High
|
||||
88 | File | `comentarii.php` | High
|
||||
89 | File | `comments.php` | Medium
|
||||
90 | File | `config.inc.php` | High
|
||||
91 | File | `config.php` | Medium
|
||||
92 | ... | ... | ...
|
||||
5 | File | `/admin/students/manage.php` | High
|
||||
6 | File | `/adminlogin.asp` | High
|
||||
7 | File | `/app/controller/Books.php` | High
|
||||
8 | File | `/aqpg/users/login.php` | High
|
||||
9 | File | `/controller/Index.php` | High
|
||||
10 | File | `/coreframe/app/content/admin/content.php` | High
|
||||
11 | File | `/dev/audio` | Medium
|
||||
12 | File | `/dl/dl_print.php` | High
|
||||
13 | File | `/etc/crash` | Medium
|
||||
14 | File | `/etc/master.passwd` | High
|
||||
15 | File | `/etc/passwd` | Medium
|
||||
16 | File | `/goform/AddSysLogRule` | High
|
||||
17 | File | `/goform/WifiBasicSet` | High
|
||||
18 | File | `/Hospital-Management-System-master/contact.php` | High
|
||||
19 | File | `/include/friends.inc.php` | High
|
||||
20 | File | `/index.php?module=configuration/application` | High
|
||||
21 | File | `/members/view_member.php` | High
|
||||
22 | File | `/services/view_service.php` | High
|
||||
23 | File | `/servlet/webacc` | High
|
||||
24 | File | `/sitemagic/upgrade.php` | High
|
||||
25 | File | `/userui/ticket_list.php` | High
|
||||
26 | File | `/usr/5bin/su` | Medium
|
||||
27 | File | `/wp-admin/options-general.php` | High
|
||||
28 | File | `/zm/index.php` | High
|
||||
29 | File | `1.x/src/rogatkin/web/WarRoller.java` | High
|
||||
30 | File | `abook_database.php` | High
|
||||
31 | File | `accounts/inc/include.php` | High
|
||||
32 | File | `adaptive-images-script.php` | High
|
||||
33 | File | `additem.asp` | Medium
|
||||
34 | File | `addtocart.asp` | High
|
||||
35 | File | `adherents/subscription/info.php` | High
|
||||
36 | File | `admin.asp` | Medium
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin/admin.php` | High
|
||||
39 | File | `admin/admin_users.php` | High
|
||||
40 | File | `admin/article_save.php` | High
|
||||
41 | File | `admin/general.php` | High
|
||||
42 | File | `admin/header.php` | High
|
||||
43 | File | `admin/inc/change_action.php` | High
|
||||
44 | File | `admin/index.php` | High
|
||||
45 | File | `admin/info.php` | High
|
||||
46 | File | `admin/login.asp` | High
|
||||
47 | File | `admin/manage-comments.php` | High
|
||||
48 | File | `admin/manage-news.php` | High
|
||||
49 | File | `admin/plugin-settings.php` | High
|
||||
50 | File | `admin/specials.php` | High
|
||||
51 | File | `admin:de` | Medium
|
||||
52 | File | `admincp/auth/checklogin.php` | High
|
||||
53 | File | `admincp/auth/secure.php` | High
|
||||
54 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
55 | File | `administrator/index.php` | High
|
||||
56 | File | `admin_login.asp` | High
|
||||
57 | File | `adv_search.asp` | High
|
||||
58 | File | `ajax_url.php` | Medium
|
||||
59 | File | `album_portal.php` | High
|
||||
60 | File | `al_initialize.php` | High
|
||||
61 | File | `anjel.index.php` | High
|
||||
62 | File | `annonces-p-f.php` | High
|
||||
63 | File | `announce.php` | Medium
|
||||
64 | File | `announcement.php` | High
|
||||
65 | File | `announcements.php` | High
|
||||
66 | File | `app/admin/routing/edit-bgp-mapping-search.php` | High
|
||||
67 | File | `application/config/config.php` | High
|
||||
68 | File | `application/controllers/basedata/inventory.php` | High
|
||||
69 | File | `apply.cgi` | Medium
|
||||
70 | File | `apps/app_article/controller/rating.php` | High
|
||||
71 | File | `article.php` | Medium
|
||||
72 | File | `articles.php` | Medium
|
||||
73 | File | `artikel_anzeige.php` | High
|
||||
74 | File | `auktion.cgi` | Medium
|
||||
75 | File | `auth.php` | Medium
|
||||
76 | File | `authfiles/login.asp` | High
|
||||
77 | File | `basket.php` | Medium
|
||||
78 | File | `books.php` | Medium
|
||||
79 | File | `browse-category.php` | High
|
||||
80 | File | `browse.php` | Medium
|
||||
81 | File | `browse_videos.php` | High
|
||||
82 | File | `BrudaNews/BrudaGB` | High
|
||||
83 | File | `bwlist_inc.html` | High
|
||||
84 | File | `calendar.php` | Medium
|
||||
85 | File | `callme_page.php` | High
|
||||
86 | File | `cart.php` | Medium
|
||||
87 | File | `cart_add.php` | Medium
|
||||
88 | File | `case.filemanager.php` | High
|
||||
89 | File | `catalog.php` | Medium
|
||||
90 | File | `catalogshop.php` | High
|
||||
91 | File | `catalogue.asp` | High
|
||||
92 | File | `category.cfm` | Medium
|
||||
93 | File | `category.php` | Medium
|
||||
94 | File | `category_list.php` | High
|
||||
95 | File | `cgi-bin/awstats.pl` | High
|
||||
96 | ... | ... | ...
|
||||
|
||||
There are 814 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 844 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -148,4 +157,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,6 +27,14 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Beastmode. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | Argument | `Name` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
@ -42,4 +50,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -104,4 +104,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -68,4 +68,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -65,11 +65,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -79,67 +80,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/conferences/list/` | High
|
||||
4 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/reports.php` | High
|
||||
9 | File | `/admin/showbad.php` | High
|
||||
10 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
11 | File | `/apilog.php` | Medium
|
||||
12 | File | `/bsms/?page=products` | High
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/cgi-bin/kerbynet` | High
|
||||
14 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
17 | File | `/connectors/index.php` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/hrm/employeeadd.php` | High
|
||||
22 | File | `/include/chart_generator.php` | High
|
||||
23 | File | `/index.php` | Medium
|
||||
24 | File | `/info.cgi` | Medium
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/hrm/employeeadd.php` | High
|
||||
23 | File | `/hrm/employeeview.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/lists/admin/` | High
|
||||
28 | File | `/lookin/info` | Medium
|
||||
29 | File | `/MagickCore/image.c` | High
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/medical/inventories.php` | High
|
||||
32 | File | `/mgmt/tm/util/bash` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/lists/admin/` | High
|
||||
29 | File | `/lookin/info` | Medium
|
||||
30 | File | `/MagickCore/image.c` | High
|
||||
31 | File | `/manager/index.php` | High
|
||||
32 | File | `/medical/inventories.php` | High
|
||||
33 | File | `/modules/profile/index.php` | High
|
||||
34 | File | `/modules/projects/vw_files.php` | High
|
||||
35 | File | `/modules/public/calendar.php` | High
|
||||
36 | File | `/newsDia.php` | Medium
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
40 | File | `/sacco_shield/manage_user.php` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
43 | File | `/staff/bookdetails.php` | High
|
||||
44 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
45 | File | `/user/update_booking.php` | High
|
||||
46 | File | `/usr/bin/pkexec` | High
|
||||
47 | File | `/WEB-INF/web.xml` | High
|
||||
48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
49 | File | `/Wedding-Management/package_detail.php` | High
|
||||
50 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
52 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
53 | File | `AdClass.php` | Medium
|
||||
54 | File | `adclick.php` | Medium
|
||||
55 | File | `add.exe` | Low
|
||||
56 | File | `addtocart.asp` | High
|
||||
57 | File | `admin.php` | Medium
|
||||
58 | File | `admin.php?m=Food&a=addsave` | High
|
||||
59 | ... | ... | ...
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/public/launchNewWindow.jsp` | High
|
||||
40 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
41 | File | `/reports/rwservlet` | High
|
||||
42 | File | `/sacco_shield/manage_user.php` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
45 | File | `/staff/bookdetails.php` | High
|
||||
46 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
47 | File | `/user/update_booking.php` | High
|
||||
48 | File | `/var/log/nginx` | High
|
||||
49 | File | `/WEB-INF/web.xml` | High
|
||||
50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
51 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
52 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `AbstractScheduleJob.java` | High
|
||||
55 | File | `actionphp/download.File.php` | High
|
||||
56 | File | `AdClass.php` | Medium
|
||||
57 | File | `adclick.php` | Medium
|
||||
58 | File | `addtocart.asp` | High
|
||||
59 | File | `admin.php` | Medium
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 520 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 523 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -156,4 +158,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -86,9 +86,10 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `album_portal.php` | High
|
||||
31 | File | `api.php` | Low
|
||||
32 | File | `app/api/cms/user.py` | High
|
||||
33 | ... | ... | ...
|
||||
33 | File | `application/home/controller/debug.php` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -105,4 +106,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -47,7 +47,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
|
@ -111,9 +111,10 @@ ID | Type | Indicator | Confidence
|
|||
50 | File | `bin/named/query.c` | High
|
||||
51 | File | `blank.php` | Medium
|
||||
52 | File | `blocklayered-ajax.php` | High
|
||||
53 | ... | ... | ...
|
||||
53 | File | `bluegate_seo.inc.php` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 464 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 471 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -130,4 +131,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -34,4 +34,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -18,18 +18,31 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [159.100.250.231](https://vuldb.com/?ip.159.100.250.231) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Bistromath_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1202 | CWE-78 | Command Injection | High
|
||||
3 | T1505 | CWE-89 | SQL Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Bistromath. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `admin/login.asp` | High
|
||||
2 | File | `cat.php` | Low
|
||||
3 | Argument | `CatID` | Low
|
||||
1 | File | `/app/register.php` | High
|
||||
2 | File | `admin/login.asp` | High
|
||||
3 | File | `cat.php` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -46,4 +59,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -69,4 +69,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,6 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,8 +31,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -61,4 +66,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -33,4 +33,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -67,4 +67,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -84,4 +84,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -33,9 +33,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
2 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -43,12 +46,12 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `awstats.pl` | Medium
|
||||
2 | File | `class.showtime2_image.php` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
1 | File | `/x_program_center/jaxrs/invoke` | High
|
||||
2 | File | `awstats.pl` | Medium
|
||||
3 | File | `class.showtime2_image.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 10 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -65,4 +68,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -72,4 +72,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -73,11 +73,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -87,66 +88,65 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/conferences/list/` | High
|
||||
4 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
5 | File | `/admin/generalsettings.php` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/payment.php` | High
|
||||
8 | File | `/admin/reports.php` | High
|
||||
9 | File | `/admin/showbad.php` | High
|
||||
10 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
11 | File | `/apilog.php` | Medium
|
||||
12 | File | `/bsms/?page=products` | High
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
7 | File | `/admin/generalsettings.php` | High
|
||||
8 | File | `/Admin/login.php` | High
|
||||
9 | File | `/admin/payment.php` | High
|
||||
10 | File | `/admin/reports.php` | High
|
||||
11 | File | `/admin/showbad.php` | High
|
||||
12 | File | `/apilog.php` | Medium
|
||||
13 | File | `/cgi-bin/kerbynet` | High
|
||||
14 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
17 | File | `/connectors/index.php` | High
|
||||
18 | File | `/debug/pprof` | Medium
|
||||
19 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/include/chart_generator.php` | High
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/info.cgi` | Medium
|
||||
24 | File | `/Items/*/RemoteImages/Download` | High
|
||||
25 | File | `/items/view_item.php` | High
|
||||
26 | File | `/lists/admin/` | High
|
||||
27 | File | `/MagickCore/image.c` | High
|
||||
28 | File | `/manager/index.php` | High
|
||||
29 | File | `/medical/inventories.php` | High
|
||||
30 | File | `/mgmt/tm/util/bash` | High
|
||||
31 | File | `/modules/profile/index.php` | High
|
||||
32 | File | `/modules/projects/vw_files.php` | High
|
||||
33 | File | `/modules/public/calendar.php` | High
|
||||
34 | File | `/newsDia.php` | Medium
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/public/launchNewWindow.jsp` | High
|
||||
37 | File | `/sacco_shield/manage_user.php` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
40 | File | `/staff/bookdetails.php` | High
|
||||
41 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
42 | File | `/user/update_booking.php` | High
|
||||
43 | File | `/usr/bin/pkexec` | High
|
||||
44 | File | `/WEB-INF/web.xml` | High
|
||||
45 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
46 | File | `/Wedding-Management/package_detail.php` | High
|
||||
47 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
48 | File | `/wp-admin/admin-ajax.php` | High
|
||||
49 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
50 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
51 | File | `AdClass.php` | Medium
|
||||
52 | File | `adclick.php` | Medium
|
||||
53 | File | `add.exe` | Low
|
||||
54 | File | `addtocart.asp` | High
|
||||
55 | File | `admin.php` | Medium
|
||||
56 | File | `admin.php?m=Food&a=addsave` | High
|
||||
57 | File | `admin/conf_users_edit.php` | High
|
||||
58 | ... | ... | ...
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/connectors/index.php` | High
|
||||
16 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
17 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
18 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
21 | File | `/fos/admin/index.php?page=menu` | High
|
||||
22 | File | `/hrm/employeeadd.php` | High
|
||||
23 | File | `/hrm/employeeview.php` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/Items/*/RemoteImages/Download` | High
|
||||
26 | File | `/items/view_item.php` | High
|
||||
27 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
28 | File | `/lookin/info` | Medium
|
||||
29 | File | `/MagickCore/image.c` | High
|
||||
30 | File | `/manager/index.php` | High
|
||||
31 | File | `/medical/inventories.php` | High
|
||||
32 | File | `/modules/profile/index.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/modules/public/calendar.php` | High
|
||||
35 | File | `/newsDia.php` | Medium
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/proxy` | Low
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
40 | File | `/reports/rwservlet` | High
|
||||
41 | File | `/sacco_shield/manage_user.php` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
44 | File | `/staff/bookdetails.php` | High
|
||||
45 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
46 | File | `/user/update_booking.php` | High
|
||||
47 | File | `/WEB-INF/web.xml` | High
|
||||
48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
49 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
50 | File | `/wp-admin/admin-ajax.php` | High
|
||||
51 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
52 | File | `01article.php` | High
|
||||
53 | File | `AbstractScheduleJob.java` | High
|
||||
54 | File | `actionphp/download.File.php` | High
|
||||
55 | File | `AdClass.php` | Medium
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | ... | ... | ...
|
||||
|
||||
There are 505 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 501 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -163,4 +163,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -69,4 +69,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Brata:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -18,6 +19,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [51.83.225.224](https://vuldb.com/?ip.51.83.225.224) | - | - | High
|
||||
2 | [51.83.251.214](https://vuldb.com/?ip.51.83.251.214) | - | - | High
|
||||
3 | [152.89.247.159](https://vuldb.com/?ip.152.89.247.159) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -31,6 +33,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.cyble.com/2022/07/21/amextroll-android-banking-trojan-spotted-in-the-wild/
|
||||
* https://community.blueliv.com/#!/s/62b0155982df417ed03311f0
|
||||
|
||||
## Literature
|
||||
|
@ -42,4 +45,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -15,11 +15,11 @@ The following _campaigns_ are known and can be associated with Brazil Unknown:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Brazil Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [BR](https://vuldb.com/?country.br)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -933,12 +933,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -946,62 +946,69 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.php.gif` | Medium
|
||||
2 | File | `/Admin/add-student.php` | High
|
||||
3 | File | `/admin/js` | Medium
|
||||
4 | File | `/Admin/login.php` | High
|
||||
5 | File | `/admin/showbad.php` | High
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.php.gif` | Medium
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/api/admin/articles/` | High
|
||||
5 | File | `/Admin/login.php` | High
|
||||
6 | File | `/admin/submit-articles` | High
|
||||
7 | File | `/apilog.php` | Medium
|
||||
8 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
9 | File | `/connectors/index.php` | High
|
||||
10 | File | `/Default/Bd` | Medium
|
||||
11 | File | `/employeeview.php` | High
|
||||
12 | File | `/fhconf/umconfig.txt` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/hrm/controller/employee.php` | High
|
||||
15 | File | `/hrm/employeeadd.php` | High
|
||||
16 | File | `/hrm/employeeview.php` | High
|
||||
17 | File | `/index.php` | Medium
|
||||
18 | File | `/items/view_item.php` | High
|
||||
19 | File | `/lookin/info` | Medium
|
||||
20 | File | `/manager/index.php` | High
|
||||
21 | File | `/medical/inventories.php` | High
|
||||
22 | File | `/mkshop/Men/profile.php` | High
|
||||
23 | File | `/modules/profile/index.php` | High
|
||||
24 | File | `/modules/projects/vw_files.php` | High
|
||||
25 | File | `/modules/public/calendar.php` | High
|
||||
26 | File | `/newsDia.php` | Medium
|
||||
27 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
28 | File | `/out.php` | Medium
|
||||
29 | File | `/php_action/editProductImage.php` | High
|
||||
30 | File | `/public/launchNewWindow.jsp` | High
|
||||
31 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
32 | File | `/sacco_shield/manage_user.php` | High
|
||||
33 | File | `/spip.php` | Medium
|
||||
34 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
35 | File | `/staff/bookdetails.php` | High
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | File | `/user/update_booking.php` | High
|
||||
38 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||
39 | File | `/WEB-INF/web.xml` | High
|
||||
40 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
41 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
42 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
43 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
44 | File | `adclick.php` | Medium
|
||||
45 | File | `addtocart.asp` | High
|
||||
46 | File | `admin.php` | Medium
|
||||
47 | File | `admin/conf_users_edit.php` | High
|
||||
48 | File | `admincp.php` | Medium
|
||||
49 | File | `admincp/search.php?do=dosearch` | High
|
||||
50 | File | `ajax_invoice.php` | High
|
||||
51 | File | `album_portal.php` | High
|
||||
52 | File | `analyzer/protocol/dnp3/DNP3.cc` | High
|
||||
53 | File | `Ap4BitStream.cpp` | High
|
||||
54 | ... | ... | ...
|
||||
11 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
12 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
13 | File | `/employeeview.php` | High
|
||||
14 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
17 | File | `/fos/admin/index.php?page=menu` | High
|
||||
18 | File | `/hrm/controller/employee.php` | High
|
||||
19 | File | `/hrm/employeeadd.php` | High
|
||||
20 | File | `/hrm/employeeview.php` | High
|
||||
21 | File | `/index.php` | Medium
|
||||
22 | File | `/items/view_item.php` | High
|
||||
23 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
24 | File | `/lookin/info` | Medium
|
||||
25 | File | `/manager/index.php` | High
|
||||
26 | File | `/medical/inventories.php` | High
|
||||
27 | File | `/modules/profile/index.php` | High
|
||||
28 | File | `/modules/projects/vw_files.php` | High
|
||||
29 | File | `/modules/public/calendar.php` | High
|
||||
30 | File | `/newsDia.php` | Medium
|
||||
31 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
32 | File | `/out.php` | Medium
|
||||
33 | File | `/php/` | Low
|
||||
34 | File | `/php_action/editProductImage.php` | High
|
||||
35 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
36 | File | `/proxy` | Low
|
||||
37 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
38 | File | `/reports/rwservlet` | High
|
||||
39 | File | `/sacco_shield/manage_user.php` | High
|
||||
40 | File | `/services/Card/findUser` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
43 | File | `/staff/bookdetails.php` | High
|
||||
44 | File | `/uncpath/` | Medium
|
||||
45 | File | `/user/update_booking.php` | High
|
||||
46 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||
47 | File | `/view-property.php` | High
|
||||
48 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
49 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
50 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
51 | File | `01article.php` | High
|
||||
52 | File | `AbstractScheduleJob.java` | High
|
||||
53 | File | `actionphp/download.File.php` | High
|
||||
54 | File | `adclick.php` | Medium
|
||||
55 | File | `addtocart.asp` | High
|
||||
56 | File | `admin.php` | Medium
|
||||
57 | File | `admin/conf_users_edit.php` | High
|
||||
58 | File | `admin/login.php` | High
|
||||
59 | File | `admin/panels/entry/admin.entry.list.php` | High
|
||||
60 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 471 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 537 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -1022,4 +1029,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -33,4 +33,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Brunei Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,7 +45,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
@ -110,11 +110,9 @@ ID | Type | Indicator | Confidence
|
|||
50 | File | `administrator/index.php` | High
|
||||
51 | File | `administrator/mail/download.cfm` | High
|
||||
52 | File | `AdminUpdateController.class.php` | High
|
||||
53 | File | `admin_main.php` | High
|
||||
54 | File | `Advanced_ASUSDDNS_Content.asp` | High
|
||||
55 | ... | ... | ...
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 477 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 464 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -131,4 +129,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -62,4 +62,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -37,7 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -68,4 +73,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,6 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BuerLoader:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CH](https://vuldb.com/?country.ch)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -16,7 +18,21 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [142.93.102.244](https://vuldb.com/?ip.142.93.102.244) | dev.dotyeti.com | - | High
|
||||
1 | [104.248.83.13](https://vuldb.com/?ip.104.248.83.13) | - | - | High
|
||||
2 | [142.93.102.244](https://vuldb.com/?ip.142.93.102.244) | dev.dotyeti.com | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BuerLoader_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -24,13 +40,19 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `article.php` | Medium
|
||||
2 | Argument | `id` | Low
|
||||
1 | File | `/backups/` | Medium
|
||||
2 | File | `/cgi-bin/editBookmark` | High
|
||||
3 | File | `/goform/RgDdns` | High
|
||||
4 | File | `/goform/RgDhcp` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 28 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://community.blueliv.com/#!/s/5f9a80db82df413eb23523b7
|
||||
* https://github.com/executemalware/Malware-IOCs/blob/main/2021-08-19%20BuerLoader%20IOCs
|
||||
|
||||
## Literature
|
||||
|
@ -42,4 +64,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -28,4 +28,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -270,11 +270,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-37 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-35 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -285,67 +285,54 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\CheckPoint\ZoneAlarm\Data\Updates` | High
|
||||
2 | File | `.php.gif` | Medium
|
||||
3 | File | `/action/iperf` | High
|
||||
4 | File | `/action/wirelessConnect` | High
|
||||
5 | File | `/Admin/add-student.php` | High
|
||||
6 | File | `/admin/delete.php` | High
|
||||
7 | File | `/Admin/login.php` | High
|
||||
8 | File | `/admin/settings/fields` | High
|
||||
9 | File | `/admin/sign/out` | High
|
||||
10 | File | `/admin/submit-articles` | High
|
||||
11 | File | `/api/discoveries/` | High
|
||||
12 | File | `/api/v1/attack` | High
|
||||
13 | File | `/api/v1/attack/falco` | High
|
||||
14 | File | `/api/v1/attack/token` | High
|
||||
15 | File | `/api/v1/bait/set` | High
|
||||
16 | File | `/api/v1/chat.getThreadsList` | High
|
||||
17 | File | `/api/v2/open/rowsInfo` | High
|
||||
18 | File | `/api/v2/open/tablesInfo` | High
|
||||
19 | File | `/apilog.php` | Medium
|
||||
20 | File | `/bin/proc.cgi` | High
|
||||
21 | File | `/buspassms/download-pass.php` | High
|
||||
22 | File | `/category.php` | High
|
||||
23 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
24 | File | `/changePassword` | High
|
||||
25 | File | `/cnr` | Low
|
||||
26 | File | `/connectors/index.php` | High
|
||||
27 | File | `/Core/Ap4File.cpp` | High
|
||||
28 | File | `/csms/admin/?page=user/manage_user` | High
|
||||
29 | File | `/depotHead/list` | High
|
||||
30 | File | `/ebics-server/ebics.aspx` | High
|
||||
31 | File | `/employeeview.php` | High
|
||||
32 | File | `/etc/version` | Medium
|
||||
33 | File | `/forum/away.php` | High
|
||||
34 | File | `/goform/fast_setting_wifi_set` | High
|
||||
35 | File | `/goform/form2WizardStep4` | High
|
||||
36 | File | `/goform/formSetClientState` | High
|
||||
37 | File | `/goform/fromSetIpMacBind` | High
|
||||
38 | File | `/goform/openSchedWifi/` | High
|
||||
39 | File | `/goform/PowerSaveSet` | High
|
||||
40 | File | `/goform/setDebugCfg/` | High
|
||||
41 | File | `/goform/SetNetControlList` | High
|
||||
42 | File | `/h/compose` | Medium
|
||||
43 | File | `/index.asp` | Medium
|
||||
44 | File | `/index.php` | Medium
|
||||
45 | File | `/items/view_item.php` | High
|
||||
46 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
47 | File | `/live/GLOBALS` | High
|
||||
48 | File | `/login` | Low
|
||||
49 | File | `/manager/index.php` | High
|
||||
50 | File | `/medical/inventories.php` | High
|
||||
51 | File | `/membership_passwordReset.php` | High
|
||||
52 | File | `/modules/profile/index.php` | High
|
||||
53 | File | `/modules/projects/vw_files.php` | High
|
||||
54 | File | `/modules/public/calendar.php` | High
|
||||
55 | File | `/newsDia.php` | Medium
|
||||
56 | File | `/omos/admin/?page=user/list` | High
|
||||
57 | File | `/opt/axess/etc/default/axess` | High
|
||||
58 | File | `/opt/axess/var/blobstorage/` | High
|
||||
59 | ... | ... | ...
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `//` | Low
|
||||
3 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
6 | File | `/fos/admin/index.php?page=menu` | High
|
||||
7 | File | `/login/index.php` | High
|
||||
8 | File | `/output/outdbg.c` | High
|
||||
9 | File | `/output/outieee.c` | High
|
||||
10 | File | `/password/reset` | High
|
||||
11 | File | `/ptippage.cgi` | High
|
||||
12 | File | `/ptipupgrade.cgi` | High
|
||||
13 | File | `/reports/rwservlet` | High
|
||||
14 | File | `/royal_event/userregister.php` | High
|
||||
15 | File | `/u/username.json` | High
|
||||
16 | File | `01article.php` | High
|
||||
17 | File | `admin/abc.php` | High
|
||||
18 | File | `admin/admin/adminsave.html` | High
|
||||
19 | File | `admin/approve_user.php` | High
|
||||
20 | File | `admin/conf_users_edit.php` | High
|
||||
21 | File | `admin/expense_report.php` | High
|
||||
22 | File | `admin/forget_password.php` | High
|
||||
23 | File | `admin/make_payments.php` | High
|
||||
24 | File | `admin/manage_user.php` | High
|
||||
25 | File | `admin/page-login.php` | High
|
||||
26 | File | `admin/panels/entry/admin.entry.list.php` | High
|
||||
27 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
28 | File | `administers` | Medium
|
||||
29 | File | `admin_class.php` | High
|
||||
30 | File | `agent/listener/templates/tail.html` | High
|
||||
31 | File | `ajax_invoice.php` | High
|
||||
32 | File | `announce.php` | Medium
|
||||
33 | File | `api.php` | Low
|
||||
34 | File | `api/?api=add_server` | High
|
||||
35 | File | `app.py` | Low
|
||||
36 | File | `app/api/songs.py` | High
|
||||
37 | File | `app/business/impl/ReviewServiceImpl.java` | High
|
||||
38 | File | `app/controllers/code_caller_controller.php` | High
|
||||
39 | File | `app/controllers/curupira/passwords_controller.rb` | High
|
||||
40 | File | `app/controllers/geopoll_controller.rb` | High
|
||||
41 | File | `app/controllers/image_controller.rb` | High
|
||||
42 | File | `app/controllers/oauth.js` | High
|
||||
43 | File | `app/filters.php` | High
|
||||
44 | File | `application/controllers/timedtext.php` | High
|
||||
45 | File | `application/libraries/LanguageTask.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 512 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -362,4 +349,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -42,7 +42,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -79,17 +80,18 @@ ID | Type | Indicator | Confidence
|
|||
25 | File | `admin-ajax.php` | High
|
||||
26 | File | `admin.php` | Medium
|
||||
27 | File | `admin/ad_list.php` | High
|
||||
28 | File | `admin/status/realtime/bandwidth_status` | High
|
||||
29 | File | `agent.c` | Low
|
||||
30 | File | `ajax_crons.php` | High
|
||||
31 | File | `ansi.c` | Low
|
||||
32 | File | `api.php/List/index` | High
|
||||
33 | File | `API/api/Version` | High
|
||||
34 | File | `application/controllers/LSBaseController.php` | High
|
||||
35 | File | `arq_updater` | Medium
|
||||
36 | ... | ... | ...
|
||||
28 | File | `admin/panels/uploader/admin.uploader.php` | High
|
||||
29 | File | `admin/status/realtime/bandwidth_status` | High
|
||||
30 | File | `agent.c` | Low
|
||||
31 | File | `ajax_crons.php` | High
|
||||
32 | File | `ansi.c` | Low
|
||||
33 | File | `api.php/List/index` | High
|
||||
34 | File | `API/api/Version` | High
|
||||
35 | File | `application/controllers/LSBaseController.php` | High
|
||||
36 | File | `arq_updater` | Medium
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 314 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -107,4 +109,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -84,7 +84,7 @@ ID | Type | Indicator | Confidence
|
|||
32 | File | `api.php` | Low
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 285 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -101,4 +101,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -51,22 +51,24 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/admin/broadcast.php` | High
|
||||
2 | File | `/admin/sysmon.php` | High
|
||||
3 | File | `/cgi-bin/webviewer_login_page` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/getcfg.php` | Medium
|
||||
6 | File | `/proc/ioports` | High
|
||||
7 | File | `/services/details.asp` | High
|
||||
8 | File | `/tmp` | Low
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | File | `/Upload.ashx` | Medium
|
||||
11 | File | `/var/tmp/sess_*` | High
|
||||
12 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
13 | File | `activateuser.aspx` | High
|
||||
14 | File | `adclick.php` | Medium
|
||||
15 | File | `admin/killsource` | High
|
||||
16 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
|
||||
17 | ... | ... | ...
|
||||
4 | File | `/ecrire` | Low
|
||||
5 | File | `/forum/away.php` | High
|
||||
6 | File | `/getcfg.php` | Medium
|
||||
7 | File | `/proc/ioports` | High
|
||||
8 | File | `/services/details.asp` | High
|
||||
9 | File | `/tmp` | Low
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `/Upload.ashx` | Medium
|
||||
12 | File | `/var/tmp/sess_*` | High
|
||||
13 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
14 | File | `activateuser.aspx` | High
|
||||
15 | File | `adclick.php` | Medium
|
||||
16 | File | `admin/killsource` | High
|
||||
17 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
|
||||
18 | File | `auth-gss2.c` | Medium
|
||||
19 | ... | ... | ...
|
||||
|
||||
There are 140 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 153 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -83,4 +85,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -55,4 +55,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -87,7 +87,7 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `album_portal.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -104,4 +104,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -51,4 +51,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -89,9 +89,10 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `ajax/render/widget_php` | High
|
||||
31 | File | `album_portal.php` | High
|
||||
32 | File | `AoWinAgt` | Medium
|
||||
33 | ... | ... | ...
|
||||
33 | File | `api.php` | Low
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -108,4 +109,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -91,8 +91,7 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `/librarian/lab.php` | High
|
||||
31 | File | `/login` | Low
|
||||
32 | File | `/mngset/authset` | High
|
||||
33 | File | `/nova/bin/sniffer` | High
|
||||
34 | ... | ... | ...
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 286 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -82,7 +82,7 @@ ID | Type | Indicator | Confidence
|
|||
32 | File | `application/home/controller/debug.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 283 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -99,4 +99,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -108,15 +108,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -124,42 +123,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/action/wirelessConnect` | High
|
||||
2 | File | `/adfs/ls` | Medium
|
||||
3 | File | `/admin/users_add.php` | High
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/action/wirelessConnect` | High
|
||||
3 | File | `/admin/upload/upload` | High
|
||||
4 | File | `/admin/videoalbum/list` | High
|
||||
5 | File | `/administration/settings_registration.php` | High
|
||||
6 | File | `/appConfig/userDB.json` | High
|
||||
7 | File | `/authUserAction!edit.action` | High
|
||||
8 | File | `/bd_genie_create_account.cgi` | High
|
||||
9 | File | `/c/macho_reader.c` | High
|
||||
10 | File | `/cgi-bin/luci/api/auth` | High
|
||||
11 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
12 | File | `/claire_blake` | High
|
||||
13 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
14 | File | `/conf/` | Low
|
||||
15 | File | `/dashboard/contact` | High
|
||||
16 | File | `/debug/pprof` | Medium
|
||||
17 | File | `/defaultui/player/modern.html` | High
|
||||
18 | File | `/dev/bus` | Medium
|
||||
19 | File | `/etc/config/image_sign` | High
|
||||
20 | File | `/etc/groups` | Medium
|
||||
21 | File | `/etc/init0.d/S80telnetd.sh` | High
|
||||
22 | File | `/etc/shadow.sample` | High
|
||||
23 | File | `/files/$username/Myfolder/Mysubfolder/shared.txt` | High
|
||||
24 | File | `/foms/place-order.php` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/ghost/preview` | High
|
||||
27 | File | `/goform/L7Im` | Medium
|
||||
28 | File | `/goform/SetIpMacBind` | High
|
||||
29 | File | `/goform/setMacFilterCfg` | High
|
||||
30 | File | `/htdocs/utils/Files.php` | High
|
||||
31 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
|
||||
32 | File | `/jfinal_cms/system/role/list` | High
|
||||
33 | File | `/leave_system/classes/Master.php?f=delete_department` | High
|
||||
34 | ... | ... | ...
|
||||
5 | File | `/c/macho_reader.c` | High
|
||||
6 | File | `/cgi-bin/DownloadFlash` | High
|
||||
7 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
8 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
9 | File | `/conf/` | Low
|
||||
10 | File | `/config/getuser` | High
|
||||
11 | File | `/dashboard/contact` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/dev/bus` | Medium
|
||||
14 | File | `/example/editor` | High
|
||||
15 | File | `/files/$username/Myfolder/Mysubfolder/shared.txt` | High
|
||||
16 | File | `/goform/setMacFilterCfg` | High
|
||||
17 | File | `/HNAP1` | Low
|
||||
18 | File | `/index` | Low
|
||||
19 | File | `/iu-application/controllers/administration/auth.php` | High
|
||||
20 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
|
||||
21 | File | `/Kofax/KFS/ThinClient/document/upload/` | High
|
||||
22 | File | `/leave_system/classes/Master.php?f=delete_department` | High
|
||||
23 | File | `/module/module_frame/index.php` | High
|
||||
24 | File | `/music/ajax.php` | High
|
||||
25 | File | `/northstar/Admin/changePassword.jsp` | High
|
||||
26 | File | `/obs/book.php` | High
|
||||
27 | File | `/orms/` | Low
|
||||
28 | File | `/ossn/administrator/com_installer` | High
|
||||
29 | File | `/pms/update_user.php?user_id=1` | High
|
||||
30 | File | `/rest/api/1.0/render` | High
|
||||
31 | File | `/sre/params.php` | High
|
||||
32 | File | `/tensorflow/core/grappler/optimizers/arithmetic_optimizer.cc` | High
|
||||
33 | File | `/tmp` | Low
|
||||
34 | File | `/tmp/xbindkeysrc-tmp` | High
|
||||
35 | File | `/user/upload/upload` | High
|
||||
36 | File | `/Users` | Low
|
||||
37 | File | `/var/spool/hylafax` | High
|
||||
38 | File | `/vendor` | Low
|
||||
39 | File | `/whbs/?page=my_bookings` | High
|
||||
40 | File | `access_rules/rules_form` | High
|
||||
41 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
42 | File | `action/addproject.php` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 290 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 368 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -214,4 +222,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -37,7 +37,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,30 +48,30 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
5 | File | `/export` | Low
|
||||
6 | File | `/file?action=download&file` | High
|
||||
7 | File | `/medical/inventories.php` | High
|
||||
8 | File | `/monitoring` | Medium
|
||||
9 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
10 | File | `/plugins/servlet/audit/resource` | High
|
||||
11 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
12 | File | `/replication` | Medium
|
||||
13 | File | `/RestAPI` | Medium
|
||||
14 | File | `/tmp/speedtest_urls.xml` | High
|
||||
15 | File | `/tmp/zarafa-vacation-*` | High
|
||||
16 | File | `/uncpath/` | Medium
|
||||
17 | File | `/upload` | Low
|
||||
18 | File | `/var/log/nginx` | High
|
||||
19 | File | `/var/run/watchman.pid` | High
|
||||
20 | File | `/viewer/krpano.html` | High
|
||||
21 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
22 | File | `adclick.php` | Medium
|
||||
23 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
24 | File | `AdxDSrv.exe` | Medium
|
||||
4 | File | `/admin/subnets/ripe-query.php` | High
|
||||
5 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
6 | File | `/debug/pprof` | Medium
|
||||
7 | File | `/export` | Low
|
||||
8 | File | `/file?action=download&file` | High
|
||||
9 | File | `/hardware` | Medium
|
||||
10 | File | `/medical/inventories.php` | High
|
||||
11 | File | `/monitoring` | Medium
|
||||
12 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
13 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
14 | File | `/plugins/servlet/audit/resource` | High
|
||||
15 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
16 | File | `/replication` | Medium
|
||||
17 | File | `/RestAPI` | Medium
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/tmp/zarafa-vacation-*` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/user/loader.php?api=1` | High
|
||||
23 | File | `/var/log/nginx` | High
|
||||
24 | File | `/var/run/watchman.pid` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 209 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 206 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -88,4 +88,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -29,7 +29,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1600 | CWE-310 | Cryptographic Issues | High
|
||||
3 | T1202 | CWE-78 | Command Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -54,4 +57,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -41,11 +41,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,42 +57,38 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin.php/singer/admin/lists/zhuan` | High
|
||||
3 | File | `/admin.php/User/level_sort` | High
|
||||
4 | File | `/authUserAction!edit.action` | High
|
||||
5 | File | `/blog/edit` | Medium
|
||||
6 | File | `/bmis/pages/resident/resident.php` | High
|
||||
7 | File | `/cgi-bin-sdb/` | High
|
||||
8 | File | `/cgi-bin/activate.cgi` | High
|
||||
9 | File | `/cgi-bin/luci/api/auth` | High
|
||||
5 | File | `/baseOpLog.do` | High
|
||||
6 | File | `/blog/edit` | Medium
|
||||
7 | File | `/bmis/pages/resident/resident.php` | High
|
||||
8 | File | `/cgi-bin/luci/api/auth` | High
|
||||
9 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
10 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
11 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
12 | File | `/claire_blake` | High
|
||||
13 | File | `/core/admin/categories.php` | High
|
||||
14 | File | `/debug/pprof` | Medium
|
||||
15 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
16 | File | `/etc/config/cameo` | High
|
||||
17 | File | `/export` | Low
|
||||
18 | File | `/files.md5` | Medium
|
||||
19 | File | `/food/admin/all_users.php` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/images/` | Medium
|
||||
22 | File | `/isms/classes/Users.php` | High
|
||||
23 | File | `/login` | Low
|
||||
24 | File | `/MagickCore/quantize.c` | High
|
||||
25 | File | `/mc` | Low
|
||||
26 | File | `/mkshop/Men/profile.php` | High
|
||||
27 | File | `/modules/profile/index.php` | High
|
||||
28 | File | `/multiux/SaveMailbox` | High
|
||||
29 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
30 | File | `/one_church/userregister.php` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/panel/configuration/general` | High
|
||||
14 | File | `/dashboard/contact` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/dms/admin/reports/daily_collection_report.php` | High
|
||||
17 | File | `/etc/config/cameo` | High
|
||||
18 | File | `/export` | Low
|
||||
19 | File | `/files.md5` | Medium
|
||||
20 | File | `/food/admin/all_users.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/hrm/employeeview.php` | High
|
||||
23 | File | `/images/` | Medium
|
||||
24 | File | `/isms/classes/Users.php` | High
|
||||
25 | File | `/login` | Low
|
||||
26 | File | `/MagickCore/quantize.c` | High
|
||||
27 | File | `/mc` | Low
|
||||
28 | File | `/mkshop/Men/profile.php` | High
|
||||
29 | File | `/modules/profile/index.php` | High
|
||||
30 | File | `/ofrs/admin/?page=teams/view_team` | High
|
||||
31 | File | `/one_church/userregister.php` | High
|
||||
32 | File | `/out.php` | Medium
|
||||
33 | File | `/public/plugins/` | High
|
||||
34 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
35 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
36 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
37 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
38 | ... | ... | ...
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 287 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -109,4 +105,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Chile Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 29 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -214,13 +214,13 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -228,64 +228,71 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.php.gif` | Medium
|
||||
2 | File | `/?admin/user.html` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/addemployee.php` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `.php.gif` | Medium
|
||||
3 | File | `/?admin/user.html` | High
|
||||
4 | File | `/Admin/add-student.php` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/Admin/login.php` | High
|
||||
7 | File | `/admin/showbad.php` | High
|
||||
8 | File | `/admin/submit-articles` | High
|
||||
9 | File | `/apilog.php` | Medium
|
||||
7 | File | `/admin/submit-articles` | High
|
||||
8 | File | `/apilog.php` | Medium
|
||||
9 | File | `/cgi-bin/webadminget.cgi` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/connectors/index.php` | High
|
||||
12 | File | `/employeeview.php` | High
|
||||
13 | File | `/etc/sudoers` | Medium
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/index.php` | Medium
|
||||
16 | File | `/items/view_item.php` | High
|
||||
17 | File | `/manager/index.php` | High
|
||||
18 | File | `/medical/inventories.php` | High
|
||||
19 | File | `/mkshop/Men/profile.php` | High
|
||||
20 | File | `/mobile/downloadfile.aspx` | High
|
||||
21 | File | `/modules/profile/index.php` | High
|
||||
22 | File | `/modules/projects/vw_files.php` | High
|
||||
23 | File | `/modules/public/calendar.php` | High
|
||||
24 | File | `/net/nfc/netlink.c` | High
|
||||
25 | File | `/newsDia.php` | Medium
|
||||
26 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
27 | File | `/out.php` | Medium
|
||||
28 | File | `/outgoing.php` | High
|
||||
29 | File | `/php_action/editProductImage.php` | High
|
||||
30 | File | `/public/launchNewWindow.jsp` | High
|
||||
31 | File | `/sacco_shield/manage_user.php` | High
|
||||
32 | File | `/spip.php` | Medium
|
||||
33 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
34 | File | `/staff/bookdetails.php` | High
|
||||
35 | File | `/staff/delete.php` | High
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | File | `/user/update_booking.php` | High
|
||||
38 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||
39 | File | `/WEB-INF/web.xml` | High
|
||||
40 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
41 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
42 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
43 | File | `AdClass.php` | Medium
|
||||
44 | File | `adclick.php` | Medium
|
||||
45 | File | `addtocart.asp` | High
|
||||
46 | File | `admin.jcomments.php` | High
|
||||
47 | File | `admin.php` | Medium
|
||||
48 | File | `admin/conf_users_edit.php` | High
|
||||
49 | File | `admincp.php` | Medium
|
||||
50 | File | `admincp/search.php?do=dosearch` | High
|
||||
51 | File | `admin_feature.php` | High
|
||||
52 | File | `album_portal.php` | High
|
||||
53 | File | `artlinks.dispnew.php` | High
|
||||
54 | File | `asyncjobscheduler-manager.log` | High
|
||||
55 | File | `auction\auction_common.php` | High
|
||||
56 | ... | ... | ...
|
||||
12 | File | `/Default/Bd` | Medium
|
||||
13 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
14 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
15 | File | `/employeeview.php` | High
|
||||
16 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
19 | File | `/fos/admin/index.php?page=menu` | High
|
||||
20 | File | `/hrm/controller/employee.php` | High
|
||||
21 | File | `/hrm/employeeadd.php` | High
|
||||
22 | File | `/hrm/employeeview.php` | High
|
||||
23 | File | `/index.php` | Medium
|
||||
24 | File | `/items/view_item.php` | High
|
||||
25 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
26 | File | `/lookin/info` | Medium
|
||||
27 | File | `/manager/index.php` | High
|
||||
28 | File | `/medical/inventories.php` | High
|
||||
29 | File | `/modules/profile/index.php` | High
|
||||
30 | File | `/modules/projects/vw_files.php` | High
|
||||
31 | File | `/modules/public/calendar.php` | High
|
||||
32 | File | `/net/nfc/netlink.c` | High
|
||||
33 | File | `/newsDia.php` | Medium
|
||||
34 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
36 | File | `/php_action/editProductImage.php` | High
|
||||
37 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
40 | File | `/reports/rwservlet` | High
|
||||
41 | File | `/sacco_shield/manage_user.php` | High
|
||||
42 | File | `/services/Card/findUser` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072` | High
|
||||
45 | File | `/staff/bookdetails.php` | High
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/user/update_booking.php` | High
|
||||
48 | File | `/var/log/qualys/qualys-cloud-agent-scan.log` | High
|
||||
49 | File | `/view-property.php` | High
|
||||
50 | File | `/Wedding-Management-PHP/admin/photos_add.php` | High
|
||||
51 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
52 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `AbstractScheduleJob.java` | High
|
||||
55 | File | `actionphp/download.File.php` | High
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | File | `addtocart.asp` | High
|
||||
58 | File | `admin.php` | Medium
|
||||
59 | File | `admin/admin/adminsave.html` | High
|
||||
60 | File | `admin/conf_users_edit.php` | High
|
||||
61 | File | `admin/login.php` | High
|
||||
62 | File | `admin/panels/entry/admin.entry.list.php` | High
|
||||
63 | ... | ... | ...
|
||||
|
||||
There are 484 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 549 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -302,4 +309,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -31,14 +31,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,41 +48,40 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
3 | File | `/Admin/add-student.php` | High
|
||||
4 | File | `/admin/admin.php` | High
|
||||
5 | File | `/admin/conferences/list/` | High
|
||||
6 | File | `/admin/index.PHP` | High
|
||||
7 | File | `/admin/sendmailto.php?tomail=&groupid=` | High
|
||||
8 | File | `/admin/update_traveller.php` | High
|
||||
9 | File | `/advanced-tools/nova/bin/netwatch` | High
|
||||
10 | File | `/bsms_ci/index.php` | High
|
||||
11 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
12 | File | `/cameras/XXXX/clips` | High
|
||||
13 | File | `/carbon/mediation_secure_vault/properties/ajaxprocessor.jsp` | High
|
||||
14 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
15 | File | `/cgi-bin/qcmap_auth` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/CommunitySSORedirect.jsp` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/diagnostic/editclient.php` | High
|
||||
21 | File | `/editbrand.php` | High
|
||||
22 | File | `/etc/sudoers` | Medium
|
||||
23 | File | `/filemanager/php/connector.php` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/index.php?module=global_lists/lists` | High
|
||||
26 | File | `/leave_system/classes/Master.php?f=delete_application` | High
|
||||
3 | File | `/admin/admin.php` | High
|
||||
4 | File | `/blogengine/api/posts` | High
|
||||
5 | File | `/bsms_ci/index.php` | High
|
||||
6 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
7 | File | `/carbon/ndatasource/validateconnection/ajaxprocessor.jsp` | High
|
||||
8 | File | `/cgi-bin/api-get_line_status` | High
|
||||
9 | File | `/cgi-bin/luci` | High
|
||||
10 | File | `/cgi-bin/nobody/VerifyCode.cgi` | High
|
||||
11 | File | `/cgi-bin/qcmap_auth` | High
|
||||
12 | File | `/cgi-bin/upload_vpntar` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/CommunitySSORedirect.jsp` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/diagnostic/editclient.php` | High
|
||||
17 | File | `/export` | Low
|
||||
18 | File | `/filemanager/php/connector.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/h/calendar` | Medium
|
||||
21 | File | `/hrm/controller/employee.php` | High
|
||||
22 | File | `/index.php?module=global_lists/lists` | High
|
||||
23 | File | `/login/index.php` | High
|
||||
24 | File | `/mkshope/login.php` | High
|
||||
25 | File | `/network_test.php` | High
|
||||
26 | File | `/obs/book.php` | High
|
||||
27 | File | `/okm:root` | Medium
|
||||
28 | File | `/opt/onedev/sites/` | High
|
||||
29 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
30 | File | `/out.php` | Medium
|
||||
31 | File | `/phpinventory/editcategory.php` | High
|
||||
28 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
29 | File | `/out.php` | Medium
|
||||
30 | File | `/products/view_product.php` | High
|
||||
31 | File | `/public/launchNewWindow.jsp` | High
|
||||
32 | File | `/public_html/animals` | High
|
||||
33 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
34 | File | `/sqfs/bin/sccd` | High
|
||||
35 | ... | ... | ...
|
||||
33 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
34 | ... | ... | ...
|
||||
|
||||
There are 299 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 289 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -100,4 +99,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -78,9 +78,10 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `album_portal.php` | High
|
||||
30 | File | `api.php` | Low
|
||||
31 | File | `application/home/controller/debug.php` | High
|
||||
32 | ... | ... | ...
|
||||
32 | File | `articulo.php` | Medium
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 275 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 279 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -97,4 +98,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Chronos:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [AZ](https://vuldb.com/?country.az)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
@ -35,7 +35,8 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-269 | Execution with Unnecessary Privileges | High
|
||||
3 | T1592 | CWE-200 | Configuration | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -62,4 +63,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [JP](https://vuldb.com/?country.jp)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -66,7 +66,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -82,28 +82,26 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/debug/pprof` | Medium
|
||||
7 | File | `/export` | Low
|
||||
8 | File | `/file?action=download&file` | High
|
||||
9 | File | `/medical/inventories.php` | High
|
||||
10 | File | `/monitoring` | Medium
|
||||
11 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
12 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
13 | File | `/plugins/servlet/audit/resource` | High
|
||||
14 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
15 | File | `/replication` | Medium
|
||||
16 | File | `/RestAPI` | Medium
|
||||
17 | File | `/tmp` | Low
|
||||
9 | File | `/hardware` | Medium
|
||||
10 | File | `/medical/inventories.php` | High
|
||||
11 | File | `/monitoring` | Medium
|
||||
12 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
13 | File | `/plugin/LiveChat/getChat.json.php` | High
|
||||
14 | File | `/plugins/servlet/audit/resource` | High
|
||||
15 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
16 | File | `/replication` | Medium
|
||||
17 | File | `/RestAPI` | Medium
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/tmp/zarafa-vacation-*` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/var/log/nginx` | High
|
||||
23 | File | `/var/run/watchman.pid` | High
|
||||
24 | File | `/viewer/krpano.html` | High
|
||||
25 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
26 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
27 | File | `AdxDSrv.exe` | Medium
|
||||
28 | ... | ... | ...
|
||||
22 | File | `/user/loader.php?api=1` | High
|
||||
23 | File | `/var/log/nginx` | High
|
||||
24 | File | `/var/run/watchman.pid` | High
|
||||
25 | File | `/viewer/krpano.html` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -129,4 +127,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -14,8 +14,12 @@ The following _campaigns_ are known and can be associated with Cloud Atlas:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cloud Atlas:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [PT](https://vuldb.com/?country.pt)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,8 +27,12 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [146.70.88.123](https://vuldb.com/?ip.146.70.88.123) | - | Russia and Belarus | High
|
||||
2 | [185.227.82.21](https://vuldb.com/?ip.185.227.82.21) | - | Russia and Belarus | High
|
||||
1 | [144.217.174.57](https://vuldb.com/?ip.144.217.174.57) | ip57.ip-144-217-174.net | - | High
|
||||
2 | [146.70.88.123](https://vuldb.com/?ip.146.70.88.123) | - | Russia and Belarus | High
|
||||
3 | [176.31.59.232](https://vuldb.com/?ip.176.31.59.232) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -32,12 +40,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -45,18 +55,52 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/inc/parser/xhtml.php` | High
|
||||
2 | File | `application/controller/InstallerController.php` | High
|
||||
3 | File | `contact.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
1 | File | `/action/import_xml_file/` | High
|
||||
2 | File | `/action/wirelessConnect` | High
|
||||
3 | File | `/admin/?page=user/manage_user` | High
|
||||
4 | File | `/admin/myaccount` | High
|
||||
5 | File | `/admin/pages/sections_save.php` | High
|
||||
6 | File | `/admin/settings/fields` | High
|
||||
7 | File | `/api/v1/chat.getThreadsList` | High
|
||||
8 | File | `/api/v2/cli/commands` | High
|
||||
9 | File | `/api/v2/open/rowsInfo` | High
|
||||
10 | File | `/api/v3/flows/instances/default-user-settings-flow/execute/` | High
|
||||
11 | File | `/asms/admin/?page=user/manage_user` | High
|
||||
12 | File | `/blog/comment` | High
|
||||
13 | File | `/csms/admin/?page=system_info` | High
|
||||
14 | File | `/env` | Low
|
||||
15 | File | `/etc/master.passwd` | High
|
||||
16 | File | `/etc/os-release` | High
|
||||
17 | File | `/front/search.php` | High
|
||||
18 | File | `/garage/php_action/createBrand.php` | High
|
||||
19 | File | `/goform/addressNat` | High
|
||||
20 | File | `/goform/AdvSetWrlsafeset` | High
|
||||
21 | File | `/goform/editFileName` | High
|
||||
22 | File | `/goform/form2WizardStep54` | High
|
||||
23 | File | `/goform/setSysAdm` | High
|
||||
24 | File | `/goform/webExcptypemanFilter` | High
|
||||
25 | File | `/goform/WifiBasicSet` | High
|
||||
26 | File | `/goform/WifiMacFilterGet` | High
|
||||
27 | File | `/hss/admin/categories/view_category.php` | High
|
||||
28 | File | `/isomedia/meta.c` | High
|
||||
29 | File | `/mods/_core/courses/users/create_course.php` | High
|
||||
30 | File | `/module/report_event/index.php` | High
|
||||
31 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
32 | File | `/release-x64/otfccdump+0x6c0a32` | High
|
||||
33 | File | `/services/view_service.php` | High
|
||||
34 | File | `/shell` | Low
|
||||
35 | File | `/sys/user/putRecycleBin` | High
|
||||
36 | File | `/tmp` | Low
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 7 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://research.checkpoint.com/2022/cloud-atlas-targets-entities-in-russia-and-belarus-amid-the-ongoing-war-in-ukraine/
|
||||
* https://securelist.com/recent-cloud-atlas-activity/92016/
|
||||
|
||||
## Literature
|
||||
|
||||
|
@ -67,4 +111,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -27,4 +27,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -43,4 +43,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -61,7 +61,7 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `admin/adminsignin.html` | High
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 97 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 100 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -78,4 +78,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -43,7 +43,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | ... | ... | ... | ...
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -82,9 +83,10 @@ ID | Type | Indicator | Confidence
|
|||
27 | File | `admin/adminsignin.html` | High
|
||||
28 | File | `admin/movieview.php` | High
|
||||
29 | File | `admin/notices/perso.inc.php` | High
|
||||
30 | ... | ... | ...
|
||||
30 | File | `admin/versions.html` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 254 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -101,4 +103,4 @@ The following _articles_ explain our unique predictive cyber threat intelligence
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue