Update

2022-03-01 04:27:07 +01:00 · 2022-03-01 04:27:07 +01:00 · 3922dcb510
parent 6731678265
commit 3922dcb510
19 changed files with 1000 additions and 911 deletions
--- a/1937CN/README.md
+++ b/1937CN/README.md
@ -1,6 +1,6 @@
 # 1937CN - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [1937CN](https://vuldb.com/?actor.1937cn). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [1937CN](https://vuldb.com/?actor.1937cn). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.1937cn](https://vuldb.com/?actor.1937cn)

@ -16,8 +16,8 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 1.3.30.3 | - | Rehashed RAT | High
-2 | 1.3.33.5 | - | Rehashed RAT | High
+1 | [1.3.30.3](https://vuldb.com/?ip.1.3.30.3) | - | Rehashed RAT | High
+2 | [1.3.33.5](https://vuldb.com/?ip.1.3.33.5) | - | Rehashed RAT | High

 ## References

--- a/9002/README.md
+++ b/9002/README.md
@ -1,33 +1,33 @@
 # 9002 - Cyber Threat Intelligence

-The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [9002](https://vuldb.com/?actor.9002). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [9002](https://vuldb.com/?actor.9002). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

-Live data and more analysis capabilities are available at [https://vuldb.com/?actor.9002](https://vuldb.com/?actor.9002)
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.9002](https://vuldb.com/?actor.9002)

 ## Countries

-These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with 9002:
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with 9002:

-* CN
+* [CN](https://vuldb.com/?country.cn)

 ## IOC - Indicator of Compromise

-These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of 9002.
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of 9002.

-ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
-1 | 222.239.91.30 | - | High
-2 | 222.239.91.152 | - | High
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [222.239.91.30](https://vuldb.com/?ip.222.239.91.30) | - | - | High
+2 | [222.239.91.152](https://vuldb.com/?ip.222.239.91.152) | - | - | High

 ## References

-The following list contains external sources which discuss the actor and the associated activities:
+The following list contains _external sources_ which discuss the actor and the associated activities:

 * https://www.threatminer.org/report.php?q=AttackDelivers%E2%80%989002%E2%80%99TrojanThroughGoogleDrive-PaloAltoNetworksBlogPaloAltoNetworksBlog.pdf&y=2016

 ## Literature

-The following articles explain our unique predictive cyber threat intelligence:
+The following _articles_ explain our unique predictive cyber threat intelligence:

 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
--- a/APT10/README.md
+++ b/APT10/README.md
@ -1,6 +1,6 @@
 # APT10 - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT10](https://vuldb.com/?actor.apt10). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT10](https://vuldb.com/?actor.apt10). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.apt10](https://vuldb.com/?actor.apt10)

@ -9,15 +9,16 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
 The following _campaigns_ are known and can be associated with APT10:

 * A41APT
+* Cache Panda
 * Cloud Hopper

 ## Countries

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT10:

-* US
-* RU
-* DE
+* [US](https://vuldb.com/?country.us)
+* [RU](https://vuldb.com/?country.ru)
+* [DE](https://vuldb.com/?country.de)
 * ...

 There are 8 more country items available. Please use our online service to access the data.
@ -28,32 +29,33 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 23.89.193.34 | - | Cloud Hopper | High
-2 | 23.110.64.147 | - | Cloud Hopper | High
-3 | 23.252.105.137 | 23.252.105.137.16clouds.com | Cloud Hopper | High
-4 | 27.102.66.67 | - | - | High
-5 | 27.102.115.249 | - | - | High
-6 | 27.102.127.75 | - | - | High
-7 | 27.102.127.80 | - | - | High
-8 | 27.102.128.157 | - | - | High
-9 | 31.184.197.215 | 31-184-197-215.static.x5x-noc.ru | Cloud Hopper | High
-10 | 31.184.197.227 | 31-184-197-227.static.x5x-noc.ru | Cloud Hopper | High
-11 | 31.184.198.23 | - | Cloud Hopper | High
-12 | 31.184.198.38 | - | Cloud Hopper | High
-13 | 37.187.7.74 | ns3372567.ip-37-187-7.eu | Cloud Hopper | High
-14 | 37.235.52.18 | 18.52.235.37.in-addr.arpa | Cloud Hopper | High
-15 | 38.72.112.45 | - | Cloud Hopper | High
-16 | 38.72.114.16 | - | Cloud Hopper | High
-17 | 38.72.115.9 | - | Cloud Hopper | High
-18 | 45.62.112.161 | 45.62.112.161.16clouds.com | Cloud Hopper | High
-19 | 45.138.157.83 | google.com.tm | A41APT | High
-20 | 46.108.39.134 | - | Cloud Hopper | High
-21 | 50.2.160.104 | - | Cloud Hopper | High
-22 | 52.74.71.131 | ec2-52-74-71-131.ap-southeast-1.compute.amazonaws.com | Cloud Hopper | Medium
-23 | 52.74.213.16 | ec2-52-74-213-16.ap-southeast-1.compute.amazonaws.com | Cloud Hopper | Medium
-24 | ... | ... | ... | ...
+1 | [23.89.193.34](https://vuldb.com/?ip.23.89.193.34) | - | Cloud Hopper | High
+2 | [23.110.64.147](https://vuldb.com/?ip.23.110.64.147) | - | Cloud Hopper | High
+3 | [23.224.75.91](https://vuldb.com/?ip.23.224.75.91) | - | Cache Panda | High
+4 | [23.224.75.93](https://vuldb.com/?ip.23.224.75.93) | - | Cache Panda | High
+5 | [23.252.105.137](https://vuldb.com/?ip.23.252.105.137) | 23.252.105.137.16clouds.com | Cloud Hopper | High
+6 | [27.102.66.67](https://vuldb.com/?ip.27.102.66.67) | - | - | High
+7 | [27.102.115.249](https://vuldb.com/?ip.27.102.115.249) | - | - | High
+8 | [27.102.127.75](https://vuldb.com/?ip.27.102.127.75) | - | - | High
+9 | [27.102.127.80](https://vuldb.com/?ip.27.102.127.80) | - | - | High
+10 | [27.102.128.157](https://vuldb.com/?ip.27.102.128.157) | - | - | High
+11 | [31.184.197.215](https://vuldb.com/?ip.31.184.197.215) | 31-184-197-215.static.x5x-noc.ru | Cloud Hopper | High
+12 | [31.184.197.227](https://vuldb.com/?ip.31.184.197.227) | 31-184-197-227.static.x5x-noc.ru | Cloud Hopper | High
+13 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | Cloud Hopper | High
+14 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | Cloud Hopper | High
+15 | [37.187.7.74](https://vuldb.com/?ip.37.187.7.74) | ns3372567.ip-37-187-7.eu | Cloud Hopper | High
+16 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | Cloud Hopper | High
+17 | [38.72.112.45](https://vuldb.com/?ip.38.72.112.45) | - | Cloud Hopper | High
+18 | [38.72.114.16](https://vuldb.com/?ip.38.72.114.16) | - | Cloud Hopper | High
+19 | [38.72.115.9](https://vuldb.com/?ip.38.72.115.9) | - | Cloud Hopper | High
+20 | [43.245.196.120](https://vuldb.com/?ip.43.245.196.120) | - | Cache Panda | High
+21 | [43.245.196.121](https://vuldb.com/?ip.43.245.196.121) | - | Cache Panda | High
+22 | [43.245.196.122](https://vuldb.com/?ip.43.245.196.122) | - | Cache Panda | High
+23 | [43.245.196.123](https://vuldb.com/?ip.43.245.196.123) | - | Cache Panda | High
+24 | [43.245.196.124](https://vuldb.com/?ip.43.245.196.124) | - | Cache Panda | High
+25 | ... | ... | ... | ...

-There are 91 more IOC items available. Please use our online service to access the data.
+There are 98 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -86,28 +88,28 @@ ID | Type | Indicator | Confidence
 10 | File | `/modules/profile/index.php` | High
 11 | File | `/out.php` | Medium
 12 | File | `/public/plugins/` | High
-13 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-14 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
-15 | File | `/system/proxy` | High
-16 | File | `/tmp/phpglibccheck` | High
-17 | File | `/uncpath/` | Medium
-18 | File | `adclick.php` | Medium
-19 | File | `add.php` | Low
-20 | File | `addentry.php` | Medium
-21 | File | `addressbookprovider.php` | High
-22 | File | `admin/htaccess/bpsunlock.php` | High
-23 | File | `admin/pageUploadCSV.php` | High
-24 | File | `ajax_udf.php` | Medium
-25 | File | `application.js.php` | High
-26 | File | `apply.cgi` | Medium
-27 | File | `arm/lithium-codegen-arm.cc` | High
-28 | File | `authenticate.c` | High
-29 | File | `Authenticate.class.php` | High
-30 | File | `base_maintenance.php` | High
-31 | File | `booking_details.php` | High
+13 | File | `/SASWebReportStudio/logonAndRender.do` | High
+14 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+15 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+16 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
+17 | File | `/system/proxy` | High
+18 | File | `/tmp/phpglibccheck` | High
+19 | File | `/uncpath/` | Medium
+20 | File | `adclick.php` | Medium
+21 | File | `add.php` | Low
+22 | File | `addentry.php` | Medium
+23 | File | `addressbookprovider.php` | High
+24 | File | `admin/pageUploadCSV.php` | High
+25 | File | `ajax_udf.php` | Medium
+26 | File | `application.js.php` | High
+27 | File | `apply.cgi` | Medium
+28 | File | `arm/lithium-codegen-arm.cc` | High
+29 | File | `authenticate.c` | High
+30 | File | `Authenticate.class.php` | High
+31 | File | `base_maintenance.php` | High
 32 | ... | ... | ...

-There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 273 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -116,6 +118,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://github.com/janhenrikdotcom/iocs/blob/master/APT10/Operation%20Cloud%20Hopper%20-%20Indicators%20of%20Compromise%20v3.csv
 * https://github.com/PwCUK-CTO/OperationCloudHopper/blob/master/cloud-hopper-indicators-of-compromise-v3.csv
 * https://github.com/riduangan/APT10/blob/master/IOC
+* https://medium.com/cycraft/supply-chain-attack-targeting-taiwan-financial-sector-bae2f0962934
 * https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
 * https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html
 * https://www.threatminer.org/report.php?q=Accenture-Hogfish-Threat-Analysis.pdf&y=2018
--- a/APT41/README.md
+++ b/APT41/README.md
@ -1,6 +1,6 @@
 # APT41 - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT41](https://vuldb.com/?actor.apt41). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT41](https://vuldb.com/?actor.apt41). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.apt41](https://vuldb.com/?actor.apt41)

@ -15,9 +15,9 @@ The following _campaigns_ are known and can be associated with APT41:

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT41:

-* US
-* CN
-* RU
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+* [RU](https://vuldb.com/?country.ru)
 * ...

 There are 13 more country items available. Please use our online service to access the data.
@ -28,21 +28,21 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 5.183.101.21 | bestofgy.co.uk | MoonBounce | High
-2 | 5.183.101.114 | - | MoonBounce | High
-3 | 5.183.103.122 | - | MoonBounce | High
-4 | 5.188.93.132 | gcorelabs.paris.vpn015 | MoonBounce | High
-5 | 5.188.108.22 | pol1.htjsq.com | MoonBounce | High
-6 | 5.188.108.228 | xc5.exclusivacondominios.com | MoonBounce | High
-7 | 5.189.222.33 | spain466.es | MoonBounce | High
-8 | 23.67.95.153 | a23-67-95-153.deploy.static.akamaitechnologies.com | - | High
-9 | 43.255.191.255 | - | - | High
-10 | 45.76.6.149 | 45.76.6.149.vultr.com | - | Medium
-11 | 45.76.75.219 | 45.76.75.219.vultr.com | - | Medium
-12 | 45.128.132.6 | - | MoonBounce | High
-13 | 45.128.135.15 | - | MoonBounce | High
-14 | 45.138.157.78 | srv1.fincantleri.co | - | High
-15 | 61.78.62.21 | - | - | High
+1 | [5.183.101.21](https://vuldb.com/?ip.5.183.101.21) | bestofgy.co.uk | MoonBounce | High
+2 | [5.183.101.114](https://vuldb.com/?ip.5.183.101.114) | - | MoonBounce | High
+3 | [5.183.103.122](https://vuldb.com/?ip.5.183.103.122) | - | MoonBounce | High
+4 | [5.188.93.132](https://vuldb.com/?ip.5.188.93.132) | gcorelabs.paris.vpn015 | MoonBounce | High
+5 | [5.188.108.22](https://vuldb.com/?ip.5.188.108.22) | pol1.htjsq.com | MoonBounce | High
+6 | [5.188.108.228](https://vuldb.com/?ip.5.188.108.228) | xc5.exclusivacondominios.com | MoonBounce | High
+7 | [5.189.222.33](https://vuldb.com/?ip.5.189.222.33) | spain466.es | MoonBounce | High
+8 | [23.67.95.153](https://vuldb.com/?ip.23.67.95.153) | a23-67-95-153.deploy.static.akamaitechnologies.com | - | High
+9 | [43.255.191.255](https://vuldb.com/?ip.43.255.191.255) | - | - | High
+10 | [45.76.6.149](https://vuldb.com/?ip.45.76.6.149) | 45.76.6.149.vultr.com | - | Medium
+11 | [45.76.75.219](https://vuldb.com/?ip.45.76.75.219) | 45.76.75.219.vultr.com | - | Medium
+12 | [45.128.132.6](https://vuldb.com/?ip.45.128.132.6) | - | MoonBounce | High
+13 | [45.128.135.15](https://vuldb.com/?ip.45.128.135.15) | - | MoonBounce | High
+14 | [45.138.157.78](https://vuldb.com/?ip.45.138.157.78) | srv1.fincantleri.co | - | High
+15 | [61.78.62.21](https://vuldb.com/?ip.61.78.62.21) | - | - | High
 16 | ... | ... | ... | ...

 There are 60 more IOC items available. Please use our online service to access the data.
@ -80,19 +80,19 @@ ID | Type | Indicator | Confidence
 12 | File | `/public/plugins/` | High
 13 | File | `/replication` | Medium
 14 | File | `/SASWebReportStudio/logonAndRender.do` | High
-15 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-16 | File | `/start-stop` | Medium
-17 | File | `/tmp/app/.env` | High
-18 | File | `/uncpath/` | Medium
-19 | File | `/upload` | Low
-20 | File | `/usr/bin/pkexec` | High
-21 | File | `/WEB-INF/web.xml` | High
-22 | File | `/wp-admin/admin-ajax.php` | High
-23 | File | `/_next` | Low
-24 | File | `adclick.php` | Medium
+15 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+16 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+17 | File | `/start-stop` | Medium
+18 | File | `/tmp/app/.env` | High
+19 | File | `/uncpath/` | Medium
+20 | File | `/upload` | Low
+21 | File | `/usr/bin/pkexec` | High
+22 | File | `/WEB-INF/web.xml` | High
+23 | File | `/wp-admin/admin-ajax.php` | High
+24 | File | `/_next` | Low
 25 | ... | ... | ...

-There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 213 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/FritzFrog/README.md
+++ b/FritzFrog/README.md
@ -1,6 +1,6 @@
 # FritzFrog - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FritzFrog](https://vuldb.com/?actor.fritzfrog). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FritzFrog](https://vuldb.com/?actor.fritzfrog). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fritzfrog](https://vuldb.com/?actor.fritzfrog)

@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:

-* US
-* CN
-* ES
+* [VN](https://vuldb.com/?country.vn)
+* [ES](https://vuldb.com/?country.es)
+* [US](https://vuldb.com/?country.us)
 * ...

-There are 5 more country items available. Please use our online service to access the data.
+There are 13 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

@ -21,306 +21,306 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 1.6.80.1 | - | - | High
-2 | 1.12.223.203 | - | - | High
-3 | 1.12.243.168 | - | - | High
-4 | 1.14.95.58 | - | - | High
-5 | 1.14.166.163 | - | - | High
-6 | 1.14.226.88 | - | - | High
-7 | 1.14.253.207 | - | - | High
-8 | 1.116.55.237 | - | - | High
-9 | 1.116.206.188 | - | - | High
-10 | 1.117.3.72 | - | - | High
-11 | 1.117.16.119 | - | - | High
-12 | 1.117.58.108 | - | - | High
-13 | 1.117.160.142 | - | - | High
-14 | 1.117.229.94 | - | - | High
-15 | 1.165.115.76 | 1-165-115-76.dynamic-ip.hinet.net | - | High
-16 | 1.165.118.93 | 1-165-118-93.dynamic-ip.hinet.net | - | High
-17 | 1.165.143.43 | 1-165-143-43.dynamic-ip.hinet.net | - | High
-18 | 1.165.211.196 | 1-165-211-196.dynamic-ip.hinet.net | - | High
-19 | 1.192.94.61 | - | - | High
-20 | 1.220.98.197 | - | - | High
-21 | 2.58.113.123 | tube-hosting.de | - | High
-22 | 2.59.92.14 | - | - | High
-23 | 2.78.61.194 | 2-78-61-194.kcell.kz | - | High
-24 | 2.80.12.140 | bl19-12-140.dsl.telepac.pt | - | High
-25 | 2.227.254.144 | - | - | High
-26 | 3.0.206.162 | ec2-3-0-206-162.ap-southeast-1.compute.amazonaws.com | - | Medium
-27 | 3.6.71.245 | ec2-3-6-71-245.ap-south-1.compute.amazonaws.com | - | Medium
-28 | 3.9.188.69 | ec2-3-9-188-69.eu-west-2.compute.amazonaws.com | - | Medium
-29 | 3.14.13.27 | ec2-3-14-13-27.us-east-2.compute.amazonaws.com | - | Medium
-30 | 3.14.153.3 | ec2-3-14-153-3.us-east-2.compute.amazonaws.com | - | Medium
-31 | 3.17.11.48 | ec2-3-17-11-48.us-east-2.compute.amazonaws.com | - | Medium
-32 | 3.17.152.26 | ec2-3-17-152-26.us-east-2.compute.amazonaws.com | - | Medium
-33 | 3.17.188.16 | ec2-3-17-188-16.us-east-2.compute.amazonaws.com | - | Medium
-34 | 3.35.185.49 | ec2-3-35-185-49.ap-northeast-2.compute.amazonaws.com | - | Medium
-35 | 3.38.209.200 | ec2-3-38-209-200.ap-northeast-2.compute.amazonaws.com | - | Medium
-36 | 3.70.67.35 | ec2-3-70-67-35.eu-central-1.compute.amazonaws.com | - | Medium
-37 | 3.82.227.46 | ec2-3-82-227-46.compute-1.amazonaws.com | - | Medium
-38 | 3.86.230.210 | ec2-3-86-230-210.compute-1.amazonaws.com | - | Medium
-39 | 3.88.203.1 | ec2-3-88-203-1.compute-1.amazonaws.com | - | Medium
-40 | 3.91.21.110 | ec2-3-91-21-110.compute-1.amazonaws.com | - | Medium
-41 | 3.112.16.145 | ec2-3-112-16-145.ap-northeast-1.compute.amazonaws.com | - | Medium
-42 | 3.112.27.236 | ec2-3-112-27-236.ap-northeast-1.compute.amazonaws.com | - | Medium
-43 | 3.112.52.252 | ec2-3-112-52-252.ap-northeast-1.compute.amazonaws.com | - | Medium
-44 | 3.113.28.245 | ec2-3-113-28-245.ap-northeast-1.compute.amazonaws.com | - | Medium
-45 | 3.115.18.133 | ec2-3-115-18-133.ap-northeast-1.compute.amazonaws.com | - | Medium
-46 | 3.122.60.196 | ec2-3-122-60-196.eu-central-1.compute.amazonaws.com | - | Medium
-47 | 3.127.114.41 | ec2-3-127-114-41.eu-central-1.compute.amazonaws.com | - | Medium
-48 | 3.127.255.82 | ec2-3-127-255-82.eu-central-1.compute.amazonaws.com | - | Medium
-49 | 3.133.59.250 | ec2-3-133-59-250.us-east-2.compute.amazonaws.com | - | Medium
-50 | 3.138.162.152 | ec2-3-138-162-152.us-east-2.compute.amazonaws.com | - | Medium
-51 | 3.219.216.198 | ec2-3-219-216-198.compute-1.amazonaws.com | - | Medium
-52 | 3.236.39.46 | ec2-3-236-39-46.compute-1.amazonaws.com | - | Medium
-53 | 3.236.44.195 | ec2-3-236-44-195.compute-1.amazonaws.com | - | Medium
-54 | 5.25.247.205 | - | - | High
-55 | 5.26.221.186 | - | - | High
-56 | 5.26.250.165 | - | - | High
-57 | 5.26.251.165 | - | - | High
-58 | 5.26.254.49 | - | - | High
-59 | 5.26.254.72 | - | - | High
-60 | 5.26.254.73 | - | - | High
-61 | 5.28.139.161 | - | - | High
-62 | 5.34.181.108 | unallocated.layer6.net | - | High
-63 | 5.34.181.109 | unallocated.layer6.net | - | High
-64 | 5.35.10.81 | - | - | High
-65 | 5.39.113.106 | ip106.ip-5-39-113.eu | - | High
-66 | 5.42.158.38 | - | - | High
-67 | 5.42.158.71 | - | - | High
-68 | 5.61.57.196 | - | - | High
-69 | 5.182.17.252 | vmi726193.contaboserver.net | - | High
-70 | 5.231.205.137 | certo-237-205-231-5.efeitocerto.com.br | - | High
-71 | 5.253.86.211 | - | - | High
-72 | 8.17.89.11 | 8-17-89-11.paxio.net | - | High
-73 | 8.208.89.230 | - | - | High
-74 | 8.215.31.94 | - | - | High
-75 | 8.218.100.52 | - | - | High
-76 | 12.36.229.193 | - | - | High
-77 | 12.160.25.98 | - | - | High
-78 | 12.173.254.230 | - | - | High
-79 | 12.176.121.170 | - | - | High
-80 | 12.222.12.26 | - | - | High
-81 | 12.234.91.165 | - | - | High
-82 | 13.37.158.253 | ec2-13-37-158-253.eu-west-3.compute.amazonaws.com | - | Medium
-83 | 13.52.74.242 | ec2-13-52-74-242.us-west-1.compute.amazonaws.com | - | Medium
-84 | 13.53.127.223 | ec2-13-53-127-223.eu-north-1.compute.amazonaws.com | - | Medium
-85 | 13.53.149.216 | ec2-13-53-149-216.eu-north-1.compute.amazonaws.com | - | Medium
-86 | 13.57.226.95 | ec2-13-57-226-95.us-west-1.compute.amazonaws.com | - | Medium
-87 | 13.59.13.98 | ec2-13-59-13-98.us-east-2.compute.amazonaws.com | - | Medium
-88 | 13.59.67.195 | ec2-13-59-67-195.us-east-2.compute.amazonaws.com | - | Medium
-89 | 13.72.247.133 | - | - | High
-90 | 13.77.163.87 | - | - | High
-91 | 13.78.143.45 | - | - | High
-92 | 13.79.246.35 | - | - | High
-93 | 13.80.144.47 | - | - | High
-94 | 13.80.148.182 | - | - | High
-95 | 13.90.45.216 | - | - | High
-96 | 13.92.247.241 | - | - | High
-97 | 13.113.129.210 | ec2-13-113-129-210.ap-northeast-1.compute.amazonaws.com | - | Medium
-98 | 13.114.10.152 | ec2-13-114-10-152.ap-northeast-1.compute.amazonaws.com | - | Medium
-99 | 13.124.214.6 | ec2-13-124-214-6.ap-northeast-2.compute.amazonaws.com | - | Medium
-100 | 13.124.217.127 | ec2-13-124-217-127.ap-northeast-2.compute.amazonaws.com | - | Medium
-101 | 13.126.18.196 | ec2-13-126-18-196.ap-south-1.compute.amazonaws.com | - | Medium
-102 | 13.126.244.38 | ec2-13-126-244-38.ap-south-1.compute.amazonaws.com | - | Medium
-103 | 13.209.39.176 | ec2-13-209-39-176.ap-northeast-2.compute.amazonaws.com | - | Medium
-104 | 13.211.180.165 | ec2-13-211-180-165.ap-southeast-2.compute.amazonaws.com | - | Medium
-105 | 13.211.234.149 | ec2-13-211-234-149.ap-southeast-2.compute.amazonaws.com | - | Medium
-106 | 13.232.213.134 | ec2-13-232-213-134.ap-south-1.compute.amazonaws.com | - | Medium
-107 | 13.233.60.246 | ec2-13-233-60-246.ap-south-1.compute.amazonaws.com | - | Medium
-108 | 13.233.98.125 | ec2-13-233-98-125.ap-south-1.compute.amazonaws.com | - | Medium
-109 | 13.234.76.179 | ec2-13-234-76-179.ap-south-1.compute.amazonaws.com | - | Medium
-110 | 13.235.82.69 | ec2-13-235-82-69.ap-south-1.compute.amazonaws.com | - | Medium
-111 | 13.235.253.205 | ec2-13-235-253-205.ap-south-1.compute.amazonaws.com | - | Medium
-112 | 13.238.218.177 | ec2-13-238-218-177.ap-southeast-2.compute.amazonaws.com | - | Medium
-113 | 13.251.26.201 | ec2-13-251-26-201.ap-southeast-1.compute.amazonaws.com | - | Medium
-114 | 13.251.89.210 | ec2-13-251-89-210.ap-southeast-1.compute.amazonaws.com | - | Medium
-115 | 13.251.166.37 | ec2-13-251-166-37.ap-southeast-1.compute.amazonaws.com | - | Medium
-116 | 14.37.111.114 | - | - | High
-117 | 14.43.135.243 | - | - | High
-118 | 14.46.100.84 | - | - | High
-119 | 14.54.245.109 | - | - | High
-120 | 14.54.245.220 | - | - | High
-121 | 14.118.208.75 | - | - | High
-122 | 14.118.208.86 | - | - | High
-123 | 14.118.211.158 | - | - | High
-124 | 14.139.122.146 | - | - | High
-125 | 15.206.70.23 | ec2-15-206-70-23.ap-south-1.compute.amazonaws.com | - | Medium
-126 | 15.235.13.210 | ns5009092.ip-15-235-13.net | - | High
-127 | 15.235.13.211 | ns5009085.ip-15-235-13.net | - | High
-128 | 15.235.30.194 | ip194.ip-15-235-30.net | - | High
-129 | 18.27.197.252 | - | - | High
-130 | 18.130.29.105 | ec2-18-130-29-105.eu-west-2.compute.amazonaws.com | - | Medium
-131 | 18.136.203.250 | ec2-18-136-203-250.ap-southeast-1.compute.amazonaws.com | - | Medium
-132 | 18.138.238.88 | ec2-18-138-238-88.ap-southeast-1.compute.amazonaws.com | - | Medium
-133 | 18.141.93.110 | ec2-18-141-93-110.ap-southeast-1.compute.amazonaws.com | - | Medium
-134 | 18.142.77.220 | ec2-18-142-77-220.ap-southeast-1.compute.amazonaws.com | - | Medium
-135 | 18.162.109.213 | ec2-18-162-109-213.ap-east-1.compute.amazonaws.com | - | Medium
-136 | 18.162.120.237 | ec2-18-162-120-237.ap-east-1.compute.amazonaws.com | - | Medium
-137 | 18.162.123.240 | ec2-18-162-123-240.ap-east-1.compute.amazonaws.com | - | Medium
-138 | 18.162.200.166 | ec2-18-162-200-166.ap-east-1.compute.amazonaws.com | - | Medium
-139 | 18.182.6.172 | ec2-18-182-6-172.ap-northeast-1.compute.amazonaws.com | - | Medium
-140 | 18.191.113.196 | ec2-18-191-113-196.us-east-2.compute.amazonaws.com | - | Medium
-141 | 18.202.242.7 | ec2-18-202-242-7.eu-west-1.compute.amazonaws.com | - | Medium
-142 | 18.204.247.146 | ec2-18-204-247-146.compute-1.amazonaws.com | - | Medium
-143 | 18.208.7.231 | ec2-18-208-7-231.compute-1.amazonaws.com | - | Medium
-144 | 18.212.26.134 | ec2-18-212-26-134.compute-1.amazonaws.com | - | Medium
-145 | 18.218.135.210 | ec2-18-218-135-210.us-east-2.compute.amazonaws.com | - | Medium
-146 | 18.219.191.219 | ec2-18-219-191-219.us-east-2.compute.amazonaws.com | - | Medium
-147 | 18.220.148.98 | ec2-18-220-148-98.us-east-2.compute.amazonaws.com | - | Medium
-148 | 18.222.214.151 | ec2-18-222-214-151.us-east-2.compute.amazonaws.com | - | Medium
-149 | 18.228.44.254 | ec2-18-228-44-254.sa-east-1.compute.amazonaws.com | - | Medium
-150 | 18.231.36.105 | ec2-18-231-36-105.sa-east-1.compute.amazonaws.com | - | Medium
-151 | 18.231.122.117 | ec2-18-231-122-117.sa-east-1.compute.amazonaws.com | - | Medium
-152 | 18.231.178.172 | ec2-18-231-178-172.sa-east-1.compute.amazonaws.com | - | Medium
-153 | 20.39.226.165 | - | - | High
-154 | 20.39.240.101 | - | - | High
-155 | 20.49.51.59 | - | - | High
-156 | 20.69.176.137 | - | - | High
-157 | 20.126.58.208 | - | - | High
-158 | 20.127.105.82 | - | - | High
-159 | 20.141.185.205 | - | - | High
-160 | 20.195.193.241 | - | - | High
-161 | 20.205.0.49 | - | - | High
-162 | 23.92.25.109 | 23-92-25-109.ip.linodeusercontent.com | - | High
-163 | 23.94.56.185 | 23-94-56-185-host.colocrossing.com | - | High
-164 | 23.100.81.44 | - | - | High
-165 | 23.148.146.118 | - | - | High
-166 | 23.148.146.122 | - | - | High
-167 | 23.234.197.173 | 173-197-234-23-dedicated.multacom.com | - | High
-168 | 23.234.209.234 | host-23-234-209-234-by.multacom.com | - | High
-169 | 23.237.228.74 | - | - | High
-170 | 23.237.228.90 | - | - | High
-171 | 23.254.217.214 | hwsrv-905596.hostwindsdns.com | - | High
-172 | 24.8.141.118 | c-24-8-141-118.hsd1.co.comcast.net | - | High
-173 | 24.65.42.248 | - | - | High
-174 | 24.152.38.22 | - | - | High
-175 | 24.152.38.152 | - | - | High
-176 | 24.158.63.182 | 024-158-063-182.biz.spectrum.com | - | High
-177 | 24.213.210.198 | rrcs-24-213-210-198.nys.biz.rr.com | - | High
-178 | 27.16.238.184 | - | - | High
-179 | 27.54.170.52 | - | - | High
-180 | 27.129.128.235 | - | - | High
-181 | 27.158.196.219 | 219.196.158.27.broad.zz.fj.dynamic.163data.com.cn | - | High
-182 | 27.191.107.92 | - | - | High
-183 | 31.15.241.181 | cpe-31-15-241-181.cable.telemach.net | - | High
-184 | 31.19.126.157 | ip1f137e9d.dynamic.kabel-deutschland.de | - | High
-185 | 31.19.237.46 | ip1f13ed2e.dynamic.kabel-deutschland.de | - | High
-186 | 31.19.237.170 | ip1f13edaa.dynamic.kabel-deutschland.de | - | High
-187 | 31.169.25.190 | - | - | High
-188 | 31.206.240.54 | - | - | High
-189 | 34.80.27.207 | 207.27.80.34.bc.googleusercontent.com | - | Medium
-190 | 34.80.39.155 | 155.39.80.34.bc.googleusercontent.com | - | Medium
-191 | 34.84.213.136 | 136.213.84.34.bc.googleusercontent.com | - | Medium
-192 | 34.92.90.235 | 235.90.92.34.bc.googleusercontent.com | - | Medium
-193 | 34.125.101.168 | 168.101.125.34.bc.googleusercontent.com | - | Medium
-194 | 34.130.214.198 | 198.214.130.34.bc.googleusercontent.com | - | Medium
-195 | 34.209.193.171 | ec2-34-209-193-171.us-west-2.compute.amazonaws.com | - | Medium
-196 | 34.218.227.40 | ec2-34-218-227-40.us-west-2.compute.amazonaws.com | - | Medium
-197 | 34.220.197.12 | ec2-34-220-197-12.us-west-2.compute.amazonaws.com | - | Medium
-198 | 34.228.43.200 | ec2-34-228-43-200.compute-1.amazonaws.com | - | Medium
-199 | 34.238.28.208 | ec2-34-238-28-208.compute-1.amazonaws.com | - | Medium
-200 | 34.239.121.245 | ec2-34-239-121-245.compute-1.amazonaws.com | - | Medium
-201 | 35.84.195.246 | ec2-35-84-195-246.us-west-2.compute.amazonaws.com | - | Medium
-202 | 35.154.250.210 | ec2-35-154-250-210.ap-south-1.compute.amazonaws.com | - | Medium
-203 | 35.176.154.160 | ec2-35-176-154-160.eu-west-2.compute.amazonaws.com | - | Medium
-204 | 35.178.109.174 | ec2-35-178-109-174.eu-west-2.compute.amazonaws.com | - | Medium
-205 | 35.181.9.94 | ec2-35-181-9-94.eu-west-3.compute.amazonaws.com | - | Medium
-206 | 35.182.238.155 | ec2-35-182-238-155.ca-central-1.compute.amazonaws.com | - | Medium
-207 | 35.183.109.60 | ec2-35-183-109-60.ca-central-1.compute.amazonaws.com | - | Medium
-208 | 35.192.122.245 | 245.122.192.35.bc.googleusercontent.com | - | Medium
-209 | 35.194.155.97 | 97.155.194.35.bc.googleusercontent.com | - | Medium
-210 | 35.229.239.179 | 179.239.229.35.bc.googleusercontent.com | - | Medium
-211 | 36.22.249.39 | - | - | High
-212 | 36.92.125.163 | - | - | High
-213 | 36.137.217.5 | - | - | High
-214 | 37.25.54.162 | - | - | High
-215 | 37.44.244.231 | - | - | High
-216 | 37.97.206.223 | 37-97-206-223.colo.transip.net | - | High
-217 | 37.156.28.213 | 213.mobinnet.net | - | High
-218 | 37.182.153.172 | - | - | High
-219 | 37.186.217.20 | 37-186-217-20.ip270.fastwebnet.it | - | High
-220 | 37.187.148.130 | ns345129.ip-37-187-148.eu | - | High
-221 | 37.230.137.180 | ds1-client.elegacy.ru | - | High
-222 | 39.86.114.252 | - | - | High
-223 | 39.105.123.135 | - | - | High
-224 | 39.106.111.11 | - | - | High
-225 | 40.77.57.4 | - | - | High
-226 | 41.193.68.46 | mail.udwc.co.za | - | High
-227 | 41.226.18.128 | - | - | High
-228 | 41.231.127.5 | - | - | High
-229 | 42.192.82.25 | - | - | High
-230 | 42.192.141.133 | - | - | High
-231 | 42.192.155.41 | - | - | High
-232 | 42.192.157.181 | - | - | High
-233 | 42.193.55.4 | - | - | High
-234 | 42.193.252.69 | - | - | High
-235 | 42.194.187.28 | - | - | High
-236 | 43.129.181.67 | - | - | High
-237 | 43.129.253.181 | - | - | High
-238 | 43.132.208.88 | - | - | High
-239 | 43.136.128.67 | - | - | High
-240 | 43.154.20.234 | - | - | High
-241 | 43.242.247.139 | - | - | High
-242 | 43.249.206.97 | - | - | High
-243 | 44.201.98.58 | ec2-44-201-98-58.compute-1.amazonaws.com | - | Medium
-244 | 45.6.96.34 | - | - | High
-245 | 45.22.199.195 | 45-22-199-195.lightspeed.sndgca.sbcglobal.net | - | High
-246 | 45.32.122.40 | 45.32.122.40.vultr.com | - | Medium
-247 | 45.32.128.117 | 45.32.128.117.vultr.com | - | Medium
-248 | 45.84.196.108 | - | - | High
-249 | 45.87.207.8 | - | - | High
-250 | 45.119.86.214 | - | - | High
-251 | 45.131.1.72 | ip.serverscity.net | - | High
-252 | 45.137.181.238 | - | - | High
-253 | 45.138.157.66 | vm326778.pq.hosting | - | High
-254 | 45.140.164.177 | - | - | High
-255 | 45.142.122.107 | merry-coach.aeza.network | - | High
-256 | 45.142.122.169 | dirty-magic.aeza.network | - | High
-257 | 45.143.136.213 | andreybaksalyar.example.com | - | High
-258 | 45.153.229.238 | vm346100.pq.hosting | - | High
-259 | 45.154.215.172 | - | - | High
-260 | 45.182.118.100 | - | - | High
-261 | 45.222.204.98 | - | - | High
-262 | 45.229.34.30 | - | - | High
-263 | 45.231.132.133 | generated-loan.cursorspec.com | - | High
-264 | 45.238.23.157 | - | - | High
-265 | 45.249.92.58 | - | - | High
-266 | 46.3.142.226 | - | - | High
-267 | 46.3.197.32 | - | - | High
-268 | 46.3.199.4 | - | - | High
-269 | 46.3.199.5 | - | - | High
-270 | 46.37.77.214 | 214.red.77.37.46.procono.es | - | High
-271 | 46.80.25.30 | p2e50191e.dip0.t-ipconnect.de | - | High
-272 | 46.97.44.18 | - | - | High
-273 | 46.101.2.179 | - | - | High
-274 | 46.101.18.240 | - | - | High
-275 | 46.109.34.247 | - | - | High
-276 | 46.148.227.125 | cd16.micsotmaster.art | - | High
-277 | 46.210.111.163 | - | - | High
-278 | 46.217.167.96 | - | - | High
-279 | 46.219.116.22 | - | - | High
-280 | 46.223.163.220 | ip-046-223-163-220.um13.pools.vodafone-ip.de | - | High
-281 | 47.16.155.222 | ool-2f109bde.dyn.optonline.net | - | High
-282 | 47.19.20.130 | - | - | High
-283 | 47.37.138.79 | 047-037-138-079.res.spectrum.com | - | High
-284 | 47.74.65.36 | - | - | High
-285 | 47.88.244.157 | - | - | High
-286 | 47.91.87.67 | - | - | High
-287 | 47.100.108.185 | - | - | High
-288 | 47.100.139.58 | - | - | High
-289 | 47.106.180.166 | - | - | High
-290 | 47.240.81.242 | - | - | High
-291 | 47.243.181.71 | - | - | High
-292 | 47.243.181.238 | - | - | High
-293 | 47.245.14.45 | - | - | High
-294 | 49.7.132.22 | - | - | High
-295 | 49.50.106.73 | - | - | High
-296 | 49.69.36.214 | - | - | High
-297 | 49.204.124.253 | broadband.actcorp.in | - | High
-298 | 49.232.80.64 | - | - | High
-299 | 49.232.104.199 | - | - | High
-300 | 49.232.122.130 | - | - | High
+1 | [1.6.80.1](https://vuldb.com/?ip.1.6.80.1) | - | - | High
+2 | [1.12.223.203](https://vuldb.com/?ip.1.12.223.203) | - | - | High
+3 | [1.12.243.168](https://vuldb.com/?ip.1.12.243.168) | - | - | High
+4 | [1.14.95.58](https://vuldb.com/?ip.1.14.95.58) | - | - | High
+5 | [1.14.166.163](https://vuldb.com/?ip.1.14.166.163) | - | - | High
+6 | [1.14.226.88](https://vuldb.com/?ip.1.14.226.88) | - | - | High
+7 | [1.14.253.207](https://vuldb.com/?ip.1.14.253.207) | - | - | High
+8 | [1.116.55.237](https://vuldb.com/?ip.1.116.55.237) | - | - | High
+9 | [1.116.206.188](https://vuldb.com/?ip.1.116.206.188) | - | - | High
+10 | [1.117.3.72](https://vuldb.com/?ip.1.117.3.72) | - | - | High
+11 | [1.117.16.119](https://vuldb.com/?ip.1.117.16.119) | - | - | High
+12 | [1.117.58.108](https://vuldb.com/?ip.1.117.58.108) | - | - | High
+13 | [1.117.160.142](https://vuldb.com/?ip.1.117.160.142) | - | - | High
+14 | [1.117.229.94](https://vuldb.com/?ip.1.117.229.94) | - | - | High
+15 | [1.165.115.76](https://vuldb.com/?ip.1.165.115.76) | 1-165-115-76.dynamic-ip.hinet.net | - | High
+16 | [1.165.118.93](https://vuldb.com/?ip.1.165.118.93) | 1-165-118-93.dynamic-ip.hinet.net | - | High
+17 | [1.165.143.43](https://vuldb.com/?ip.1.165.143.43) | 1-165-143-43.dynamic-ip.hinet.net | - | High
+18 | [1.165.211.196](https://vuldb.com/?ip.1.165.211.196) | 1-165-211-196.dynamic-ip.hinet.net | - | High
+19 | [1.192.94.61](https://vuldb.com/?ip.1.192.94.61) | - | - | High
+20 | [1.220.98.197](https://vuldb.com/?ip.1.220.98.197) | - | - | High
+21 | [2.58.113.123](https://vuldb.com/?ip.2.58.113.123) | tube-hosting.de | - | High
+22 | [2.59.92.14](https://vuldb.com/?ip.2.59.92.14) | - | - | High
+23 | [2.78.61.194](https://vuldb.com/?ip.2.78.61.194) | 2-78-61-194.kcell.kz | - | High
+24 | [2.80.12.140](https://vuldb.com/?ip.2.80.12.140) | bl19-12-140.dsl.telepac.pt | - | High
+25 | [2.227.254.144](https://vuldb.com/?ip.2.227.254.144) | - | - | High
+26 | [3.0.206.162](https://vuldb.com/?ip.3.0.206.162) | ec2-3-0-206-162.ap-southeast-1.compute.amazonaws.com | - | Medium
+27 | [3.6.71.245](https://vuldb.com/?ip.3.6.71.245) | ec2-3-6-71-245.ap-south-1.compute.amazonaws.com | - | Medium
+28 | [3.9.188.69](https://vuldb.com/?ip.3.9.188.69) | ec2-3-9-188-69.eu-west-2.compute.amazonaws.com | - | Medium
+29 | [3.14.13.27](https://vuldb.com/?ip.3.14.13.27) | ec2-3-14-13-27.us-east-2.compute.amazonaws.com | - | Medium
+30 | [3.14.153.3](https://vuldb.com/?ip.3.14.153.3) | ec2-3-14-153-3.us-east-2.compute.amazonaws.com | - | Medium
+31 | [3.17.11.48](https://vuldb.com/?ip.3.17.11.48) | ec2-3-17-11-48.us-east-2.compute.amazonaws.com | - | Medium
+32 | [3.17.152.26](https://vuldb.com/?ip.3.17.152.26) | ec2-3-17-152-26.us-east-2.compute.amazonaws.com | - | Medium
+33 | [3.17.188.16](https://vuldb.com/?ip.3.17.188.16) | ec2-3-17-188-16.us-east-2.compute.amazonaws.com | - | Medium
+34 | [3.35.185.49](https://vuldb.com/?ip.3.35.185.49) | ec2-3-35-185-49.ap-northeast-2.compute.amazonaws.com | - | Medium
+35 | [3.38.209.200](https://vuldb.com/?ip.3.38.209.200) | ec2-3-38-209-200.ap-northeast-2.compute.amazonaws.com | - | Medium
+36 | [3.70.67.35](https://vuldb.com/?ip.3.70.67.35) | ec2-3-70-67-35.eu-central-1.compute.amazonaws.com | - | Medium
+37 | [3.82.227.46](https://vuldb.com/?ip.3.82.227.46) | ec2-3-82-227-46.compute-1.amazonaws.com | - | Medium
+38 | [3.86.230.210](https://vuldb.com/?ip.3.86.230.210) | ec2-3-86-230-210.compute-1.amazonaws.com | - | Medium
+39 | [3.88.203.1](https://vuldb.com/?ip.3.88.203.1) | ec2-3-88-203-1.compute-1.amazonaws.com | - | Medium
+40 | [3.91.21.110](https://vuldb.com/?ip.3.91.21.110) | ec2-3-91-21-110.compute-1.amazonaws.com | - | Medium
+41 | [3.112.16.145](https://vuldb.com/?ip.3.112.16.145) | ec2-3-112-16-145.ap-northeast-1.compute.amazonaws.com | - | Medium
+42 | [3.112.27.236](https://vuldb.com/?ip.3.112.27.236) | ec2-3-112-27-236.ap-northeast-1.compute.amazonaws.com | - | Medium
+43 | [3.112.52.252](https://vuldb.com/?ip.3.112.52.252) | ec2-3-112-52-252.ap-northeast-1.compute.amazonaws.com | - | Medium
+44 | [3.113.28.245](https://vuldb.com/?ip.3.113.28.245) | ec2-3-113-28-245.ap-northeast-1.compute.amazonaws.com | - | Medium
+45 | [3.115.18.133](https://vuldb.com/?ip.3.115.18.133) | ec2-3-115-18-133.ap-northeast-1.compute.amazonaws.com | - | Medium
+46 | [3.122.60.196](https://vuldb.com/?ip.3.122.60.196) | ec2-3-122-60-196.eu-central-1.compute.amazonaws.com | - | Medium
+47 | [3.127.114.41](https://vuldb.com/?ip.3.127.114.41) | ec2-3-127-114-41.eu-central-1.compute.amazonaws.com | - | Medium
+48 | [3.127.255.82](https://vuldb.com/?ip.3.127.255.82) | ec2-3-127-255-82.eu-central-1.compute.amazonaws.com | - | Medium
+49 | [3.133.59.250](https://vuldb.com/?ip.3.133.59.250) | ec2-3-133-59-250.us-east-2.compute.amazonaws.com | - | Medium
+50 | [3.138.162.152](https://vuldb.com/?ip.3.138.162.152) | ec2-3-138-162-152.us-east-2.compute.amazonaws.com | - | Medium
+51 | [3.219.216.198](https://vuldb.com/?ip.3.219.216.198) | ec2-3-219-216-198.compute-1.amazonaws.com | - | Medium
+52 | [3.236.39.46](https://vuldb.com/?ip.3.236.39.46) | ec2-3-236-39-46.compute-1.amazonaws.com | - | Medium
+53 | [3.236.44.195](https://vuldb.com/?ip.3.236.44.195) | ec2-3-236-44-195.compute-1.amazonaws.com | - | Medium
+54 | [5.25.247.205](https://vuldb.com/?ip.5.25.247.205) | - | - | High
+55 | [5.26.221.186](https://vuldb.com/?ip.5.26.221.186) | - | - | High
+56 | [5.26.250.165](https://vuldb.com/?ip.5.26.250.165) | - | - | High
+57 | [5.26.251.165](https://vuldb.com/?ip.5.26.251.165) | - | - | High
+58 | [5.26.254.49](https://vuldb.com/?ip.5.26.254.49) | - | - | High
+59 | [5.26.254.72](https://vuldb.com/?ip.5.26.254.72) | - | - | High
+60 | [5.26.254.73](https://vuldb.com/?ip.5.26.254.73) | - | - | High
+61 | [5.28.139.161](https://vuldb.com/?ip.5.28.139.161) | - | - | High
+62 | [5.34.181.108](https://vuldb.com/?ip.5.34.181.108) | unallocated.layer6.net | - | High
+63 | [5.34.181.109](https://vuldb.com/?ip.5.34.181.109) | unallocated.layer6.net | - | High
+64 | [5.35.10.81](https://vuldb.com/?ip.5.35.10.81) | - | - | High
+65 | [5.39.113.106](https://vuldb.com/?ip.5.39.113.106) | ip106.ip-5-39-113.eu | - | High
+66 | [5.42.158.38](https://vuldb.com/?ip.5.42.158.38) | - | - | High
+67 | [5.42.158.71](https://vuldb.com/?ip.5.42.158.71) | - | - | High
+68 | [5.61.57.196](https://vuldb.com/?ip.5.61.57.196) | - | - | High
+69 | [5.182.17.252](https://vuldb.com/?ip.5.182.17.252) | vmi726193.contaboserver.net | - | High
+70 | [5.231.205.137](https://vuldb.com/?ip.5.231.205.137) | certo-237-205-231-5.efeitocerto.com.br | - | High
+71 | [5.253.86.211](https://vuldb.com/?ip.5.253.86.211) | - | - | High
+72 | [8.17.89.11](https://vuldb.com/?ip.8.17.89.11) | 8-17-89-11.paxio.net | - | High
+73 | [8.208.89.230](https://vuldb.com/?ip.8.208.89.230) | - | - | High
+74 | [8.215.31.94](https://vuldb.com/?ip.8.215.31.94) | - | - | High
+75 | [8.218.100.52](https://vuldb.com/?ip.8.218.100.52) | - | - | High
+76 | [12.36.229.193](https://vuldb.com/?ip.12.36.229.193) | - | - | High
+77 | [12.160.25.98](https://vuldb.com/?ip.12.160.25.98) | - | - | High
+78 | [12.173.254.230](https://vuldb.com/?ip.12.173.254.230) | - | - | High
+79 | [12.176.121.170](https://vuldb.com/?ip.12.176.121.170) | - | - | High
+80 | [12.222.12.26](https://vuldb.com/?ip.12.222.12.26) | - | - | High
+81 | [12.234.91.165](https://vuldb.com/?ip.12.234.91.165) | - | - | High
+82 | [13.37.158.253](https://vuldb.com/?ip.13.37.158.253) | ec2-13-37-158-253.eu-west-3.compute.amazonaws.com | - | Medium
+83 | [13.52.74.242](https://vuldb.com/?ip.13.52.74.242) | ec2-13-52-74-242.us-west-1.compute.amazonaws.com | - | Medium
+84 | [13.53.127.223](https://vuldb.com/?ip.13.53.127.223) | ec2-13-53-127-223.eu-north-1.compute.amazonaws.com | - | Medium
+85 | [13.53.149.216](https://vuldb.com/?ip.13.53.149.216) | ec2-13-53-149-216.eu-north-1.compute.amazonaws.com | - | Medium
+86 | [13.57.226.95](https://vuldb.com/?ip.13.57.226.95) | ec2-13-57-226-95.us-west-1.compute.amazonaws.com | - | Medium
+87 | [13.59.13.98](https://vuldb.com/?ip.13.59.13.98) | ec2-13-59-13-98.us-east-2.compute.amazonaws.com | - | Medium
+88 | [13.59.67.195](https://vuldb.com/?ip.13.59.67.195) | ec2-13-59-67-195.us-east-2.compute.amazonaws.com | - | Medium
+89 | [13.72.247.133](https://vuldb.com/?ip.13.72.247.133) | - | - | High
+90 | [13.77.163.87](https://vuldb.com/?ip.13.77.163.87) | - | - | High
+91 | [13.78.143.45](https://vuldb.com/?ip.13.78.143.45) | - | - | High
+92 | [13.79.246.35](https://vuldb.com/?ip.13.79.246.35) | - | - | High
+93 | [13.80.144.47](https://vuldb.com/?ip.13.80.144.47) | - | - | High
+94 | [13.80.148.182](https://vuldb.com/?ip.13.80.148.182) | - | - | High
+95 | [13.90.45.216](https://vuldb.com/?ip.13.90.45.216) | - | - | High
+96 | [13.92.247.241](https://vuldb.com/?ip.13.92.247.241) | - | - | High
+97 | [13.113.129.210](https://vuldb.com/?ip.13.113.129.210) | ec2-13-113-129-210.ap-northeast-1.compute.amazonaws.com | - | Medium
+98 | [13.114.10.152](https://vuldb.com/?ip.13.114.10.152) | ec2-13-114-10-152.ap-northeast-1.compute.amazonaws.com | - | Medium
+99 | [13.124.214.6](https://vuldb.com/?ip.13.124.214.6) | ec2-13-124-214-6.ap-northeast-2.compute.amazonaws.com | - | Medium
+100 | [13.124.217.127](https://vuldb.com/?ip.13.124.217.127) | ec2-13-124-217-127.ap-northeast-2.compute.amazonaws.com | - | Medium
+101 | [13.126.18.196](https://vuldb.com/?ip.13.126.18.196) | ec2-13-126-18-196.ap-south-1.compute.amazonaws.com | - | Medium
+102 | [13.126.244.38](https://vuldb.com/?ip.13.126.244.38) | ec2-13-126-244-38.ap-south-1.compute.amazonaws.com | - | Medium
+103 | [13.209.39.176](https://vuldb.com/?ip.13.209.39.176) | ec2-13-209-39-176.ap-northeast-2.compute.amazonaws.com | - | Medium
+104 | [13.211.180.165](https://vuldb.com/?ip.13.211.180.165) | ec2-13-211-180-165.ap-southeast-2.compute.amazonaws.com | - | Medium
+105 | [13.211.234.149](https://vuldb.com/?ip.13.211.234.149) | ec2-13-211-234-149.ap-southeast-2.compute.amazonaws.com | - | Medium
+106 | [13.232.213.134](https://vuldb.com/?ip.13.232.213.134) | ec2-13-232-213-134.ap-south-1.compute.amazonaws.com | - | Medium
+107 | [13.233.60.246](https://vuldb.com/?ip.13.233.60.246) | ec2-13-233-60-246.ap-south-1.compute.amazonaws.com | - | Medium
+108 | [13.233.98.125](https://vuldb.com/?ip.13.233.98.125) | ec2-13-233-98-125.ap-south-1.compute.amazonaws.com | - | Medium
+109 | [13.234.76.179](https://vuldb.com/?ip.13.234.76.179) | ec2-13-234-76-179.ap-south-1.compute.amazonaws.com | - | Medium
+110 | [13.235.82.69](https://vuldb.com/?ip.13.235.82.69) | ec2-13-235-82-69.ap-south-1.compute.amazonaws.com | - | Medium
+111 | [13.235.253.205](https://vuldb.com/?ip.13.235.253.205) | ec2-13-235-253-205.ap-south-1.compute.amazonaws.com | - | Medium
+112 | [13.238.218.177](https://vuldb.com/?ip.13.238.218.177) | ec2-13-238-218-177.ap-southeast-2.compute.amazonaws.com | - | Medium
+113 | [13.251.26.201](https://vuldb.com/?ip.13.251.26.201) | ec2-13-251-26-201.ap-southeast-1.compute.amazonaws.com | - | Medium
+114 | [13.251.89.210](https://vuldb.com/?ip.13.251.89.210) | ec2-13-251-89-210.ap-southeast-1.compute.amazonaws.com | - | Medium
+115 | [13.251.166.37](https://vuldb.com/?ip.13.251.166.37) | ec2-13-251-166-37.ap-southeast-1.compute.amazonaws.com | - | Medium
+116 | [14.37.111.114](https://vuldb.com/?ip.14.37.111.114) | - | - | High
+117 | [14.43.135.243](https://vuldb.com/?ip.14.43.135.243) | - | - | High
+118 | [14.46.100.84](https://vuldb.com/?ip.14.46.100.84) | - | - | High
+119 | [14.54.245.109](https://vuldb.com/?ip.14.54.245.109) | - | - | High
+120 | [14.54.245.220](https://vuldb.com/?ip.14.54.245.220) | - | - | High
+121 | [14.118.208.75](https://vuldb.com/?ip.14.118.208.75) | - | - | High
+122 | [14.118.208.86](https://vuldb.com/?ip.14.118.208.86) | - | - | High
+123 | [14.118.211.158](https://vuldb.com/?ip.14.118.211.158) | - | - | High
+124 | [14.139.122.146](https://vuldb.com/?ip.14.139.122.146) | - | - | High
+125 | [15.206.70.23](https://vuldb.com/?ip.15.206.70.23) | ec2-15-206-70-23.ap-south-1.compute.amazonaws.com | - | Medium
+126 | [15.235.13.210](https://vuldb.com/?ip.15.235.13.210) | ns5009092.ip-15-235-13.net | - | High
+127 | [15.235.13.211](https://vuldb.com/?ip.15.235.13.211) | ns5009085.ip-15-235-13.net | - | High
+128 | [15.235.30.194](https://vuldb.com/?ip.15.235.30.194) | ip194.ip-15-235-30.net | - | High
+129 | [18.27.197.252](https://vuldb.com/?ip.18.27.197.252) | - | - | High
+130 | [18.130.29.105](https://vuldb.com/?ip.18.130.29.105) | ec2-18-130-29-105.eu-west-2.compute.amazonaws.com | - | Medium
+131 | [18.136.203.250](https://vuldb.com/?ip.18.136.203.250) | ec2-18-136-203-250.ap-southeast-1.compute.amazonaws.com | - | Medium
+132 | [18.138.238.88](https://vuldb.com/?ip.18.138.238.88) | ec2-18-138-238-88.ap-southeast-1.compute.amazonaws.com | - | Medium
+133 | [18.141.93.110](https://vuldb.com/?ip.18.141.93.110) | ec2-18-141-93-110.ap-southeast-1.compute.amazonaws.com | - | Medium
+134 | [18.142.77.220](https://vuldb.com/?ip.18.142.77.220) | ec2-18-142-77-220.ap-southeast-1.compute.amazonaws.com | - | Medium
+135 | [18.162.109.213](https://vuldb.com/?ip.18.162.109.213) | ec2-18-162-109-213.ap-east-1.compute.amazonaws.com | - | Medium
+136 | [18.162.120.237](https://vuldb.com/?ip.18.162.120.237) | ec2-18-162-120-237.ap-east-1.compute.amazonaws.com | - | Medium
+137 | [18.162.123.240](https://vuldb.com/?ip.18.162.123.240) | ec2-18-162-123-240.ap-east-1.compute.amazonaws.com | - | Medium
+138 | [18.162.200.166](https://vuldb.com/?ip.18.162.200.166) | ec2-18-162-200-166.ap-east-1.compute.amazonaws.com | - | Medium
+139 | [18.182.6.172](https://vuldb.com/?ip.18.182.6.172) | ec2-18-182-6-172.ap-northeast-1.compute.amazonaws.com | - | Medium
+140 | [18.191.113.196](https://vuldb.com/?ip.18.191.113.196) | ec2-18-191-113-196.us-east-2.compute.amazonaws.com | - | Medium
+141 | [18.202.242.7](https://vuldb.com/?ip.18.202.242.7) | ec2-18-202-242-7.eu-west-1.compute.amazonaws.com | - | Medium
+142 | [18.204.247.146](https://vuldb.com/?ip.18.204.247.146) | ec2-18-204-247-146.compute-1.amazonaws.com | - | Medium
+143 | [18.208.7.231](https://vuldb.com/?ip.18.208.7.231) | ec2-18-208-7-231.compute-1.amazonaws.com | - | Medium
+144 | [18.212.26.134](https://vuldb.com/?ip.18.212.26.134) | ec2-18-212-26-134.compute-1.amazonaws.com | - | Medium
+145 | [18.218.135.210](https://vuldb.com/?ip.18.218.135.210) | ec2-18-218-135-210.us-east-2.compute.amazonaws.com | - | Medium
+146 | [18.219.191.219](https://vuldb.com/?ip.18.219.191.219) | ec2-18-219-191-219.us-east-2.compute.amazonaws.com | - | Medium
+147 | [18.220.148.98](https://vuldb.com/?ip.18.220.148.98) | ec2-18-220-148-98.us-east-2.compute.amazonaws.com | - | Medium
+148 | [18.222.214.151](https://vuldb.com/?ip.18.222.214.151) | ec2-18-222-214-151.us-east-2.compute.amazonaws.com | - | Medium
+149 | [18.228.44.254](https://vuldb.com/?ip.18.228.44.254) | ec2-18-228-44-254.sa-east-1.compute.amazonaws.com | - | Medium
+150 | [18.231.36.105](https://vuldb.com/?ip.18.231.36.105) | ec2-18-231-36-105.sa-east-1.compute.amazonaws.com | - | Medium
+151 | [18.231.122.117](https://vuldb.com/?ip.18.231.122.117) | ec2-18-231-122-117.sa-east-1.compute.amazonaws.com | - | Medium
+152 | [18.231.178.172](https://vuldb.com/?ip.18.231.178.172) | ec2-18-231-178-172.sa-east-1.compute.amazonaws.com | - | Medium
+153 | [20.39.226.165](https://vuldb.com/?ip.20.39.226.165) | - | - | High
+154 | [20.39.240.101](https://vuldb.com/?ip.20.39.240.101) | - | - | High
+155 | [20.49.51.59](https://vuldb.com/?ip.20.49.51.59) | - | - | High
+156 | [20.69.176.137](https://vuldb.com/?ip.20.69.176.137) | - | - | High
+157 | [20.126.58.208](https://vuldb.com/?ip.20.126.58.208) | - | - | High
+158 | [20.127.105.82](https://vuldb.com/?ip.20.127.105.82) | - | - | High
+159 | [20.141.185.205](https://vuldb.com/?ip.20.141.185.205) | - | - | High
+160 | [20.195.193.241](https://vuldb.com/?ip.20.195.193.241) | - | - | High
+161 | [20.205.0.49](https://vuldb.com/?ip.20.205.0.49) | - | - | High
+162 | [23.92.25.109](https://vuldb.com/?ip.23.92.25.109) | 23-92-25-109.ip.linodeusercontent.com | - | High
+163 | [23.94.56.185](https://vuldb.com/?ip.23.94.56.185) | 23-94-56-185-host.colocrossing.com | - | High
+164 | [23.100.81.44](https://vuldb.com/?ip.23.100.81.44) | - | - | High
+165 | [23.148.146.118](https://vuldb.com/?ip.23.148.146.118) | - | - | High
+166 | [23.148.146.122](https://vuldb.com/?ip.23.148.146.122) | - | - | High
+167 | [23.234.197.173](https://vuldb.com/?ip.23.234.197.173) | 173-197-234-23-dedicated.multacom.com | - | High
+168 | [23.234.209.234](https://vuldb.com/?ip.23.234.209.234) | host-23-234-209-234-by.multacom.com | - | High
+169 | [23.237.228.74](https://vuldb.com/?ip.23.237.228.74) | - | - | High
+170 | [23.237.228.90](https://vuldb.com/?ip.23.237.228.90) | - | - | High
+171 | [23.254.217.214](https://vuldb.com/?ip.23.254.217.214) | hwsrv-905596.hostwindsdns.com | - | High
+172 | [24.8.141.118](https://vuldb.com/?ip.24.8.141.118) | c-24-8-141-118.hsd1.co.comcast.net | - | High
+173 | [24.65.42.248](https://vuldb.com/?ip.24.65.42.248) | - | - | High
+174 | [24.152.38.22](https://vuldb.com/?ip.24.152.38.22) | - | - | High
+175 | [24.152.38.152](https://vuldb.com/?ip.24.152.38.152) | - | - | High
+176 | [24.158.63.182](https://vuldb.com/?ip.24.158.63.182) | 024-158-063-182.biz.spectrum.com | - | High
+177 | [24.213.210.198](https://vuldb.com/?ip.24.213.210.198) | rrcs-24-213-210-198.nys.biz.rr.com | - | High
+178 | [27.16.238.184](https://vuldb.com/?ip.27.16.238.184) | - | - | High
+179 | [27.54.170.52](https://vuldb.com/?ip.27.54.170.52) | - | - | High
+180 | [27.129.128.235](https://vuldb.com/?ip.27.129.128.235) | - | - | High
+181 | [27.158.196.219](https://vuldb.com/?ip.27.158.196.219) | 219.196.158.27.broad.zz.fj.dynamic.163data.com.cn | - | High
+182 | [27.191.107.92](https://vuldb.com/?ip.27.191.107.92) | - | - | High
+183 | [31.15.241.181](https://vuldb.com/?ip.31.15.241.181) | cpe-31-15-241-181.cable.telemach.net | - | High
+184 | [31.19.126.157](https://vuldb.com/?ip.31.19.126.157) | ip1f137e9d.dynamic.kabel-deutschland.de | - | High
+185 | [31.19.237.46](https://vuldb.com/?ip.31.19.237.46) | ip1f13ed2e.dynamic.kabel-deutschland.de | - | High
+186 | [31.19.237.170](https://vuldb.com/?ip.31.19.237.170) | ip1f13edaa.dynamic.kabel-deutschland.de | - | High
+187 | [31.169.25.190](https://vuldb.com/?ip.31.169.25.190) | - | - | High
+188 | [31.206.240.54](https://vuldb.com/?ip.31.206.240.54) | - | - | High
+189 | [34.80.27.207](https://vuldb.com/?ip.34.80.27.207) | 207.27.80.34.bc.googleusercontent.com | - | Medium
+190 | [34.80.39.155](https://vuldb.com/?ip.34.80.39.155) | 155.39.80.34.bc.googleusercontent.com | - | Medium
+191 | [34.84.213.136](https://vuldb.com/?ip.34.84.213.136) | 136.213.84.34.bc.googleusercontent.com | - | Medium
+192 | [34.92.90.235](https://vuldb.com/?ip.34.92.90.235) | 235.90.92.34.bc.googleusercontent.com | - | Medium
+193 | [34.125.101.168](https://vuldb.com/?ip.34.125.101.168) | 168.101.125.34.bc.googleusercontent.com | - | Medium
+194 | [34.130.214.198](https://vuldb.com/?ip.34.130.214.198) | 198.214.130.34.bc.googleusercontent.com | - | Medium
+195 | [34.209.193.171](https://vuldb.com/?ip.34.209.193.171) | ec2-34-209-193-171.us-west-2.compute.amazonaws.com | - | Medium
+196 | [34.218.227.40](https://vuldb.com/?ip.34.218.227.40) | ec2-34-218-227-40.us-west-2.compute.amazonaws.com | - | Medium
+197 | [34.220.197.12](https://vuldb.com/?ip.34.220.197.12) | ec2-34-220-197-12.us-west-2.compute.amazonaws.com | - | Medium
+198 | [34.228.43.200](https://vuldb.com/?ip.34.228.43.200) | ec2-34-228-43-200.compute-1.amazonaws.com | - | Medium
+199 | [34.238.28.208](https://vuldb.com/?ip.34.238.28.208) | ec2-34-238-28-208.compute-1.amazonaws.com | - | Medium
+200 | [34.239.121.245](https://vuldb.com/?ip.34.239.121.245) | ec2-34-239-121-245.compute-1.amazonaws.com | - | Medium
+201 | [35.84.195.246](https://vuldb.com/?ip.35.84.195.246) | ec2-35-84-195-246.us-west-2.compute.amazonaws.com | - | Medium
+202 | [35.154.250.210](https://vuldb.com/?ip.35.154.250.210) | ec2-35-154-250-210.ap-south-1.compute.amazonaws.com | - | Medium
+203 | [35.176.154.160](https://vuldb.com/?ip.35.176.154.160) | ec2-35-176-154-160.eu-west-2.compute.amazonaws.com | - | Medium
+204 | [35.178.109.174](https://vuldb.com/?ip.35.178.109.174) | ec2-35-178-109-174.eu-west-2.compute.amazonaws.com | - | Medium
+205 | [35.181.9.94](https://vuldb.com/?ip.35.181.9.94) | ec2-35-181-9-94.eu-west-3.compute.amazonaws.com | - | Medium
+206 | [35.182.238.155](https://vuldb.com/?ip.35.182.238.155) | ec2-35-182-238-155.ca-central-1.compute.amazonaws.com | - | Medium
+207 | [35.183.109.60](https://vuldb.com/?ip.35.183.109.60) | ec2-35-183-109-60.ca-central-1.compute.amazonaws.com | - | Medium
+208 | [35.192.122.245](https://vuldb.com/?ip.35.192.122.245) | 245.122.192.35.bc.googleusercontent.com | - | Medium
+209 | [35.194.155.97](https://vuldb.com/?ip.35.194.155.97) | 97.155.194.35.bc.googleusercontent.com | - | Medium
+210 | [35.229.239.179](https://vuldb.com/?ip.35.229.239.179) | 179.239.229.35.bc.googleusercontent.com | - | Medium
+211 | [36.22.249.39](https://vuldb.com/?ip.36.22.249.39) | - | - | High
+212 | [36.92.125.163](https://vuldb.com/?ip.36.92.125.163) | - | - | High
+213 | [36.137.217.5](https://vuldb.com/?ip.36.137.217.5) | - | - | High
+214 | [37.25.54.162](https://vuldb.com/?ip.37.25.54.162) | - | - | High
+215 | [37.44.244.231](https://vuldb.com/?ip.37.44.244.231) | - | - | High
+216 | [37.97.206.223](https://vuldb.com/?ip.37.97.206.223) | 37-97-206-223.colo.transip.net | - | High
+217 | [37.156.28.213](https://vuldb.com/?ip.37.156.28.213) | 213.mobinnet.net | - | High
+218 | [37.182.153.172](https://vuldb.com/?ip.37.182.153.172) | - | - | High
+219 | [37.186.217.20](https://vuldb.com/?ip.37.186.217.20) | 37-186-217-20.ip270.fastwebnet.it | - | High
+220 | [37.187.148.130](https://vuldb.com/?ip.37.187.148.130) | ns345129.ip-37-187-148.eu | - | High
+221 | [37.230.137.180](https://vuldb.com/?ip.37.230.137.180) | ds1-client.elegacy.ru | - | High
+222 | [39.86.114.252](https://vuldb.com/?ip.39.86.114.252) | - | - | High
+223 | [39.105.123.135](https://vuldb.com/?ip.39.105.123.135) | - | - | High
+224 | [39.106.111.11](https://vuldb.com/?ip.39.106.111.11) | - | - | High
+225 | [40.77.57.4](https://vuldb.com/?ip.40.77.57.4) | - | - | High
+226 | [41.193.68.46](https://vuldb.com/?ip.41.193.68.46) | mail.udwc.co.za | - | High
+227 | [41.226.18.128](https://vuldb.com/?ip.41.226.18.128) | - | - | High
+228 | [41.231.127.5](https://vuldb.com/?ip.41.231.127.5) | - | - | High
+229 | [42.192.82.25](https://vuldb.com/?ip.42.192.82.25) | - | - | High
+230 | [42.192.141.133](https://vuldb.com/?ip.42.192.141.133) | - | - | High
+231 | [42.192.155.41](https://vuldb.com/?ip.42.192.155.41) | - | - | High
+232 | [42.192.157.181](https://vuldb.com/?ip.42.192.157.181) | - | - | High
+233 | [42.193.55.4](https://vuldb.com/?ip.42.193.55.4) | - | - | High
+234 | [42.193.252.69](https://vuldb.com/?ip.42.193.252.69) | - | - | High
+235 | [42.194.187.28](https://vuldb.com/?ip.42.194.187.28) | - | - | High
+236 | [43.129.181.67](https://vuldb.com/?ip.43.129.181.67) | - | - | High
+237 | [43.129.253.181](https://vuldb.com/?ip.43.129.253.181) | - | - | High
+238 | [43.132.208.88](https://vuldb.com/?ip.43.132.208.88) | - | - | High
+239 | [43.136.128.67](https://vuldb.com/?ip.43.136.128.67) | - | - | High
+240 | [43.154.20.234](https://vuldb.com/?ip.43.154.20.234) | - | - | High
+241 | [43.242.247.139](https://vuldb.com/?ip.43.242.247.139) | - | - | High
+242 | [43.249.206.97](https://vuldb.com/?ip.43.249.206.97) | - | - | High
+243 | [44.201.98.58](https://vuldb.com/?ip.44.201.98.58) | ec2-44-201-98-58.compute-1.amazonaws.com | - | Medium
+244 | [45.6.96.34](https://vuldb.com/?ip.45.6.96.34) | - | - | High
+245 | [45.22.199.195](https://vuldb.com/?ip.45.22.199.195) | 45-22-199-195.lightspeed.sndgca.sbcglobal.net | - | High
+246 | [45.32.122.40](https://vuldb.com/?ip.45.32.122.40) | 45.32.122.40.vultr.com | - | Medium
+247 | [45.32.128.117](https://vuldb.com/?ip.45.32.128.117) | 45.32.128.117.vultr.com | - | Medium
+248 | [45.84.196.108](https://vuldb.com/?ip.45.84.196.108) | - | - | High
+249 | [45.87.207.8](https://vuldb.com/?ip.45.87.207.8) | - | - | High
+250 | [45.119.86.214](https://vuldb.com/?ip.45.119.86.214) | - | - | High
+251 | [45.131.1.72](https://vuldb.com/?ip.45.131.1.72) | ip.serverscity.net | - | High
+252 | [45.137.181.238](https://vuldb.com/?ip.45.137.181.238) | - | - | High
+253 | [45.138.157.66](https://vuldb.com/?ip.45.138.157.66) | vm326778.pq.hosting | - | High
+254 | [45.140.164.177](https://vuldb.com/?ip.45.140.164.177) | - | - | High
+255 | [45.142.122.107](https://vuldb.com/?ip.45.142.122.107) | merry-coach.aeza.network | - | High
+256 | [45.142.122.169](https://vuldb.com/?ip.45.142.122.169) | dirty-magic.aeza.network | - | High
+257 | [45.143.136.213](https://vuldb.com/?ip.45.143.136.213) | andreybaksalyar.example.com | - | High
+258 | [45.153.229.238](https://vuldb.com/?ip.45.153.229.238) | vm346100.pq.hosting | - | High
+259 | [45.154.215.172](https://vuldb.com/?ip.45.154.215.172) | - | - | High
+260 | [45.182.118.100](https://vuldb.com/?ip.45.182.118.100) | - | - | High
+261 | [45.222.204.98](https://vuldb.com/?ip.45.222.204.98) | - | - | High
+262 | [45.229.34.30](https://vuldb.com/?ip.45.229.34.30) | - | - | High
+263 | [45.231.132.133](https://vuldb.com/?ip.45.231.132.133) | generated-loan.cursorspec.com | - | High
+264 | [45.238.23.157](https://vuldb.com/?ip.45.238.23.157) | - | - | High
+265 | [45.249.92.58](https://vuldb.com/?ip.45.249.92.58) | - | - | High
+266 | [46.3.142.226](https://vuldb.com/?ip.46.3.142.226) | - | - | High
+267 | [46.3.197.32](https://vuldb.com/?ip.46.3.197.32) | - | - | High
+268 | [46.3.199.4](https://vuldb.com/?ip.46.3.199.4) | - | - | High
+269 | [46.3.199.5](https://vuldb.com/?ip.46.3.199.5) | - | - | High
+270 | [46.37.77.214](https://vuldb.com/?ip.46.37.77.214) | 214.red.77.37.46.procono.es | - | High
+271 | [46.80.25.30](https://vuldb.com/?ip.46.80.25.30) | p2e50191e.dip0.t-ipconnect.de | - | High
+272 | [46.97.44.18](https://vuldb.com/?ip.46.97.44.18) | - | - | High
+273 | [46.101.2.179](https://vuldb.com/?ip.46.101.2.179) | - | - | High
+274 | [46.101.18.240](https://vuldb.com/?ip.46.101.18.240) | - | - | High
+275 | [46.109.34.247](https://vuldb.com/?ip.46.109.34.247) | - | - | High
+276 | [46.148.227.125](https://vuldb.com/?ip.46.148.227.125) | cd16.micsotmaster.art | - | High
+277 | [46.210.111.163](https://vuldb.com/?ip.46.210.111.163) | - | - | High
+278 | [46.217.167.96](https://vuldb.com/?ip.46.217.167.96) | - | - | High
+279 | [46.219.116.22](https://vuldb.com/?ip.46.219.116.22) | - | - | High
+280 | [46.223.163.220](https://vuldb.com/?ip.46.223.163.220) | ip-046-223-163-220.um13.pools.vodafone-ip.de | - | High
+281 | [47.16.155.222](https://vuldb.com/?ip.47.16.155.222) | ool-2f109bde.dyn.optonline.net | - | High
+282 | [47.19.20.130](https://vuldb.com/?ip.47.19.20.130) | - | - | High
+283 | [47.37.138.79](https://vuldb.com/?ip.47.37.138.79) | 047-037-138-079.res.spectrum.com | - | High
+284 | [47.74.65.36](https://vuldb.com/?ip.47.74.65.36) | - | - | High
+285 | [47.88.244.157](https://vuldb.com/?ip.47.88.244.157) | - | - | High
+286 | [47.91.87.67](https://vuldb.com/?ip.47.91.87.67) | - | - | High
+287 | [47.100.108.185](https://vuldb.com/?ip.47.100.108.185) | - | - | High
+288 | [47.100.139.58](https://vuldb.com/?ip.47.100.139.58) | - | - | High
+289 | [47.106.180.166](https://vuldb.com/?ip.47.106.180.166) | - | - | High
+290 | [47.240.81.242](https://vuldb.com/?ip.47.240.81.242) | - | - | High
+291 | [47.243.181.71](https://vuldb.com/?ip.47.243.181.71) | - | - | High
+292 | [47.243.181.238](https://vuldb.com/?ip.47.243.181.238) | - | - | High
+293 | [47.245.14.45](https://vuldb.com/?ip.47.245.14.45) | - | - | High
+294 | [49.7.132.22](https://vuldb.com/?ip.49.7.132.22) | - | - | High
+295 | [49.50.106.73](https://vuldb.com/?ip.49.50.106.73) | - | - | High
+296 | [49.69.36.214](https://vuldb.com/?ip.49.69.36.214) | - | - | High
+297 | [49.204.124.253](https://vuldb.com/?ip.49.204.124.253) | broadband.actcorp.in | - | High
+298 | [49.232.80.64](https://vuldb.com/?ip.49.232.80.64) | - | - | High
+299 | [49.232.104.199](https://vuldb.com/?ip.49.232.104.199) | - | - | High
+300 | [49.232.122.130](https://vuldb.com/?ip.49.232.122.130) | - | - | High
 301 | ... | ... | ... | ...

 There are 1200 more IOC items available. Please use our online service to access the data.
@ -332,11 +332,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techn
 ID | Technique | Weakness | Description | Confidence
 -- | --------- | -------- | ----------- | ----------
 1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
-2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 9 more TTP items available. Please use our online service to access the data.
+There are 7 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -344,45 +344,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `.well-known` | Medium
-2 | File | `/administration/settings_registration.php` | High
-3 | File | `/bin/false` | Medium
-4 | File | `/cgi-bin/` | Medium
-5 | File | `/coreframe/app/order/admin/index.php` | High
-6 | File | `/if.cgi` | Low
-7 | File | `/info.asp` | Medium
-8 | File | `/messages/messages_listing.asp` | High
-9 | File | `/moddable/xs/sources/xsDebug.c` | High
-10 | File | `/Monitoring-History.php` | High
-11 | File | `/Nodes-Traffic.php` | High
-12 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
-13 | File | `/public/admin.php` | High
-14 | File | `/public/login.htm` | High
-15 | File | `/tools/network-trace` | High
-16 | File | `/trigger` | Medium
-17 | File | `/uncpath/` | Medium
-18 | File | `/usr/sbin/DM` | Medium
-19 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
-20 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
-21 | File | `/weibo/comment` | High
-22 | File | `/ws.php` | Low
-23 | File | `/_up` | Low
-24 | File | `AccountManager.java` | High
-25 | File | `action=main:search:simpleSearch` | High
-26 | File | `add_cars.php` | Medium
-27 | File | `add_headers.php` | High
-28 | File | `add_ons.php` | Medium
-29 | File | `admin.cgi?action=config_save` | High
-30 | File | `admin.php` | Medium
-31 | File | `admin.php?action=files` | High
-32 | File | `admin/admin/dump/` | High
-33 | File | `admin/backupstart.php` | High
-34 | File | `admin/list_user` | High
-35 | File | `admin/themes` | Medium
-36 | File | `admin/view:modules/load_module:users#edit-user=1` | High
-37 | ... | ... | ...
+1 | File | `/CMD_ACCOUNT_ADMIN` | High
+2 | File | `/config/getuser` | High
+3 | File | `/core/admin/categories.php` | High
+4 | File | `/data-service/users/` | High
+5 | File | `/dev/cpu/*/msr` | High
+6 | File | `/ext/phar/phar_object.c` | High
+7 | File | `/filemanager/php/connector.php` | High
+8 | File | `/forum/away.php` | High
+9 | File | `/front/document.form.php` | High
+10 | File | `/horde/util/go.php` | High
+11 | File | `/hostapd` | Medium
+12 | File | `/include/chart_generator.php` | High
+13 | File | `/modx/manager/index.php` | High
+14 | File | `/MTFWU` | Low
+15 | File | `/my_photo_gallery/image.php` | High
+16 | File | `/public/login.htm` | High
+17 | File | `/public/plugins/` | High
+18 | File | `/rest/api/1.0/render` | High
+19 | File | `/search.php` | Medium
+20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+21 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
+22 | File | `/sys/attachment/uploaderServlet` | High
+23 | File | `/uncpath/` | Medium
+24 | File | `/user/login/oauth` | High
+25 | File | `/userRpm/popupSiteSurveyRpm.html` | High
+26 | File | `/usr/bin/pkexec` | High
+27 | File | `/wp-admin/admin-ajax.php` | High
+28 | File | `/wp-json` | Medium
+29 | File | `/x_program_center/jaxrs/invoke` | High
+30 | File | `/zm/index.php` | High
+31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
+32 | File | `102/tcp` | Low
+33 | File | `802dot1xclientcert.cgi` | High
+34 | File | `add.exe` | Low
+35 | File | `admin.php?m=Food&a=addsave` | High
+36 | File | `admin.remository.php` | High
+37 | File | `admin/conf_users_edit.php` | High
+38 | File | `admin/index.php` | High
+39 | File | `admin/theme-edit.php` | High
+40 | File | `adminpanel/modules/pro/inc/ajax.php` | High
+41 | File | `admin_ajax.php?action=checkrepeat` | High
+42 | File | `affich.php` | Medium
+43 | ... | ... | ...

-There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 374 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Gallmaker/README.md
+++ b/Gallmaker/README.md
@ -1,60 +1,61 @@
 # Gallmaker - Cyber Threat Intelligence

-The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gallmaker](https://vuldb.com/?actor.gallmaker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gallmaker](https://vuldb.com/?actor.gallmaker). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

-Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gallmaker](https://vuldb.com/?actor.gallmaker)
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gallmaker](https://vuldb.com/?actor.gallmaker)

 ## Countries

-These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gallmaker:
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gallmaker:

-* US
+* [US](https://vuldb.com/?country.us)
+* [LA](https://vuldb.com/?country.la)

 ## IOC - Indicator of Compromise

-These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Gallmaker.
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gallmaker.

-ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
-1 | 94.140.116.124 | - | High
-2 | 94.140.116.231 | - | High
-3 | 111.90.149.99 | server1.kamon.la | High
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [94.140.116.124](https://vuldb.com/?ip.94.140.116.124) | - | - | High
+2 | [94.140.116.231](https://vuldb.com/?ip.94.140.116.231) | - | - | High
+3 | [111.90.149.99](https://vuldb.com/?ip.111.90.149.99) | server1.kamon.la | - | High

 ## TTP - Tactics, Techniques, Procedures

-Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Gallmaker. This data is unique as it uses our predictive model for actor profiling.
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techniques used by Gallmaker. This data is unique as it uses our predictive model for actor profiling.

-ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
-1 | T1059.007 | Cross Site Scripting | High
-2 | T1068 | Execution with Unnecessary Privileges | High
-3 | T1499 | Resource Consumption | High
-4 | ... | ... | ...
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1499 | CWE-400 | Resource Consumption | High
+4 | ... | ... | ... | ...

-There are 2 more TTP items available. Please use our online service to access the data.
+There are 3 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

-These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gallmaker. This data is unique as it uses our predictive model for actor profiling.
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gallmaker. This data is unique as it uses our predictive model for actor profiling.

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `c4t64fx.c` | Medium
-2 | File | `cgi-bin/webcm` | High
-3 | File | `data/gbconfiguration.dat` | High
+1 | File | `application/modules/admin/views/ecommerce/products.php` | High
+2 | File | `blog.php` | Medium
+3 | File | `c4t64fx.c` | Medium
 4 | ... | ... | ...

-There are 14 more IOA items available. Please use our online service to access the data.
+There are 25 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

-The following list contains external sources which discuss the actor and the associated activities:
+The following list contains _external sources_ which discuss the actor and the associated activities:

 * https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/gallmaker-attack-group

 ## Literature

-The following articles explain our unique predictive cyber threat intelligence:
+The following _articles_ explain our unique predictive cyber threat intelligence:

 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
--- a/Gamarue/README.md
+++ b/Gamarue/README.md
@ -1,6 +1,6 @@
 # Gamarue - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gamarue](https://vuldb.com/?actor.gamarue). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gamarue](https://vuldb.com/?actor.gamarue). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gamarue](https://vuldb.com/?actor.gamarue)

@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gamarue:

-* US
-* RU
-* ES
+* [US](https://vuldb.com/?country.us)
+* [RU](https://vuldb.com/?country.ru)
+* [ES](https://vuldb.com/?country.es)
 * ...

 There are 9 more country items available. Please use our online service to access the data.
@ -21,15 +21,15 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 5.154.191.57 | - | - | High
-2 | 37.187.0.40 | ns3108067.ip-37-187-0.eu | - | High
-3 | 45.8.124.25 | free.gbnhost.com | - | High
-4 | 45.128.204.36 | - | - | High
-5 | 45.128.207.237 | - | - | High
-6 | 46.45.169.106 | 46-45-169-106.turkrdns.com | - | High
-7 | 46.254.21.69 | h13.ihc.ru | - | High
-8 | 50.116.23.211 | www.eqnic.net | - | High
-9 | 51.195.53.221 | ip221.ip-51-195-53.eu | - | High
+1 | [5.154.191.57](https://vuldb.com/?ip.5.154.191.57) | - | - | High
+2 | [37.187.0.40](https://vuldb.com/?ip.37.187.0.40) | ns3108067.ip-37-187-0.eu | - | High
+3 | [45.8.124.25](https://vuldb.com/?ip.45.8.124.25) | free.gbnhost.com | - | High
+4 | [45.128.204.36](https://vuldb.com/?ip.45.128.204.36) | - | - | High
+5 | [45.128.207.237](https://vuldb.com/?ip.45.128.207.237) | - | - | High
+6 | [46.45.169.106](https://vuldb.com/?ip.46.45.169.106) | 46-45-169-106.turkrdns.com | - | High
+7 | [46.254.21.69](https://vuldb.com/?ip.46.254.21.69) | h13.ihc.ru | - | High
+8 | [50.116.23.211](https://vuldb.com/?ip.50.116.23.211) | www.eqnic.net | - | High
+9 | [51.195.53.221](https://vuldb.com/?ip.51.195.53.221) | ip221.ip-51-195-53.eu | - | High
 10 | ... | ... | ... | ...

 There are 35 more IOC items available. Please use our online service to access the data.
--- a/Gh0stRAT/README.md
+++ b/Gh0stRAT/README.md
@ -1,6 +1,6 @@
 # Gh0stRAT - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gh0stRAT](https://vuldb.com/?actor.gh0strat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gh0stRAT](https://vuldb.com/?actor.gh0strat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gh0strat](https://vuldb.com/?actor.gh0strat)

@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gh0stRAT:

-* US
-* VN
-* CN
+* [US](https://vuldb.com/?country.us)
+* [VN](https://vuldb.com/?country.vn)
+* [CN](https://vuldb.com/?country.cn)
 * ...

 There are 16 more country items available. Please use our online service to access the data.
@ -21,32 +21,33 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 13.249.38.69 | server-13-249-38-69.iad89.r.cloudfront.net | - | High
-2 | 20.42.65.92 | - | - | High
-3 | 20.189.173.22 | - | - | High
-4 | 36.43.74.215 | - | - | High
-5 | 36.46.114.54 | - | - | High
-6 | 39.109.1.246 | - | - | High
-7 | 42.51.192.3 | - | - | High
-8 | 43.226.152.12 | - | - | High
-9 | 43.226.159.201 | - | - | High
-10 | 45.119.125.223 | - | - | High
-11 | 45.195.203.97 | - | - | High
-12 | 45.253.67.78 | - | - | High
-13 | 47.93.52.188 | - | - | High
-14 | 47.93.245.163 | - | - | High
-15 | 47.95.233.18 | - | - | High
-16 | 47.111.82.157 | - | - | High
-17 | 47.112.30.91 | - | - | High
-18 | 52.168.117.173 | - | - | High
-19 | 52.182.143.212 | - | - | High
-20 | 58.218.66.21 | - | - | High
-21 | 58.218.67.245 | - | - | High
-22 | 58.218.199.225 | - | - | High
-23 | 58.221.47.41 | - | - | High
-24 | ... | ... | ... | ...
+1 | [13.249.38.69](https://vuldb.com/?ip.13.249.38.69) | server-13-249-38-69.iad89.r.cloudfront.net | - | High
+2 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
+3 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
+4 | [36.43.74.215](https://vuldb.com/?ip.36.43.74.215) | - | - | High
+5 | [36.46.114.54](https://vuldb.com/?ip.36.46.114.54) | - | - | High
+6 | [39.109.1.246](https://vuldb.com/?ip.39.109.1.246) | - | - | High
+7 | [42.51.192.3](https://vuldb.com/?ip.42.51.192.3) | - | - | High
+8 | [43.226.152.12](https://vuldb.com/?ip.43.226.152.12) | - | - | High
+9 | [43.226.159.201](https://vuldb.com/?ip.43.226.159.201) | - | - | High
+10 | [45.119.125.223](https://vuldb.com/?ip.45.119.125.223) | - | - | High
+11 | [45.195.203.97](https://vuldb.com/?ip.45.195.203.97) | - | - | High
+12 | [45.253.67.78](https://vuldb.com/?ip.45.253.67.78) | - | - | High
+13 | [47.93.52.188](https://vuldb.com/?ip.47.93.52.188) | - | - | High
+14 | [47.93.245.163](https://vuldb.com/?ip.47.93.245.163) | - | - | High
+15 | [47.95.233.18](https://vuldb.com/?ip.47.95.233.18) | - | - | High
+16 | [47.111.82.157](https://vuldb.com/?ip.47.111.82.157) | - | - | High
+17 | [47.112.30.91](https://vuldb.com/?ip.47.112.30.91) | - | - | High
+18 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
+19 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
+20 | [58.218.66.21](https://vuldb.com/?ip.58.218.66.21) | - | - | High
+21 | [58.218.67.245](https://vuldb.com/?ip.58.218.67.245) | - | - | High
+22 | [58.218.199.225](https://vuldb.com/?ip.58.218.199.225) | - | - | High
+23 | [58.221.47.41](https://vuldb.com/?ip.58.221.47.41) | - | - | High
+24 | [58.221.47.47](https://vuldb.com/?ip.58.221.47.47) | - | - | High
+25 | ... | ... | ... | ...

-There are 93 more IOC items available. Please use our online service to access the data.
+There are 94 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -103,9 +104,10 @@ ID | Type | Indicator | Confidence
 34 | File | `/tmp/app/.env` | High
 35 | File | `/tmp/kamailio_ctl` | High
 36 | File | `/tmp/kamailio_fifo` | High
-37 | ... | ... | ...
+37 | File | `/ucms/index.php?do=list_edit` | High
+38 | ... | ... | ...

-There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -128,6 +130,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
 * https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
 * https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html
+* https://blog.talosintelligence.com/2022/02/threat-roundup-0218-0225.html

 ## Literature

--- a/GreyEnergy/README.md
+++ b/GreyEnergy/README.md
@ -1,6 +1,6 @@
 # GreyEnergy - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GreyEnergy](https://vuldb.com/?actor.greyenergy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GreyEnergy](https://vuldb.com/?actor.greyenergy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.greyenergy](https://vuldb.com/?actor.greyenergy)

@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GreyEnergy:

-* US
-* CN
-* RO
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+* [RO](https://vuldb.com/?country.ro)
 * ...

 There are 28 more country items available. Please use our online service to access the data.
@ -21,11 +21,11 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 5.149.248.77 | - | - | High
-2 | 31.148.220.112 | - | - | High
-3 | 37.59.14.94 | ns3317178.ip-37-59-14.eu | - | High
-4 | 46.249.49.231 | - | - | High
-5 | 62.210.77.169 | 62-210-77-169.rev.poneytelecom.eu | - | High
+1 | [5.149.248.77](https://vuldb.com/?ip.5.149.248.77) | - | - | High
+2 | [31.148.220.112](https://vuldb.com/?ip.31.148.220.112) | - | - | High
+3 | [37.59.14.94](https://vuldb.com/?ip.37.59.14.94) | ns3317178.ip-37-59-14.eu | - | High
+4 | [46.249.49.231](https://vuldb.com/?ip.46.249.49.231) | - | - | High
+5 | [62.210.77.169](https://vuldb.com/?ip.62.210.77.169) | 62-210-77-169.rev.poneytelecom.eu | - | High
 6 | ... | ... | ... | ...

 There are 21 more IOC items available. Please use our online service to access the data.
@ -68,26 +68,27 @@ ID | Type | Indicator | Confidence
 17 | File | `/public/plugins/` | High
 18 | File | `/rom` | Low
 19 | File | `/scripts/killpvhost` | High
-20 | File | `/secure/QueryComponent!Default.jspa` | High
-21 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
-22 | File | `/tmp` | Low
-23 | File | `/tmp/redis.ds` | High
-24 | File | `/uncpath/` | Medium
-25 | File | `/ViewUserHover.jspa` | High
-26 | File | `/wp-admin` | Medium
-27 | File | `/wp-json/wc/v3/webhooks` | High
-28 | File | `actions/CompanyDetailsSave.php` | High
-29 | File | `ActiveServices.java` | High
-30 | File | `addlink.php` | Medium
-31 | File | `addtocart.asp` | High
-32 | File | `admin.php` | Medium
-33 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
-34 | File | `admin/add-glossary.php` | High
-35 | File | `admin/conf_users_edit.php` | High
-36 | File | `admin/dashboard.php` | High
-37 | ... | ... | ...
+20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+21 | File | `/secure/QueryComponent!Default.jspa` | High
+22 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
+23 | File | `/tmp` | Low
+24 | File | `/tmp/redis.ds` | High
+25 | File | `/uncpath/` | Medium
+26 | File | `/ViewUserHover.jspa` | High
+27 | File | `/wp-admin` | Medium
+28 | File | `/wp-json/wc/v3/webhooks` | High
+29 | File | `AccountManagerService.java` | High
+30 | File | `actions/CompanyDetailsSave.php` | High
+31 | File | `ActiveServices.java` | High
+32 | File | `ActivityManagerService.java` | High
+33 | File | `addlink.php` | Medium
+34 | File | `addtocart.asp` | High
+35 | File | `admin.php` | Medium
+36 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
+37 | File | `admin/add-glossary.php` | High
+38 | ... | ... | ...

-There are 320 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 324 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Inception/README.md
+++ b/Inception/README.md
@ -1,6 +1,6 @@
 # Inception - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Inception](https://vuldb.com/?actor.inception). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Inception](https://vuldb.com/?actor.inception). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.inception](https://vuldb.com/?actor.inception)

@ -53,31 +53,32 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/account/register` | High
-2 | File | `/api/notify.php` | High
-3 | File | `/domain/service/.ewell-known/caldav` | High
-4 | File | `/etc/passwd` | Medium
-5 | File | `/formAdvFirewall` | High
-6 | File | `/master/article.php` | High
-7 | File | `/mobile/SelectUsers.jsp` | High
-8 | File | `/ProteinArraySignificanceTest.json` | High
-9 | File | `/usr/local/bin/mjs` | High
-10 | File | `/web` | Low
-11 | File | `admin/bad.php` | High
-12 | File | `admin/dl_sendmail.php` | High
-13 | File | `admin/pages/useredit.php` | High
-14 | File | `AdminBaseController.class.php` | High
-15 | File | `AlertReceiver.java` | High
-16 | File | `AndroidFuture.java` | High
-17 | File | `AndroidManifest.xml` | High
-18 | File | `apc.php` | Low
-19 | File | `api/info.php` | Medium
-20 | File | `attach.c` | Medium
-21 | File | `backup_xi.sh` | Medium
-22 | File | `box_code_apple.c` | High
-23 | ... | ... | ...
+1 | File | `/api/notify.php` | High
+2 | File | `/domain/service/.ewell-known/caldav` | High
+3 | File | `/etc/passwd` | Medium
+4 | File | `/formAdvFirewall` | High
+5 | File | `/master/article.php` | High
+6 | File | `/mobile/SelectUsers.jsp` | High
+7 | File | `/ProteinArraySignificanceTest.json` | High
+8 | File | `/usr/local/bin/mjs` | High
+9 | File | `/web` | Low
+10 | File | `admin/bad.php` | High
+11 | File | `admin/dl_sendmail.php` | High
+12 | File | `admin/pages/useredit.php` | High
+13 | File | `AdminBaseController.class.php` | High
+14 | File | `AlertReceiver.java` | High
+15 | File | `AndroidFuture.java` | High
+16 | File | `AndroidManifest.xml` | High
+17 | File | `api/info.php` | Medium
+18 | File | `attach.c` | Medium
+19 | File | `backup_xi.sh` | Medium
+20 | File | `box_code_apple.c` | High
+21 | File | `bugs.aspx` | Medium
+22 | File | `bug_actiongroup.php` | High
+23 | File | `bug_report_page.php` | High
+24 | ... | ... | ...

-There are 192 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Kraken/README.md
+++ b/Kraken/README.md
@ -1,6 +1,6 @@
 # Kraken - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kraken](https://vuldb.com/?actor.kraken). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kraken](https://vuldb.com/?actor.kraken). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.kraken](https://vuldb.com/?actor.kraken)

@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kraken:

-* US
-* TR
-* FR
+* [US](https://vuldb.com/?country.us)
+* [TR](https://vuldb.com/?country.tr)
+* [FR](https://vuldb.com/?country.fr)
 * ...

 There are 2 more country items available. Please use our online service to access the data.
@ -21,9 +21,9 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 65.21.105.85 | static.85.105.21.65.clients.your-server.de | - | High
-2 | 91.206.14.151 | - | - | High
-3 | 95.181.152.184 | - | - | High
+1 | [65.21.105.85](https://vuldb.com/?ip.65.21.105.85) | static.85.105.21.65.clients.your-server.de | - | High
+2 | [91.206.14.151](https://vuldb.com/?ip.91.206.14.151) | - | - | High
+3 | [95.181.152.184](https://vuldb.com/?ip.95.181.152.184) | - | - | High
 4 | ... | ... | ... | ...

 There are 4 more IOC items available. Please use our online service to access the data.
--- a/Molerats/README.md
+++ b/Molerats/README.md
@ -1,6 +1,6 @@
 # Molerats - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Molerats](https://vuldb.com/?actor.molerats). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Molerats](https://vuldb.com/?actor.molerats). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.molerats](https://vuldb.com/?actor.molerats)

@ -19,9 +19,9 @@ There are 1 more campaign items available. Please use our online service to acce

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Molerats:

-* US
-* CN
-* ES
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+* [ES](https://vuldb.com/?country.es)
 * ...

 There are 10 more country items available. Please use our online service to access the data.
@ -32,10 +32,10 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 23.94.218.221 | 23-94-218-221-host.colocrossing.com | Middle East | High
-2 | 23.229.3.70 | ebonyha.club | DustySky | High
-3 | 45.63.49.202 | 45.63.49.202.vultr.com | Middle East | Medium
-4 | 45.63.97.44 | 45.63.97.44.vultr.com | SneakyPastes | Medium
+1 | [23.94.218.221](https://vuldb.com/?ip.23.94.218.221) | 23-94-218-221-host.colocrossing.com | Middle East | High
+2 | [23.229.3.70](https://vuldb.com/?ip.23.229.3.70) | ebonyha.club | DustySky | High
+3 | [45.63.49.202](https://vuldb.com/?ip.45.63.49.202) | 45.63.49.202.vultr.com | Middle East | Medium
+4 | [45.63.97.44](https://vuldb.com/?ip.45.63.97.44) | 45.63.97.44.vultr.com | SneakyPastes | Medium
 5 | ... | ... | ... | ...

 There are 17 more IOC items available. Please use our online service to access the data.
@ -89,7 +89,7 @@ ID | Type | Indicator | Confidence
 28 | File | `app/View/Helper/CommandHelper.php` | High
 29 | ... | ... | ...

-There are 248 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/MsAttacker/README.md
+++ b/MsAttacker/README.md
@ -1,41 +1,41 @@
 # MsAttacker - Cyber Threat Intelligence

-The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MsAttacker](https://vuldb.com/?actor.msattacker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MsAttacker](https://vuldb.com/?actor.msattacker). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

-Live data and more analysis capabilities are available at [https://vuldb.com/?actor.msattacker](https://vuldb.com/?actor.msattacker)
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.msattacker](https://vuldb.com/?actor.msattacker)

 ## Countries

-These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MsAttacker:
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MsAttacker:

-* US
-* CN
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)

 ## IOC - Indicator of Compromise

-These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of MsAttacker.
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MsAttacker.

-ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
-1 | 23.27.127.200 | - | High
-2 | 122.10.117.5 | - | High
-3 | 122.10.117.35 | - | High
-4 | ... | ... | ...
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [23.27.127.200](https://vuldb.com/?ip.23.27.127.200) | - | - | High
+2 | [122.10.117.5](https://vuldb.com/?ip.122.10.117.5) | - | - | High
+3 | [122.10.117.35](https://vuldb.com/?ip.122.10.117.35) | - | - | High
+4 | ... | ... | ... | ...

 There are 1 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

-Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by MsAttacker. This data is unique as it uses our predictive model for actor profiling.
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techniques used by MsAttacker. This data is unique as it uses our predictive model for actor profiling.

-ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
-1 | T1059.007 | Cross Site Scripting | High
-2 | T1068 | Execution with Unnecessary Privileges | High
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79 | Cross Site Scripting | High
+2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High

 ## IOA - Indicator of Attack

-These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MsAttacker. This data is unique as it uses our predictive model for actor profiling.
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MsAttacker. This data is unique as it uses our predictive model for actor profiling.

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
@ -44,17 +44,17 @@ ID | Type | Indicator | Confidence
 3 | File | `functions/functions_filters.asp` | High
 4 | ... | ... | ...

-There are 8 more IOA items available. Please use our online service to access the data.
+There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

-The following list contains external sources which discuss the actor and the associated activities:
+The following list contains _external sources_ which discuss the actor and the associated activities:

 * https://www.threatminer.org/report.php?q=Tibetan-Uprising-Day-Malware-Attacks_websitepdf.pdf&y=2015

 ## Literature

-The following articles explain our unique predictive cyber threat intelligence:
+The following _articles_ explain our unique predictive cyber threat intelligence:

 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
--- a/Patchwork/README.md
+++ b/Patchwork/README.md
@ -1,6 +1,6 @@
 # Patchwork - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Patchwork](https://vuldb.com/?actor.patchwork). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Patchwork](https://vuldb.com/?actor.patchwork). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.patchwork](https://vuldb.com/?actor.patchwork)

@ -15,9 +15,9 @@ The following _campaigns_ are known and can be associated with Patchwork:

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Patchwork:

-* US
-* CN
-* RU
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)
+* [RU](https://vuldb.com/?country.ru)
 * ...

 There are 33 more country items available. Please use our online service to access the data.
@ -28,75 +28,75 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 5.8.88.64 | - | - | High
-2 | 5.34.242.129 | - | - | High
-3 | 5.39.11.72 | vm482.sakuraserver.co | - | High
-4 | 5.39.36.56 | - | - | High
-5 | 5.39.36.57 | - | - | High
-6 | 5.39.36.58 | - | - | High
-7 | 5.39.36.59 | - | - | High
-8 | 5.39.36.60 | - | - | High
-9 | 5.39.36.61 | - | - | High
-10 | 5.39.97.57 | - | - | High
-11 | 5.39.97.58 | - | - | High
-12 | 5.101.140.220 | prodsrv1.a7holding.com | - | High
-13 | 5.254.98.68 | - | Badnews | High
-14 | 8.22.200.44 | server36.hostcats.com | - | High
-15 | 8.23.224.90 | - | - | High
-16 | 10.30.4.112 | - | Dropping Elephant | High
-17 | 23.106.123.87 | - | - | High
-18 | 31.3.154.110 | vps3.geozinho.com.br | - | High
-19 | 31.3.154.111 | vps4.geozinho.com.br | - | High
-20 | 31.3.154.113 | swe-net-ip.as51430.net | - | High
-21 | 31.3.154.114 | swe-net-ip.as51430.net | - | High
-22 | 31.3.154.115 | swe-net-ip.as51430.net | - | High
-23 | 31.3.154.116 | swe-net-ip.as51430.net | - | High
-24 | 31.3.154.117 | swe-net-ip.as51430.net | - | High
-25 | 31.3.155.106 | swe-net-ip.as51430.net | - | High
-26 | 31.170.161.56 | - | - | High
-27 | 31.170.161.136 | cpl02.main-hosting.eu | - | High
-28 | 31.170.162.23 | cpl04.main-hosting.eu | - | High
-29 | 31.214.169.86 | - | - | High
-30 | 31.214.169.87 | - | - | High
-31 | 37.46.127.75 | nerops15.roupasnews4.com.br | - | High
-32 | 37.46.127.76 | nerops16.roupasnews4.com.br | - | High
-33 | 37.46.127.77 | watch-man6.topchairlifts.com | - | High
-34 | 37.46.127.78 | watch-man7.topchairlifts.com | - | High
-35 | 37.46.127.79 | watch-man8.topchairlifts.com | - | High
-36 | 37.46.127.81 | watch-man10.topchairlifts.com | - | High
-37 | 37.48.77.214 | nl.redseedbox.com | - | High
-38 | 37.48.77.215 | - | - | High
-39 | 37.58.60.195 | - | - | High
-40 | 37.59.175.130 | ip130.ip-37-59-175.eu | - | High
-41 | 37.59.208.94 | - | - | High
-42 | 37.59.231.161 | - | - | High
-43 | 37.221.166.7 | - | - | High
-44 | 37.221.166.8 | - | - | High
-45 | 37.221.166.9 | - | - | High
-46 | 37.221.166.15 | - | - | High
-47 | 37.221.166.36 | - | - | High
-48 | 37.221.166.42 | - | - | High
-49 | 37.221.166.47 | - | - | High
-50 | 37.221.166.48 | - | - | High
-51 | 37.221.166.49 | - | - | High
-52 | 37.221.166.53 | - | - | High
-53 | 37.221.166.55 | - | - | High
-54 | 37.221.166.58 | - | - | High
-55 | 37.221.166.61 | - | - | High
-56 | 43.249.37.173 | - | Badnews | High
-57 | 43.249.37.199 | - | - | High
-58 | 45.43.192.172 | - | - | High
-59 | 46.4.187.60 | static.60.187.4.46.clients.your-server.de | - | High
-60 | 46.4.215.38 | mx01.wugrafixcloud.net | - | High
-61 | 46.165.225.66 | - | - | High
-62 | 46.165.229.7 | - | - | High
-63 | 46.165.229.8 | - | - | High
-64 | 46.165.229.9 | smtp1.lnkyfi.com | - | High
-65 | 46.165.248.236 | - | - | High
-66 | 46.165.248.237 | - | - | High
-67 | 46.165.248.238 | - | - | High
-68 | 46.165.248.239 | - | - | High
-69 | 46.165.248.240 | - | - | High
+1 | [5.8.88.64](https://vuldb.com/?ip.5.8.88.64) | - | - | High
+2 | [5.34.242.129](https://vuldb.com/?ip.5.34.242.129) | - | - | High
+3 | [5.39.11.72](https://vuldb.com/?ip.5.39.11.72) | vm482.sakuraserver.co | - | High
+4 | [5.39.36.56](https://vuldb.com/?ip.5.39.36.56) | - | - | High
+5 | [5.39.36.57](https://vuldb.com/?ip.5.39.36.57) | - | - | High
+6 | [5.39.36.58](https://vuldb.com/?ip.5.39.36.58) | - | - | High
+7 | [5.39.36.59](https://vuldb.com/?ip.5.39.36.59) | - | - | High
+8 | [5.39.36.60](https://vuldb.com/?ip.5.39.36.60) | - | - | High
+9 | [5.39.36.61](https://vuldb.com/?ip.5.39.36.61) | - | - | High
+10 | [5.39.97.57](https://vuldb.com/?ip.5.39.97.57) | - | - | High
+11 | [5.39.97.58](https://vuldb.com/?ip.5.39.97.58) | - | - | High
+12 | [5.101.140.220](https://vuldb.com/?ip.5.101.140.220) | prodsrv1.a7holding.com | - | High
+13 | [5.254.98.68](https://vuldb.com/?ip.5.254.98.68) | - | Badnews | High
+14 | [8.22.200.44](https://vuldb.com/?ip.8.22.200.44) | server36.hostcats.com | - | High
+15 | [8.23.224.90](https://vuldb.com/?ip.8.23.224.90) | - | - | High
+16 | [10.30.4.112](https://vuldb.com/?ip.10.30.4.112) | - | Dropping Elephant | High
+17 | [23.106.123.87](https://vuldb.com/?ip.23.106.123.87) | - | - | High
+18 | [31.3.154.110](https://vuldb.com/?ip.31.3.154.110) | vps3.geozinho.com.br | - | High
+19 | [31.3.154.111](https://vuldb.com/?ip.31.3.154.111) | vps4.geozinho.com.br | - | High
+20 | [31.3.154.113](https://vuldb.com/?ip.31.3.154.113) | swe-net-ip.as51430.net | - | High
+21 | [31.3.154.114](https://vuldb.com/?ip.31.3.154.114) | swe-net-ip.as51430.net | - | High
+22 | [31.3.154.115](https://vuldb.com/?ip.31.3.154.115) | swe-net-ip.as51430.net | - | High
+23 | [31.3.154.116](https://vuldb.com/?ip.31.3.154.116) | swe-net-ip.as51430.net | - | High
+24 | [31.3.154.117](https://vuldb.com/?ip.31.3.154.117) | swe-net-ip.as51430.net | - | High
+25 | [31.3.155.106](https://vuldb.com/?ip.31.3.155.106) | swe-net-ip.as51430.net | - | High
+26 | [31.170.161.56](https://vuldb.com/?ip.31.170.161.56) | - | - | High
+27 | [31.170.161.136](https://vuldb.com/?ip.31.170.161.136) | cpl02.main-hosting.eu | - | High
+28 | [31.170.162.23](https://vuldb.com/?ip.31.170.162.23) | cpl04.main-hosting.eu | - | High
+29 | [31.214.169.86](https://vuldb.com/?ip.31.214.169.86) | - | - | High
+30 | [31.214.169.87](https://vuldb.com/?ip.31.214.169.87) | - | - | High
+31 | [37.46.127.75](https://vuldb.com/?ip.37.46.127.75) | nerops15.roupasnews4.com.br | - | High
+32 | [37.46.127.76](https://vuldb.com/?ip.37.46.127.76) | nerops16.roupasnews4.com.br | - | High
+33 | [37.46.127.77](https://vuldb.com/?ip.37.46.127.77) | watch-man6.topchairlifts.com | - | High
+34 | [37.46.127.78](https://vuldb.com/?ip.37.46.127.78) | watch-man7.topchairlifts.com | - | High
+35 | [37.46.127.79](https://vuldb.com/?ip.37.46.127.79) | watch-man8.topchairlifts.com | - | High
+36 | [37.46.127.81](https://vuldb.com/?ip.37.46.127.81) | watch-man10.topchairlifts.com | - | High
+37 | [37.48.77.214](https://vuldb.com/?ip.37.48.77.214) | nl.redseedbox.com | - | High
+38 | [37.48.77.215](https://vuldb.com/?ip.37.48.77.215) | - | - | High
+39 | [37.58.60.195](https://vuldb.com/?ip.37.58.60.195) | - | - | High
+40 | [37.59.175.130](https://vuldb.com/?ip.37.59.175.130) | ip130.ip-37-59-175.eu | - | High
+41 | [37.59.208.94](https://vuldb.com/?ip.37.59.208.94) | - | - | High
+42 | [37.59.231.161](https://vuldb.com/?ip.37.59.231.161) | - | - | High
+43 | [37.221.166.7](https://vuldb.com/?ip.37.221.166.7) | - | - | High
+44 | [37.221.166.8](https://vuldb.com/?ip.37.221.166.8) | - | - | High
+45 | [37.221.166.9](https://vuldb.com/?ip.37.221.166.9) | - | - | High
+46 | [37.221.166.15](https://vuldb.com/?ip.37.221.166.15) | - | - | High
+47 | [37.221.166.36](https://vuldb.com/?ip.37.221.166.36) | - | - | High
+48 | [37.221.166.42](https://vuldb.com/?ip.37.221.166.42) | - | - | High
+49 | [37.221.166.47](https://vuldb.com/?ip.37.221.166.47) | - | - | High
+50 | [37.221.166.48](https://vuldb.com/?ip.37.221.166.48) | - | - | High
+51 | [37.221.166.49](https://vuldb.com/?ip.37.221.166.49) | - | - | High
+52 | [37.221.166.53](https://vuldb.com/?ip.37.221.166.53) | - | - | High
+53 | [37.221.166.55](https://vuldb.com/?ip.37.221.166.55) | - | - | High
+54 | [37.221.166.58](https://vuldb.com/?ip.37.221.166.58) | - | - | High
+55 | [37.221.166.61](https://vuldb.com/?ip.37.221.166.61) | - | - | High
+56 | [43.249.37.173](https://vuldb.com/?ip.43.249.37.173) | - | Badnews | High
+57 | [43.249.37.199](https://vuldb.com/?ip.43.249.37.199) | - | - | High
+58 | [45.43.192.172](https://vuldb.com/?ip.45.43.192.172) | - | - | High
+59 | [46.4.187.60](https://vuldb.com/?ip.46.4.187.60) | static.60.187.4.46.clients.your-server.de | - | High
+60 | [46.4.215.38](https://vuldb.com/?ip.46.4.215.38) | mx01.wugrafixcloud.net | - | High
+61 | [46.165.225.66](https://vuldb.com/?ip.46.165.225.66) | - | - | High
+62 | [46.165.229.7](https://vuldb.com/?ip.46.165.229.7) | - | - | High
+63 | [46.165.229.8](https://vuldb.com/?ip.46.165.229.8) | - | - | High
+64 | [46.165.229.9](https://vuldb.com/?ip.46.165.229.9) | smtp1.lnkyfi.com | - | High
+65 | [46.165.248.236](https://vuldb.com/?ip.46.165.248.236) | - | - | High
+66 | [46.165.248.237](https://vuldb.com/?ip.46.165.248.237) | - | - | High
+67 | [46.165.248.238](https://vuldb.com/?ip.46.165.248.238) | - | - | High
+68 | [46.165.248.239](https://vuldb.com/?ip.46.165.248.239) | - | - | High
+69 | [46.165.248.240](https://vuldb.com/?ip.46.165.248.240) | - | - | High
 70 | ... | ... | ... | ...

 There are 274 more IOC items available. Please use our online service to access the data.
@ -155,27 +155,27 @@ ID | Type | Indicator | Confidence
 33 | File | `/_next` | Low
 34 | File | `4.edu.php\conn\function.php` | High
 35 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
-36 | File | `acl.c` | Low
-37 | File | `activity_log.php` | High
-38 | File | `adclick.php` | Medium
-39 | File | `addentry.php` | Medium
-40 | File | `add_vhost.php` | High
-41 | File | `adm/systools.asp` | High
-42 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
-43 | File | `admin/category.inc.php` | High
-44 | File | `admin/conf_users_edit.php` | High
-45 | File | `admin/default.asp` | High
-46 | File | `admin/dl_sendmail.php` | High
-47 | File | `admin/getparam.cgi` | High
-48 | File | `admin/index.php` | High
-49 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
-50 | File | `admin/media/rename.php` | High
-51 | File | `admin/password_forgotten.php` | High
-52 | File | `admin/versions.html` | High
-53 | File | `adminCons.php` | High
+36 | File | `about.php` | Medium
+37 | File | `acl.c` | Low
+38 | File | `activity_log.php` | High
+39 | File | `adclick.php` | Medium
+40 | File | `addentry.php` | Medium
+41 | File | `add_vhost.php` | High
+42 | File | `adm/systools.asp` | High
+43 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
+44 | File | `admin/category.inc.php` | High
+45 | File | `admin/conf_users_edit.php` | High
+46 | File | `admin/default.asp` | High
+47 | File | `admin/dl_sendmail.php` | High
+48 | File | `admin/getparam.cgi` | High
+49 | File | `admin/index.php` | High
+50 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
+51 | File | `admin/media/rename.php` | High
+52 | File | `admin/password_forgotten.php` | High
+53 | File | `admin/versions.html` | High
 54 | ... | ... | ...

-There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 475 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

--- a/Qakbot/README.md
+++ b/Qakbot/README.md
@ -1,101 +1,170 @@
 # Qakbot - Cyber Threat Intelligence

-The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Qakbot](https://vuldb.com/?actor.qakbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Qakbot](https://vuldb.com/?actor.qakbot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

-Live data and more analysis capabilities are available at [https://vuldb.com/?actor.qakbot](https://vuldb.com/?actor.qakbot)
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.qakbot](https://vuldb.com/?actor.qakbot)

 ## Countries

-These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Qakbot:
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Qakbot:

-* AU
+* [IN](https://vuldb.com/?country.in)
+* [US](https://vuldb.com/?country.us)
+* [CA](https://vuldb.com/?country.ca)
+* ...
+
+There are 9 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

-These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Qakbot.
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Qakbot.

-ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
-1 | 2.7.116.188 | lfbn-lyo-1-277-188.w2-7.abo.wanadoo.fr | High
-2 | 2.50.47.97 | - | High
-3 | 5.15.81.52 | 5-15-81-52.residential.rdsnet.ro | High
-4 | 5.193.178.241 | - | High
-5 | 24.42.14.241 | - | High
-6 | 24.43.22.221 | rrcs-24-43-22-221.west.biz.rr.com | High
-7 | 24.55.112.61 | dynamic.libertypr.net | High
-8 | 24.90.160.91 | cpe-24-90-160-91.nyc.res.rr.com | High
-9 | 24.95.61.62 | cpe-24-95-61-62.columbus.res.rr.com | High
-10 | 24.117.107.120 | 24-117-107-120.cpe.sparklight.net | High
-11 | 24.139.72.117 | - | High
-12 | 24.139.132.70 | dynamic.libertypr.net | High
-13 | 24.152.219.253 | 24.152.219.253.res-cmts.sm.ptd.net | High
-14 | 24.164.79.147 | cpe-24-164-79-147.cinci.res.rr.com | High
-15 | 24.165.87.61 | cpe-24-165-87-61.san.res.rr.com | High
-16 | 24.183.39.93 | 024-183-039-093.res.spectrum.com | High
-17 | 24.202.42.48 | modemcable048.42-202-24.mc.videotron.ca | High
-18 | 24.226.156.153 | 24-226-156-153.resi.cgocable.ca | High
-19 | 24.229.150.54 | 24.229.150.54.cmts-static.sm.ptd.net | High
-20 | 24.234.86.201 | wsip-24-234-86-201.lv.lv.cox.net | High
-21 | 27.223.92.142 | - | High
-22 | 35.142.12.163 | 035-142-012-163.dhcp.bhn.net | High
-23 | 41.34.91.90 | host-41.34.91.90.tedata.net | High
-24 | 41.97.138.74 | - | High
-25 | 45.32.211.207 | 45.32.211.207.vultr.com | Medium
-26 | 45.46.53.140 | cpe-45-46-53-140.maine.res.rr.com | High
-27 | 45.63.107.192 | 45.63.107.192.vultr.com | Medium
-28 | 45.67.231.247 | vm272927.pq.hosting | High
-29 | 45.77.115.208 | 45.77.115.208.vultr.com | Medium
-30 | 45.77.117.108 | 45.77.117.108.vultr.com | Medium
-31 | 45.77.215.141 | 45.77.215.141.vultr.com | Medium
-32 | 46.214.62.199 | 46-214-62-199.next-gen.ro | High
-33 | 47.22.148.6 | ool-2f169406.static.optonline.net | High
-34 | 47.24.47.218 | 047-024-047-218.res.spectrum.com | High
-35 | 47.153.115.154 | - | High
-36 | 47.196.192.184 | - | High
-37 | 49.207.105.25 | broadband.actcorp.in | High
-38 | 50.29.166.232 | 50.29.166.232.res-cmts.sth3.ptd.net | High
-39 | 50.104.68.223 | 50-104-68-223.prtg.in.frontiernet.net | High
-40 | 50.244.112.106 | 50-244-112-106-static.hfc.comcastbusiness.net | High
-41 | 59.90.246.200 | static.bb.chn.59.90.246.200.bsnl.in | High
-42 | 64.19.74.29 | primhall.com | High
-43 | 64.121.114.87 | 64-121-114-87.s597.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com | High
-44 | 65.100.174.]105 | - | High
-45 | 65.100.174.]106 | - | High
-46 | 65.100.174.]107 | - | High
-47 | 65.100.174.]108 | - | High
-48 | 65.100.174.]109 | - | High
-49 | 65.100.174.]111 | - | High
-50 | 66.26.160.37 | 066-026-160-037.inf.spectrum.com | High
-51 | 66.57.216.53 | rrcs-66-57-216-53.midsouth.biz.rr.com | High
-52 | 66.208.105.6 | 66-208-105-6.centex.net | High
-53 | 67.6.12.4 | 67-6-12-4.clma.centurylink.net | High
-54 | 67.8.103.21 | 67-8-103-21.res.bhn.net | High
-55 | ... | ... | ...
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [2.7.116.188](https://vuldb.com/?ip.2.7.116.188) | lfbn-lyo-1-277-188.w2-7.abo.wanadoo.fr | - | High
+2 | [2.50.47.97](https://vuldb.com/?ip.2.50.47.97) | - | - | High
+3 | [2.50.171.142](https://vuldb.com/?ip.2.50.171.142) | - | - | High
+4 | [2.51.240.61](https://vuldb.com/?ip.2.51.240.61) | - | - | High
+5 | [2.88.186.229](https://vuldb.com/?ip.2.88.186.229) | - | - | High
+6 | [5.12.111.213](https://vuldb.com/?ip.5.12.111.213) | 5-12-111-213.residential.rdsnet.ro | - | High
+7 | [5.12.243.211](https://vuldb.com/?ip.5.12.243.211) | 5-12-243-211.residential.rdsnet.ro | - | High
+8 | [5.13.74.26](https://vuldb.com/?ip.5.13.74.26) | 5-13-74-26.residential.rdsnet.ro | - | High
+9 | [5.13.84.186](https://vuldb.com/?ip.5.13.84.186) | 5-13-84-186.residential.rdsnet.ro | - | High
+10 | [5.15.81.52](https://vuldb.com/?ip.5.15.81.52) | 5-15-81-52.residential.rdsnet.ro | - | High
+11 | [5.193.61.212](https://vuldb.com/?ip.5.193.61.212) | - | - | High
+12 | [5.193.178.241](https://vuldb.com/?ip.5.193.178.241) | - | - | High
+13 | [12.5.37.3](https://vuldb.com/?ip.12.5.37.3) | - | - | High
+14 | [24.42.14.241](https://vuldb.com/?ip.24.42.14.241) | - | - | High
+15 | [24.43.22.221](https://vuldb.com/?ip.24.43.22.221) | rrcs-24-43-22-221.west.biz.rr.com | - | High
+16 | [24.55.112.61](https://vuldb.com/?ip.24.55.112.61) | dynamic.libertypr.net | - | High
+17 | [24.90.160.91](https://vuldb.com/?ip.24.90.160.91) | cpe-24-90-160-91.nyc.res.rr.com | - | High
+18 | [24.95.61.62](https://vuldb.com/?ip.24.95.61.62) | cpe-24-95-61-62.columbus.res.rr.com | - | High
+19 | [24.110.14.40](https://vuldb.com/?ip.24.110.14.40) | - | - | High
+20 | [24.110.96.149](https://vuldb.com/?ip.24.110.96.149) | - | - | High
+21 | [24.117.107.120](https://vuldb.com/?ip.24.117.107.120) | 24-117-107-120.cpe.sparklight.net | - | High
+22 | [24.139.72.117](https://vuldb.com/?ip.24.139.72.117) | - | - | High
+23 | [24.139.132.70](https://vuldb.com/?ip.24.139.132.70) | dynamic.libertypr.net | - | High
+24 | [24.152.219.253](https://vuldb.com/?ip.24.152.219.253) | 24.152.219.253.res-cmts.sm.ptd.net | - | High
+25 | [24.164.79.147](https://vuldb.com/?ip.24.164.79.147) | cpe-24-164-79-147.cinci.res.rr.com | - | High
+26 | [24.165.87.61](https://vuldb.com/?ip.24.165.87.61) | cpe-24-165-87-61.san.res.rr.com | - | High
+27 | [24.183.39.93](https://vuldb.com/?ip.24.183.39.93) | 024-183-039-093.res.spectrum.com | - | High
+28 | [24.202.42.48](https://vuldb.com/?ip.24.202.42.48) | modemcable048.42-202-24.mc.videotron.ca | - | High
+29 | [24.226.156.153](https://vuldb.com/?ip.24.226.156.153) | 24-226-156-153.resi.cgocable.ca | - | High
+30 | [24.229.150.54](https://vuldb.com/?ip.24.229.150.54) | 24.229.150.54.cmts-static.sm.ptd.net | - | High
+31 | [24.234.86.201](https://vuldb.com/?ip.24.234.86.201) | wsip-24-234-86-201.lv.lv.cox.net | - | High
+32 | [27.223.92.142](https://vuldb.com/?ip.27.223.92.142) | - | - | High
+33 | [35.142.12.163](https://vuldb.com/?ip.35.142.12.163) | 035-142-012-163.dhcp.bhn.net | - | High
+34 | [36.77.151.211](https://vuldb.com/?ip.36.77.151.211) | - | - | High
+35 | [37.156.243.67](https://vuldb.com/?ip.37.156.243.67) | - | - | High
+36 | [37.182.238.170](https://vuldb.com/?ip.37.182.238.170) | net-37-182-238-170.cust.vodafonedsl.it | - | High
+37 | [39.36.61.58](https://vuldb.com/?ip.39.36.61.58) | - | - | High
+38 | [41.34.91.90](https://vuldb.com/?ip.41.34.91.90) | host-41.34.91.90.tedata.net | - | High
+39 | [41.97.138.74](https://vuldb.com/?ip.41.97.138.74) | - | - | High
+40 | [41.225.231.43](https://vuldb.com/?ip.41.225.231.43) | - | - | High
+41 | [41.228.206.99](https://vuldb.com/?ip.41.228.206.99) | - | - | High
+42 | [45.32.211.207](https://vuldb.com/?ip.45.32.211.207) | 45.32.211.207.vultr.com | - | Medium
+43 | [45.45.51.182](https://vuldb.com/?ip.45.45.51.182) | modemcable182.51-45-45.mc.videotron.ca | - | High
+44 | [45.46.53.140](https://vuldb.com/?ip.45.46.53.140) | cpe-45-46-53-140.maine.res.rr.com | - | High
+45 | [45.63.107.192](https://vuldb.com/?ip.45.63.107.192) | 45.63.107.192.vultr.com | - | Medium
+46 | [45.67.231.247](https://vuldb.com/?ip.45.67.231.247) | vm272927.pq.hosting | - | High
+47 | [45.77.115.208](https://vuldb.com/?ip.45.77.115.208) | 45.77.115.208.vultr.com | - | Medium
+48 | [45.77.117.108](https://vuldb.com/?ip.45.77.117.108) | 45.77.117.108.vultr.com | - | Medium
+49 | [45.77.215.141](https://vuldb.com/?ip.45.77.215.141) | 45.77.215.141.vultr.com | - | Medium
+50 | [46.214.62.199](https://vuldb.com/?ip.46.214.62.199) | 46-214-62-199.next-gen.ro | - | High
+51 | [46.228.199.235](https://vuldb.com/?ip.46.228.199.235) | vps2231940.fastwebserver.de | - | High
+52 | [47.22.148.6](https://vuldb.com/?ip.47.22.148.6) | ool-2f169406.static.optonline.net | - | High
+53 | [47.24.47.218](https://vuldb.com/?ip.47.24.47.218) | 047-024-047-218.res.spectrum.com | - | High
+54 | [47.28.135.155](https://vuldb.com/?ip.47.28.135.155) | 047-028-135-155.res.spectrum.com | - | High
+55 | [47.138.200.85](https://vuldb.com/?ip.47.138.200.85) | - | - | High
+56 | [47.153.115.154](https://vuldb.com/?ip.47.153.115.154) | - | - | High
+57 | [47.180.66.10](https://vuldb.com/?ip.47.180.66.10) | static-47-180-66-10.lsan.ca.frontiernet.net | - | High
+58 | [47.196.192.184](https://vuldb.com/?ip.47.196.192.184) | - | - | High
+59 | [49.144.81.46](https://vuldb.com/?ip.49.144.81.46) | dsl.49.144.81.46.pldt.net | - | High
+60 | [49.191.4.245](https://vuldb.com/?ip.49.191.4.245) | n49-191-4-245.mrk1.qld.optusnet.com.au | - | High
+61 | [49.207.105.25](https://vuldb.com/?ip.49.207.105.25) | broadband.actcorp.in | - | High
+62 | [50.29.166.232](https://vuldb.com/?ip.50.29.166.232) | 50.29.166.232.res-cmts.sth3.ptd.net | - | High
+63 | [50.104.68.223](https://vuldb.com/?ip.50.104.68.223) | 50-104-68-223.prtg.in.frontiernet.net | - | High
+64 | [50.244.112.106](https://vuldb.com/?ip.50.244.112.106) | 50-244-112-106-static.hfc.comcastbusiness.net | - | High
+65 | [58.233.220.182](https://vuldb.com/?ip.58.233.220.182) | - | - | High
+66 | [59.90.246.200](https://vuldb.com/?ip.59.90.246.200) | static.bb.chn.59.90.246.200.bsnl.in | - | High
+67 | [59.124.10.133](https://vuldb.com/?ip.59.124.10.133) | 59-124-10-133.hinet-ip.hinet.net | - | High
+68 | [62.121.123.57](https://vuldb.com/?ip.62.121.123.57) | - | - | High
+69 | [64.19.74.29](https://vuldb.com/?ip.64.19.74.29) | primhall.com | - | High
+70 | [64.121.114.87](https://vuldb.com/?ip.64.121.114.87) | 64-121-114-87.s597.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com | - | High
+71 | [65.100.174.]105](https://vuldb.com/?ip.65.100.174.]105) | - | - | High
+72 | [65.100.174.]106](https://vuldb.com/?ip.65.100.174.]106) | - | - | High
+73 | [65.100.174.]107](https://vuldb.com/?ip.65.100.174.]107) | - | - | High
+74 | [65.100.174.]108](https://vuldb.com/?ip.65.100.174.]108) | - | - | High
+75 | [65.100.174.]109](https://vuldb.com/?ip.65.100.174.]109) | - | - | High
+76 | [65.100.174.]111](https://vuldb.com/?ip.65.100.174.]111) | - | - | High
+77 | [65.100.247.6](https://vuldb.com/?ip.65.100.247.6) | 65-100-247-6.slkc.qwest.net | - | High
+78 | ... | ... | ... | ...

-There are 214 more IOC items available. Please use our online service to access the data.
+There are 306 more IOC items available. Please use our online service to access the data.
+
+## TTP - Tactics, Techniques, Procedures
+
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techniques used by Qakbot. This data is unique as it uses our predictive model for actor profiling.
+
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+4 | ... | ... | ... | ...
+
+There are 9 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

-These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Qakbot. This data is unique as it uses our predictive model for actor profiling.
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Qakbot. This data is unique as it uses our predictive model for actor profiling.

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
-1 | File | `/admin/` | Low
-2 | Argument | `username/password` | High
-3 | Input Value | `'or''='` | Low
+1 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
+2 | File | `/(((a\2)|(a*)\g&lt/-1&gt/))*/` | High
+3 | File | `/+CSCOE+/logon.html` | High
+4 | File | `/alumni/admin/ajax.php?action=save_settings` | High
+5 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
+6 | File | `/auth/session` | High
+7 | File | `/cfg` | Low
+8 | File | `/cgi-bin/webproc` | High
+9 | File | `/config/getuser` | High
+10 | File | `/etc/passwd` | Medium
+11 | File | `/exponent_constants.php` | High
+12 | File | `/front/document.form.php` | High
+13 | File | `/ibi_apps/WFServlet.cfg` | High
+14 | File | `/log_download.cgi` | High
+15 | File | `/modx/manager/index.php` | High
+16 | File | `/proc/sysvipc/sem` | High
+17 | File | `/replication` | Medium
+18 | File | `/rest/collectors/1.0/template/custom` | High
+19 | File | `/RestAPI` | Medium
+20 | File | `/search.php` | Medium
+21 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
+22 | File | `/tmp` | Low
+23 | File | `/trigger` | Medium
+24 | File | `/uncpath/` | Medium
+25 | File | `/user/login/oauth` | High
+26 | File | `/usr/bin/pkexec` | High
+27 | File | `/usr/doc` | Medium
+28 | ... | ... | ...
+
+There are 237 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

-The following list contains external sources which discuss the actor and the associated activities:
+The following list contains _external sources_ which discuss the actor and the associated activities:

 * https://github.com/firehol/blocklist-ipsets/blob/master/bambenek_qakbot.ipset
 * https://pastebin.com/u/MalwareQuinn
+* https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/
 * https://tria.ge/210511-kvcz7vyfkx
 * https://twitter.com/Malwar3Ninja/status/1483514897266737154

 ## Literature

-The following articles explain our unique predictive cyber threat intelligence:
+The following _articles_ explain our unique predictive cyber threat intelligence:

 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
--- a/ShadowPad/README.md
+++ b/ShadowPad/README.md
@ -1,6 +1,6 @@
 # ShadowPad - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ShadowPad](https://vuldb.com/?actor.shadowpad). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ShadowPad](https://vuldb.com/?actor.shadowpad). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.shadowpad](https://vuldb.com/?actor.shadowpad)

@ -14,8 +14,8 @@ The following _campaigns_ are known and can be associated with ShadowPad:

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with ShadowPad:

-* US
-* CN
+* [US](https://vuldb.com/?country.us)
+* [CN](https://vuldb.com/?country.cn)

 ## IOC - Indicator of Compromise

@ -23,7 +23,7 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 207.148.98.61 | 207.148.98.61.vultr.com | ScatterBee | Medium
+1 | [207.148.98.61](https://vuldb.com/?ip.207.148.98.61) | 207.148.98.61.vultr.com | ScatterBee | Medium

 ## TTP - Tactics, Techniques, Procedures

--- a/Sofacy/README.md
+++ b/Sofacy/README.md
@ -1,56 +1,56 @@
 # Sofacy - Cyber Threat Intelligence

-The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sofacy](https://vuldb.com/?actor.sofacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sofacy](https://vuldb.com/?actor.sofacy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

-Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sofacy](https://vuldb.com/?actor.sofacy)
+_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.sofacy](https://vuldb.com/?actor.sofacy)

 ## Campaigns

-The following campaigns are known and can be associated with Sofacy:
+The following _campaigns_ are known and can be associated with Sofacy:

 * DealersChoice
 * Zebrocy

 ## Countries

-These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Sofacy:
+These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Sofacy:

-* US
-* TR
-* AR
+* [US](https://vuldb.com/?country.us)
+* [CH](https://vuldb.com/?country.ch)
+* [TR](https://vuldb.com/?country.tr)
 * ...

-There are 4 more country items available. Please use our online service to access the data.
+There are 5 more country items available. Please use our online service to access the data.

 ## IOC - Indicator of Compromise

-These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Sofacy.
+These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Sofacy.

-ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
-1 | 1.6.3.8 | - | High
-2 | 23.0.0.185 | a23-0-0-185.deploy.static.akamaitechnologies.com | High
-3 | 40.112.210.240 | - | High
-4 | ... | ... | ...
+ID | IP address | Hostname | Campaign | Confidence
+-- | ---------- | -------- | -------- | ----------
+1 | [1.6.3.8](https://vuldb.com/?ip.1.6.3.8) | - | - | High
+2 | [23.0.0.185](https://vuldb.com/?ip.23.0.0.185) | a23-0-0-185.deploy.static.akamaitechnologies.com | - | High
+3 | [40.112.210.240](https://vuldb.com/?ip.40.112.210.240) | - | - | High
+4 | ... | ... | ... | ...

 There are 11 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

-Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Sofacy. This data is unique as it uses our predictive model for actor profiling.
+_Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techniques used by Sofacy. This data is unique as it uses our predictive model for actor profiling.

-ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
-1 | T1059.007 | Cross Site Scripting | High
-2 | T1068 | Execution with Unnecessary Privileges | High
-3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
-4 | ... | ... | ...
+ID | Technique | Weakness | Description | Confidence
+-- | --------- | -------- | ----------- | ----------
+1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
+2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
+3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
+4 | ... | ... | ... | ...

-There are 3 more TTP items available. Please use our online service to access the data.
+There are 4 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

-These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Sofacy. This data is unique as it uses our predictive model for actor profiling.
+These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Sofacy. This data is unique as it uses our predictive model for actor profiling.

 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
@ -62,11 +62,11 @@ ID | Type | Indicator | Confidence
 6 | File | `actions/main.php` | High
 7 | ... | ... | ...

-There are 46 more IOA items available. Please use our online service to access the data.
+There are 50 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

-The following list contains external sources which discuss the actor and the associated activities:
+The following list contains _external sources_ which discuss the actor and the associated activities:

 * https://unit42.paloaltonetworks.com/unit42-sofacy-groups-parallel-attacks/
 * https://www.threatminer.org/report.php?q=%E2%80%98DealersChoice%E2%80%99isSofacy%E2%80%99sFlashPlayerExploitPlatform-PaloAltoNetworksBlog.pdf&y=2016
@ -76,7 +76,7 @@ The following list contains external sources which discuss the actor and the ass

 ## Literature

-The following articles explain our unique predictive cyber threat intelligence:
+The following _articles_ explain our unique predictive cyber threat intelligence:

 * [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
 * [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
--- a/TrickBot/README.md
+++ b/TrickBot/README.md
@ -1,15 +1,22 @@
 # TrickBot - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [TrickBot](https://vuldb.com/?actor.trickbot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [TrickBot](https://vuldb.com/?actor.trickbot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.trickbot](https://vuldb.com/?actor.trickbot)

+## Campaigns
+
+The following _campaigns_ are known and can be associated with TrickBot:
+
+* AnchorMail
+
 ## Countries

 These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TrickBot:

-* VN
-* CN
+* [VN](https://vuldb.com/?country.vn)
+* [CN](https://vuldb.com/?country.cn)
+* [US](https://vuldb.com/?country.us)

 ## IOC - Indicator of Compromise

@ -17,72 +24,72 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi

 ID | IP address | Hostname | Campaign | Confidence
 -- | ---------- | -------- | -------- | ----------
-1 | 5.1.81.68 | mx4.tarifvergleichbhv.net | - | High
-2 | 5.2.75.93 | - | - | High
-3 | 5.2.75.167 | coms.a9v34.com.cn | - | High
-4 | 5.39.47.22 | mail.dmgs.site | - | High
-5 | 5.59.205.32 | dhcp-32-205-59-5.metro86.ru | - | High
-6 | 5.133.179.108 | 5-133-179-108.freeucouponsnow.ru | - | High
-7 | 5.182.210.132 | - | - | High
-8 | 5.182.210.226 | - | - | High
-9 | 5.182.210.230 | - | - | High
-10 | 5.182.210.246 | - | - | High
-11 | 5.182.210.254 | n01-nlam.kdktech.com | - | High
-12 | 14.241.244.60 | - | - | High
-13 | 18.233.90.151 | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
-14 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
-15 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
-16 | 23.3.125.111 | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
-17 | 23.21.27.29 | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
-18 | 23.21.48.44 | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
-19 | 23.21.252.4 | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
-20 | 23.94.233.210 | 23-94-233-210-host.colocrossing.com | - | High
-21 | 23.96.30.229 | - | - | High
-22 | 23.160.192.125 | unknown.ip-xfer.net | - | High
-23 | 23.160.193.106 | unknown.ip-xfer.net | - | High
-24 | 24.162.214.166 | cpe-24-162-214-166.elp.res.rr.com | - | High
-25 | 27.72.107.215 | dynamic-adsl.viettel.vn | - | High
-26 | 34.117.59.81 | 81.59.117.34.bc.googleusercontent.com | - | Medium
-27 | 36.89.191.119 | - | - | High
-28 | 36.89.193.181 | - | - | High
-29 | 36.89.193.235 | - | - | High
-30 | 36.94.27.124 | - | - | High
-31 | 36.94.100.202 | - | - | High
-32 | 37.228.70.134 | - | - | High
-33 | 37.230.114.93 | admin1.fvds.ru | - | High
-34 | 37.230.114.248 | kosmolot.com | - | High
-35 | 37.230.115.133 | wdai.io | - | High
-36 | 37.230.115.138 | i2.com | - | High
-37 | 37.230.115.184 | 21922vdscom.com | - | High
-38 | 43.245.216.116 | - | - | High
-39 | 45.6.16.68 | - | - | High
-40 | 45.36.99.184 | cpe-45-36-99-184.triad.res.rr.com | - | High
-41 | 45.167.249.126 | - | - | High
-42 | 45.178.142.14 | - | - | High
-43 | 45.201.134.202 | - | - | High
-44 | 45.229.71.211 | static-45-229-71-211.extrememt.com.br | - | High
-45 | 45.234.248.154 | 45.-234.248-154.rev.voanet.br | - | High
-46 | 46.8.21.10 | 53980.web.hosting-russia.ru | - | High
-47 | 46.8.21.113 | 64403.web.hosting-russia.ru | - | High
-48 | 46.209.140.220 | - | - | High
-49 | 46.254.128.174 | 46.254.128.174.lanultra.net | - | High
-50 | 49.156.34.134 | - | - | High
-51 | 51.38.101.194 | - | - | High
-52 | 51.77.92.215 | - | - | High
-53 | 51.81.112.144 | - | - | High
-54 | 51.89.115.116 | tombe.nationfox.net | - | High
-55 | 52.0.197.231 | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
-56 | 52.20.197.7 | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
-57 | 52.204.109.97 | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
-58 | 54.39.106.25 | ns560342.ip-54-39-106.net | - | High
-59 | 54.221.253.252 | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
-60 | 60.51.47.65 | - | - | High
-61 | 62.64.9.237 | clients-62.64.9.237.misp.ru | - | High
-62 | 62.99.76.213 | 213.62-99-76.static.clientes.euskaltel.es | - | High
-63 | 62.109.2.172 | megamart24.ru | - | High
+1 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
+2 | [5.2.75.93](https://vuldb.com/?ip.5.2.75.93) | - | - | High
+3 | [5.2.75.167](https://vuldb.com/?ip.5.2.75.167) | coms.a9v34.com.cn | - | High
+4 | [5.39.47.22](https://vuldb.com/?ip.5.39.47.22) | mail.dmgs.site | - | High
+5 | [5.59.205.32](https://vuldb.com/?ip.5.59.205.32) | dhcp-32-205-59-5.metro86.ru | - | High
+6 | [5.133.179.108](https://vuldb.com/?ip.5.133.179.108) | 5-133-179-108.freeucouponsnow.ru | - | High
+7 | [5.182.210.132](https://vuldb.com/?ip.5.182.210.132) | - | - | High
+8 | [5.182.210.226](https://vuldb.com/?ip.5.182.210.226) | - | - | High
+9 | [5.182.210.230](https://vuldb.com/?ip.5.182.210.230) | - | - | High
+10 | [5.182.210.246](https://vuldb.com/?ip.5.182.210.246) | - | - | High
+11 | [5.182.210.254](https://vuldb.com/?ip.5.182.210.254) | n01-nlam.kdktech.com | - | High
+12 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
+13 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
+14 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
+15 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
+16 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
+17 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
+18 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
+19 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
+20 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
+21 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
+22 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
+23 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
+24 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
+25 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
+26 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
+27 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
+28 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
+29 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
+30 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
+31 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
+32 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
+33 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
+34 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
+35 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
+36 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
+37 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
+38 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
+39 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
+40 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
+41 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
+42 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
+43 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
+44 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
+45 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
+46 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
+47 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
+48 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
+49 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
+50 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
+51 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
+52 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
+53 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
+54 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
+55 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
+56 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
+57 | [52.204.109.97](https://vuldb.com/?ip.52.204.109.97) | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
+58 | [54.39.106.25](https://vuldb.com/?ip.54.39.106.25) | ns560342.ip-54-39-106.net | - | High
+59 | [54.221.253.252](https://vuldb.com/?ip.54.221.253.252) | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
+60 | [60.51.47.65](https://vuldb.com/?ip.60.51.47.65) | - | - | High
+61 | [62.64.9.237](https://vuldb.com/?ip.62.64.9.237) | clients-62.64.9.237.misp.ru | - | High
+62 | [62.99.76.213](https://vuldb.com/?ip.62.99.76.213) | 213.62-99-76.static.clientes.euskaltel.es | - | High
+63 | [62.109.2.172](https://vuldb.com/?ip.62.109.2.172) | megamart24.ru | - | High
 64 | ... | ... | ... | ...

-There are 251 more IOC items available. Please use our online service to access the data.
+There are 252 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -95,7 +102,7 @@ ID | Technique | Weakness | Description | Confidence
 3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
 4 | ... | ... | ... | ...

-There are 9 more TTP items available. Please use our online service to access the data.
+There are 8 more TTP items available. Please use our online service to access the data.

 ## IOA - Indicator of Attack

@ -104,27 +111,21 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
 ID | Type | Indicator | Confidence
 -- | ---- | --------- | ----------
 1 | File | `/admin.add` | Medium
-2 | File | `/admin/allergens/edit/1` | High
-3 | File | `/box_code_base.c` | High
+2 | File | `/admin.back` | Medium
+3 | File | `/admin/allergens/edit/1` | High
 4 | File | `/cgi-bin/logo_extra_upload.cgi` | High
 5 | File | `/core/admin/categories.php` | High
 6 | File | `/core/admin/comment.php` | High
-7 | File | `/data-service/users/` | High
+7 | File | `/etc/cobbler` | Medium
 8 | File | `/exponentcms/administration/configure_site` | High
-9 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
-10 | File | `/js/js-parser.c` | High
-11 | File | `/main?cmd=invalid_browser` | High
-12 | File | `/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users` | High
-13 | File | `/ms/cms/content/list.do` | High
-14 | File | `/northstar/Admin/changePassword.jsp` | High
-15 | File | `/northstar/Admin/login.jsp` | High
-16 | File | `/northstar/Common/NorthFileManager/fileManagerObjects.jsp` | High
-17 | File | `/northstar/filemanager/download.jsp` | High
-18 | File | `/ping.html` | Medium
-19 | File | `/secure/admin/RestoreDefaults.jspa` | High
-20 | ... | ... | ...
+9 | File | `/HandleEvent` | Medium
+10 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
+11 | File | `/js/js-parser.c` | High
+12 | File | `/main?cmd=invalid_browser` | High
+13 | File | `/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users` | High
+14 | ... | ... | ...

-There are 164 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 114 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -144,6 +145,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2021/11/threat-roundup-1105-1112.html
 * https://feodotracker.abuse.ch/downloads/ipblocklist.csv
 * https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/
+* https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/

 ## Literature

--- a/Zusy/README.md
+++ b/Zusy/README.md
@ -1,6 +1,6 @@
 # Zusy - Cyber Threat Intelligence

-These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Zusy](https://vuldb.com/?actor.zusy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
+These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Zusy](https://vuldb.com/?actor.zusy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.

 _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.zusy](https://vuldb.com/?actor.zusy)

@ -45,21 +45,23 @@ ID | IP address | Hostname | Campaign | Confidence
 22 | [36.249.67.210](https://vuldb.com/?ip.36.249.67.210) | - | - | High
 23 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
 24 | [38.110.100.64](https://vuldb.com/?ip.38.110.100.64) | - | - | High
-25 | [40.97.116.82](https://vuldb.com/?ip.40.97.116.82) | - | - | High
-26 | [40.97.153.146](https://vuldb.com/?ip.40.97.153.146) | - | - | High
-27 | [40.97.160.2](https://vuldb.com/?ip.40.97.160.2) | - | - | High
-28 | [40.97.164.146](https://vuldb.com/?ip.40.97.164.146) | - | - | High
-29 | [40.97.188.226](https://vuldb.com/?ip.40.97.188.226) | - | - | High
-30 | [41.57.156.203](https://vuldb.com/?ip.41.57.156.203) | - | - | High
-31 | [42.62.20.137](https://vuldb.com/?ip.42.62.20.137) | - | - | High
-32 | [43.252.159.63](https://vuldb.com/?ip.43.252.159.63) | ipv4-63-159-252.as55666.net | - | High
-33 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
-34 | [44.240.138.42](https://vuldb.com/?ip.44.240.138.42) | ec2-44-240-138-42.us-west-2.compute.amazonaws.com | - | Medium
-35 | [45.9.20.202](https://vuldb.com/?ip.45.9.20.202) | - | - | High
-36 | [45.144.225.236](https://vuldb.com/?ip.45.144.225.236) | - | - | High
-37 | ... | ... | ... | ...
+25 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
+26 | [40.97.116.82](https://vuldb.com/?ip.40.97.116.82) | - | - | High
+27 | [40.97.153.146](https://vuldb.com/?ip.40.97.153.146) | - | - | High
+28 | [40.97.160.2](https://vuldb.com/?ip.40.97.160.2) | - | - | High
+29 | [40.97.164.146](https://vuldb.com/?ip.40.97.164.146) | - | - | High
+30 | [40.97.188.226](https://vuldb.com/?ip.40.97.188.226) | - | - | High
+31 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
+32 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
+33 | [41.57.156.203](https://vuldb.com/?ip.41.57.156.203) | - | - | High
+34 | [42.62.20.137](https://vuldb.com/?ip.42.62.20.137) | - | - | High
+35 | [43.252.159.63](https://vuldb.com/?ip.43.252.159.63) | ipv4-63-159-252.as55666.net | - | High
+36 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
+37 | [44.240.138.42](https://vuldb.com/?ip.44.240.138.42) | ec2-44-240-138-42.us-west-2.compute.amazonaws.com | - | Medium
+38 | [45.9.20.202](https://vuldb.com/?ip.45.9.20.202) | - | - | High
+39 | ... | ... | ... | ...

-There are 146 more IOC items available. Please use our online service to access the data.
+There are 153 more IOC items available. Please use our online service to access the data.

 ## TTP - Tactics, Techniques, Procedures

@ -98,30 +100,30 @@ ID | Type | Indicator | Confidence
 16 | File | `/product_list.php` | High
 17 | File | `/public/plugins/` | High
 18 | File | `/SASWebReportStudio/logonAndRender.do` | High
-19 | File | `/secure/admin/ViewInstrumentation.jspa` | High
-20 | File | `/secure/QueryComponent!Default.jspa` | High
-21 | File | `/see_more_details.php` | High
-22 | File | `/uncpath/` | Medium
-23 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
-24 | File | `/WEB-INF/web.xml` | High
-25 | File | `/web/frames/` | Medium
-26 | File | `AccountManager.java` | High
-27 | File | `adclick.php` | Medium
-28 | File | `addentry.php` | Medium
-29 | File | `admin.cgi?action=upgrade` | High
-30 | File | `admin.php` | Medium
-31 | File | `admin/executar_login.php` | High
-32 | File | `admin/index.php?mode=tools&page=upload` | High
-33 | File | `admin/pageUploadCSV.php` | High
-34 | File | `admin/setting.php` | High
-35 | File | `AdminQuickAccessesController.php` | High
-36 | File | `ajax/aj_*.php` | High
-37 | File | `alipay/alipayapi.php` | High
-38 | File | `auth.inc.php` | Medium
-39 | File | `auth.py` | Low
+19 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
+20 | File | `/secure/admin/ViewInstrumentation.jspa` | High
+21 | File | `/secure/QueryComponent!Default.jspa` | High
+22 | File | `/see_more_details.php` | High
+23 | File | `/uncpath/` | Medium
+24 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
+25 | File | `/WEB-INF/web.xml` | High
+26 | File | `/web/frames/` | Medium
+27 | File | `AccountManager.java` | High
+28 | File | `adclick.php` | Medium
+29 | File | `addentry.php` | Medium
+30 | File | `admin.cgi?action=upgrade` | High
+31 | File | `admin.php` | Medium
+32 | File | `admin/executar_login.php` | High
+33 | File | `admin/index.php?mode=tools&page=upload` | High
+34 | File | `admin/pageUploadCSV.php` | High
+35 | File | `admin/setting.php` | High
+36 | File | `AdminQuickAccessesController.php` | High
+37 | File | `ajax/aj_*.php` | High
+38 | File | `alipay/alipayapi.php` | High
+39 | File | `auth.inc.php` | Medium
 40 | ... | ... | ...

-There are 343 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
+There are 344 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.

 ## References

@ -143,6 +145,7 @@ The following list contains _external sources_ which discuss the actor and the a
 * https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
 * https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
 * https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
+* https://blog.talosintelligence.com/2022/02/threat-roundup-0218-0225.html

 ## Literature