Update
This commit is contained in:
parent
6731678265
commit
3922dcb510
|
@ -1,6 +1,6 @@
|
|||
# 1937CN - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [1937CN](https://vuldb.com/?actor.1937cn). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [1937CN](https://vuldb.com/?actor.1937cn). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.1937cn](https://vuldb.com/?actor.1937cn)
|
||||
|
||||
|
@ -16,8 +16,8 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 1.3.30.3 | - | Rehashed RAT | High
|
||||
2 | 1.3.33.5 | - | Rehashed RAT | High
|
||||
1 | [1.3.30.3](https://vuldb.com/?ip.1.3.30.3) | - | Rehashed RAT | High
|
||||
2 | [1.3.33.5](https://vuldb.com/?ip.1.3.33.5) | - | Rehashed RAT | High
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,33 +1,33 @@
|
|||
# 9002 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [9002](https://vuldb.com/?actor.9002). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [9002](https://vuldb.com/?actor.9002). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.9002](https://vuldb.com/?actor.9002)
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.9002](https://vuldb.com/?actor.9002)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with 9002:
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with 9002:
|
||||
|
||||
* CN
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of 9002.
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of 9002.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 222.239.91.30 | - | High
|
||||
2 | 222.239.91.152 | - | High
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [222.239.91.30](https://vuldb.com/?ip.222.239.91.30) | - | - | High
|
||||
2 | [222.239.91.152](https://vuldb.com/?ip.222.239.91.152) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.threatminer.org/report.php?q=AttackDelivers%E2%80%989002%E2%80%99TrojanThroughGoogleDrive-PaloAltoNetworksBlogPaloAltoNetworksBlog.pdf&y=2016
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
|
101
APT10/README.md
101
APT10/README.md
|
@ -1,6 +1,6 @@
|
|||
# APT10 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT10](https://vuldb.com/?actor.apt10). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT10](https://vuldb.com/?actor.apt10). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.apt10](https://vuldb.com/?actor.apt10)
|
||||
|
||||
|
@ -9,15 +9,16 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
The following _campaigns_ are known and can be associated with APT10:
|
||||
|
||||
* A41APT
|
||||
* Cache Panda
|
||||
* Cloud Hopper
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT10:
|
||||
|
||||
* US
|
||||
* RU
|
||||
* DE
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
@ -28,32 +29,33 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 23.89.193.34 | - | Cloud Hopper | High
|
||||
2 | 23.110.64.147 | - | Cloud Hopper | High
|
||||
3 | 23.252.105.137 | 23.252.105.137.16clouds.com | Cloud Hopper | High
|
||||
4 | 27.102.66.67 | - | - | High
|
||||
5 | 27.102.115.249 | - | - | High
|
||||
6 | 27.102.127.75 | - | - | High
|
||||
7 | 27.102.127.80 | - | - | High
|
||||
8 | 27.102.128.157 | - | - | High
|
||||
9 | 31.184.197.215 | 31-184-197-215.static.x5x-noc.ru | Cloud Hopper | High
|
||||
10 | 31.184.197.227 | 31-184-197-227.static.x5x-noc.ru | Cloud Hopper | High
|
||||
11 | 31.184.198.23 | - | Cloud Hopper | High
|
||||
12 | 31.184.198.38 | - | Cloud Hopper | High
|
||||
13 | 37.187.7.74 | ns3372567.ip-37-187-7.eu | Cloud Hopper | High
|
||||
14 | 37.235.52.18 | 18.52.235.37.in-addr.arpa | Cloud Hopper | High
|
||||
15 | 38.72.112.45 | - | Cloud Hopper | High
|
||||
16 | 38.72.114.16 | - | Cloud Hopper | High
|
||||
17 | 38.72.115.9 | - | Cloud Hopper | High
|
||||
18 | 45.62.112.161 | 45.62.112.161.16clouds.com | Cloud Hopper | High
|
||||
19 | 45.138.157.83 | google.com.tm | A41APT | High
|
||||
20 | 46.108.39.134 | - | Cloud Hopper | High
|
||||
21 | 50.2.160.104 | - | Cloud Hopper | High
|
||||
22 | 52.74.71.131 | ec2-52-74-71-131.ap-southeast-1.compute.amazonaws.com | Cloud Hopper | Medium
|
||||
23 | 52.74.213.16 | ec2-52-74-213-16.ap-southeast-1.compute.amazonaws.com | Cloud Hopper | Medium
|
||||
24 | ... | ... | ... | ...
|
||||
1 | [23.89.193.34](https://vuldb.com/?ip.23.89.193.34) | - | Cloud Hopper | High
|
||||
2 | [23.110.64.147](https://vuldb.com/?ip.23.110.64.147) | - | Cloud Hopper | High
|
||||
3 | [23.224.75.91](https://vuldb.com/?ip.23.224.75.91) | - | Cache Panda | High
|
||||
4 | [23.224.75.93](https://vuldb.com/?ip.23.224.75.93) | - | Cache Panda | High
|
||||
5 | [23.252.105.137](https://vuldb.com/?ip.23.252.105.137) | 23.252.105.137.16clouds.com | Cloud Hopper | High
|
||||
6 | [27.102.66.67](https://vuldb.com/?ip.27.102.66.67) | - | - | High
|
||||
7 | [27.102.115.249](https://vuldb.com/?ip.27.102.115.249) | - | - | High
|
||||
8 | [27.102.127.75](https://vuldb.com/?ip.27.102.127.75) | - | - | High
|
||||
9 | [27.102.127.80](https://vuldb.com/?ip.27.102.127.80) | - | - | High
|
||||
10 | [27.102.128.157](https://vuldb.com/?ip.27.102.128.157) | - | - | High
|
||||
11 | [31.184.197.215](https://vuldb.com/?ip.31.184.197.215) | 31-184-197-215.static.x5x-noc.ru | Cloud Hopper | High
|
||||
12 | [31.184.197.227](https://vuldb.com/?ip.31.184.197.227) | 31-184-197-227.static.x5x-noc.ru | Cloud Hopper | High
|
||||
13 | [31.184.198.23](https://vuldb.com/?ip.31.184.198.23) | - | Cloud Hopper | High
|
||||
14 | [31.184.198.38](https://vuldb.com/?ip.31.184.198.38) | - | Cloud Hopper | High
|
||||
15 | [37.187.7.74](https://vuldb.com/?ip.37.187.7.74) | ns3372567.ip-37-187-7.eu | Cloud Hopper | High
|
||||
16 | [37.235.52.18](https://vuldb.com/?ip.37.235.52.18) | 18.52.235.37.in-addr.arpa | Cloud Hopper | High
|
||||
17 | [38.72.112.45](https://vuldb.com/?ip.38.72.112.45) | - | Cloud Hopper | High
|
||||
18 | [38.72.114.16](https://vuldb.com/?ip.38.72.114.16) | - | Cloud Hopper | High
|
||||
19 | [38.72.115.9](https://vuldb.com/?ip.38.72.115.9) | - | Cloud Hopper | High
|
||||
20 | [43.245.196.120](https://vuldb.com/?ip.43.245.196.120) | - | Cache Panda | High
|
||||
21 | [43.245.196.121](https://vuldb.com/?ip.43.245.196.121) | - | Cache Panda | High
|
||||
22 | [43.245.196.122](https://vuldb.com/?ip.43.245.196.122) | - | Cache Panda | High
|
||||
23 | [43.245.196.123](https://vuldb.com/?ip.43.245.196.123) | - | Cache Panda | High
|
||||
24 | [43.245.196.124](https://vuldb.com/?ip.43.245.196.124) | - | Cache Panda | High
|
||||
25 | ... | ... | ... | ...
|
||||
|
||||
There are 91 more IOC items available. Please use our online service to access the data.
|
||||
There are 98 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -86,28 +88,28 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/modules/profile/index.php` | High
|
||||
11 | File | `/out.php` | Medium
|
||||
12 | File | `/public/plugins/` | High
|
||||
13 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
14 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
15 | File | `/system/proxy` | High
|
||||
16 | File | `/tmp/phpglibccheck` | High
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `adclick.php` | Medium
|
||||
19 | File | `add.php` | Low
|
||||
20 | File | `addentry.php` | Medium
|
||||
21 | File | `addressbookprovider.php` | High
|
||||
22 | File | `admin/htaccess/bpsunlock.php` | High
|
||||
23 | File | `admin/pageUploadCSV.php` | High
|
||||
24 | File | `ajax_udf.php` | Medium
|
||||
25 | File | `application.js.php` | High
|
||||
26 | File | `apply.cgi` | Medium
|
||||
27 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
28 | File | `authenticate.c` | High
|
||||
29 | File | `Authenticate.class.php` | High
|
||||
30 | File | `base_maintenance.php` | High
|
||||
31 | File | `booking_details.php` | High
|
||||
13 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
14 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
15 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
16 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
17 | File | `/system/proxy` | High
|
||||
18 | File | `/tmp/phpglibccheck` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `adclick.php` | Medium
|
||||
21 | File | `add.php` | Low
|
||||
22 | File | `addentry.php` | Medium
|
||||
23 | File | `addressbookprovider.php` | High
|
||||
24 | File | `admin/pageUploadCSV.php` | High
|
||||
25 | File | `ajax_udf.php` | Medium
|
||||
26 | File | `application.js.php` | High
|
||||
27 | File | `apply.cgi` | Medium
|
||||
28 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
29 | File | `authenticate.c` | High
|
||||
30 | File | `Authenticate.class.php` | High
|
||||
31 | File | `base_maintenance.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 273 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -116,6 +118,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://github.com/janhenrikdotcom/iocs/blob/master/APT10/Operation%20Cloud%20Hopper%20-%20Indicators%20of%20Compromise%20v3.csv
|
||||
* https://github.com/PwCUK-CTO/OperationCloudHopper/blob/master/cloud-hopper-indicators-of-compromise-v3.csv
|
||||
* https://github.com/riduangan/APT10/blob/master/IOC
|
||||
* https://medium.com/cycraft/supply-chain-attack-targeting-taiwan-financial-sector-bae2f0962934
|
||||
* https://securelist.com/apt10-sophisticated-multi-layered-loader-ecipekac-discovered-in-a41apt-campaign/101519/
|
||||
* https://www.fireeye.com/blog/threat-research/2018/09/apt10-targeting-japanese-corporations-using-updated-ttps.html
|
||||
* https://www.threatminer.org/report.php?q=Accenture-Hogfish-Threat-Analysis.pdf&y=2018
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT41 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT41](https://vuldb.com/?actor.apt41). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT41](https://vuldb.com/?actor.apt41). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.apt41](https://vuldb.com/?actor.apt41)
|
||||
|
||||
|
@ -15,9 +15,9 @@ The following _campaigns_ are known and can be associated with APT41:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT41:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* RU
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
@ -28,21 +28,21 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 5.183.101.21 | bestofgy.co.uk | MoonBounce | High
|
||||
2 | 5.183.101.114 | - | MoonBounce | High
|
||||
3 | 5.183.103.122 | - | MoonBounce | High
|
||||
4 | 5.188.93.132 | gcorelabs.paris.vpn015 | MoonBounce | High
|
||||
5 | 5.188.108.22 | pol1.htjsq.com | MoonBounce | High
|
||||
6 | 5.188.108.228 | xc5.exclusivacondominios.com | MoonBounce | High
|
||||
7 | 5.189.222.33 | spain466.es | MoonBounce | High
|
||||
8 | 23.67.95.153 | a23-67-95-153.deploy.static.akamaitechnologies.com | - | High
|
||||
9 | 43.255.191.255 | - | - | High
|
||||
10 | 45.76.6.149 | 45.76.6.149.vultr.com | - | Medium
|
||||
11 | 45.76.75.219 | 45.76.75.219.vultr.com | - | Medium
|
||||
12 | 45.128.132.6 | - | MoonBounce | High
|
||||
13 | 45.128.135.15 | - | MoonBounce | High
|
||||
14 | 45.138.157.78 | srv1.fincantleri.co | - | High
|
||||
15 | 61.78.62.21 | - | - | High
|
||||
1 | [5.183.101.21](https://vuldb.com/?ip.5.183.101.21) | bestofgy.co.uk | MoonBounce | High
|
||||
2 | [5.183.101.114](https://vuldb.com/?ip.5.183.101.114) | - | MoonBounce | High
|
||||
3 | [5.183.103.122](https://vuldb.com/?ip.5.183.103.122) | - | MoonBounce | High
|
||||
4 | [5.188.93.132](https://vuldb.com/?ip.5.188.93.132) | gcorelabs.paris.vpn015 | MoonBounce | High
|
||||
5 | [5.188.108.22](https://vuldb.com/?ip.5.188.108.22) | pol1.htjsq.com | MoonBounce | High
|
||||
6 | [5.188.108.228](https://vuldb.com/?ip.5.188.108.228) | xc5.exclusivacondominios.com | MoonBounce | High
|
||||
7 | [5.189.222.33](https://vuldb.com/?ip.5.189.222.33) | spain466.es | MoonBounce | High
|
||||
8 | [23.67.95.153](https://vuldb.com/?ip.23.67.95.153) | a23-67-95-153.deploy.static.akamaitechnologies.com | - | High
|
||||
9 | [43.255.191.255](https://vuldb.com/?ip.43.255.191.255) | - | - | High
|
||||
10 | [45.76.6.149](https://vuldb.com/?ip.45.76.6.149) | 45.76.6.149.vultr.com | - | Medium
|
||||
11 | [45.76.75.219](https://vuldb.com/?ip.45.76.75.219) | 45.76.75.219.vultr.com | - | Medium
|
||||
12 | [45.128.132.6](https://vuldb.com/?ip.45.128.132.6) | - | MoonBounce | High
|
||||
13 | [45.128.135.15](https://vuldb.com/?ip.45.128.135.15) | - | MoonBounce | High
|
||||
14 | [45.138.157.78](https://vuldb.com/?ip.45.138.157.78) | srv1.fincantleri.co | - | High
|
||||
15 | [61.78.62.21](https://vuldb.com/?ip.61.78.62.21) | - | - | High
|
||||
16 | ... | ... | ... | ...
|
||||
|
||||
There are 60 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -80,19 +80,19 @@ ID | Type | Indicator | Confidence
|
|||
12 | File | `/public/plugins/` | High
|
||||
13 | File | `/replication` | Medium
|
||||
14 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
15 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
16 | File | `/start-stop` | Medium
|
||||
17 | File | `/tmp/app/.env` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/upload` | Low
|
||||
20 | File | `/usr/bin/pkexec` | High
|
||||
21 | File | `/WEB-INF/web.xml` | High
|
||||
22 | File | `/wp-admin/admin-ajax.php` | High
|
||||
23 | File | `/_next` | Low
|
||||
24 | File | `adclick.php` | Medium
|
||||
15 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
16 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
17 | File | `/start-stop` | Medium
|
||||
18 | File | `/tmp/app/.env` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/upload` | Low
|
||||
21 | File | `/usr/bin/pkexec` | High
|
||||
22 | File | `/WEB-INF/web.xml` | High
|
||||
23 | File | `/wp-admin/admin-ajax.php` | High
|
||||
24 | File | `/_next` | Low
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 213 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# FritzFrog - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FritzFrog](https://vuldb.com/?actor.fritzfrog). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FritzFrog](https://vuldb.com/?actor.fritzfrog). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fritzfrog](https://vuldb.com/?actor.fritzfrog)
|
||||
|
||||
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* ES
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,306 +21,306 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 1.6.80.1 | - | - | High
|
||||
2 | 1.12.223.203 | - | - | High
|
||||
3 | 1.12.243.168 | - | - | High
|
||||
4 | 1.14.95.58 | - | - | High
|
||||
5 | 1.14.166.163 | - | - | High
|
||||
6 | 1.14.226.88 | - | - | High
|
||||
7 | 1.14.253.207 | - | - | High
|
||||
8 | 1.116.55.237 | - | - | High
|
||||
9 | 1.116.206.188 | - | - | High
|
||||
10 | 1.117.3.72 | - | - | High
|
||||
11 | 1.117.16.119 | - | - | High
|
||||
12 | 1.117.58.108 | - | - | High
|
||||
13 | 1.117.160.142 | - | - | High
|
||||
14 | 1.117.229.94 | - | - | High
|
||||
15 | 1.165.115.76 | 1-165-115-76.dynamic-ip.hinet.net | - | High
|
||||
16 | 1.165.118.93 | 1-165-118-93.dynamic-ip.hinet.net | - | High
|
||||
17 | 1.165.143.43 | 1-165-143-43.dynamic-ip.hinet.net | - | High
|
||||
18 | 1.165.211.196 | 1-165-211-196.dynamic-ip.hinet.net | - | High
|
||||
19 | 1.192.94.61 | - | - | High
|
||||
20 | 1.220.98.197 | - | - | High
|
||||
21 | 2.58.113.123 | tube-hosting.de | - | High
|
||||
22 | 2.59.92.14 | - | - | High
|
||||
23 | 2.78.61.194 | 2-78-61-194.kcell.kz | - | High
|
||||
24 | 2.80.12.140 | bl19-12-140.dsl.telepac.pt | - | High
|
||||
25 | 2.227.254.144 | - | - | High
|
||||
26 | 3.0.206.162 | ec2-3-0-206-162.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
27 | 3.6.71.245 | ec2-3-6-71-245.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
28 | 3.9.188.69 | ec2-3-9-188-69.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
29 | 3.14.13.27 | ec2-3-14-13-27.us-east-2.compute.amazonaws.com | - | Medium
|
||||
30 | 3.14.153.3 | ec2-3-14-153-3.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | 3.17.11.48 | ec2-3-17-11-48.us-east-2.compute.amazonaws.com | - | Medium
|
||||
32 | 3.17.152.26 | ec2-3-17-152-26.us-east-2.compute.amazonaws.com | - | Medium
|
||||
33 | 3.17.188.16 | ec2-3-17-188-16.us-east-2.compute.amazonaws.com | - | Medium
|
||||
34 | 3.35.185.49 | ec2-3-35-185-49.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
35 | 3.38.209.200 | ec2-3-38-209-200.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
36 | 3.70.67.35 | ec2-3-70-67-35.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
37 | 3.82.227.46 | ec2-3-82-227-46.compute-1.amazonaws.com | - | Medium
|
||||
38 | 3.86.230.210 | ec2-3-86-230-210.compute-1.amazonaws.com | - | Medium
|
||||
39 | 3.88.203.1 | ec2-3-88-203-1.compute-1.amazonaws.com | - | Medium
|
||||
40 | 3.91.21.110 | ec2-3-91-21-110.compute-1.amazonaws.com | - | Medium
|
||||
41 | 3.112.16.145 | ec2-3-112-16-145.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
42 | 3.112.27.236 | ec2-3-112-27-236.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
43 | 3.112.52.252 | ec2-3-112-52-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
44 | 3.113.28.245 | ec2-3-113-28-245.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
45 | 3.115.18.133 | ec2-3-115-18-133.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
46 | 3.122.60.196 | ec2-3-122-60-196.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
47 | 3.127.114.41 | ec2-3-127-114-41.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
48 | 3.127.255.82 | ec2-3-127-255-82.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
49 | 3.133.59.250 | ec2-3-133-59-250.us-east-2.compute.amazonaws.com | - | Medium
|
||||
50 | 3.138.162.152 | ec2-3-138-162-152.us-east-2.compute.amazonaws.com | - | Medium
|
||||
51 | 3.219.216.198 | ec2-3-219-216-198.compute-1.amazonaws.com | - | Medium
|
||||
52 | 3.236.39.46 | ec2-3-236-39-46.compute-1.amazonaws.com | - | Medium
|
||||
53 | 3.236.44.195 | ec2-3-236-44-195.compute-1.amazonaws.com | - | Medium
|
||||
54 | 5.25.247.205 | - | - | High
|
||||
55 | 5.26.221.186 | - | - | High
|
||||
56 | 5.26.250.165 | - | - | High
|
||||
57 | 5.26.251.165 | - | - | High
|
||||
58 | 5.26.254.49 | - | - | High
|
||||
59 | 5.26.254.72 | - | - | High
|
||||
60 | 5.26.254.73 | - | - | High
|
||||
61 | 5.28.139.161 | - | - | High
|
||||
62 | 5.34.181.108 | unallocated.layer6.net | - | High
|
||||
63 | 5.34.181.109 | unallocated.layer6.net | - | High
|
||||
64 | 5.35.10.81 | - | - | High
|
||||
65 | 5.39.113.106 | ip106.ip-5-39-113.eu | - | High
|
||||
66 | 5.42.158.38 | - | - | High
|
||||
67 | 5.42.158.71 | - | - | High
|
||||
68 | 5.61.57.196 | - | - | High
|
||||
69 | 5.182.17.252 | vmi726193.contaboserver.net | - | High
|
||||
70 | 5.231.205.137 | certo-237-205-231-5.efeitocerto.com.br | - | High
|
||||
71 | 5.253.86.211 | - | - | High
|
||||
72 | 8.17.89.11 | 8-17-89-11.paxio.net | - | High
|
||||
73 | 8.208.89.230 | - | - | High
|
||||
74 | 8.215.31.94 | - | - | High
|
||||
75 | 8.218.100.52 | - | - | High
|
||||
76 | 12.36.229.193 | - | - | High
|
||||
77 | 12.160.25.98 | - | - | High
|
||||
78 | 12.173.254.230 | - | - | High
|
||||
79 | 12.176.121.170 | - | - | High
|
||||
80 | 12.222.12.26 | - | - | High
|
||||
81 | 12.234.91.165 | - | - | High
|
||||
82 | 13.37.158.253 | ec2-13-37-158-253.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
83 | 13.52.74.242 | ec2-13-52-74-242.us-west-1.compute.amazonaws.com | - | Medium
|
||||
84 | 13.53.127.223 | ec2-13-53-127-223.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
85 | 13.53.149.216 | ec2-13-53-149-216.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
86 | 13.57.226.95 | ec2-13-57-226-95.us-west-1.compute.amazonaws.com | - | Medium
|
||||
87 | 13.59.13.98 | ec2-13-59-13-98.us-east-2.compute.amazonaws.com | - | Medium
|
||||
88 | 13.59.67.195 | ec2-13-59-67-195.us-east-2.compute.amazonaws.com | - | Medium
|
||||
89 | 13.72.247.133 | - | - | High
|
||||
90 | 13.77.163.87 | - | - | High
|
||||
91 | 13.78.143.45 | - | - | High
|
||||
92 | 13.79.246.35 | - | - | High
|
||||
93 | 13.80.144.47 | - | - | High
|
||||
94 | 13.80.148.182 | - | - | High
|
||||
95 | 13.90.45.216 | - | - | High
|
||||
96 | 13.92.247.241 | - | - | High
|
||||
97 | 13.113.129.210 | ec2-13-113-129-210.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
98 | 13.114.10.152 | ec2-13-114-10-152.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
99 | 13.124.214.6 | ec2-13-124-214-6.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
100 | 13.124.217.127 | ec2-13-124-217-127.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
101 | 13.126.18.196 | ec2-13-126-18-196.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
102 | 13.126.244.38 | ec2-13-126-244-38.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
103 | 13.209.39.176 | ec2-13-209-39-176.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
104 | 13.211.180.165 | ec2-13-211-180-165.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
105 | 13.211.234.149 | ec2-13-211-234-149.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
106 | 13.232.213.134 | ec2-13-232-213-134.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
107 | 13.233.60.246 | ec2-13-233-60-246.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
108 | 13.233.98.125 | ec2-13-233-98-125.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
109 | 13.234.76.179 | ec2-13-234-76-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
110 | 13.235.82.69 | ec2-13-235-82-69.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
111 | 13.235.253.205 | ec2-13-235-253-205.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
112 | 13.238.218.177 | ec2-13-238-218-177.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
113 | 13.251.26.201 | ec2-13-251-26-201.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
114 | 13.251.89.210 | ec2-13-251-89-210.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
115 | 13.251.166.37 | ec2-13-251-166-37.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
116 | 14.37.111.114 | - | - | High
|
||||
117 | 14.43.135.243 | - | - | High
|
||||
118 | 14.46.100.84 | - | - | High
|
||||
119 | 14.54.245.109 | - | - | High
|
||||
120 | 14.54.245.220 | - | - | High
|
||||
121 | 14.118.208.75 | - | - | High
|
||||
122 | 14.118.208.86 | - | - | High
|
||||
123 | 14.118.211.158 | - | - | High
|
||||
124 | 14.139.122.146 | - | - | High
|
||||
125 | 15.206.70.23 | ec2-15-206-70-23.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
126 | 15.235.13.210 | ns5009092.ip-15-235-13.net | - | High
|
||||
127 | 15.235.13.211 | ns5009085.ip-15-235-13.net | - | High
|
||||
128 | 15.235.30.194 | ip194.ip-15-235-30.net | - | High
|
||||
129 | 18.27.197.252 | - | - | High
|
||||
130 | 18.130.29.105 | ec2-18-130-29-105.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
131 | 18.136.203.250 | ec2-18-136-203-250.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
132 | 18.138.238.88 | ec2-18-138-238-88.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
133 | 18.141.93.110 | ec2-18-141-93-110.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
134 | 18.142.77.220 | ec2-18-142-77-220.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
135 | 18.162.109.213 | ec2-18-162-109-213.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
136 | 18.162.120.237 | ec2-18-162-120-237.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
137 | 18.162.123.240 | ec2-18-162-123-240.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
138 | 18.162.200.166 | ec2-18-162-200-166.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
139 | 18.182.6.172 | ec2-18-182-6-172.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
140 | 18.191.113.196 | ec2-18-191-113-196.us-east-2.compute.amazonaws.com | - | Medium
|
||||
141 | 18.202.242.7 | ec2-18-202-242-7.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
142 | 18.204.247.146 | ec2-18-204-247-146.compute-1.amazonaws.com | - | Medium
|
||||
143 | 18.208.7.231 | ec2-18-208-7-231.compute-1.amazonaws.com | - | Medium
|
||||
144 | 18.212.26.134 | ec2-18-212-26-134.compute-1.amazonaws.com | - | Medium
|
||||
145 | 18.218.135.210 | ec2-18-218-135-210.us-east-2.compute.amazonaws.com | - | Medium
|
||||
146 | 18.219.191.219 | ec2-18-219-191-219.us-east-2.compute.amazonaws.com | - | Medium
|
||||
147 | 18.220.148.98 | ec2-18-220-148-98.us-east-2.compute.amazonaws.com | - | Medium
|
||||
148 | 18.222.214.151 | ec2-18-222-214-151.us-east-2.compute.amazonaws.com | - | Medium
|
||||
149 | 18.228.44.254 | ec2-18-228-44-254.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
150 | 18.231.36.105 | ec2-18-231-36-105.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
151 | 18.231.122.117 | ec2-18-231-122-117.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
152 | 18.231.178.172 | ec2-18-231-178-172.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
153 | 20.39.226.165 | - | - | High
|
||||
154 | 20.39.240.101 | - | - | High
|
||||
155 | 20.49.51.59 | - | - | High
|
||||
156 | 20.69.176.137 | - | - | High
|
||||
157 | 20.126.58.208 | - | - | High
|
||||
158 | 20.127.105.82 | - | - | High
|
||||
159 | 20.141.185.205 | - | - | High
|
||||
160 | 20.195.193.241 | - | - | High
|
||||
161 | 20.205.0.49 | - | - | High
|
||||
162 | 23.92.25.109 | 23-92-25-109.ip.linodeusercontent.com | - | High
|
||||
163 | 23.94.56.185 | 23-94-56-185-host.colocrossing.com | - | High
|
||||
164 | 23.100.81.44 | - | - | High
|
||||
165 | 23.148.146.118 | - | - | High
|
||||
166 | 23.148.146.122 | - | - | High
|
||||
167 | 23.234.197.173 | 173-197-234-23-dedicated.multacom.com | - | High
|
||||
168 | 23.234.209.234 | host-23-234-209-234-by.multacom.com | - | High
|
||||
169 | 23.237.228.74 | - | - | High
|
||||
170 | 23.237.228.90 | - | - | High
|
||||
171 | 23.254.217.214 | hwsrv-905596.hostwindsdns.com | - | High
|
||||
172 | 24.8.141.118 | c-24-8-141-118.hsd1.co.comcast.net | - | High
|
||||
173 | 24.65.42.248 | - | - | High
|
||||
174 | 24.152.38.22 | - | - | High
|
||||
175 | 24.152.38.152 | - | - | High
|
||||
176 | 24.158.63.182 | 024-158-063-182.biz.spectrum.com | - | High
|
||||
177 | 24.213.210.198 | rrcs-24-213-210-198.nys.biz.rr.com | - | High
|
||||
178 | 27.16.238.184 | - | - | High
|
||||
179 | 27.54.170.52 | - | - | High
|
||||
180 | 27.129.128.235 | - | - | High
|
||||
181 | 27.158.196.219 | 219.196.158.27.broad.zz.fj.dynamic.163data.com.cn | - | High
|
||||
182 | 27.191.107.92 | - | - | High
|
||||
183 | 31.15.241.181 | cpe-31-15-241-181.cable.telemach.net | - | High
|
||||
184 | 31.19.126.157 | ip1f137e9d.dynamic.kabel-deutschland.de | - | High
|
||||
185 | 31.19.237.46 | ip1f13ed2e.dynamic.kabel-deutschland.de | - | High
|
||||
186 | 31.19.237.170 | ip1f13edaa.dynamic.kabel-deutschland.de | - | High
|
||||
187 | 31.169.25.190 | - | - | High
|
||||
188 | 31.206.240.54 | - | - | High
|
||||
189 | 34.80.27.207 | 207.27.80.34.bc.googleusercontent.com | - | Medium
|
||||
190 | 34.80.39.155 | 155.39.80.34.bc.googleusercontent.com | - | Medium
|
||||
191 | 34.84.213.136 | 136.213.84.34.bc.googleusercontent.com | - | Medium
|
||||
192 | 34.92.90.235 | 235.90.92.34.bc.googleusercontent.com | - | Medium
|
||||
193 | 34.125.101.168 | 168.101.125.34.bc.googleusercontent.com | - | Medium
|
||||
194 | 34.130.214.198 | 198.214.130.34.bc.googleusercontent.com | - | Medium
|
||||
195 | 34.209.193.171 | ec2-34-209-193-171.us-west-2.compute.amazonaws.com | - | Medium
|
||||
196 | 34.218.227.40 | ec2-34-218-227-40.us-west-2.compute.amazonaws.com | - | Medium
|
||||
197 | 34.220.197.12 | ec2-34-220-197-12.us-west-2.compute.amazonaws.com | - | Medium
|
||||
198 | 34.228.43.200 | ec2-34-228-43-200.compute-1.amazonaws.com | - | Medium
|
||||
199 | 34.238.28.208 | ec2-34-238-28-208.compute-1.amazonaws.com | - | Medium
|
||||
200 | 34.239.121.245 | ec2-34-239-121-245.compute-1.amazonaws.com | - | Medium
|
||||
201 | 35.84.195.246 | ec2-35-84-195-246.us-west-2.compute.amazonaws.com | - | Medium
|
||||
202 | 35.154.250.210 | ec2-35-154-250-210.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
203 | 35.176.154.160 | ec2-35-176-154-160.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
204 | 35.178.109.174 | ec2-35-178-109-174.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
205 | 35.181.9.94 | ec2-35-181-9-94.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
206 | 35.182.238.155 | ec2-35-182-238-155.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
207 | 35.183.109.60 | ec2-35-183-109-60.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
208 | 35.192.122.245 | 245.122.192.35.bc.googleusercontent.com | - | Medium
|
||||
209 | 35.194.155.97 | 97.155.194.35.bc.googleusercontent.com | - | Medium
|
||||
210 | 35.229.239.179 | 179.239.229.35.bc.googleusercontent.com | - | Medium
|
||||
211 | 36.22.249.39 | - | - | High
|
||||
212 | 36.92.125.163 | - | - | High
|
||||
213 | 36.137.217.5 | - | - | High
|
||||
214 | 37.25.54.162 | - | - | High
|
||||
215 | 37.44.244.231 | - | - | High
|
||||
216 | 37.97.206.223 | 37-97-206-223.colo.transip.net | - | High
|
||||
217 | 37.156.28.213 | 213.mobinnet.net | - | High
|
||||
218 | 37.182.153.172 | - | - | High
|
||||
219 | 37.186.217.20 | 37-186-217-20.ip270.fastwebnet.it | - | High
|
||||
220 | 37.187.148.130 | ns345129.ip-37-187-148.eu | - | High
|
||||
221 | 37.230.137.180 | ds1-client.elegacy.ru | - | High
|
||||
222 | 39.86.114.252 | - | - | High
|
||||
223 | 39.105.123.135 | - | - | High
|
||||
224 | 39.106.111.11 | - | - | High
|
||||
225 | 40.77.57.4 | - | - | High
|
||||
226 | 41.193.68.46 | mail.udwc.co.za | - | High
|
||||
227 | 41.226.18.128 | - | - | High
|
||||
228 | 41.231.127.5 | - | - | High
|
||||
229 | 42.192.82.25 | - | - | High
|
||||
230 | 42.192.141.133 | - | - | High
|
||||
231 | 42.192.155.41 | - | - | High
|
||||
232 | 42.192.157.181 | - | - | High
|
||||
233 | 42.193.55.4 | - | - | High
|
||||
234 | 42.193.252.69 | - | - | High
|
||||
235 | 42.194.187.28 | - | - | High
|
||||
236 | 43.129.181.67 | - | - | High
|
||||
237 | 43.129.253.181 | - | - | High
|
||||
238 | 43.132.208.88 | - | - | High
|
||||
239 | 43.136.128.67 | - | - | High
|
||||
240 | 43.154.20.234 | - | - | High
|
||||
241 | 43.242.247.139 | - | - | High
|
||||
242 | 43.249.206.97 | - | - | High
|
||||
243 | 44.201.98.58 | ec2-44-201-98-58.compute-1.amazonaws.com | - | Medium
|
||||
244 | 45.6.96.34 | - | - | High
|
||||
245 | 45.22.199.195 | 45-22-199-195.lightspeed.sndgca.sbcglobal.net | - | High
|
||||
246 | 45.32.122.40 | 45.32.122.40.vultr.com | - | Medium
|
||||
247 | 45.32.128.117 | 45.32.128.117.vultr.com | - | Medium
|
||||
248 | 45.84.196.108 | - | - | High
|
||||
249 | 45.87.207.8 | - | - | High
|
||||
250 | 45.119.86.214 | - | - | High
|
||||
251 | 45.131.1.72 | ip.serverscity.net | - | High
|
||||
252 | 45.137.181.238 | - | - | High
|
||||
253 | 45.138.157.66 | vm326778.pq.hosting | - | High
|
||||
254 | 45.140.164.177 | - | - | High
|
||||
255 | 45.142.122.107 | merry-coach.aeza.network | - | High
|
||||
256 | 45.142.122.169 | dirty-magic.aeza.network | - | High
|
||||
257 | 45.143.136.213 | andreybaksalyar.example.com | - | High
|
||||
258 | 45.153.229.238 | vm346100.pq.hosting | - | High
|
||||
259 | 45.154.215.172 | - | - | High
|
||||
260 | 45.182.118.100 | - | - | High
|
||||
261 | 45.222.204.98 | - | - | High
|
||||
262 | 45.229.34.30 | - | - | High
|
||||
263 | 45.231.132.133 | generated-loan.cursorspec.com | - | High
|
||||
264 | 45.238.23.157 | - | - | High
|
||||
265 | 45.249.92.58 | - | - | High
|
||||
266 | 46.3.142.226 | - | - | High
|
||||
267 | 46.3.197.32 | - | - | High
|
||||
268 | 46.3.199.4 | - | - | High
|
||||
269 | 46.3.199.5 | - | - | High
|
||||
270 | 46.37.77.214 | 214.red.77.37.46.procono.es | - | High
|
||||
271 | 46.80.25.30 | p2e50191e.dip0.t-ipconnect.de | - | High
|
||||
272 | 46.97.44.18 | - | - | High
|
||||
273 | 46.101.2.179 | - | - | High
|
||||
274 | 46.101.18.240 | - | - | High
|
||||
275 | 46.109.34.247 | - | - | High
|
||||
276 | 46.148.227.125 | cd16.micsotmaster.art | - | High
|
||||
277 | 46.210.111.163 | - | - | High
|
||||
278 | 46.217.167.96 | - | - | High
|
||||
279 | 46.219.116.22 | - | - | High
|
||||
280 | 46.223.163.220 | ip-046-223-163-220.um13.pools.vodafone-ip.de | - | High
|
||||
281 | 47.16.155.222 | ool-2f109bde.dyn.optonline.net | - | High
|
||||
282 | 47.19.20.130 | - | - | High
|
||||
283 | 47.37.138.79 | 047-037-138-079.res.spectrum.com | - | High
|
||||
284 | 47.74.65.36 | - | - | High
|
||||
285 | 47.88.244.157 | - | - | High
|
||||
286 | 47.91.87.67 | - | - | High
|
||||
287 | 47.100.108.185 | - | - | High
|
||||
288 | 47.100.139.58 | - | - | High
|
||||
289 | 47.106.180.166 | - | - | High
|
||||
290 | 47.240.81.242 | - | - | High
|
||||
291 | 47.243.181.71 | - | - | High
|
||||
292 | 47.243.181.238 | - | - | High
|
||||
293 | 47.245.14.45 | - | - | High
|
||||
294 | 49.7.132.22 | - | - | High
|
||||
295 | 49.50.106.73 | - | - | High
|
||||
296 | 49.69.36.214 | - | - | High
|
||||
297 | 49.204.124.253 | broadband.actcorp.in | - | High
|
||||
298 | 49.232.80.64 | - | - | High
|
||||
299 | 49.232.104.199 | - | - | High
|
||||
300 | 49.232.122.130 | - | - | High
|
||||
1 | [1.6.80.1](https://vuldb.com/?ip.1.6.80.1) | - | - | High
|
||||
2 | [1.12.223.203](https://vuldb.com/?ip.1.12.223.203) | - | - | High
|
||||
3 | [1.12.243.168](https://vuldb.com/?ip.1.12.243.168) | - | - | High
|
||||
4 | [1.14.95.58](https://vuldb.com/?ip.1.14.95.58) | - | - | High
|
||||
5 | [1.14.166.163](https://vuldb.com/?ip.1.14.166.163) | - | - | High
|
||||
6 | [1.14.226.88](https://vuldb.com/?ip.1.14.226.88) | - | - | High
|
||||
7 | [1.14.253.207](https://vuldb.com/?ip.1.14.253.207) | - | - | High
|
||||
8 | [1.116.55.237](https://vuldb.com/?ip.1.116.55.237) | - | - | High
|
||||
9 | [1.116.206.188](https://vuldb.com/?ip.1.116.206.188) | - | - | High
|
||||
10 | [1.117.3.72](https://vuldb.com/?ip.1.117.3.72) | - | - | High
|
||||
11 | [1.117.16.119](https://vuldb.com/?ip.1.117.16.119) | - | - | High
|
||||
12 | [1.117.58.108](https://vuldb.com/?ip.1.117.58.108) | - | - | High
|
||||
13 | [1.117.160.142](https://vuldb.com/?ip.1.117.160.142) | - | - | High
|
||||
14 | [1.117.229.94](https://vuldb.com/?ip.1.117.229.94) | - | - | High
|
||||
15 | [1.165.115.76](https://vuldb.com/?ip.1.165.115.76) | 1-165-115-76.dynamic-ip.hinet.net | - | High
|
||||
16 | [1.165.118.93](https://vuldb.com/?ip.1.165.118.93) | 1-165-118-93.dynamic-ip.hinet.net | - | High
|
||||
17 | [1.165.143.43](https://vuldb.com/?ip.1.165.143.43) | 1-165-143-43.dynamic-ip.hinet.net | - | High
|
||||
18 | [1.165.211.196](https://vuldb.com/?ip.1.165.211.196) | 1-165-211-196.dynamic-ip.hinet.net | - | High
|
||||
19 | [1.192.94.61](https://vuldb.com/?ip.1.192.94.61) | - | - | High
|
||||
20 | [1.220.98.197](https://vuldb.com/?ip.1.220.98.197) | - | - | High
|
||||
21 | [2.58.113.123](https://vuldb.com/?ip.2.58.113.123) | tube-hosting.de | - | High
|
||||
22 | [2.59.92.14](https://vuldb.com/?ip.2.59.92.14) | - | - | High
|
||||
23 | [2.78.61.194](https://vuldb.com/?ip.2.78.61.194) | 2-78-61-194.kcell.kz | - | High
|
||||
24 | [2.80.12.140](https://vuldb.com/?ip.2.80.12.140) | bl19-12-140.dsl.telepac.pt | - | High
|
||||
25 | [2.227.254.144](https://vuldb.com/?ip.2.227.254.144) | - | - | High
|
||||
26 | [3.0.206.162](https://vuldb.com/?ip.3.0.206.162) | ec2-3-0-206-162.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
27 | [3.6.71.245](https://vuldb.com/?ip.3.6.71.245) | ec2-3-6-71-245.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
28 | [3.9.188.69](https://vuldb.com/?ip.3.9.188.69) | ec2-3-9-188-69.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
29 | [3.14.13.27](https://vuldb.com/?ip.3.14.13.27) | ec2-3-14-13-27.us-east-2.compute.amazonaws.com | - | Medium
|
||||
30 | [3.14.153.3](https://vuldb.com/?ip.3.14.153.3) | ec2-3-14-153-3.us-east-2.compute.amazonaws.com | - | Medium
|
||||
31 | [3.17.11.48](https://vuldb.com/?ip.3.17.11.48) | ec2-3-17-11-48.us-east-2.compute.amazonaws.com | - | Medium
|
||||
32 | [3.17.152.26](https://vuldb.com/?ip.3.17.152.26) | ec2-3-17-152-26.us-east-2.compute.amazonaws.com | - | Medium
|
||||
33 | [3.17.188.16](https://vuldb.com/?ip.3.17.188.16) | ec2-3-17-188-16.us-east-2.compute.amazonaws.com | - | Medium
|
||||
34 | [3.35.185.49](https://vuldb.com/?ip.3.35.185.49) | ec2-3-35-185-49.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
35 | [3.38.209.200](https://vuldb.com/?ip.3.38.209.200) | ec2-3-38-209-200.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
36 | [3.70.67.35](https://vuldb.com/?ip.3.70.67.35) | ec2-3-70-67-35.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
37 | [3.82.227.46](https://vuldb.com/?ip.3.82.227.46) | ec2-3-82-227-46.compute-1.amazonaws.com | - | Medium
|
||||
38 | [3.86.230.210](https://vuldb.com/?ip.3.86.230.210) | ec2-3-86-230-210.compute-1.amazonaws.com | - | Medium
|
||||
39 | [3.88.203.1](https://vuldb.com/?ip.3.88.203.1) | ec2-3-88-203-1.compute-1.amazonaws.com | - | Medium
|
||||
40 | [3.91.21.110](https://vuldb.com/?ip.3.91.21.110) | ec2-3-91-21-110.compute-1.amazonaws.com | - | Medium
|
||||
41 | [3.112.16.145](https://vuldb.com/?ip.3.112.16.145) | ec2-3-112-16-145.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
42 | [3.112.27.236](https://vuldb.com/?ip.3.112.27.236) | ec2-3-112-27-236.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
43 | [3.112.52.252](https://vuldb.com/?ip.3.112.52.252) | ec2-3-112-52-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
44 | [3.113.28.245](https://vuldb.com/?ip.3.113.28.245) | ec2-3-113-28-245.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
45 | [3.115.18.133](https://vuldb.com/?ip.3.115.18.133) | ec2-3-115-18-133.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
46 | [3.122.60.196](https://vuldb.com/?ip.3.122.60.196) | ec2-3-122-60-196.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
47 | [3.127.114.41](https://vuldb.com/?ip.3.127.114.41) | ec2-3-127-114-41.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
48 | [3.127.255.82](https://vuldb.com/?ip.3.127.255.82) | ec2-3-127-255-82.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
49 | [3.133.59.250](https://vuldb.com/?ip.3.133.59.250) | ec2-3-133-59-250.us-east-2.compute.amazonaws.com | - | Medium
|
||||
50 | [3.138.162.152](https://vuldb.com/?ip.3.138.162.152) | ec2-3-138-162-152.us-east-2.compute.amazonaws.com | - | Medium
|
||||
51 | [3.219.216.198](https://vuldb.com/?ip.3.219.216.198) | ec2-3-219-216-198.compute-1.amazonaws.com | - | Medium
|
||||
52 | [3.236.39.46](https://vuldb.com/?ip.3.236.39.46) | ec2-3-236-39-46.compute-1.amazonaws.com | - | Medium
|
||||
53 | [3.236.44.195](https://vuldb.com/?ip.3.236.44.195) | ec2-3-236-44-195.compute-1.amazonaws.com | - | Medium
|
||||
54 | [5.25.247.205](https://vuldb.com/?ip.5.25.247.205) | - | - | High
|
||||
55 | [5.26.221.186](https://vuldb.com/?ip.5.26.221.186) | - | - | High
|
||||
56 | [5.26.250.165](https://vuldb.com/?ip.5.26.250.165) | - | - | High
|
||||
57 | [5.26.251.165](https://vuldb.com/?ip.5.26.251.165) | - | - | High
|
||||
58 | [5.26.254.49](https://vuldb.com/?ip.5.26.254.49) | - | - | High
|
||||
59 | [5.26.254.72](https://vuldb.com/?ip.5.26.254.72) | - | - | High
|
||||
60 | [5.26.254.73](https://vuldb.com/?ip.5.26.254.73) | - | - | High
|
||||
61 | [5.28.139.161](https://vuldb.com/?ip.5.28.139.161) | - | - | High
|
||||
62 | [5.34.181.108](https://vuldb.com/?ip.5.34.181.108) | unallocated.layer6.net | - | High
|
||||
63 | [5.34.181.109](https://vuldb.com/?ip.5.34.181.109) | unallocated.layer6.net | - | High
|
||||
64 | [5.35.10.81](https://vuldb.com/?ip.5.35.10.81) | - | - | High
|
||||
65 | [5.39.113.106](https://vuldb.com/?ip.5.39.113.106) | ip106.ip-5-39-113.eu | - | High
|
||||
66 | [5.42.158.38](https://vuldb.com/?ip.5.42.158.38) | - | - | High
|
||||
67 | [5.42.158.71](https://vuldb.com/?ip.5.42.158.71) | - | - | High
|
||||
68 | [5.61.57.196](https://vuldb.com/?ip.5.61.57.196) | - | - | High
|
||||
69 | [5.182.17.252](https://vuldb.com/?ip.5.182.17.252) | vmi726193.contaboserver.net | - | High
|
||||
70 | [5.231.205.137](https://vuldb.com/?ip.5.231.205.137) | certo-237-205-231-5.efeitocerto.com.br | - | High
|
||||
71 | [5.253.86.211](https://vuldb.com/?ip.5.253.86.211) | - | - | High
|
||||
72 | [8.17.89.11](https://vuldb.com/?ip.8.17.89.11) | 8-17-89-11.paxio.net | - | High
|
||||
73 | [8.208.89.230](https://vuldb.com/?ip.8.208.89.230) | - | - | High
|
||||
74 | [8.215.31.94](https://vuldb.com/?ip.8.215.31.94) | - | - | High
|
||||
75 | [8.218.100.52](https://vuldb.com/?ip.8.218.100.52) | - | - | High
|
||||
76 | [12.36.229.193](https://vuldb.com/?ip.12.36.229.193) | - | - | High
|
||||
77 | [12.160.25.98](https://vuldb.com/?ip.12.160.25.98) | - | - | High
|
||||
78 | [12.173.254.230](https://vuldb.com/?ip.12.173.254.230) | - | - | High
|
||||
79 | [12.176.121.170](https://vuldb.com/?ip.12.176.121.170) | - | - | High
|
||||
80 | [12.222.12.26](https://vuldb.com/?ip.12.222.12.26) | - | - | High
|
||||
81 | [12.234.91.165](https://vuldb.com/?ip.12.234.91.165) | - | - | High
|
||||
82 | [13.37.158.253](https://vuldb.com/?ip.13.37.158.253) | ec2-13-37-158-253.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
83 | [13.52.74.242](https://vuldb.com/?ip.13.52.74.242) | ec2-13-52-74-242.us-west-1.compute.amazonaws.com | - | Medium
|
||||
84 | [13.53.127.223](https://vuldb.com/?ip.13.53.127.223) | ec2-13-53-127-223.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
85 | [13.53.149.216](https://vuldb.com/?ip.13.53.149.216) | ec2-13-53-149-216.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
86 | [13.57.226.95](https://vuldb.com/?ip.13.57.226.95) | ec2-13-57-226-95.us-west-1.compute.amazonaws.com | - | Medium
|
||||
87 | [13.59.13.98](https://vuldb.com/?ip.13.59.13.98) | ec2-13-59-13-98.us-east-2.compute.amazonaws.com | - | Medium
|
||||
88 | [13.59.67.195](https://vuldb.com/?ip.13.59.67.195) | ec2-13-59-67-195.us-east-2.compute.amazonaws.com | - | Medium
|
||||
89 | [13.72.247.133](https://vuldb.com/?ip.13.72.247.133) | - | - | High
|
||||
90 | [13.77.163.87](https://vuldb.com/?ip.13.77.163.87) | - | - | High
|
||||
91 | [13.78.143.45](https://vuldb.com/?ip.13.78.143.45) | - | - | High
|
||||
92 | [13.79.246.35](https://vuldb.com/?ip.13.79.246.35) | - | - | High
|
||||
93 | [13.80.144.47](https://vuldb.com/?ip.13.80.144.47) | - | - | High
|
||||
94 | [13.80.148.182](https://vuldb.com/?ip.13.80.148.182) | - | - | High
|
||||
95 | [13.90.45.216](https://vuldb.com/?ip.13.90.45.216) | - | - | High
|
||||
96 | [13.92.247.241](https://vuldb.com/?ip.13.92.247.241) | - | - | High
|
||||
97 | [13.113.129.210](https://vuldb.com/?ip.13.113.129.210) | ec2-13-113-129-210.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
98 | [13.114.10.152](https://vuldb.com/?ip.13.114.10.152) | ec2-13-114-10-152.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
99 | [13.124.214.6](https://vuldb.com/?ip.13.124.214.6) | ec2-13-124-214-6.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
100 | [13.124.217.127](https://vuldb.com/?ip.13.124.217.127) | ec2-13-124-217-127.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
101 | [13.126.18.196](https://vuldb.com/?ip.13.126.18.196) | ec2-13-126-18-196.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
102 | [13.126.244.38](https://vuldb.com/?ip.13.126.244.38) | ec2-13-126-244-38.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
103 | [13.209.39.176](https://vuldb.com/?ip.13.209.39.176) | ec2-13-209-39-176.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
104 | [13.211.180.165](https://vuldb.com/?ip.13.211.180.165) | ec2-13-211-180-165.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
105 | [13.211.234.149](https://vuldb.com/?ip.13.211.234.149) | ec2-13-211-234-149.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
106 | [13.232.213.134](https://vuldb.com/?ip.13.232.213.134) | ec2-13-232-213-134.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
107 | [13.233.60.246](https://vuldb.com/?ip.13.233.60.246) | ec2-13-233-60-246.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
108 | [13.233.98.125](https://vuldb.com/?ip.13.233.98.125) | ec2-13-233-98-125.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
109 | [13.234.76.179](https://vuldb.com/?ip.13.234.76.179) | ec2-13-234-76-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
110 | [13.235.82.69](https://vuldb.com/?ip.13.235.82.69) | ec2-13-235-82-69.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
111 | [13.235.253.205](https://vuldb.com/?ip.13.235.253.205) | ec2-13-235-253-205.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
112 | [13.238.218.177](https://vuldb.com/?ip.13.238.218.177) | ec2-13-238-218-177.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
113 | [13.251.26.201](https://vuldb.com/?ip.13.251.26.201) | ec2-13-251-26-201.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
114 | [13.251.89.210](https://vuldb.com/?ip.13.251.89.210) | ec2-13-251-89-210.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
115 | [13.251.166.37](https://vuldb.com/?ip.13.251.166.37) | ec2-13-251-166-37.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
116 | [14.37.111.114](https://vuldb.com/?ip.14.37.111.114) | - | - | High
|
||||
117 | [14.43.135.243](https://vuldb.com/?ip.14.43.135.243) | - | - | High
|
||||
118 | [14.46.100.84](https://vuldb.com/?ip.14.46.100.84) | - | - | High
|
||||
119 | [14.54.245.109](https://vuldb.com/?ip.14.54.245.109) | - | - | High
|
||||
120 | [14.54.245.220](https://vuldb.com/?ip.14.54.245.220) | - | - | High
|
||||
121 | [14.118.208.75](https://vuldb.com/?ip.14.118.208.75) | - | - | High
|
||||
122 | [14.118.208.86](https://vuldb.com/?ip.14.118.208.86) | - | - | High
|
||||
123 | [14.118.211.158](https://vuldb.com/?ip.14.118.211.158) | - | - | High
|
||||
124 | [14.139.122.146](https://vuldb.com/?ip.14.139.122.146) | - | - | High
|
||||
125 | [15.206.70.23](https://vuldb.com/?ip.15.206.70.23) | ec2-15-206-70-23.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
126 | [15.235.13.210](https://vuldb.com/?ip.15.235.13.210) | ns5009092.ip-15-235-13.net | - | High
|
||||
127 | [15.235.13.211](https://vuldb.com/?ip.15.235.13.211) | ns5009085.ip-15-235-13.net | - | High
|
||||
128 | [15.235.30.194](https://vuldb.com/?ip.15.235.30.194) | ip194.ip-15-235-30.net | - | High
|
||||
129 | [18.27.197.252](https://vuldb.com/?ip.18.27.197.252) | - | - | High
|
||||
130 | [18.130.29.105](https://vuldb.com/?ip.18.130.29.105) | ec2-18-130-29-105.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
131 | [18.136.203.250](https://vuldb.com/?ip.18.136.203.250) | ec2-18-136-203-250.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
132 | [18.138.238.88](https://vuldb.com/?ip.18.138.238.88) | ec2-18-138-238-88.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
133 | [18.141.93.110](https://vuldb.com/?ip.18.141.93.110) | ec2-18-141-93-110.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
134 | [18.142.77.220](https://vuldb.com/?ip.18.142.77.220) | ec2-18-142-77-220.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
135 | [18.162.109.213](https://vuldb.com/?ip.18.162.109.213) | ec2-18-162-109-213.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
136 | [18.162.120.237](https://vuldb.com/?ip.18.162.120.237) | ec2-18-162-120-237.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
137 | [18.162.123.240](https://vuldb.com/?ip.18.162.123.240) | ec2-18-162-123-240.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
138 | [18.162.200.166](https://vuldb.com/?ip.18.162.200.166) | ec2-18-162-200-166.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
139 | [18.182.6.172](https://vuldb.com/?ip.18.182.6.172) | ec2-18-182-6-172.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
140 | [18.191.113.196](https://vuldb.com/?ip.18.191.113.196) | ec2-18-191-113-196.us-east-2.compute.amazonaws.com | - | Medium
|
||||
141 | [18.202.242.7](https://vuldb.com/?ip.18.202.242.7) | ec2-18-202-242-7.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
142 | [18.204.247.146](https://vuldb.com/?ip.18.204.247.146) | ec2-18-204-247-146.compute-1.amazonaws.com | - | Medium
|
||||
143 | [18.208.7.231](https://vuldb.com/?ip.18.208.7.231) | ec2-18-208-7-231.compute-1.amazonaws.com | - | Medium
|
||||
144 | [18.212.26.134](https://vuldb.com/?ip.18.212.26.134) | ec2-18-212-26-134.compute-1.amazonaws.com | - | Medium
|
||||
145 | [18.218.135.210](https://vuldb.com/?ip.18.218.135.210) | ec2-18-218-135-210.us-east-2.compute.amazonaws.com | - | Medium
|
||||
146 | [18.219.191.219](https://vuldb.com/?ip.18.219.191.219) | ec2-18-219-191-219.us-east-2.compute.amazonaws.com | - | Medium
|
||||
147 | [18.220.148.98](https://vuldb.com/?ip.18.220.148.98) | ec2-18-220-148-98.us-east-2.compute.amazonaws.com | - | Medium
|
||||
148 | [18.222.214.151](https://vuldb.com/?ip.18.222.214.151) | ec2-18-222-214-151.us-east-2.compute.amazonaws.com | - | Medium
|
||||
149 | [18.228.44.254](https://vuldb.com/?ip.18.228.44.254) | ec2-18-228-44-254.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
150 | [18.231.36.105](https://vuldb.com/?ip.18.231.36.105) | ec2-18-231-36-105.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
151 | [18.231.122.117](https://vuldb.com/?ip.18.231.122.117) | ec2-18-231-122-117.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
152 | [18.231.178.172](https://vuldb.com/?ip.18.231.178.172) | ec2-18-231-178-172.sa-east-1.compute.amazonaws.com | - | Medium
|
||||
153 | [20.39.226.165](https://vuldb.com/?ip.20.39.226.165) | - | - | High
|
||||
154 | [20.39.240.101](https://vuldb.com/?ip.20.39.240.101) | - | - | High
|
||||
155 | [20.49.51.59](https://vuldb.com/?ip.20.49.51.59) | - | - | High
|
||||
156 | [20.69.176.137](https://vuldb.com/?ip.20.69.176.137) | - | - | High
|
||||
157 | [20.126.58.208](https://vuldb.com/?ip.20.126.58.208) | - | - | High
|
||||
158 | [20.127.105.82](https://vuldb.com/?ip.20.127.105.82) | - | - | High
|
||||
159 | [20.141.185.205](https://vuldb.com/?ip.20.141.185.205) | - | - | High
|
||||
160 | [20.195.193.241](https://vuldb.com/?ip.20.195.193.241) | - | - | High
|
||||
161 | [20.205.0.49](https://vuldb.com/?ip.20.205.0.49) | - | - | High
|
||||
162 | [23.92.25.109](https://vuldb.com/?ip.23.92.25.109) | 23-92-25-109.ip.linodeusercontent.com | - | High
|
||||
163 | [23.94.56.185](https://vuldb.com/?ip.23.94.56.185) | 23-94-56-185-host.colocrossing.com | - | High
|
||||
164 | [23.100.81.44](https://vuldb.com/?ip.23.100.81.44) | - | - | High
|
||||
165 | [23.148.146.118](https://vuldb.com/?ip.23.148.146.118) | - | - | High
|
||||
166 | [23.148.146.122](https://vuldb.com/?ip.23.148.146.122) | - | - | High
|
||||
167 | [23.234.197.173](https://vuldb.com/?ip.23.234.197.173) | 173-197-234-23-dedicated.multacom.com | - | High
|
||||
168 | [23.234.209.234](https://vuldb.com/?ip.23.234.209.234) | host-23-234-209-234-by.multacom.com | - | High
|
||||
169 | [23.237.228.74](https://vuldb.com/?ip.23.237.228.74) | - | - | High
|
||||
170 | [23.237.228.90](https://vuldb.com/?ip.23.237.228.90) | - | - | High
|
||||
171 | [23.254.217.214](https://vuldb.com/?ip.23.254.217.214) | hwsrv-905596.hostwindsdns.com | - | High
|
||||
172 | [24.8.141.118](https://vuldb.com/?ip.24.8.141.118) | c-24-8-141-118.hsd1.co.comcast.net | - | High
|
||||
173 | [24.65.42.248](https://vuldb.com/?ip.24.65.42.248) | - | - | High
|
||||
174 | [24.152.38.22](https://vuldb.com/?ip.24.152.38.22) | - | - | High
|
||||
175 | [24.152.38.152](https://vuldb.com/?ip.24.152.38.152) | - | - | High
|
||||
176 | [24.158.63.182](https://vuldb.com/?ip.24.158.63.182) | 024-158-063-182.biz.spectrum.com | - | High
|
||||
177 | [24.213.210.198](https://vuldb.com/?ip.24.213.210.198) | rrcs-24-213-210-198.nys.biz.rr.com | - | High
|
||||
178 | [27.16.238.184](https://vuldb.com/?ip.27.16.238.184) | - | - | High
|
||||
179 | [27.54.170.52](https://vuldb.com/?ip.27.54.170.52) | - | - | High
|
||||
180 | [27.129.128.235](https://vuldb.com/?ip.27.129.128.235) | - | - | High
|
||||
181 | [27.158.196.219](https://vuldb.com/?ip.27.158.196.219) | 219.196.158.27.broad.zz.fj.dynamic.163data.com.cn | - | High
|
||||
182 | [27.191.107.92](https://vuldb.com/?ip.27.191.107.92) | - | - | High
|
||||
183 | [31.15.241.181](https://vuldb.com/?ip.31.15.241.181) | cpe-31-15-241-181.cable.telemach.net | - | High
|
||||
184 | [31.19.126.157](https://vuldb.com/?ip.31.19.126.157) | ip1f137e9d.dynamic.kabel-deutschland.de | - | High
|
||||
185 | [31.19.237.46](https://vuldb.com/?ip.31.19.237.46) | ip1f13ed2e.dynamic.kabel-deutschland.de | - | High
|
||||
186 | [31.19.237.170](https://vuldb.com/?ip.31.19.237.170) | ip1f13edaa.dynamic.kabel-deutschland.de | - | High
|
||||
187 | [31.169.25.190](https://vuldb.com/?ip.31.169.25.190) | - | - | High
|
||||
188 | [31.206.240.54](https://vuldb.com/?ip.31.206.240.54) | - | - | High
|
||||
189 | [34.80.27.207](https://vuldb.com/?ip.34.80.27.207) | 207.27.80.34.bc.googleusercontent.com | - | Medium
|
||||
190 | [34.80.39.155](https://vuldb.com/?ip.34.80.39.155) | 155.39.80.34.bc.googleusercontent.com | - | Medium
|
||||
191 | [34.84.213.136](https://vuldb.com/?ip.34.84.213.136) | 136.213.84.34.bc.googleusercontent.com | - | Medium
|
||||
192 | [34.92.90.235](https://vuldb.com/?ip.34.92.90.235) | 235.90.92.34.bc.googleusercontent.com | - | Medium
|
||||
193 | [34.125.101.168](https://vuldb.com/?ip.34.125.101.168) | 168.101.125.34.bc.googleusercontent.com | - | Medium
|
||||
194 | [34.130.214.198](https://vuldb.com/?ip.34.130.214.198) | 198.214.130.34.bc.googleusercontent.com | - | Medium
|
||||
195 | [34.209.193.171](https://vuldb.com/?ip.34.209.193.171) | ec2-34-209-193-171.us-west-2.compute.amazonaws.com | - | Medium
|
||||
196 | [34.218.227.40](https://vuldb.com/?ip.34.218.227.40) | ec2-34-218-227-40.us-west-2.compute.amazonaws.com | - | Medium
|
||||
197 | [34.220.197.12](https://vuldb.com/?ip.34.220.197.12) | ec2-34-220-197-12.us-west-2.compute.amazonaws.com | - | Medium
|
||||
198 | [34.228.43.200](https://vuldb.com/?ip.34.228.43.200) | ec2-34-228-43-200.compute-1.amazonaws.com | - | Medium
|
||||
199 | [34.238.28.208](https://vuldb.com/?ip.34.238.28.208) | ec2-34-238-28-208.compute-1.amazonaws.com | - | Medium
|
||||
200 | [34.239.121.245](https://vuldb.com/?ip.34.239.121.245) | ec2-34-239-121-245.compute-1.amazonaws.com | - | Medium
|
||||
201 | [35.84.195.246](https://vuldb.com/?ip.35.84.195.246) | ec2-35-84-195-246.us-west-2.compute.amazonaws.com | - | Medium
|
||||
202 | [35.154.250.210](https://vuldb.com/?ip.35.154.250.210) | ec2-35-154-250-210.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
203 | [35.176.154.160](https://vuldb.com/?ip.35.176.154.160) | ec2-35-176-154-160.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
204 | [35.178.109.174](https://vuldb.com/?ip.35.178.109.174) | ec2-35-178-109-174.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
205 | [35.181.9.94](https://vuldb.com/?ip.35.181.9.94) | ec2-35-181-9-94.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
206 | [35.182.238.155](https://vuldb.com/?ip.35.182.238.155) | ec2-35-182-238-155.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
207 | [35.183.109.60](https://vuldb.com/?ip.35.183.109.60) | ec2-35-183-109-60.ca-central-1.compute.amazonaws.com | - | Medium
|
||||
208 | [35.192.122.245](https://vuldb.com/?ip.35.192.122.245) | 245.122.192.35.bc.googleusercontent.com | - | Medium
|
||||
209 | [35.194.155.97](https://vuldb.com/?ip.35.194.155.97) | 97.155.194.35.bc.googleusercontent.com | - | Medium
|
||||
210 | [35.229.239.179](https://vuldb.com/?ip.35.229.239.179) | 179.239.229.35.bc.googleusercontent.com | - | Medium
|
||||
211 | [36.22.249.39](https://vuldb.com/?ip.36.22.249.39) | - | - | High
|
||||
212 | [36.92.125.163](https://vuldb.com/?ip.36.92.125.163) | - | - | High
|
||||
213 | [36.137.217.5](https://vuldb.com/?ip.36.137.217.5) | - | - | High
|
||||
214 | [37.25.54.162](https://vuldb.com/?ip.37.25.54.162) | - | - | High
|
||||
215 | [37.44.244.231](https://vuldb.com/?ip.37.44.244.231) | - | - | High
|
||||
216 | [37.97.206.223](https://vuldb.com/?ip.37.97.206.223) | 37-97-206-223.colo.transip.net | - | High
|
||||
217 | [37.156.28.213](https://vuldb.com/?ip.37.156.28.213) | 213.mobinnet.net | - | High
|
||||
218 | [37.182.153.172](https://vuldb.com/?ip.37.182.153.172) | - | - | High
|
||||
219 | [37.186.217.20](https://vuldb.com/?ip.37.186.217.20) | 37-186-217-20.ip270.fastwebnet.it | - | High
|
||||
220 | [37.187.148.130](https://vuldb.com/?ip.37.187.148.130) | ns345129.ip-37-187-148.eu | - | High
|
||||
221 | [37.230.137.180](https://vuldb.com/?ip.37.230.137.180) | ds1-client.elegacy.ru | - | High
|
||||
222 | [39.86.114.252](https://vuldb.com/?ip.39.86.114.252) | - | - | High
|
||||
223 | [39.105.123.135](https://vuldb.com/?ip.39.105.123.135) | - | - | High
|
||||
224 | [39.106.111.11](https://vuldb.com/?ip.39.106.111.11) | - | - | High
|
||||
225 | [40.77.57.4](https://vuldb.com/?ip.40.77.57.4) | - | - | High
|
||||
226 | [41.193.68.46](https://vuldb.com/?ip.41.193.68.46) | mail.udwc.co.za | - | High
|
||||
227 | [41.226.18.128](https://vuldb.com/?ip.41.226.18.128) | - | - | High
|
||||
228 | [41.231.127.5](https://vuldb.com/?ip.41.231.127.5) | - | - | High
|
||||
229 | [42.192.82.25](https://vuldb.com/?ip.42.192.82.25) | - | - | High
|
||||
230 | [42.192.141.133](https://vuldb.com/?ip.42.192.141.133) | - | - | High
|
||||
231 | [42.192.155.41](https://vuldb.com/?ip.42.192.155.41) | - | - | High
|
||||
232 | [42.192.157.181](https://vuldb.com/?ip.42.192.157.181) | - | - | High
|
||||
233 | [42.193.55.4](https://vuldb.com/?ip.42.193.55.4) | - | - | High
|
||||
234 | [42.193.252.69](https://vuldb.com/?ip.42.193.252.69) | - | - | High
|
||||
235 | [42.194.187.28](https://vuldb.com/?ip.42.194.187.28) | - | - | High
|
||||
236 | [43.129.181.67](https://vuldb.com/?ip.43.129.181.67) | - | - | High
|
||||
237 | [43.129.253.181](https://vuldb.com/?ip.43.129.253.181) | - | - | High
|
||||
238 | [43.132.208.88](https://vuldb.com/?ip.43.132.208.88) | - | - | High
|
||||
239 | [43.136.128.67](https://vuldb.com/?ip.43.136.128.67) | - | - | High
|
||||
240 | [43.154.20.234](https://vuldb.com/?ip.43.154.20.234) | - | - | High
|
||||
241 | [43.242.247.139](https://vuldb.com/?ip.43.242.247.139) | - | - | High
|
||||
242 | [43.249.206.97](https://vuldb.com/?ip.43.249.206.97) | - | - | High
|
||||
243 | [44.201.98.58](https://vuldb.com/?ip.44.201.98.58) | ec2-44-201-98-58.compute-1.amazonaws.com | - | Medium
|
||||
244 | [45.6.96.34](https://vuldb.com/?ip.45.6.96.34) | - | - | High
|
||||
245 | [45.22.199.195](https://vuldb.com/?ip.45.22.199.195) | 45-22-199-195.lightspeed.sndgca.sbcglobal.net | - | High
|
||||
246 | [45.32.122.40](https://vuldb.com/?ip.45.32.122.40) | 45.32.122.40.vultr.com | - | Medium
|
||||
247 | [45.32.128.117](https://vuldb.com/?ip.45.32.128.117) | 45.32.128.117.vultr.com | - | Medium
|
||||
248 | [45.84.196.108](https://vuldb.com/?ip.45.84.196.108) | - | - | High
|
||||
249 | [45.87.207.8](https://vuldb.com/?ip.45.87.207.8) | - | - | High
|
||||
250 | [45.119.86.214](https://vuldb.com/?ip.45.119.86.214) | - | - | High
|
||||
251 | [45.131.1.72](https://vuldb.com/?ip.45.131.1.72) | ip.serverscity.net | - | High
|
||||
252 | [45.137.181.238](https://vuldb.com/?ip.45.137.181.238) | - | - | High
|
||||
253 | [45.138.157.66](https://vuldb.com/?ip.45.138.157.66) | vm326778.pq.hosting | - | High
|
||||
254 | [45.140.164.177](https://vuldb.com/?ip.45.140.164.177) | - | - | High
|
||||
255 | [45.142.122.107](https://vuldb.com/?ip.45.142.122.107) | merry-coach.aeza.network | - | High
|
||||
256 | [45.142.122.169](https://vuldb.com/?ip.45.142.122.169) | dirty-magic.aeza.network | - | High
|
||||
257 | [45.143.136.213](https://vuldb.com/?ip.45.143.136.213) | andreybaksalyar.example.com | - | High
|
||||
258 | [45.153.229.238](https://vuldb.com/?ip.45.153.229.238) | vm346100.pq.hosting | - | High
|
||||
259 | [45.154.215.172](https://vuldb.com/?ip.45.154.215.172) | - | - | High
|
||||
260 | [45.182.118.100](https://vuldb.com/?ip.45.182.118.100) | - | - | High
|
||||
261 | [45.222.204.98](https://vuldb.com/?ip.45.222.204.98) | - | - | High
|
||||
262 | [45.229.34.30](https://vuldb.com/?ip.45.229.34.30) | - | - | High
|
||||
263 | [45.231.132.133](https://vuldb.com/?ip.45.231.132.133) | generated-loan.cursorspec.com | - | High
|
||||
264 | [45.238.23.157](https://vuldb.com/?ip.45.238.23.157) | - | - | High
|
||||
265 | [45.249.92.58](https://vuldb.com/?ip.45.249.92.58) | - | - | High
|
||||
266 | [46.3.142.226](https://vuldb.com/?ip.46.3.142.226) | - | - | High
|
||||
267 | [46.3.197.32](https://vuldb.com/?ip.46.3.197.32) | - | - | High
|
||||
268 | [46.3.199.4](https://vuldb.com/?ip.46.3.199.4) | - | - | High
|
||||
269 | [46.3.199.5](https://vuldb.com/?ip.46.3.199.5) | - | - | High
|
||||
270 | [46.37.77.214](https://vuldb.com/?ip.46.37.77.214) | 214.red.77.37.46.procono.es | - | High
|
||||
271 | [46.80.25.30](https://vuldb.com/?ip.46.80.25.30) | p2e50191e.dip0.t-ipconnect.de | - | High
|
||||
272 | [46.97.44.18](https://vuldb.com/?ip.46.97.44.18) | - | - | High
|
||||
273 | [46.101.2.179](https://vuldb.com/?ip.46.101.2.179) | - | - | High
|
||||
274 | [46.101.18.240](https://vuldb.com/?ip.46.101.18.240) | - | - | High
|
||||
275 | [46.109.34.247](https://vuldb.com/?ip.46.109.34.247) | - | - | High
|
||||
276 | [46.148.227.125](https://vuldb.com/?ip.46.148.227.125) | cd16.micsotmaster.art | - | High
|
||||
277 | [46.210.111.163](https://vuldb.com/?ip.46.210.111.163) | - | - | High
|
||||
278 | [46.217.167.96](https://vuldb.com/?ip.46.217.167.96) | - | - | High
|
||||
279 | [46.219.116.22](https://vuldb.com/?ip.46.219.116.22) | - | - | High
|
||||
280 | [46.223.163.220](https://vuldb.com/?ip.46.223.163.220) | ip-046-223-163-220.um13.pools.vodafone-ip.de | - | High
|
||||
281 | [47.16.155.222](https://vuldb.com/?ip.47.16.155.222) | ool-2f109bde.dyn.optonline.net | - | High
|
||||
282 | [47.19.20.130](https://vuldb.com/?ip.47.19.20.130) | - | - | High
|
||||
283 | [47.37.138.79](https://vuldb.com/?ip.47.37.138.79) | 047-037-138-079.res.spectrum.com | - | High
|
||||
284 | [47.74.65.36](https://vuldb.com/?ip.47.74.65.36) | - | - | High
|
||||
285 | [47.88.244.157](https://vuldb.com/?ip.47.88.244.157) | - | - | High
|
||||
286 | [47.91.87.67](https://vuldb.com/?ip.47.91.87.67) | - | - | High
|
||||
287 | [47.100.108.185](https://vuldb.com/?ip.47.100.108.185) | - | - | High
|
||||
288 | [47.100.139.58](https://vuldb.com/?ip.47.100.139.58) | - | - | High
|
||||
289 | [47.106.180.166](https://vuldb.com/?ip.47.106.180.166) | - | - | High
|
||||
290 | [47.240.81.242](https://vuldb.com/?ip.47.240.81.242) | - | - | High
|
||||
291 | [47.243.181.71](https://vuldb.com/?ip.47.243.181.71) | - | - | High
|
||||
292 | [47.243.181.238](https://vuldb.com/?ip.47.243.181.238) | - | - | High
|
||||
293 | [47.245.14.45](https://vuldb.com/?ip.47.245.14.45) | - | - | High
|
||||
294 | [49.7.132.22](https://vuldb.com/?ip.49.7.132.22) | - | - | High
|
||||
295 | [49.50.106.73](https://vuldb.com/?ip.49.50.106.73) | - | - | High
|
||||
296 | [49.69.36.214](https://vuldb.com/?ip.49.69.36.214) | - | - | High
|
||||
297 | [49.204.124.253](https://vuldb.com/?ip.49.204.124.253) | broadband.actcorp.in | - | High
|
||||
298 | [49.232.80.64](https://vuldb.com/?ip.49.232.80.64) | - | - | High
|
||||
299 | [49.232.104.199](https://vuldb.com/?ip.49.232.104.199) | - | - | High
|
||||
300 | [49.232.122.130](https://vuldb.com/?ip.49.232.122.130) | - | - | High
|
||||
301 | ... | ... | ... | ...
|
||||
|
||||
There are 1200 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -332,11 +332,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techn
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-274, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -344,45 +344,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.well-known` | Medium
|
||||
2 | File | `/administration/settings_registration.php` | High
|
||||
3 | File | `/bin/false` | Medium
|
||||
4 | File | `/cgi-bin/` | Medium
|
||||
5 | File | `/coreframe/app/order/admin/index.php` | High
|
||||
6 | File | `/if.cgi` | Low
|
||||
7 | File | `/info.asp` | Medium
|
||||
8 | File | `/messages/messages_listing.asp` | High
|
||||
9 | File | `/moddable/xs/sources/xsDebug.c` | High
|
||||
10 | File | `/Monitoring-History.php` | High
|
||||
11 | File | `/Nodes-Traffic.php` | High
|
||||
12 | File | `/PluXml/core/admin/parametres_edittpl.php` | High
|
||||
13 | File | `/public/admin.php` | High
|
||||
14 | File | `/public/login.htm` | High
|
||||
15 | File | `/tools/network-trace` | High
|
||||
16 | File | `/trigger` | Medium
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/usr/sbin/DM` | Medium
|
||||
19 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
20 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
21 | File | `/weibo/comment` | High
|
||||
22 | File | `/ws.php` | Low
|
||||
23 | File | `/_up` | Low
|
||||
24 | File | `AccountManager.java` | High
|
||||
25 | File | `action=main:search:simpleSearch` | High
|
||||
26 | File | `add_cars.php` | Medium
|
||||
27 | File | `add_headers.php` | High
|
||||
28 | File | `add_ons.php` | Medium
|
||||
29 | File | `admin.cgi?action=config_save` | High
|
||||
30 | File | `admin.php` | Medium
|
||||
31 | File | `admin.php?action=files` | High
|
||||
32 | File | `admin/admin/dump/` | High
|
||||
33 | File | `admin/backupstart.php` | High
|
||||
34 | File | `admin/list_user` | High
|
||||
35 | File | `admin/themes` | Medium
|
||||
36 | File | `admin/view:modules/load_module:users#edit-user=1` | High
|
||||
37 | ... | ... | ...
|
||||
1 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
2 | File | `/config/getuser` | High
|
||||
3 | File | `/core/admin/categories.php` | High
|
||||
4 | File | `/data-service/users/` | High
|
||||
5 | File | `/dev/cpu/*/msr` | High
|
||||
6 | File | `/ext/phar/phar_object.c` | High
|
||||
7 | File | `/filemanager/php/connector.php` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/front/document.form.php` | High
|
||||
10 | File | `/horde/util/go.php` | High
|
||||
11 | File | `/hostapd` | Medium
|
||||
12 | File | `/include/chart_generator.php` | High
|
||||
13 | File | `/modx/manager/index.php` | High
|
||||
14 | File | `/MTFWU` | Low
|
||||
15 | File | `/my_photo_gallery/image.php` | High
|
||||
16 | File | `/public/login.htm` | High
|
||||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/rest/api/1.0/render` | High
|
||||
19 | File | `/search.php` | Medium
|
||||
20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
21 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
22 | File | `/sys/attachment/uploaderServlet` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/user/login/oauth` | High
|
||||
25 | File | `/userRpm/popupSiteSurveyRpm.html` | High
|
||||
26 | File | `/usr/bin/pkexec` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `/wp-json` | Medium
|
||||
29 | File | `/x_program_center/jaxrs/invoke` | High
|
||||
30 | File | `/zm/index.php` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `102/tcp` | Low
|
||||
33 | File | `802dot1xclientcert.cgi` | High
|
||||
34 | File | `add.exe` | Low
|
||||
35 | File | `admin.php?m=Food&a=addsave` | High
|
||||
36 | File | `admin.remository.php` | High
|
||||
37 | File | `admin/conf_users_edit.php` | High
|
||||
38 | File | `admin/index.php` | High
|
||||
39 | File | `admin/theme-edit.php` | High
|
||||
40 | File | `adminpanel/modules/pro/inc/ajax.php` | High
|
||||
41 | File | `admin_ajax.php?action=checkrepeat` | High
|
||||
42 | File | `affich.php` | Medium
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 374 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,60 +1,61 @@
|
|||
# Gallmaker - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gallmaker](https://vuldb.com/?actor.gallmaker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gallmaker](https://vuldb.com/?actor.gallmaker). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gallmaker](https://vuldb.com/?actor.gallmaker)
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gallmaker](https://vuldb.com/?actor.gallmaker)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gallmaker:
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gallmaker:
|
||||
|
||||
* US
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [LA](https://vuldb.com/?country.la)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Gallmaker.
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gallmaker.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 94.140.116.124 | - | High
|
||||
2 | 94.140.116.231 | - | High
|
||||
3 | 111.90.149.99 | server1.kamon.la | High
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [94.140.116.124](https://vuldb.com/?ip.94.140.116.124) | - | - | High
|
||||
2 | [94.140.116.231](https://vuldb.com/?ip.94.140.116.231) | - | - | High
|
||||
3 | [111.90.149.99](https://vuldb.com/?ip.111.90.149.99) | server1.kamon.la | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Gallmaker. This data is unique as it uses our predictive model for actor profiling.
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techniques used by Gallmaker. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1499 | Resource Consumption | High
|
||||
4 | ... | ... | ...
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1499 | CWE-400 | Resource Consumption | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gallmaker. This data is unique as it uses our predictive model for actor profiling.
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gallmaker. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `c4t64fx.c` | Medium
|
||||
2 | File | `cgi-bin/webcm` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
1 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
2 | File | `blog.php` | Medium
|
||||
3 | File | `c4t64fx.c` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 14 more IOA items available. Please use our online service to access the data.
|
||||
There are 25 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/gallmaker-attack-group
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Gamarue - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gamarue](https://vuldb.com/?actor.gamarue). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gamarue](https://vuldb.com/?actor.gamarue). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gamarue](https://vuldb.com/?actor.gamarue)
|
||||
|
||||
|
@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gamarue:
|
||||
|
||||
* US
|
||||
* RU
|
||||
* ES
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
@ -21,15 +21,15 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 5.154.191.57 | - | - | High
|
||||
2 | 37.187.0.40 | ns3108067.ip-37-187-0.eu | - | High
|
||||
3 | 45.8.124.25 | free.gbnhost.com | - | High
|
||||
4 | 45.128.204.36 | - | - | High
|
||||
5 | 45.128.207.237 | - | - | High
|
||||
6 | 46.45.169.106 | 46-45-169-106.turkrdns.com | - | High
|
||||
7 | 46.254.21.69 | h13.ihc.ru | - | High
|
||||
8 | 50.116.23.211 | www.eqnic.net | - | High
|
||||
9 | 51.195.53.221 | ip221.ip-51-195-53.eu | - | High
|
||||
1 | [5.154.191.57](https://vuldb.com/?ip.5.154.191.57) | - | - | High
|
||||
2 | [37.187.0.40](https://vuldb.com/?ip.37.187.0.40) | ns3108067.ip-37-187-0.eu | - | High
|
||||
3 | [45.8.124.25](https://vuldb.com/?ip.45.8.124.25) | free.gbnhost.com | - | High
|
||||
4 | [45.128.204.36](https://vuldb.com/?ip.45.128.204.36) | - | - | High
|
||||
5 | [45.128.207.237](https://vuldb.com/?ip.45.128.207.237) | - | - | High
|
||||
6 | [46.45.169.106](https://vuldb.com/?ip.46.45.169.106) | 46-45-169-106.turkrdns.com | - | High
|
||||
7 | [46.254.21.69](https://vuldb.com/?ip.46.254.21.69) | h13.ihc.ru | - | High
|
||||
8 | [50.116.23.211](https://vuldb.com/?ip.50.116.23.211) | www.eqnic.net | - | High
|
||||
9 | [51.195.53.221](https://vuldb.com/?ip.51.195.53.221) | ip221.ip-51-195-53.eu | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
|
||||
There are 35 more IOC items available. Please use our online service to access the data.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Gh0stRAT - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gh0stRAT](https://vuldb.com/?actor.gh0strat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gh0stRAT](https://vuldb.com/?actor.gh0strat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gh0strat](https://vuldb.com/?actor.gh0strat)
|
||||
|
||||
|
@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gh0stRAT:
|
||||
|
||||
* US
|
||||
* VN
|
||||
* CN
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
@ -21,32 +21,33 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 13.249.38.69 | server-13-249-38-69.iad89.r.cloudfront.net | - | High
|
||||
2 | 20.42.65.92 | - | - | High
|
||||
3 | 20.189.173.22 | - | - | High
|
||||
4 | 36.43.74.215 | - | - | High
|
||||
5 | 36.46.114.54 | - | - | High
|
||||
6 | 39.109.1.246 | - | - | High
|
||||
7 | 42.51.192.3 | - | - | High
|
||||
8 | 43.226.152.12 | - | - | High
|
||||
9 | 43.226.159.201 | - | - | High
|
||||
10 | 45.119.125.223 | - | - | High
|
||||
11 | 45.195.203.97 | - | - | High
|
||||
12 | 45.253.67.78 | - | - | High
|
||||
13 | 47.93.52.188 | - | - | High
|
||||
14 | 47.93.245.163 | - | - | High
|
||||
15 | 47.95.233.18 | - | - | High
|
||||
16 | 47.111.82.157 | - | - | High
|
||||
17 | 47.112.30.91 | - | - | High
|
||||
18 | 52.168.117.173 | - | - | High
|
||||
19 | 52.182.143.212 | - | - | High
|
||||
20 | 58.218.66.21 | - | - | High
|
||||
21 | 58.218.67.245 | - | - | High
|
||||
22 | 58.218.199.225 | - | - | High
|
||||
23 | 58.221.47.41 | - | - | High
|
||||
24 | ... | ... | ... | ...
|
||||
1 | [13.249.38.69](https://vuldb.com/?ip.13.249.38.69) | server-13-249-38-69.iad89.r.cloudfront.net | - | High
|
||||
2 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
3 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
|
||||
4 | [36.43.74.215](https://vuldb.com/?ip.36.43.74.215) | - | - | High
|
||||
5 | [36.46.114.54](https://vuldb.com/?ip.36.46.114.54) | - | - | High
|
||||
6 | [39.109.1.246](https://vuldb.com/?ip.39.109.1.246) | - | - | High
|
||||
7 | [42.51.192.3](https://vuldb.com/?ip.42.51.192.3) | - | - | High
|
||||
8 | [43.226.152.12](https://vuldb.com/?ip.43.226.152.12) | - | - | High
|
||||
9 | [43.226.159.201](https://vuldb.com/?ip.43.226.159.201) | - | - | High
|
||||
10 | [45.119.125.223](https://vuldb.com/?ip.45.119.125.223) | - | - | High
|
||||
11 | [45.195.203.97](https://vuldb.com/?ip.45.195.203.97) | - | - | High
|
||||
12 | [45.253.67.78](https://vuldb.com/?ip.45.253.67.78) | - | - | High
|
||||
13 | [47.93.52.188](https://vuldb.com/?ip.47.93.52.188) | - | - | High
|
||||
14 | [47.93.245.163](https://vuldb.com/?ip.47.93.245.163) | - | - | High
|
||||
15 | [47.95.233.18](https://vuldb.com/?ip.47.95.233.18) | - | - | High
|
||||
16 | [47.111.82.157](https://vuldb.com/?ip.47.111.82.157) | - | - | High
|
||||
17 | [47.112.30.91](https://vuldb.com/?ip.47.112.30.91) | - | - | High
|
||||
18 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
|
||||
19 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
|
||||
20 | [58.218.66.21](https://vuldb.com/?ip.58.218.66.21) | - | - | High
|
||||
21 | [58.218.67.245](https://vuldb.com/?ip.58.218.67.245) | - | - | High
|
||||
22 | [58.218.199.225](https://vuldb.com/?ip.58.218.199.225) | - | - | High
|
||||
23 | [58.221.47.41](https://vuldb.com/?ip.58.221.47.41) | - | - | High
|
||||
24 | [58.221.47.47](https://vuldb.com/?ip.58.221.47.47) | - | - | High
|
||||
25 | ... | ... | ... | ...
|
||||
|
||||
There are 93 more IOC items available. Please use our online service to access the data.
|
||||
There are 94 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -103,9 +104,10 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `/tmp/app/.env` | High
|
||||
35 | File | `/tmp/kamailio_ctl` | High
|
||||
36 | File | `/tmp/kamailio_fifo` | High
|
||||
37 | ... | ... | ...
|
||||
37 | File | `/ucms/index.php?do=list_edit` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -128,6 +130,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0218-0225.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# GreyEnergy - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GreyEnergy](https://vuldb.com/?actor.greyenergy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GreyEnergy](https://vuldb.com/?actor.greyenergy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.greyenergy](https://vuldb.com/?actor.greyenergy)
|
||||
|
||||
|
@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GreyEnergy:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* RO
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RO](https://vuldb.com/?country.ro)
|
||||
* ...
|
||||
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
|
@ -21,11 +21,11 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 5.149.248.77 | - | - | High
|
||||
2 | 31.148.220.112 | - | - | High
|
||||
3 | 37.59.14.94 | ns3317178.ip-37-59-14.eu | - | High
|
||||
4 | 46.249.49.231 | - | - | High
|
||||
5 | 62.210.77.169 | 62-210-77-169.rev.poneytelecom.eu | - | High
|
||||
1 | [5.149.248.77](https://vuldb.com/?ip.5.149.248.77) | - | - | High
|
||||
2 | [31.148.220.112](https://vuldb.com/?ip.31.148.220.112) | - | - | High
|
||||
3 | [37.59.14.94](https://vuldb.com/?ip.37.59.14.94) | ns3317178.ip-37-59-14.eu | - | High
|
||||
4 | [46.249.49.231](https://vuldb.com/?ip.46.249.49.231) | - | - | High
|
||||
5 | [62.210.77.169](https://vuldb.com/?ip.62.210.77.169) | 62-210-77-169.rev.poneytelecom.eu | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -68,26 +68,27 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/rom` | Low
|
||||
19 | File | `/scripts/killpvhost` | High
|
||||
20 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
21 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/tmp/redis.ds` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/ViewUserHover.jspa` | High
|
||||
26 | File | `/wp-admin` | Medium
|
||||
27 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
28 | File | `actions/CompanyDetailsSave.php` | High
|
||||
29 | File | `ActiveServices.java` | High
|
||||
30 | File | `addlink.php` | Medium
|
||||
31 | File | `addtocart.asp` | High
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
34 | File | `admin/add-glossary.php` | High
|
||||
35 | File | `admin/conf_users_edit.php` | High
|
||||
36 | File | `admin/dashboard.php` | High
|
||||
37 | ... | ... | ...
|
||||
20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
23 | File | `/tmp` | Low
|
||||
24 | File | `/tmp/redis.ds` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/ViewUserHover.jspa` | High
|
||||
27 | File | `/wp-admin` | Medium
|
||||
28 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
29 | File | `AccountManagerService.java` | High
|
||||
30 | File | `actions/CompanyDetailsSave.php` | High
|
||||
31 | File | `ActiveServices.java` | High
|
||||
32 | File | `ActivityManagerService.java` | High
|
||||
33 | File | `addlink.php` | Medium
|
||||
34 | File | `addtocart.asp` | High
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
37 | File | `admin/add-glossary.php` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 320 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 324 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Inception - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Inception](https://vuldb.com/?actor.inception). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Inception](https://vuldb.com/?actor.inception). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.inception](https://vuldb.com/?actor.inception)
|
||||
|
||||
|
@ -53,31 +53,32 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/account/register` | High
|
||||
2 | File | `/api/notify.php` | High
|
||||
3 | File | `/domain/service/.ewell-known/caldav` | High
|
||||
4 | File | `/etc/passwd` | Medium
|
||||
5 | File | `/formAdvFirewall` | High
|
||||
6 | File | `/master/article.php` | High
|
||||
7 | File | `/mobile/SelectUsers.jsp` | High
|
||||
8 | File | `/ProteinArraySignificanceTest.json` | High
|
||||
9 | File | `/usr/local/bin/mjs` | High
|
||||
10 | File | `/web` | Low
|
||||
11 | File | `admin/bad.php` | High
|
||||
12 | File | `admin/dl_sendmail.php` | High
|
||||
13 | File | `admin/pages/useredit.php` | High
|
||||
14 | File | `AdminBaseController.class.php` | High
|
||||
15 | File | `AlertReceiver.java` | High
|
||||
16 | File | `AndroidFuture.java` | High
|
||||
17 | File | `AndroidManifest.xml` | High
|
||||
18 | File | `apc.php` | Low
|
||||
19 | File | `api/info.php` | Medium
|
||||
20 | File | `attach.c` | Medium
|
||||
21 | File | `backup_xi.sh` | Medium
|
||||
22 | File | `box_code_apple.c` | High
|
||||
23 | ... | ... | ...
|
||||
1 | File | `/api/notify.php` | High
|
||||
2 | File | `/domain/service/.ewell-known/caldav` | High
|
||||
3 | File | `/etc/passwd` | Medium
|
||||
4 | File | `/formAdvFirewall` | High
|
||||
5 | File | `/master/article.php` | High
|
||||
6 | File | `/mobile/SelectUsers.jsp` | High
|
||||
7 | File | `/ProteinArraySignificanceTest.json` | High
|
||||
8 | File | `/usr/local/bin/mjs` | High
|
||||
9 | File | `/web` | Low
|
||||
10 | File | `admin/bad.php` | High
|
||||
11 | File | `admin/dl_sendmail.php` | High
|
||||
12 | File | `admin/pages/useredit.php` | High
|
||||
13 | File | `AdminBaseController.class.php` | High
|
||||
14 | File | `AlertReceiver.java` | High
|
||||
15 | File | `AndroidFuture.java` | High
|
||||
16 | File | `AndroidManifest.xml` | High
|
||||
17 | File | `api/info.php` | Medium
|
||||
18 | File | `attach.c` | Medium
|
||||
19 | File | `backup_xi.sh` | Medium
|
||||
20 | File | `box_code_apple.c` | High
|
||||
21 | File | `bugs.aspx` | Medium
|
||||
22 | File | `bug_actiongroup.php` | High
|
||||
23 | File | `bug_report_page.php` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 192 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 196 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Kraken - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kraken](https://vuldb.com/?actor.kraken). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Kraken](https://vuldb.com/?actor.kraken). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.kraken](https://vuldb.com/?actor.kraken)
|
||||
|
||||
|
@ -8,9 +8,9 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Kraken:
|
||||
|
||||
* US
|
||||
* TR
|
||||
* FR
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
@ -21,9 +21,9 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 65.21.105.85 | static.85.105.21.65.clients.your-server.de | - | High
|
||||
2 | 91.206.14.151 | - | - | High
|
||||
3 | 95.181.152.184 | - | - | High
|
||||
1 | [65.21.105.85](https://vuldb.com/?ip.65.21.105.85) | static.85.105.21.65.clients.your-server.de | - | High
|
||||
2 | [91.206.14.151](https://vuldb.com/?ip.91.206.14.151) | - | - | High
|
||||
3 | [95.181.152.184](https://vuldb.com/?ip.95.181.152.184) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Molerats - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Molerats](https://vuldb.com/?actor.molerats). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Molerats](https://vuldb.com/?actor.molerats). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.molerats](https://vuldb.com/?actor.molerats)
|
||||
|
||||
|
@ -19,9 +19,9 @@ There are 1 more campaign items available. Please use our online service to acce
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Molerats:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* ES
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
@ -32,10 +32,10 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 23.94.218.221 | 23-94-218-221-host.colocrossing.com | Middle East | High
|
||||
2 | 23.229.3.70 | ebonyha.club | DustySky | High
|
||||
3 | 45.63.49.202 | 45.63.49.202.vultr.com | Middle East | Medium
|
||||
4 | 45.63.97.44 | 45.63.97.44.vultr.com | SneakyPastes | Medium
|
||||
1 | [23.94.218.221](https://vuldb.com/?ip.23.94.218.221) | 23-94-218-221-host.colocrossing.com | Middle East | High
|
||||
2 | [23.229.3.70](https://vuldb.com/?ip.23.229.3.70) | ebonyha.club | DustySky | High
|
||||
3 | [45.63.49.202](https://vuldb.com/?ip.45.63.49.202) | 45.63.49.202.vultr.com | Middle East | Medium
|
||||
4 | [45.63.97.44](https://vuldb.com/?ip.45.63.97.44) | 45.63.97.44.vultr.com | SneakyPastes | Medium
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 17 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -89,7 +89,7 @@ ID | Type | Indicator | Confidence
|
|||
28 | File | `app/View/Helper/CommandHelper.php` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 248 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,41 +1,41 @@
|
|||
# MsAttacker - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MsAttacker](https://vuldb.com/?actor.msattacker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [MsAttacker](https://vuldb.com/?actor.msattacker). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.msattacker](https://vuldb.com/?actor.msattacker)
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.msattacker](https://vuldb.com/?actor.msattacker)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MsAttacker:
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with MsAttacker:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of MsAttacker.
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of MsAttacker.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 23.27.127.200 | - | High
|
||||
2 | 122.10.117.5 | - | High
|
||||
3 | 122.10.117.35 | - | High
|
||||
4 | ... | ... | ...
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.27.127.200](https://vuldb.com/?ip.23.27.127.200) | - | - | High
|
||||
2 | [122.10.117.5](https://vuldb.com/?ip.122.10.117.5) | - | - | High
|
||||
3 | [122.10.117.35](https://vuldb.com/?ip.122.10.117.35) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by MsAttacker. This data is unique as it uses our predictive model for actor profiling.
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techniques used by MsAttacker. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MsAttacker. This data is unique as it uses our predictive model for actor profiling.
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by MsAttacker. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
|
@ -44,17 +44,17 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `functions/functions_filters.asp` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOA items available. Please use our online service to access the data.
|
||||
There are 8 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.threatminer.org/report.php?q=Tibetan-Uprising-Day-Malware-Attacks_websitepdf.pdf&y=2015
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Patchwork - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Patchwork](https://vuldb.com/?actor.patchwork). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Patchwork](https://vuldb.com/?actor.patchwork). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.patchwork](https://vuldb.com/?actor.patchwork)
|
||||
|
||||
|
@ -15,9 +15,9 @@ The following _campaigns_ are known and can be associated with Patchwork:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Patchwork:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* RU
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 33 more country items available. Please use our online service to access the data.
|
||||
|
@ -28,75 +28,75 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 5.8.88.64 | - | - | High
|
||||
2 | 5.34.242.129 | - | - | High
|
||||
3 | 5.39.11.72 | vm482.sakuraserver.co | - | High
|
||||
4 | 5.39.36.56 | - | - | High
|
||||
5 | 5.39.36.57 | - | - | High
|
||||
6 | 5.39.36.58 | - | - | High
|
||||
7 | 5.39.36.59 | - | - | High
|
||||
8 | 5.39.36.60 | - | - | High
|
||||
9 | 5.39.36.61 | - | - | High
|
||||
10 | 5.39.97.57 | - | - | High
|
||||
11 | 5.39.97.58 | - | - | High
|
||||
12 | 5.101.140.220 | prodsrv1.a7holding.com | - | High
|
||||
13 | 5.254.98.68 | - | Badnews | High
|
||||
14 | 8.22.200.44 | server36.hostcats.com | - | High
|
||||
15 | 8.23.224.90 | - | - | High
|
||||
16 | 10.30.4.112 | - | Dropping Elephant | High
|
||||
17 | 23.106.123.87 | - | - | High
|
||||
18 | 31.3.154.110 | vps3.geozinho.com.br | - | High
|
||||
19 | 31.3.154.111 | vps4.geozinho.com.br | - | High
|
||||
20 | 31.3.154.113 | swe-net-ip.as51430.net | - | High
|
||||
21 | 31.3.154.114 | swe-net-ip.as51430.net | - | High
|
||||
22 | 31.3.154.115 | swe-net-ip.as51430.net | - | High
|
||||
23 | 31.3.154.116 | swe-net-ip.as51430.net | - | High
|
||||
24 | 31.3.154.117 | swe-net-ip.as51430.net | - | High
|
||||
25 | 31.3.155.106 | swe-net-ip.as51430.net | - | High
|
||||
26 | 31.170.161.56 | - | - | High
|
||||
27 | 31.170.161.136 | cpl02.main-hosting.eu | - | High
|
||||
28 | 31.170.162.23 | cpl04.main-hosting.eu | - | High
|
||||
29 | 31.214.169.86 | - | - | High
|
||||
30 | 31.214.169.87 | - | - | High
|
||||
31 | 37.46.127.75 | nerops15.roupasnews4.com.br | - | High
|
||||
32 | 37.46.127.76 | nerops16.roupasnews4.com.br | - | High
|
||||
33 | 37.46.127.77 | watch-man6.topchairlifts.com | - | High
|
||||
34 | 37.46.127.78 | watch-man7.topchairlifts.com | - | High
|
||||
35 | 37.46.127.79 | watch-man8.topchairlifts.com | - | High
|
||||
36 | 37.46.127.81 | watch-man10.topchairlifts.com | - | High
|
||||
37 | 37.48.77.214 | nl.redseedbox.com | - | High
|
||||
38 | 37.48.77.215 | - | - | High
|
||||
39 | 37.58.60.195 | - | - | High
|
||||
40 | 37.59.175.130 | ip130.ip-37-59-175.eu | - | High
|
||||
41 | 37.59.208.94 | - | - | High
|
||||
42 | 37.59.231.161 | - | - | High
|
||||
43 | 37.221.166.7 | - | - | High
|
||||
44 | 37.221.166.8 | - | - | High
|
||||
45 | 37.221.166.9 | - | - | High
|
||||
46 | 37.221.166.15 | - | - | High
|
||||
47 | 37.221.166.36 | - | - | High
|
||||
48 | 37.221.166.42 | - | - | High
|
||||
49 | 37.221.166.47 | - | - | High
|
||||
50 | 37.221.166.48 | - | - | High
|
||||
51 | 37.221.166.49 | - | - | High
|
||||
52 | 37.221.166.53 | - | - | High
|
||||
53 | 37.221.166.55 | - | - | High
|
||||
54 | 37.221.166.58 | - | - | High
|
||||
55 | 37.221.166.61 | - | - | High
|
||||
56 | 43.249.37.173 | - | Badnews | High
|
||||
57 | 43.249.37.199 | - | - | High
|
||||
58 | 45.43.192.172 | - | - | High
|
||||
59 | 46.4.187.60 | static.60.187.4.46.clients.your-server.de | - | High
|
||||
60 | 46.4.215.38 | mx01.wugrafixcloud.net | - | High
|
||||
61 | 46.165.225.66 | - | - | High
|
||||
62 | 46.165.229.7 | - | - | High
|
||||
63 | 46.165.229.8 | - | - | High
|
||||
64 | 46.165.229.9 | smtp1.lnkyfi.com | - | High
|
||||
65 | 46.165.248.236 | - | - | High
|
||||
66 | 46.165.248.237 | - | - | High
|
||||
67 | 46.165.248.238 | - | - | High
|
||||
68 | 46.165.248.239 | - | - | High
|
||||
69 | 46.165.248.240 | - | - | High
|
||||
1 | [5.8.88.64](https://vuldb.com/?ip.5.8.88.64) | - | - | High
|
||||
2 | [5.34.242.129](https://vuldb.com/?ip.5.34.242.129) | - | - | High
|
||||
3 | [5.39.11.72](https://vuldb.com/?ip.5.39.11.72) | vm482.sakuraserver.co | - | High
|
||||
4 | [5.39.36.56](https://vuldb.com/?ip.5.39.36.56) | - | - | High
|
||||
5 | [5.39.36.57](https://vuldb.com/?ip.5.39.36.57) | - | - | High
|
||||
6 | [5.39.36.58](https://vuldb.com/?ip.5.39.36.58) | - | - | High
|
||||
7 | [5.39.36.59](https://vuldb.com/?ip.5.39.36.59) | - | - | High
|
||||
8 | [5.39.36.60](https://vuldb.com/?ip.5.39.36.60) | - | - | High
|
||||
9 | [5.39.36.61](https://vuldb.com/?ip.5.39.36.61) | - | - | High
|
||||
10 | [5.39.97.57](https://vuldb.com/?ip.5.39.97.57) | - | - | High
|
||||
11 | [5.39.97.58](https://vuldb.com/?ip.5.39.97.58) | - | - | High
|
||||
12 | [5.101.140.220](https://vuldb.com/?ip.5.101.140.220) | prodsrv1.a7holding.com | - | High
|
||||
13 | [5.254.98.68](https://vuldb.com/?ip.5.254.98.68) | - | Badnews | High
|
||||
14 | [8.22.200.44](https://vuldb.com/?ip.8.22.200.44) | server36.hostcats.com | - | High
|
||||
15 | [8.23.224.90](https://vuldb.com/?ip.8.23.224.90) | - | - | High
|
||||
16 | [10.30.4.112](https://vuldb.com/?ip.10.30.4.112) | - | Dropping Elephant | High
|
||||
17 | [23.106.123.87](https://vuldb.com/?ip.23.106.123.87) | - | - | High
|
||||
18 | [31.3.154.110](https://vuldb.com/?ip.31.3.154.110) | vps3.geozinho.com.br | - | High
|
||||
19 | [31.3.154.111](https://vuldb.com/?ip.31.3.154.111) | vps4.geozinho.com.br | - | High
|
||||
20 | [31.3.154.113](https://vuldb.com/?ip.31.3.154.113) | swe-net-ip.as51430.net | - | High
|
||||
21 | [31.3.154.114](https://vuldb.com/?ip.31.3.154.114) | swe-net-ip.as51430.net | - | High
|
||||
22 | [31.3.154.115](https://vuldb.com/?ip.31.3.154.115) | swe-net-ip.as51430.net | - | High
|
||||
23 | [31.3.154.116](https://vuldb.com/?ip.31.3.154.116) | swe-net-ip.as51430.net | - | High
|
||||
24 | [31.3.154.117](https://vuldb.com/?ip.31.3.154.117) | swe-net-ip.as51430.net | - | High
|
||||
25 | [31.3.155.106](https://vuldb.com/?ip.31.3.155.106) | swe-net-ip.as51430.net | - | High
|
||||
26 | [31.170.161.56](https://vuldb.com/?ip.31.170.161.56) | - | - | High
|
||||
27 | [31.170.161.136](https://vuldb.com/?ip.31.170.161.136) | cpl02.main-hosting.eu | - | High
|
||||
28 | [31.170.162.23](https://vuldb.com/?ip.31.170.162.23) | cpl04.main-hosting.eu | - | High
|
||||
29 | [31.214.169.86](https://vuldb.com/?ip.31.214.169.86) | - | - | High
|
||||
30 | [31.214.169.87](https://vuldb.com/?ip.31.214.169.87) | - | - | High
|
||||
31 | [37.46.127.75](https://vuldb.com/?ip.37.46.127.75) | nerops15.roupasnews4.com.br | - | High
|
||||
32 | [37.46.127.76](https://vuldb.com/?ip.37.46.127.76) | nerops16.roupasnews4.com.br | - | High
|
||||
33 | [37.46.127.77](https://vuldb.com/?ip.37.46.127.77) | watch-man6.topchairlifts.com | - | High
|
||||
34 | [37.46.127.78](https://vuldb.com/?ip.37.46.127.78) | watch-man7.topchairlifts.com | - | High
|
||||
35 | [37.46.127.79](https://vuldb.com/?ip.37.46.127.79) | watch-man8.topchairlifts.com | - | High
|
||||
36 | [37.46.127.81](https://vuldb.com/?ip.37.46.127.81) | watch-man10.topchairlifts.com | - | High
|
||||
37 | [37.48.77.214](https://vuldb.com/?ip.37.48.77.214) | nl.redseedbox.com | - | High
|
||||
38 | [37.48.77.215](https://vuldb.com/?ip.37.48.77.215) | - | - | High
|
||||
39 | [37.58.60.195](https://vuldb.com/?ip.37.58.60.195) | - | - | High
|
||||
40 | [37.59.175.130](https://vuldb.com/?ip.37.59.175.130) | ip130.ip-37-59-175.eu | - | High
|
||||
41 | [37.59.208.94](https://vuldb.com/?ip.37.59.208.94) | - | - | High
|
||||
42 | [37.59.231.161](https://vuldb.com/?ip.37.59.231.161) | - | - | High
|
||||
43 | [37.221.166.7](https://vuldb.com/?ip.37.221.166.7) | - | - | High
|
||||
44 | [37.221.166.8](https://vuldb.com/?ip.37.221.166.8) | - | - | High
|
||||
45 | [37.221.166.9](https://vuldb.com/?ip.37.221.166.9) | - | - | High
|
||||
46 | [37.221.166.15](https://vuldb.com/?ip.37.221.166.15) | - | - | High
|
||||
47 | [37.221.166.36](https://vuldb.com/?ip.37.221.166.36) | - | - | High
|
||||
48 | [37.221.166.42](https://vuldb.com/?ip.37.221.166.42) | - | - | High
|
||||
49 | [37.221.166.47](https://vuldb.com/?ip.37.221.166.47) | - | - | High
|
||||
50 | [37.221.166.48](https://vuldb.com/?ip.37.221.166.48) | - | - | High
|
||||
51 | [37.221.166.49](https://vuldb.com/?ip.37.221.166.49) | - | - | High
|
||||
52 | [37.221.166.53](https://vuldb.com/?ip.37.221.166.53) | - | - | High
|
||||
53 | [37.221.166.55](https://vuldb.com/?ip.37.221.166.55) | - | - | High
|
||||
54 | [37.221.166.58](https://vuldb.com/?ip.37.221.166.58) | - | - | High
|
||||
55 | [37.221.166.61](https://vuldb.com/?ip.37.221.166.61) | - | - | High
|
||||
56 | [43.249.37.173](https://vuldb.com/?ip.43.249.37.173) | - | Badnews | High
|
||||
57 | [43.249.37.199](https://vuldb.com/?ip.43.249.37.199) | - | - | High
|
||||
58 | [45.43.192.172](https://vuldb.com/?ip.45.43.192.172) | - | - | High
|
||||
59 | [46.4.187.60](https://vuldb.com/?ip.46.4.187.60) | static.60.187.4.46.clients.your-server.de | - | High
|
||||
60 | [46.4.215.38](https://vuldb.com/?ip.46.4.215.38) | mx01.wugrafixcloud.net | - | High
|
||||
61 | [46.165.225.66](https://vuldb.com/?ip.46.165.225.66) | - | - | High
|
||||
62 | [46.165.229.7](https://vuldb.com/?ip.46.165.229.7) | - | - | High
|
||||
63 | [46.165.229.8](https://vuldb.com/?ip.46.165.229.8) | - | - | High
|
||||
64 | [46.165.229.9](https://vuldb.com/?ip.46.165.229.9) | smtp1.lnkyfi.com | - | High
|
||||
65 | [46.165.248.236](https://vuldb.com/?ip.46.165.248.236) | - | - | High
|
||||
66 | [46.165.248.237](https://vuldb.com/?ip.46.165.248.237) | - | - | High
|
||||
67 | [46.165.248.238](https://vuldb.com/?ip.46.165.248.238) | - | - | High
|
||||
68 | [46.165.248.239](https://vuldb.com/?ip.46.165.248.239) | - | - | High
|
||||
69 | [46.165.248.240](https://vuldb.com/?ip.46.165.248.240) | - | - | High
|
||||
70 | ... | ... | ... | ...
|
||||
|
||||
There are 274 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -155,27 +155,27 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `/_next` | Low
|
||||
34 | File | `4.edu.php\conn\function.php` | High
|
||||
35 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
36 | File | `acl.c` | Low
|
||||
37 | File | `activity_log.php` | High
|
||||
38 | File | `adclick.php` | Medium
|
||||
39 | File | `addentry.php` | Medium
|
||||
40 | File | `add_vhost.php` | High
|
||||
41 | File | `adm/systools.asp` | High
|
||||
42 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
|
||||
43 | File | `admin/category.inc.php` | High
|
||||
44 | File | `admin/conf_users_edit.php` | High
|
||||
45 | File | `admin/default.asp` | High
|
||||
46 | File | `admin/dl_sendmail.php` | High
|
||||
47 | File | `admin/getparam.cgi` | High
|
||||
48 | File | `admin/index.php` | High
|
||||
49 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
|
||||
50 | File | `admin/media/rename.php` | High
|
||||
51 | File | `admin/password_forgotten.php` | High
|
||||
52 | File | `admin/versions.html` | High
|
||||
53 | File | `adminCons.php` | High
|
||||
36 | File | `about.php` | Medium
|
||||
37 | File | `acl.c` | Low
|
||||
38 | File | `activity_log.php` | High
|
||||
39 | File | `adclick.php` | Medium
|
||||
40 | File | `addentry.php` | Medium
|
||||
41 | File | `add_vhost.php` | High
|
||||
42 | File | `adm/systools.asp` | High
|
||||
43 | File | `admin/admin_admin.php?nav=list_admin_user&admin_p_nav=user` | High
|
||||
44 | File | `admin/category.inc.php` | High
|
||||
45 | File | `admin/conf_users_edit.php` | High
|
||||
46 | File | `admin/default.asp` | High
|
||||
47 | File | `admin/dl_sendmail.php` | High
|
||||
48 | File | `admin/getparam.cgi` | High
|
||||
49 | File | `admin/index.php` | High
|
||||
50 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
|
||||
51 | File | `admin/media/rename.php` | High
|
||||
52 | File | `admin/password_forgotten.php` | High
|
||||
53 | File | `admin/versions.html` | High
|
||||
54 | ... | ... | ...
|
||||
|
||||
There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 475 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
207
Qakbot/README.md
207
Qakbot/README.md
|
@ -1,101 +1,170 @@
|
|||
# Qakbot - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Qakbot](https://vuldb.com/?actor.qakbot). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Qakbot](https://vuldb.com/?actor.qakbot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.qakbot](https://vuldb.com/?actor.qakbot)
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.qakbot](https://vuldb.com/?actor.qakbot)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Qakbot:
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Qakbot:
|
||||
|
||||
* AU
|
||||
* [IN](https://vuldb.com/?country.in)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Qakbot.
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Qakbot.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 2.7.116.188 | lfbn-lyo-1-277-188.w2-7.abo.wanadoo.fr | High
|
||||
2 | 2.50.47.97 | - | High
|
||||
3 | 5.15.81.52 | 5-15-81-52.residential.rdsnet.ro | High
|
||||
4 | 5.193.178.241 | - | High
|
||||
5 | 24.42.14.241 | - | High
|
||||
6 | 24.43.22.221 | rrcs-24-43-22-221.west.biz.rr.com | High
|
||||
7 | 24.55.112.61 | dynamic.libertypr.net | High
|
||||
8 | 24.90.160.91 | cpe-24-90-160-91.nyc.res.rr.com | High
|
||||
9 | 24.95.61.62 | cpe-24-95-61-62.columbus.res.rr.com | High
|
||||
10 | 24.117.107.120 | 24-117-107-120.cpe.sparklight.net | High
|
||||
11 | 24.139.72.117 | - | High
|
||||
12 | 24.139.132.70 | dynamic.libertypr.net | High
|
||||
13 | 24.152.219.253 | 24.152.219.253.res-cmts.sm.ptd.net | High
|
||||
14 | 24.164.79.147 | cpe-24-164-79-147.cinci.res.rr.com | High
|
||||
15 | 24.165.87.61 | cpe-24-165-87-61.san.res.rr.com | High
|
||||
16 | 24.183.39.93 | 024-183-039-093.res.spectrum.com | High
|
||||
17 | 24.202.42.48 | modemcable048.42-202-24.mc.videotron.ca | High
|
||||
18 | 24.226.156.153 | 24-226-156-153.resi.cgocable.ca | High
|
||||
19 | 24.229.150.54 | 24.229.150.54.cmts-static.sm.ptd.net | High
|
||||
20 | 24.234.86.201 | wsip-24-234-86-201.lv.lv.cox.net | High
|
||||
21 | 27.223.92.142 | - | High
|
||||
22 | 35.142.12.163 | 035-142-012-163.dhcp.bhn.net | High
|
||||
23 | 41.34.91.90 | host-41.34.91.90.tedata.net | High
|
||||
24 | 41.97.138.74 | - | High
|
||||
25 | 45.32.211.207 | 45.32.211.207.vultr.com | Medium
|
||||
26 | 45.46.53.140 | cpe-45-46-53-140.maine.res.rr.com | High
|
||||
27 | 45.63.107.192 | 45.63.107.192.vultr.com | Medium
|
||||
28 | 45.67.231.247 | vm272927.pq.hosting | High
|
||||
29 | 45.77.115.208 | 45.77.115.208.vultr.com | Medium
|
||||
30 | 45.77.117.108 | 45.77.117.108.vultr.com | Medium
|
||||
31 | 45.77.215.141 | 45.77.215.141.vultr.com | Medium
|
||||
32 | 46.214.62.199 | 46-214-62-199.next-gen.ro | High
|
||||
33 | 47.22.148.6 | ool-2f169406.static.optonline.net | High
|
||||
34 | 47.24.47.218 | 047-024-047-218.res.spectrum.com | High
|
||||
35 | 47.153.115.154 | - | High
|
||||
36 | 47.196.192.184 | - | High
|
||||
37 | 49.207.105.25 | broadband.actcorp.in | High
|
||||
38 | 50.29.166.232 | 50.29.166.232.res-cmts.sth3.ptd.net | High
|
||||
39 | 50.104.68.223 | 50-104-68-223.prtg.in.frontiernet.net | High
|
||||
40 | 50.244.112.106 | 50-244-112-106-static.hfc.comcastbusiness.net | High
|
||||
41 | 59.90.246.200 | static.bb.chn.59.90.246.200.bsnl.in | High
|
||||
42 | 64.19.74.29 | primhall.com | High
|
||||
43 | 64.121.114.87 | 64-121-114-87.s597.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com | High
|
||||
44 | 65.100.174.]105 | - | High
|
||||
45 | 65.100.174.]106 | - | High
|
||||
46 | 65.100.174.]107 | - | High
|
||||
47 | 65.100.174.]108 | - | High
|
||||
48 | 65.100.174.]109 | - | High
|
||||
49 | 65.100.174.]111 | - | High
|
||||
50 | 66.26.160.37 | 066-026-160-037.inf.spectrum.com | High
|
||||
51 | 66.57.216.53 | rrcs-66-57-216-53.midsouth.biz.rr.com | High
|
||||
52 | 66.208.105.6 | 66-208-105-6.centex.net | High
|
||||
53 | 67.6.12.4 | 67-6-12-4.clma.centurylink.net | High
|
||||
54 | 67.8.103.21 | 67-8-103-21.res.bhn.net | High
|
||||
55 | ... | ... | ...
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [2.7.116.188](https://vuldb.com/?ip.2.7.116.188) | lfbn-lyo-1-277-188.w2-7.abo.wanadoo.fr | - | High
|
||||
2 | [2.50.47.97](https://vuldb.com/?ip.2.50.47.97) | - | - | High
|
||||
3 | [2.50.171.142](https://vuldb.com/?ip.2.50.171.142) | - | - | High
|
||||
4 | [2.51.240.61](https://vuldb.com/?ip.2.51.240.61) | - | - | High
|
||||
5 | [2.88.186.229](https://vuldb.com/?ip.2.88.186.229) | - | - | High
|
||||
6 | [5.12.111.213](https://vuldb.com/?ip.5.12.111.213) | 5-12-111-213.residential.rdsnet.ro | - | High
|
||||
7 | [5.12.243.211](https://vuldb.com/?ip.5.12.243.211) | 5-12-243-211.residential.rdsnet.ro | - | High
|
||||
8 | [5.13.74.26](https://vuldb.com/?ip.5.13.74.26) | 5-13-74-26.residential.rdsnet.ro | - | High
|
||||
9 | [5.13.84.186](https://vuldb.com/?ip.5.13.84.186) | 5-13-84-186.residential.rdsnet.ro | - | High
|
||||
10 | [5.15.81.52](https://vuldb.com/?ip.5.15.81.52) | 5-15-81-52.residential.rdsnet.ro | - | High
|
||||
11 | [5.193.61.212](https://vuldb.com/?ip.5.193.61.212) | - | - | High
|
||||
12 | [5.193.178.241](https://vuldb.com/?ip.5.193.178.241) | - | - | High
|
||||
13 | [12.5.37.3](https://vuldb.com/?ip.12.5.37.3) | - | - | High
|
||||
14 | [24.42.14.241](https://vuldb.com/?ip.24.42.14.241) | - | - | High
|
||||
15 | [24.43.22.221](https://vuldb.com/?ip.24.43.22.221) | rrcs-24-43-22-221.west.biz.rr.com | - | High
|
||||
16 | [24.55.112.61](https://vuldb.com/?ip.24.55.112.61) | dynamic.libertypr.net | - | High
|
||||
17 | [24.90.160.91](https://vuldb.com/?ip.24.90.160.91) | cpe-24-90-160-91.nyc.res.rr.com | - | High
|
||||
18 | [24.95.61.62](https://vuldb.com/?ip.24.95.61.62) | cpe-24-95-61-62.columbus.res.rr.com | - | High
|
||||
19 | [24.110.14.40](https://vuldb.com/?ip.24.110.14.40) | - | - | High
|
||||
20 | [24.110.96.149](https://vuldb.com/?ip.24.110.96.149) | - | - | High
|
||||
21 | [24.117.107.120](https://vuldb.com/?ip.24.117.107.120) | 24-117-107-120.cpe.sparklight.net | - | High
|
||||
22 | [24.139.72.117](https://vuldb.com/?ip.24.139.72.117) | - | - | High
|
||||
23 | [24.139.132.70](https://vuldb.com/?ip.24.139.132.70) | dynamic.libertypr.net | - | High
|
||||
24 | [24.152.219.253](https://vuldb.com/?ip.24.152.219.253) | 24.152.219.253.res-cmts.sm.ptd.net | - | High
|
||||
25 | [24.164.79.147](https://vuldb.com/?ip.24.164.79.147) | cpe-24-164-79-147.cinci.res.rr.com | - | High
|
||||
26 | [24.165.87.61](https://vuldb.com/?ip.24.165.87.61) | cpe-24-165-87-61.san.res.rr.com | - | High
|
||||
27 | [24.183.39.93](https://vuldb.com/?ip.24.183.39.93) | 024-183-039-093.res.spectrum.com | - | High
|
||||
28 | [24.202.42.48](https://vuldb.com/?ip.24.202.42.48) | modemcable048.42-202-24.mc.videotron.ca | - | High
|
||||
29 | [24.226.156.153](https://vuldb.com/?ip.24.226.156.153) | 24-226-156-153.resi.cgocable.ca | - | High
|
||||
30 | [24.229.150.54](https://vuldb.com/?ip.24.229.150.54) | 24.229.150.54.cmts-static.sm.ptd.net | - | High
|
||||
31 | [24.234.86.201](https://vuldb.com/?ip.24.234.86.201) | wsip-24-234-86-201.lv.lv.cox.net | - | High
|
||||
32 | [27.223.92.142](https://vuldb.com/?ip.27.223.92.142) | - | - | High
|
||||
33 | [35.142.12.163](https://vuldb.com/?ip.35.142.12.163) | 035-142-012-163.dhcp.bhn.net | - | High
|
||||
34 | [36.77.151.211](https://vuldb.com/?ip.36.77.151.211) | - | - | High
|
||||
35 | [37.156.243.67](https://vuldb.com/?ip.37.156.243.67) | - | - | High
|
||||
36 | [37.182.238.170](https://vuldb.com/?ip.37.182.238.170) | net-37-182-238-170.cust.vodafonedsl.it | - | High
|
||||
37 | [39.36.61.58](https://vuldb.com/?ip.39.36.61.58) | - | - | High
|
||||
38 | [41.34.91.90](https://vuldb.com/?ip.41.34.91.90) | host-41.34.91.90.tedata.net | - | High
|
||||
39 | [41.97.138.74](https://vuldb.com/?ip.41.97.138.74) | - | - | High
|
||||
40 | [41.225.231.43](https://vuldb.com/?ip.41.225.231.43) | - | - | High
|
||||
41 | [41.228.206.99](https://vuldb.com/?ip.41.228.206.99) | - | - | High
|
||||
42 | [45.32.211.207](https://vuldb.com/?ip.45.32.211.207) | 45.32.211.207.vultr.com | - | Medium
|
||||
43 | [45.45.51.182](https://vuldb.com/?ip.45.45.51.182) | modemcable182.51-45-45.mc.videotron.ca | - | High
|
||||
44 | [45.46.53.140](https://vuldb.com/?ip.45.46.53.140) | cpe-45-46-53-140.maine.res.rr.com | - | High
|
||||
45 | [45.63.107.192](https://vuldb.com/?ip.45.63.107.192) | 45.63.107.192.vultr.com | - | Medium
|
||||
46 | [45.67.231.247](https://vuldb.com/?ip.45.67.231.247) | vm272927.pq.hosting | - | High
|
||||
47 | [45.77.115.208](https://vuldb.com/?ip.45.77.115.208) | 45.77.115.208.vultr.com | - | Medium
|
||||
48 | [45.77.117.108](https://vuldb.com/?ip.45.77.117.108) | 45.77.117.108.vultr.com | - | Medium
|
||||
49 | [45.77.215.141](https://vuldb.com/?ip.45.77.215.141) | 45.77.215.141.vultr.com | - | Medium
|
||||
50 | [46.214.62.199](https://vuldb.com/?ip.46.214.62.199) | 46-214-62-199.next-gen.ro | - | High
|
||||
51 | [46.228.199.235](https://vuldb.com/?ip.46.228.199.235) | vps2231940.fastwebserver.de | - | High
|
||||
52 | [47.22.148.6](https://vuldb.com/?ip.47.22.148.6) | ool-2f169406.static.optonline.net | - | High
|
||||
53 | [47.24.47.218](https://vuldb.com/?ip.47.24.47.218) | 047-024-047-218.res.spectrum.com | - | High
|
||||
54 | [47.28.135.155](https://vuldb.com/?ip.47.28.135.155) | 047-028-135-155.res.spectrum.com | - | High
|
||||
55 | [47.138.200.85](https://vuldb.com/?ip.47.138.200.85) | - | - | High
|
||||
56 | [47.153.115.154](https://vuldb.com/?ip.47.153.115.154) | - | - | High
|
||||
57 | [47.180.66.10](https://vuldb.com/?ip.47.180.66.10) | static-47-180-66-10.lsan.ca.frontiernet.net | - | High
|
||||
58 | [47.196.192.184](https://vuldb.com/?ip.47.196.192.184) | - | - | High
|
||||
59 | [49.144.81.46](https://vuldb.com/?ip.49.144.81.46) | dsl.49.144.81.46.pldt.net | - | High
|
||||
60 | [49.191.4.245](https://vuldb.com/?ip.49.191.4.245) | n49-191-4-245.mrk1.qld.optusnet.com.au | - | High
|
||||
61 | [49.207.105.25](https://vuldb.com/?ip.49.207.105.25) | broadband.actcorp.in | - | High
|
||||
62 | [50.29.166.232](https://vuldb.com/?ip.50.29.166.232) | 50.29.166.232.res-cmts.sth3.ptd.net | - | High
|
||||
63 | [50.104.68.223](https://vuldb.com/?ip.50.104.68.223) | 50-104-68-223.prtg.in.frontiernet.net | - | High
|
||||
64 | [50.244.112.106](https://vuldb.com/?ip.50.244.112.106) | 50-244-112-106-static.hfc.comcastbusiness.net | - | High
|
||||
65 | [58.233.220.182](https://vuldb.com/?ip.58.233.220.182) | - | - | High
|
||||
66 | [59.90.246.200](https://vuldb.com/?ip.59.90.246.200) | static.bb.chn.59.90.246.200.bsnl.in | - | High
|
||||
67 | [59.124.10.133](https://vuldb.com/?ip.59.124.10.133) | 59-124-10-133.hinet-ip.hinet.net | - | High
|
||||
68 | [62.121.123.57](https://vuldb.com/?ip.62.121.123.57) | - | - | High
|
||||
69 | [64.19.74.29](https://vuldb.com/?ip.64.19.74.29) | primhall.com | - | High
|
||||
70 | [64.121.114.87](https://vuldb.com/?ip.64.121.114.87) | 64-121-114-87.s597.c3-0.smt-ubr1.atw-smt.pa.cable.rcncustomer.com | - | High
|
||||
71 | [65.100.174.]105](https://vuldb.com/?ip.65.100.174.]105) | - | - | High
|
||||
72 | [65.100.174.]106](https://vuldb.com/?ip.65.100.174.]106) | - | - | High
|
||||
73 | [65.100.174.]107](https://vuldb.com/?ip.65.100.174.]107) | - | - | High
|
||||
74 | [65.100.174.]108](https://vuldb.com/?ip.65.100.174.]108) | - | - | High
|
||||
75 | [65.100.174.]109](https://vuldb.com/?ip.65.100.174.]109) | - | - | High
|
||||
76 | [65.100.174.]111](https://vuldb.com/?ip.65.100.174.]111) | - | - | High
|
||||
77 | [65.100.247.6](https://vuldb.com/?ip.65.100.247.6) | 65-100-247-6.slkc.qwest.net | - | High
|
||||
78 | ... | ... | ... | ...
|
||||
|
||||
There are 214 more IOC items available. Please use our online service to access the data.
|
||||
There are 306 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techniques used by Qakbot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Qakbot. This data is unique as it uses our predictive model for actor profiling.
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Qakbot. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/` | Low
|
||||
2 | Argument | `username/password` | High
|
||||
3 | Input Value | `'or''='` | Low
|
||||
1 | File | `%PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10` | High
|
||||
2 | File | `/(((a\2)|(a*)\g</-1>/))*/` | High
|
||||
3 | File | `/+CSCOE+/logon.html` | High
|
||||
4 | File | `/alumni/admin/ajax.php?action=save_settings` | High
|
||||
5 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
6 | File | `/auth/session` | High
|
||||
7 | File | `/cfg` | Low
|
||||
8 | File | `/cgi-bin/webproc` | High
|
||||
9 | File | `/config/getuser` | High
|
||||
10 | File | `/etc/passwd` | Medium
|
||||
11 | File | `/exponent_constants.php` | High
|
||||
12 | File | `/front/document.form.php` | High
|
||||
13 | File | `/ibi_apps/WFServlet.cfg` | High
|
||||
14 | File | `/log_download.cgi` | High
|
||||
15 | File | `/modx/manager/index.php` | High
|
||||
16 | File | `/proc/sysvipc/sem` | High
|
||||
17 | File | `/replication` | Medium
|
||||
18 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
19 | File | `/RestAPI` | Medium
|
||||
20 | File | `/search.php` | Medium
|
||||
21 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/trigger` | Medium
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/user/login/oauth` | High
|
||||
26 | File | `/usr/bin/pkexec` | High
|
||||
27 | File | `/usr/doc` | Medium
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 237 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/bambenek_qakbot.ipset
|
||||
* https://pastebin.com/u/MalwareQuinn
|
||||
* https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/
|
||||
* https://tria.ge/210511-kvcz7vyfkx
|
||||
* https://twitter.com/Malwar3Ninja/status/1483514897266737154
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# ShadowPad - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ShadowPad](https://vuldb.com/?actor.shadowpad). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ShadowPad](https://vuldb.com/?actor.shadowpad). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.shadowpad](https://vuldb.com/?actor.shadowpad)
|
||||
|
||||
|
@ -14,8 +14,8 @@ The following _campaigns_ are known and can be associated with ShadowPad:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with ShadowPad:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -23,7 +23,7 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 207.148.98.61 | 207.148.98.61.vultr.com | ScatterBee | Medium
|
||||
1 | [207.148.98.61](https://vuldb.com/?ip.207.148.98.61) | 207.148.98.61.vultr.com | ScatterBee | Medium
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
|
@ -1,56 +1,56 @@
|
|||
# Sofacy - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sofacy](https://vuldb.com/?actor.sofacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Sofacy](https://vuldb.com/?actor.sofacy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.sofacy](https://vuldb.com/?actor.sofacy)
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.sofacy](https://vuldb.com/?actor.sofacy)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following campaigns are known and can be associated with Sofacy:
|
||||
The following _campaigns_ are known and can be associated with Sofacy:
|
||||
|
||||
* DealersChoice
|
||||
* Zebrocy
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Sofacy:
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Sofacy:
|
||||
|
||||
* US
|
||||
* TR
|
||||
* AR
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CH](https://vuldb.com/?country.ch)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Sofacy.
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Sofacy.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 1.6.3.8 | - | High
|
||||
2 | 23.0.0.185 | a23-0-0-185.deploy.static.akamaitechnologies.com | High
|
||||
3 | 40.112.210.240 | - | High
|
||||
4 | ... | ... | ...
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.6.3.8](https://vuldb.com/?ip.1.6.3.8) | - | - | High
|
||||
2 | [23.0.0.185](https://vuldb.com/?ip.23.0.0.185) | a23-0-0-185.deploy.static.akamaitechnologies.com | - | High
|
||||
3 | [40.112.210.240](https://vuldb.com/?ip.40.112.210.240) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Sofacy. This data is unique as it uses our predictive model for actor profiling.
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected ATT&CK techniques used by Sofacy. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Sofacy. This data is unique as it uses our predictive model for actor profiling.
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Sofacy. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
|
@ -62,11 +62,11 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `actions/main.php` | High
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 46 more IOA items available. Please use our online service to access the data.
|
||||
There are 50 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://unit42.paloaltonetworks.com/unit42-sofacy-groups-parallel-attacks/
|
||||
* https://www.threatminer.org/report.php?q=%E2%80%98DealersChoice%E2%80%99isSofacy%E2%80%99sFlashPlayerExploitPlatform-PaloAltoNetworksBlog.pdf&y=2016
|
||||
|
@ -76,7 +76,7 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
|
|
@ -1,15 +1,22 @@
|
|||
# TrickBot - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [TrickBot](https://vuldb.com/?actor.trickbot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [TrickBot](https://vuldb.com/?actor.trickbot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.trickbot](https://vuldb.com/?actor.trickbot)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with TrickBot:
|
||||
|
||||
* AnchorMail
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TrickBot:
|
||||
|
||||
* VN
|
||||
* CN
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -17,72 +24,72 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | 5.1.81.68 | mx4.tarifvergleichbhv.net | - | High
|
||||
2 | 5.2.75.93 | - | - | High
|
||||
3 | 5.2.75.167 | coms.a9v34.com.cn | - | High
|
||||
4 | 5.39.47.22 | mail.dmgs.site | - | High
|
||||
5 | 5.59.205.32 | dhcp-32-205-59-5.metro86.ru | - | High
|
||||
6 | 5.133.179.108 | 5-133-179-108.freeucouponsnow.ru | - | High
|
||||
7 | 5.182.210.132 | - | - | High
|
||||
8 | 5.182.210.226 | - | - | High
|
||||
9 | 5.182.210.230 | - | - | High
|
||||
10 | 5.182.210.246 | - | - | High
|
||||
11 | 5.182.210.254 | n01-nlam.kdktech.com | - | High
|
||||
12 | 14.241.244.60 | - | - | High
|
||||
13 | 18.233.90.151 | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
|
||||
14 | 23.3.13.88 | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
15 | 23.3.13.154 | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
16 | 23.3.125.111 | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
|
||||
17 | 23.21.27.29 | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
18 | 23.21.48.44 | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
19 | 23.21.252.4 | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
|
||||
20 | 23.94.233.210 | 23-94-233-210-host.colocrossing.com | - | High
|
||||
21 | 23.96.30.229 | - | - | High
|
||||
22 | 23.160.192.125 | unknown.ip-xfer.net | - | High
|
||||
23 | 23.160.193.106 | unknown.ip-xfer.net | - | High
|
||||
24 | 24.162.214.166 | cpe-24-162-214-166.elp.res.rr.com | - | High
|
||||
25 | 27.72.107.215 | dynamic-adsl.viettel.vn | - | High
|
||||
26 | 34.117.59.81 | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
27 | 36.89.191.119 | - | - | High
|
||||
28 | 36.89.193.181 | - | - | High
|
||||
29 | 36.89.193.235 | - | - | High
|
||||
30 | 36.94.27.124 | - | - | High
|
||||
31 | 36.94.100.202 | - | - | High
|
||||
32 | 37.228.70.134 | - | - | High
|
||||
33 | 37.230.114.93 | admin1.fvds.ru | - | High
|
||||
34 | 37.230.114.248 | kosmolot.com | - | High
|
||||
35 | 37.230.115.133 | wdai.io | - | High
|
||||
36 | 37.230.115.138 | i2.com | - | High
|
||||
37 | 37.230.115.184 | 21922vdscom.com | - | High
|
||||
38 | 43.245.216.116 | - | - | High
|
||||
39 | 45.6.16.68 | - | - | High
|
||||
40 | 45.36.99.184 | cpe-45-36-99-184.triad.res.rr.com | - | High
|
||||
41 | 45.167.249.126 | - | - | High
|
||||
42 | 45.178.142.14 | - | - | High
|
||||
43 | 45.201.134.202 | - | - | High
|
||||
44 | 45.229.71.211 | static-45-229-71-211.extrememt.com.br | - | High
|
||||
45 | 45.234.248.154 | 45.-234.248-154.rev.voanet.br | - | High
|
||||
46 | 46.8.21.10 | 53980.web.hosting-russia.ru | - | High
|
||||
47 | 46.8.21.113 | 64403.web.hosting-russia.ru | - | High
|
||||
48 | 46.209.140.220 | - | - | High
|
||||
49 | 46.254.128.174 | 46.254.128.174.lanultra.net | - | High
|
||||
50 | 49.156.34.134 | - | - | High
|
||||
51 | 51.38.101.194 | - | - | High
|
||||
52 | 51.77.92.215 | - | - | High
|
||||
53 | 51.81.112.144 | - | - | High
|
||||
54 | 51.89.115.116 | tombe.nationfox.net | - | High
|
||||
55 | 52.0.197.231 | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
|
||||
56 | 52.20.197.7 | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
|
||||
57 | 52.204.109.97 | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
|
||||
58 | 54.39.106.25 | ns560342.ip-54-39-106.net | - | High
|
||||
59 | 54.221.253.252 | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
|
||||
60 | 60.51.47.65 | - | - | High
|
||||
61 | 62.64.9.237 | clients-62.64.9.237.misp.ru | - | High
|
||||
62 | 62.99.76.213 | 213.62-99-76.static.clientes.euskaltel.es | - | High
|
||||
63 | 62.109.2.172 | megamart24.ru | - | High
|
||||
1 | [5.1.81.68](https://vuldb.com/?ip.5.1.81.68) | mx4.tarifvergleichbhv.net | - | High
|
||||
2 | [5.2.75.93](https://vuldb.com/?ip.5.2.75.93) | - | - | High
|
||||
3 | [5.2.75.167](https://vuldb.com/?ip.5.2.75.167) | coms.a9v34.com.cn | - | High
|
||||
4 | [5.39.47.22](https://vuldb.com/?ip.5.39.47.22) | mail.dmgs.site | - | High
|
||||
5 | [5.59.205.32](https://vuldb.com/?ip.5.59.205.32) | dhcp-32-205-59-5.metro86.ru | - | High
|
||||
6 | [5.133.179.108](https://vuldb.com/?ip.5.133.179.108) | 5-133-179-108.freeucouponsnow.ru | - | High
|
||||
7 | [5.182.210.132](https://vuldb.com/?ip.5.182.210.132) | - | - | High
|
||||
8 | [5.182.210.226](https://vuldb.com/?ip.5.182.210.226) | - | - | High
|
||||
9 | [5.182.210.230](https://vuldb.com/?ip.5.182.210.230) | - | - | High
|
||||
10 | [5.182.210.246](https://vuldb.com/?ip.5.182.210.246) | - | - | High
|
||||
11 | [5.182.210.254](https://vuldb.com/?ip.5.182.210.254) | n01-nlam.kdktech.com | - | High
|
||||
12 | [14.241.244.60](https://vuldb.com/?ip.14.241.244.60) | - | - | High
|
||||
13 | [18.233.90.151](https://vuldb.com/?ip.18.233.90.151) | ec2-18-233-90-151.compute-1.amazonaws.com | - | Medium
|
||||
14 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
15 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
16 | [23.3.125.111](https://vuldb.com/?ip.23.3.125.111) | a23-3-125-111.deploy.static.akamaitechnologies.com | - | High
|
||||
17 | [23.21.27.29](https://vuldb.com/?ip.23.21.27.29) | ec2-23-21-27-29.compute-1.amazonaws.com | - | Medium
|
||||
18 | [23.21.48.44](https://vuldb.com/?ip.23.21.48.44) | ec2-23-21-48-44.compute-1.amazonaws.com | - | Medium
|
||||
19 | [23.21.252.4](https://vuldb.com/?ip.23.21.252.4) | ec2-23-21-252-4.compute-1.amazonaws.com | - | Medium
|
||||
20 | [23.94.233.210](https://vuldb.com/?ip.23.94.233.210) | 23-94-233-210-host.colocrossing.com | - | High
|
||||
21 | [23.96.30.229](https://vuldb.com/?ip.23.96.30.229) | - | - | High
|
||||
22 | [23.160.192.125](https://vuldb.com/?ip.23.160.192.125) | unknown.ip-xfer.net | - | High
|
||||
23 | [23.160.193.106](https://vuldb.com/?ip.23.160.193.106) | unknown.ip-xfer.net | - | High
|
||||
24 | [24.162.214.166](https://vuldb.com/?ip.24.162.214.166) | cpe-24-162-214-166.elp.res.rr.com | - | High
|
||||
25 | [27.72.107.215](https://vuldb.com/?ip.27.72.107.215) | dynamic-adsl.viettel.vn | - | High
|
||||
26 | [34.117.59.81](https://vuldb.com/?ip.34.117.59.81) | 81.59.117.34.bc.googleusercontent.com | - | Medium
|
||||
27 | [36.89.191.119](https://vuldb.com/?ip.36.89.191.119) | - | - | High
|
||||
28 | [36.89.193.181](https://vuldb.com/?ip.36.89.193.181) | - | - | High
|
||||
29 | [36.89.193.235](https://vuldb.com/?ip.36.89.193.235) | - | - | High
|
||||
30 | [36.94.27.124](https://vuldb.com/?ip.36.94.27.124) | - | - | High
|
||||
31 | [36.94.100.202](https://vuldb.com/?ip.36.94.100.202) | - | - | High
|
||||
32 | [37.228.70.134](https://vuldb.com/?ip.37.228.70.134) | - | - | High
|
||||
33 | [37.230.114.93](https://vuldb.com/?ip.37.230.114.93) | admin1.fvds.ru | - | High
|
||||
34 | [37.230.114.248](https://vuldb.com/?ip.37.230.114.248) | kosmolot.com | - | High
|
||||
35 | [37.230.115.133](https://vuldb.com/?ip.37.230.115.133) | wdai.io | - | High
|
||||
36 | [37.230.115.138](https://vuldb.com/?ip.37.230.115.138) | i2.com | - | High
|
||||
37 | [37.230.115.184](https://vuldb.com/?ip.37.230.115.184) | 21922vdscom.com | - | High
|
||||
38 | [43.245.216.116](https://vuldb.com/?ip.43.245.216.116) | - | - | High
|
||||
39 | [45.6.16.68](https://vuldb.com/?ip.45.6.16.68) | - | - | High
|
||||
40 | [45.36.99.184](https://vuldb.com/?ip.45.36.99.184) | cpe-45-36-99-184.triad.res.rr.com | - | High
|
||||
41 | [45.167.249.126](https://vuldb.com/?ip.45.167.249.126) | - | - | High
|
||||
42 | [45.178.142.14](https://vuldb.com/?ip.45.178.142.14) | - | - | High
|
||||
43 | [45.201.134.202](https://vuldb.com/?ip.45.201.134.202) | - | - | High
|
||||
44 | [45.229.71.211](https://vuldb.com/?ip.45.229.71.211) | static-45-229-71-211.extrememt.com.br | - | High
|
||||
45 | [45.234.248.154](https://vuldb.com/?ip.45.234.248.154) | 45.-234.248-154.rev.voanet.br | - | High
|
||||
46 | [46.8.21.10](https://vuldb.com/?ip.46.8.21.10) | 53980.web.hosting-russia.ru | - | High
|
||||
47 | [46.8.21.113](https://vuldb.com/?ip.46.8.21.113) | 64403.web.hosting-russia.ru | - | High
|
||||
48 | [46.209.140.220](https://vuldb.com/?ip.46.209.140.220) | - | - | High
|
||||
49 | [46.254.128.174](https://vuldb.com/?ip.46.254.128.174) | 46.254.128.174.lanultra.net | - | High
|
||||
50 | [49.156.34.134](https://vuldb.com/?ip.49.156.34.134) | - | - | High
|
||||
51 | [51.38.101.194](https://vuldb.com/?ip.51.38.101.194) | - | - | High
|
||||
52 | [51.77.92.215](https://vuldb.com/?ip.51.77.92.215) | - | - | High
|
||||
53 | [51.81.112.144](https://vuldb.com/?ip.51.81.112.144) | - | - | High
|
||||
54 | [51.89.115.116](https://vuldb.com/?ip.51.89.115.116) | tombe.nationfox.net | - | High
|
||||
55 | [52.0.197.231](https://vuldb.com/?ip.52.0.197.231) | ec2-52-0-197-231.compute-1.amazonaws.com | - | Medium
|
||||
56 | [52.20.197.7](https://vuldb.com/?ip.52.20.197.7) | ec2-52-20-197-7.compute-1.amazonaws.com | - | Medium
|
||||
57 | [52.204.109.97](https://vuldb.com/?ip.52.204.109.97) | ec2-52-204-109-97.compute-1.amazonaws.com | - | Medium
|
||||
58 | [54.39.106.25](https://vuldb.com/?ip.54.39.106.25) | ns560342.ip-54-39-106.net | - | High
|
||||
59 | [54.221.253.252](https://vuldb.com/?ip.54.221.253.252) | ec2-54-221-253-252.compute-1.amazonaws.com | - | Medium
|
||||
60 | [60.51.47.65](https://vuldb.com/?ip.60.51.47.65) | - | - | High
|
||||
61 | [62.64.9.237](https://vuldb.com/?ip.62.64.9.237) | clients-62.64.9.237.misp.ru | - | High
|
||||
62 | [62.99.76.213](https://vuldb.com/?ip.62.99.76.213) | 213.62-99-76.static.clientes.euskaltel.es | - | High
|
||||
63 | [62.109.2.172](https://vuldb.com/?ip.62.109.2.172) | megamart24.ru | - | High
|
||||
64 | ... | ... | ... | ...
|
||||
|
||||
There are 251 more IOC items available. Please use our online service to access the data.
|
||||
There are 252 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -95,7 +102,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -104,27 +111,21 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.add` | Medium
|
||||
2 | File | `/admin/allergens/edit/1` | High
|
||||
3 | File | `/box_code_base.c` | High
|
||||
2 | File | `/admin.back` | Medium
|
||||
3 | File | `/admin/allergens/edit/1` | High
|
||||
4 | File | `/cgi-bin/logo_extra_upload.cgi` | High
|
||||
5 | File | `/core/admin/categories.php` | High
|
||||
6 | File | `/core/admin/comment.php` | High
|
||||
7 | File | `/data-service/users/` | High
|
||||
7 | File | `/etc/cobbler` | Medium
|
||||
8 | File | `/exponentcms/administration/configure_site` | High
|
||||
9 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
|
||||
10 | File | `/js/js-parser.c` | High
|
||||
11 | File | `/main?cmd=invalid_browser` | High
|
||||
12 | File | `/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users` | High
|
||||
13 | File | `/ms/cms/content/list.do` | High
|
||||
14 | File | `/northstar/Admin/changePassword.jsp` | High
|
||||
15 | File | `/northstar/Admin/login.jsp` | High
|
||||
16 | File | `/northstar/Common/NorthFileManager/fileManagerObjects.jsp` | High
|
||||
17 | File | `/northstar/filemanager/download.jsp` | High
|
||||
18 | File | `/ping.html` | Medium
|
||||
19 | File | `/secure/admin/RestoreDefaults.jspa` | High
|
||||
20 | ... | ... | ...
|
||||
9 | File | `/HandleEvent` | Medium
|
||||
10 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
|
||||
11 | File | `/js/js-parser.c` | High
|
||||
12 | File | `/main?cmd=invalid_browser` | High
|
||||
13 | File | `/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users` | High
|
||||
14 | ... | ... | ...
|
||||
|
||||
There are 164 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 114 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -144,6 +145,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/11/threat-roundup-1105-1112.html
|
||||
* https://feodotracker.abuse.ch/downloads/ipblocklist.csv
|
||||
* https://research.checkpoint.com/2021/when-old-friends-meet-again-why-emotet-chose-trickbot-for-rebirth/
|
||||
* https://securityintelligence.com/posts/new-malware-trickbot-anchordns-backdoor-upgrades-anchormail/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Zusy - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were collected during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Zusy](https://vuldb.com/?actor.zusy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ is able to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Zusy](https://vuldb.com/?actor.zusy). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.zusy](https://vuldb.com/?actor.zusy)
|
||||
|
||||
|
@ -45,21 +45,23 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
22 | [36.249.67.210](https://vuldb.com/?ip.36.249.67.210) | - | - | High
|
||||
23 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
|
||||
24 | [38.110.100.64](https://vuldb.com/?ip.38.110.100.64) | - | - | High
|
||||
25 | [40.97.116.82](https://vuldb.com/?ip.40.97.116.82) | - | - | High
|
||||
26 | [40.97.153.146](https://vuldb.com/?ip.40.97.153.146) | - | - | High
|
||||
27 | [40.97.160.2](https://vuldb.com/?ip.40.97.160.2) | - | - | High
|
||||
28 | [40.97.164.146](https://vuldb.com/?ip.40.97.164.146) | - | - | High
|
||||
29 | [40.97.188.226](https://vuldb.com/?ip.40.97.188.226) | - | - | High
|
||||
30 | [41.57.156.203](https://vuldb.com/?ip.41.57.156.203) | - | - | High
|
||||
31 | [42.62.20.137](https://vuldb.com/?ip.42.62.20.137) | - | - | High
|
||||
32 | [43.252.159.63](https://vuldb.com/?ip.43.252.159.63) | ipv4-63-159-252.as55666.net | - | High
|
||||
33 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
|
||||
34 | [44.240.138.42](https://vuldb.com/?ip.44.240.138.42) | ec2-44-240-138-42.us-west-2.compute.amazonaws.com | - | Medium
|
||||
35 | [45.9.20.202](https://vuldb.com/?ip.45.9.20.202) | - | - | High
|
||||
36 | [45.144.225.236](https://vuldb.com/?ip.45.144.225.236) | - | - | High
|
||||
37 | ... | ... | ... | ...
|
||||
25 | [40.76.4.15](https://vuldb.com/?ip.40.76.4.15) | - | - | High
|
||||
26 | [40.97.116.82](https://vuldb.com/?ip.40.97.116.82) | - | - | High
|
||||
27 | [40.97.153.146](https://vuldb.com/?ip.40.97.153.146) | - | - | High
|
||||
28 | [40.97.160.2](https://vuldb.com/?ip.40.97.160.2) | - | - | High
|
||||
29 | [40.97.164.146](https://vuldb.com/?ip.40.97.164.146) | - | - | High
|
||||
30 | [40.97.188.226](https://vuldb.com/?ip.40.97.188.226) | - | - | High
|
||||
31 | [40.112.72.205](https://vuldb.com/?ip.40.112.72.205) | - | - | High
|
||||
32 | [40.113.200.201](https://vuldb.com/?ip.40.113.200.201) | - | - | High
|
||||
33 | [41.57.156.203](https://vuldb.com/?ip.41.57.156.203) | - | - | High
|
||||
34 | [42.62.20.137](https://vuldb.com/?ip.42.62.20.137) | - | - | High
|
||||
35 | [43.252.159.63](https://vuldb.com/?ip.43.252.159.63) | ipv4-63-159-252.as55666.net | - | High
|
||||
36 | [44.238.161.76](https://vuldb.com/?ip.44.238.161.76) | ec2-44-238-161-76.us-west-2.compute.amazonaws.com | - | Medium
|
||||
37 | [44.240.138.42](https://vuldb.com/?ip.44.240.138.42) | ec2-44-240-138-42.us-west-2.compute.amazonaws.com | - | Medium
|
||||
38 | [45.9.20.202](https://vuldb.com/?ip.45.9.20.202) | - | - | High
|
||||
39 | ... | ... | ... | ...
|
||||
|
||||
There are 146 more IOC items available. Please use our online service to access the data.
|
||||
There are 153 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -98,30 +100,30 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `/product_list.php` | High
|
||||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
19 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
20 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
21 | File | `/see_more_details.php` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
24 | File | `/WEB-INF/web.xml` | High
|
||||
25 | File | `/web/frames/` | Medium
|
||||
26 | File | `AccountManager.java` | High
|
||||
27 | File | `adclick.php` | Medium
|
||||
28 | File | `addentry.php` | Medium
|
||||
29 | File | `admin.cgi?action=upgrade` | High
|
||||
30 | File | `admin.php` | Medium
|
||||
31 | File | `admin/executar_login.php` | High
|
||||
32 | File | `admin/index.php?mode=tools&page=upload` | High
|
||||
33 | File | `admin/pageUploadCSV.php` | High
|
||||
34 | File | `admin/setting.php` | High
|
||||
35 | File | `AdminQuickAccessesController.php` | High
|
||||
36 | File | `ajax/aj_*.php` | High
|
||||
37 | File | `alipay/alipayapi.php` | High
|
||||
38 | File | `auth.inc.php` | Medium
|
||||
39 | File | `auth.py` | Low
|
||||
19 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
20 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | File | `/see_more_details.php` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
25 | File | `/WEB-INF/web.xml` | High
|
||||
26 | File | `/web/frames/` | Medium
|
||||
27 | File | `AccountManager.java` | High
|
||||
28 | File | `adclick.php` | Medium
|
||||
29 | File | `addentry.php` | Medium
|
||||
30 | File | `admin.cgi?action=upgrade` | High
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin/executar_login.php` | High
|
||||
33 | File | `admin/index.php?mode=tools&page=upload` | High
|
||||
34 | File | `admin/pageUploadCSV.php` | High
|
||||
35 | File | `admin/setting.php` | High
|
||||
36 | File | `AdminQuickAccessesController.php` | High
|
||||
37 | File | `ajax/aj_*.php` | High
|
||||
38 | File | `alipay/alipayapi.php` | High
|
||||
39 | File | `auth.inc.php` | Medium
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 343 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 344 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -143,6 +145,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0128-0204.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0211-0218.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0218-0225.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
Loading…
Reference in New Issue