Update
This commit is contained in:
parent
b9e5acb9da
commit
40e55ae5b0
|
@ -1,6 +1,6 @@
|
|||
# 9002 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [9002](https://vuldb.com/?actor.9002). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [9002](https://vuldb.com/?actor.9002). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.9002](https://vuldb.com/?actor.9002)
|
||||
|
||||
|
@ -29,9 +29,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT-C-01 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT-C-01](https://vuldb.com/?actor.apt-c-01). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT-C-01](https://vuldb.com/?actor.apt-c-01). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt-c-01](https://vuldb.com/?actor.apt-c-01)
|
||||
|
||||
|
@ -23,7 +23,7 @@ ID | IP address | Hostname | Confidence
|
|||
-- | ---------- | -------- | ----------
|
||||
1 | 45.32.8.137 | 45.32.8.137.vultr.com | Medium
|
||||
2 | 45.76.125.176 | 45.76.125.176.vultr.com | Medium
|
||||
3 | 45.76.228.61 | 45.76.228.61.vultr.com | Medium
|
||||
3 | 45.76.228.61 | - | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -47,15 +47,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/goform/saveParentControlInfo` | High
|
||||
3 | File | `/uncpath/` | Medium
|
||||
4 | File | `2020\Messages\SDNotify.exe` | High
|
||||
5 | File | `admin/admin_disallow.php` | High
|
||||
6 | File | `email.php` | Medium
|
||||
7 | File | `entry.cgi` | Medium
|
||||
8 | File | `ext/date/lib/parse_date.c` | High
|
||||
9 | File | `goto.php` | Medium
|
||||
10 | File | `index.php?tg=delegat&idx=mem` | High
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 25 more IOA items available. Please use our online service to access the data.
|
||||
There are 33 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -67,9 +61,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT-C-36 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT-C-36](https://vuldb.com/?actor.apt-c-36). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT-C-36](https://vuldb.com/?actor.apt-c-36). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt-c-36](https://vuldb.com/?actor.apt-c-36)
|
||||
|
||||
|
@ -46,16 +46,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `FileSeek.cgi` | Medium
|
||||
3 | File | `includes/dbal.php` | High
|
||||
4 | File | `index.php` | Medium
|
||||
5 | File | `modules/mappers/mod_rewrite.c` | High
|
||||
6 | File | `personalData/resumeDetail.cfm` | High
|
||||
7 | File | `prod.php` | Medium
|
||||
8 | File | `products.php` | Medium
|
||||
9 | File | `shop.pl` | Low
|
||||
10 | File | `software-description.php` | High
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOA items available. Please use our online service to access the data.
|
||||
There are 17 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -67,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT1 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT1](https://vuldb.com/?actor.apt1). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT1](https://vuldb.com/?actor.apt1). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt1](https://vuldb.com/?actor.apt1)
|
||||
|
||||
|
@ -31,11 +31,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 23.236.62.147 | 147.62.236.23.bc.googleusercontent.com | Medium
|
||||
2 | 27.102.112.179 | - | High
|
||||
3 | 58.246. | - | High
|
||||
4 | 58.247. | - | High
|
||||
5 | 67.222.16.131 | host.dnsweb.org | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -46,10 +44,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,19 +54,44 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.nylas-mail` | High
|
||||
2 | File | `$JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups` | High
|
||||
3 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
|
||||
4 | File | `%ProgramData%\CTES` | High
|
||||
5 | File | `%PROGRAMFILES%\Cylance\Desktop\log` | High
|
||||
6 | File | `%SYSTEMDRIVE%\ProgramData\exclusions.dat` | High
|
||||
7 | File | `'phpshell.php` | High
|
||||
8 | File | `*-sub-menu.php` | High
|
||||
9 | File | `-X/path/to/wwwroot/file.php.` | High
|
||||
10 | File | `.../gogo/` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/admin/ajax/file-browser/upload/` | High
|
||||
4 | File | `/admin/pictures` | High
|
||||
5 | File | `/authenticationendpoint/domain.jsp` | High
|
||||
6 | File | `/cmf/process/<process_id>/logs` | High
|
||||
7 | File | `/dashbuilder/Controller` | High
|
||||
8 | File | `/getcfg.php` | Medium
|
||||
9 | File | `/goform/addressNat` | High
|
||||
10 | File | `/goform/SysToolReboot` | High
|
||||
11 | File | `/jpg/image.jpg` | High
|
||||
12 | File | `/main.html` | Medium
|
||||
13 | File | `/mc-admin/post.php?state=delete&delete` | High
|
||||
14 | File | `/member/myfriend.php` | High
|
||||
15 | File | `/member/pm.php` | High
|
||||
16 | File | `/member/uploads_select.php` | High
|
||||
17 | File | `/public/common/umeditor/php/getcontent.php` | High
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/robot/initialize` | High
|
||||
20 | File | `/systemrw/` | Medium
|
||||
21 | File | `/tmp` | Low
|
||||
22 | File | `/tmp/csman/0` | Medium
|
||||
23 | File | `/UDPUpdates/Config/FullUpdateSettings.xml` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/bin/pkexec` | High
|
||||
26 | File | `/var` | Low
|
||||
27 | File | `/WebMstr7/servlet/mstrWeb` | High
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | File | `adm/boardgroup_form_update.php` | High
|
||||
30 | File | `admin.php?mod=db&act=del` | High
|
||||
31 | File | `admin.php?moduleid=2&action=add` | High
|
||||
32 | File | `admin/category.inc.php` | High
|
||||
33 | File | `admin/check.asp` | High
|
||||
34 | File | `admin/code/tce_functions_tcecode_editor.php` | High
|
||||
35 | File | `admin/content/editcontent?id=29&gopage=1` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 10537 more IOA items available. Please use our online service to access the data.
|
||||
There are 308 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -84,9 +106,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT10 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT10](https://vuldb.com/?actor.apt10). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT10](https://vuldb.com/?actor.apt10). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt10](https://vuldb.com/?actor.apt10)
|
||||
|
||||
|
@ -16,11 +16,11 @@ The following campaigns are known and can be associated with APT10:
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT10:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* RU
|
||||
* DE
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -46,11 +46,14 @@ ID | IP address | Hostname | Confidence
|
|||
16 | 38.72.114.16 | - | High
|
||||
17 | 38.72.115.9 | - | High
|
||||
18 | 45.62.112.161 | 45.62.112.161.16clouds.com | High
|
||||
19 | 45.138.157.83 | lilanews.serveexchange.com | High
|
||||
19 | 45.138.157.83 | vm339806.pq.hosting | High
|
||||
20 | 46.108.39.134 | - | High
|
||||
21 | ... | ... | ...
|
||||
21 | 50.2.160.104 | - | High
|
||||
22 | 52.74.71.131 | ec2-52-74-71-131.ap-southeast-1.compute.amazonaws.com | Medium
|
||||
23 | 52.74.213.16 | ec2-52-74-213-16.ap-southeast-1.compute.amazonaws.com | Medium
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 94 more IOC items available. Please use our online service to access the data.
|
||||
There are 91 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -63,7 +66,7 @@ ID | Technique | Description | Confidence
|
|||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -71,19 +74,41 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/addnews.html` | High
|
||||
4 | File | `/admin/index.php` | High
|
||||
5 | File | `/assets/something/services/AppModule.class` | High
|
||||
6 | File | `/cgi-bin/admin/testserver.cgi` | High
|
||||
7 | File | `/cgi-bin/go` | Medium
|
||||
8 | File | `/dev/kvm` | Medium
|
||||
9 | File | `/etc/config/rpcd` | High
|
||||
10 | File | `/etc/gsissh/sshd_config` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `.htpasswd` | Medium
|
||||
2 | File | `/../conf/config.properties` | High
|
||||
3 | File | `/drivers/infiniband/core/cm.c` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/horde/util/go.php` | High
|
||||
6 | File | `/images/` | Medium
|
||||
7 | File | `/inc/parser/xhtml.php` | High
|
||||
8 | File | `/login` | Low
|
||||
9 | File | `/mgmt/shared/authz/users/` | High
|
||||
10 | File | `/modules/profile/index.php` | High
|
||||
11 | File | `/out.php` | Medium
|
||||
12 | File | `/public/plugins/` | High
|
||||
13 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
14 | File | `/system/proxy` | High
|
||||
15 | File | `/tmp/phpglibccheck` | High
|
||||
16 | File | `/uncpath/` | Medium
|
||||
17 | File | `adclick.php` | Medium
|
||||
18 | File | `add.php` | Low
|
||||
19 | File | `addentry.php` | Medium
|
||||
20 | File | `addressbookprovider.php` | High
|
||||
21 | File | `admin/htaccess/bpsunlock.php` | High
|
||||
22 | File | `ajax_udf.php` | Medium
|
||||
23 | File | `application.js.php` | High
|
||||
24 | File | `apply.cgi` | Medium
|
||||
25 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
26 | File | `authenticate.c` | High
|
||||
27 | File | `Authenticate.class.php` | High
|
||||
28 | File | `base_maintenance.php` | High
|
||||
29 | File | `booking_details.php` | High
|
||||
30 | File | `browse.php` | Medium
|
||||
31 | File | `browser/thumbnails/render_widget_snapshot_taker.cc` | High
|
||||
32 | File | `bufferobject.c` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 481 more IOA items available. Please use our online service to access the data.
|
||||
There are 280 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -101,9 +126,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT12 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT12](https://vuldb.com/?actor.apt12). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT12](https://vuldb.com/?actor.apt12). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt12](https://vuldb.com/?actor.apt12)
|
||||
|
||||
|
@ -15,6 +15,7 @@ The following campaigns are known and can be associated with APT12:
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT12:
|
||||
|
||||
* ES
|
||||
* AR
|
||||
* US
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
@ -26,12 +27,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 32.114.251.129 | - | High
|
||||
2 | 59.0.249.11 | - | High
|
||||
3 | 92.54.232.142 | - | High
|
||||
4 | 98.188.111.244 | - | High
|
||||
5 | 133.87.242.63 | turonian.cris.hokudai.ac.jp | High
|
||||
6 | 133.87.242.631 | - | High
|
||||
7 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -48,7 +46,9 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | Network Port | `tcp/264` | Low
|
||||
1 | File | `/wp-admin/admin-ajax.php` | High
|
||||
2 | Argument | `repeater` | Medium
|
||||
3 | Network Port | `tcp/264` | Low
|
||||
|
||||
## References
|
||||
|
||||
|
@ -61,9 +61,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT19 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT19](https://vuldb.com/?actor.apt19). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT19](https://vuldb.com/?actor.apt19). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt19](https://vuldb.com/?actor.apt19)
|
||||
|
||||
|
@ -40,9 +40,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT2 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT2](https://vuldb.com/?actor.apt2). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT2](https://vuldb.com/?actor.apt2). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt2](https://vuldb.com/?actor.apt2)
|
||||
|
||||
|
@ -31,15 +31,9 @@ ID | IP address | Hostname | Confidence
|
|||
6 | 61.78.37.121 | - | High
|
||||
7 | 61.78.75.96 | - | High
|
||||
8 | 61.221.54.99 | 61-221-54-99.hinet-ip.hinet.net | High
|
||||
9 | 67.42.255.50 | rory.net | High
|
||||
10 | 100.42.216.230 | tfs2480.sipnav.in | High
|
||||
11 | 121.157.104.122 | - | High
|
||||
12 | 134.129.140.212 | eercvpn.eerc.und.nodak.edu | High
|
||||
13 | 140.112.19.195 | ipserver.ee.ntu.edu.tw | High
|
||||
14 | 140.112.40.7 | bpADServer.bp.ntu.edu.tw | High
|
||||
15 | ... | ... | ...
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 28 more IOC items available. Please use our online service to access the data.
|
||||
There are 34 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -70,9 +64,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT27 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT27](https://vuldb.com/?actor.apt27). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT27](https://vuldb.com/?actor.apt27). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt27](https://vuldb.com/?actor.apt27)
|
||||
|
||||
|
@ -19,7 +19,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* ES
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,11 +30,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 34.90.207.23 | 23.207.90.34.bc.googleusercontent.com | Medium
|
||||
2 | 34.93.247.126 | 126.247.93.34.bc.googleusercontent.com | Medium
|
||||
3 | 35.187.148.253 | 253.148.187.35.bc.googleusercontent.com | Medium
|
||||
4 | 35.220.135.85 | 85.135.220.35.bc.googleusercontent.com | Medium
|
||||
5 | 45.142.214.188 | mts.ru | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -45,10 +43,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1008 | Algorithm Downgrade | High
|
||||
2 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | Cross Site Scripting | High
|
||||
4 | T1068 | Execution with Unnecessary Privileges | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -63,12 +60,23 @@ ID | Type | Indicator | Confidence
|
|||
5 | File | `/infusions/shoutbox_panel/shoutbox_admin.php` | High
|
||||
6 | File | `/oscommerce/admin/currencies.php` | High
|
||||
7 | File | `/proc/pid/syscall` | High
|
||||
8 | File | `/session/list/allActiveSession` | High
|
||||
9 | File | `/syslog_rules` | High
|
||||
10 | File | `/upload` | Low
|
||||
11 | ... | ... | ...
|
||||
8 | File | `/rapi/read_url` | High
|
||||
9 | File | `/session/list/allActiveSession` | High
|
||||
10 | File | `/syslog_rules` | High
|
||||
11 | File | `/upload` | Low
|
||||
12 | File | `/users/{id}` | Medium
|
||||
13 | File | `/video` | Low
|
||||
14 | File | `ActivityManagerService.java` | High
|
||||
15 | File | `adaptmap_reg.c` | High
|
||||
16 | File | `admin.cgi` | Medium
|
||||
17 | File | `admin.php` | Medium
|
||||
18 | File | `admin.php?action=files` | High
|
||||
19 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
|
||||
20 | File | `album_portal.php` | High
|
||||
21 | File | `al_initialize.php` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 186 more IOA items available. Please use our online service to access the data.
|
||||
There are 179 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -82,9 +90,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -19,9 +19,12 @@ There are 3 more campaign items available. Please use our online service to acce
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT28:
|
||||
|
||||
* NL
|
||||
* RO
|
||||
* US
|
||||
* RU
|
||||
* BG
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -34,7 +37,7 @@ ID | IP address | Hostname | Confidence
|
|||
3 | 5.100.155.91 | 5.100.155-91.publicdomainregistry.com | High
|
||||
4 | 5.135.183.154 | ns3290077.ip-5-135-183.eu | High
|
||||
5 | 5.199.171.58 | - | High
|
||||
6 | 23.163.0.59 | naomi.rem2d.com | High
|
||||
6 | 23.163.0.59 | - | High
|
||||
7 | 23.227.196.21 | 23-227-196-21.static.hvvc.us | High
|
||||
8 | 23.227.196.215 | 23-227-196-215.static.hvvc.us | High
|
||||
9 | 23.227.196.217 | 23-227-196-217.static.hvvc.us | High
|
||||
|
@ -61,8 +64,8 @@ ID | IP address | Hostname | Confidence
|
|||
30 | 58.49.58.58 | - | High
|
||||
31 | 62.113.232.197 | - | High
|
||||
32 | 66.172.11.207 | ip-66-172-11-207.chunkhost.com | High
|
||||
33 | 66.172.12.133 | - | High
|
||||
34 | 69.12.73.174 | 69.12.73.174.static.quadranet.com | High
|
||||
33 | 66.172.12.133 | ip-66-172-12-133.chunkhost.com | High
|
||||
34 | 69.12.73.174 | - | High
|
||||
35 | 70.85.221.10 | server002.nilsson-it.dk | High
|
||||
36 | 70.85.221.20 | 14.dd.5546.static.theplanet.com | High
|
||||
37 | 76.74.177.251 | ip-76-74-177-251.chunkhost.com | High
|
||||
|
@ -77,7 +80,7 @@ ID | IP address | Hostname | Confidence
|
|||
46 | 81.17.30.29 | - | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 185 more IOC items available. Please use our online service to access the data.
|
||||
There are 184 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -87,7 +90,10 @@ ID | Technique | Description | Confidence
|
|||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1587.003 | Improper Certificate Validation | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -95,12 +101,43 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `elFinder.class.php` | High
|
||||
2 | File | `inc/config.php` | High
|
||||
3 | File | `ot_coupon.php` | High
|
||||
4 | ... | ... | ...
|
||||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/admin/config.php?display=disa&view=form` | High
|
||||
5 | File | `/category_view.php` | High
|
||||
6 | File | `/dev/kmem` | Medium
|
||||
7 | File | `/filemanager/upload.php` | High
|
||||
8 | File | `/medical/inventories.php` | High
|
||||
9 | File | `/monitoring` | Medium
|
||||
10 | File | `/NAGErrors` | Medium
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/proc/ioports` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/reports/rwservlet` | High
|
||||
16 | File | `/RestAPI` | Medium
|
||||
17 | File | `/tmp` | Low
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/var/log/nginx` | High
|
||||
21 | File | `/wp-admin/admin.php` | High
|
||||
22 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
23 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
24 | File | `admin/app/mediamanager` | High
|
||||
25 | File | `admin/index.php` | High
|
||||
26 | File | `admin\model\catalog\download.php` | High
|
||||
27 | File | `afr.php` | Low
|
||||
28 | File | `apcupsd.pid` | Medium
|
||||
29 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
|
||||
30 | File | `api/sms/send-sms` | High
|
||||
31 | File | `api/v1/alarms` | High
|
||||
32 | File | `application/controller/InstallerController.php` | High
|
||||
33 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
|
||||
34 | File | `arformcontroller.php` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 8 more IOA items available. Please use our online service to access the data.
|
||||
There are 297 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT3 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT3](https://vuldb.com/?actor.apt3). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT3](https://vuldb.com/?actor.apt3). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt3](https://vuldb.com/?actor.apt3)
|
||||
|
||||
|
@ -27,10 +27,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 23.99.20.198 | - | High
|
||||
2 | 54.169.89.240 | ec2-54-169-89-240.ap-southeast-1.compute.amazonaws.com | Medium
|
||||
3 | 104.151.248.173 | 173.248-151-104.rdns.scalabledns.com | High
|
||||
4 | 107.20.255.57 | ec2-107-20-255-57.compute-1.amazonaws.com | Medium
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -57,9 +56,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -17,8 +17,8 @@ The following campaigns are known and can be associated with APT33:
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
|
||||
|
||||
* FR
|
||||
* PL
|
||||
* SV
|
||||
* PL
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
@ -69,31 +69,31 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/admin.php?module=admin_access_group_edit&aagID` | High
|
||||
2 | File | `/admin/customers.php?page=1&cID` | High
|
||||
3 | File | `/api/ZRMesh/set_ZRMesh` | High
|
||||
4 | File | `/appliance/shiftmgn.php` | High
|
||||
5 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
|
||||
6 | File | `/etc/quagga` | Medium
|
||||
7 | File | `/fw/index2.do` | High
|
||||
8 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
|
||||
9 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
10 | File | `/jerry-core/jmem/jmem-heap.c` | High
|
||||
11 | File | `/moddable/xs/sources/xsScript.c` | High
|
||||
12 | File | `/parser/js/js-parser-expr.c` | High
|
||||
13 | File | `/preferences/tags` | High
|
||||
14 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
15 | File | `/transmission/web/` | High
|
||||
16 | File | `/uploads/exam_question/` | High
|
||||
17 | File | `/usr/bin/pkexec` | High
|
||||
18 | File | `/usr/local/bin/mjs` | High
|
||||
19 | File | `AccessPoint.java` | High
|
||||
20 | File | `account_sponsor_page.php` | High
|
||||
21 | File | `acknow.php` | Medium
|
||||
22 | File | `acropora/app/identity/ic.c` | High
|
||||
23 | File | `acropora/app/identity/identity_support.c` | High
|
||||
24 | File | `actions.php` | Medium
|
||||
3 | File | `/administrator/components/menu/` | High
|
||||
4 | File | `/administrator/components/table_manager/` | High
|
||||
5 | File | `/api/ZRMesh/set_ZRMesh` | High
|
||||
6 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
|
||||
7 | File | `/etc/quagga` | Medium
|
||||
8 | File | `/fw/index2.do` | High
|
||||
9 | File | `/Hospital-Management-System-master/func.php` | High
|
||||
10 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
|
||||
11 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
12 | File | `/jerry-core/jmem/jmem-heap.c` | High
|
||||
13 | File | `/moddable/xs/sources/xsScript.c` | High
|
||||
14 | File | `/parser/js/js-parser-expr.c` | High
|
||||
15 | File | `/preferences/tags` | High
|
||||
16 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
17 | File | `/transmission/web/` | High
|
||||
18 | File | `/uploads/exam_question/` | High
|
||||
19 | File | `/usr/bin/pkexec` | High
|
||||
20 | File | `/usr/local/bin/mjs` | High
|
||||
21 | File | `1.2.2.pl4` | Medium
|
||||
22 | File | `AccessPoint.java` | High
|
||||
23 | File | `account_sponsor_page.php` | High
|
||||
24 | File | `acknow.php` | Medium
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 207 more IOA items available. Please use our online service to access the data.
|
||||
There are 214 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -92,10 +92,9 @@ ID | Type | Indicator | Confidence
|
|||
32 | File | `admin/index.php` | High
|
||||
33 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
|
||||
34 | File | `admin/system_manage/save.html` | High
|
||||
35 | File | `ajax.php` | Medium
|
||||
36 | ... | ... | ...
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available. Please use our online service to access the data.
|
||||
There are 303 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT36 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT36](https://vuldb.com/?actor.apt36). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT36](https://vuldb.com/?actor.apt36). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt36](https://vuldb.com/?actor.apt36)
|
||||
|
||||
|
@ -19,7 +19,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* RU
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -38,17 +38,9 @@ ID | IP address | Hostname | Confidence
|
|||
9 | 75.98.175.79 | a2s83.a2hosting.com | High
|
||||
10 | 75.119.139.169 | server1.immacolata.com | High
|
||||
11 | 80.240.134.51 | - | High
|
||||
12 | 82.196.13.94 | - | High
|
||||
13 | 95.85.43.35 | - | High
|
||||
14 | 95.168.176.141 | - | High
|
||||
15 | 107.175.64.209 | 107-175-64-209-host.colocrossing.com | High
|
||||
16 | 107.175.64.251 | 107-175-64-251-host.colocrossing.com | High
|
||||
17 | 151.106.14.125 | - | High
|
||||
18 | 151.106.19.218 | - | High
|
||||
19 | 151.106.56.32 | - | High
|
||||
20 | ... | ... | ...
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 38 more IOC items available. Please use our online service to access the data.
|
||||
There are 46 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -73,15 +65,31 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/inc/HTTPClient.php` | High
|
||||
4 | File | `/out.php` | Medium
|
||||
5 | File | `/service/upload` | High
|
||||
6 | File | `/uncpath/` | Medium
|
||||
7 | File | `adclick.php` | Medium
|
||||
8 | File | `add_comment.php` | High
|
||||
9 | File | `admin/system_manage/save.html` | High
|
||||
10 | File | `admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list` | High
|
||||
11 | ... | ... | ...
|
||||
5 | File | `/products/details.asp` | High
|
||||
6 | File | `/service/upload` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `adclick.php` | Medium
|
||||
9 | File | `add_comment.php` | High
|
||||
10 | File | `admin/system_manage/save.html` | High
|
||||
11 | File | `admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list` | High
|
||||
12 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
13 | File | `arm/t7xx/r5p0/mali_kbase_core_linux.c` | High
|
||||
14 | File | `awstats.pl` | Medium
|
||||
15 | File | `books.php` | Medium
|
||||
16 | File | `bridge/yabbse.inc.php` | High
|
||||
17 | File | `cachemgr.cgi` | Medium
|
||||
18 | File | `captcha.php` | Medium
|
||||
19 | File | `catagorie.php` | High
|
||||
20 | File | `category.php` | Medium
|
||||
21 | File | `cgi-bin/` | Medium
|
||||
22 | File | `cgi-bin/cmh/webcam.sh` | High
|
||||
23 | File | `channels/chan_skinny.c` | High
|
||||
24 | File | `clwarn.cgi` | Medium
|
||||
25 | File | `coders/dcm.c` | Medium
|
||||
26 | File | `comment_add.asp` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 232 more IOA items available. Please use our online service to access the data.
|
||||
There are 229 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -94,9 +102,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT37 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT37](https://vuldb.com/?actor.apt37). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT37](https://vuldb.com/?actor.apt37). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt37](https://vuldb.com/?actor.apt37)
|
||||
|
||||
|
@ -54,11 +54,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `examples/openid.php` | High
|
||||
2 | File | `FormDisplay.php` | High
|
||||
3 | File | `includes/startup.php` | High
|
||||
4 | File | `libraries/Header.php` | High
|
||||
5 | File | `wp-includes/class-wp-query.php` | High
|
||||
6 | Argument | `name` | Low
|
||||
7 | Argument | `Password` | Medium
|
||||
8 | Argument | `STARTTLS` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -71,9 +69,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# APT39 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT39](https://vuldb.com/?actor.apt39). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT39](https://vuldb.com/?actor.apt39). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt39](https://vuldb.com/?actor.apt39)
|
||||
|
||||
|
@ -19,7 +19,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* GB
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,12 +30,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 83.142.230.113 | - | High
|
||||
2 | 86.105.227.224 | - | High
|
||||
3 | 87.117.204.113 | - | High
|
||||
4 | 87.117.204.115 | - | High
|
||||
5 | 89.38.97.112 | - | High
|
||||
6 | 89.38.97.115 | - | High
|
||||
7 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -57,18 +54,15 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//etc/RT2870STA.dat` | High
|
||||
2 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
|
||||
3 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
4 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
5 | File | `/uncpath/` | Medium
|
||||
6 | File | `/var/log/nginx` | High
|
||||
7 | File | `admin/index.php` | High
|
||||
8 | File | `advertiser.php` | High
|
||||
9 | File | `akocomments.php` | High
|
||||
10 | File | `al_initialize.php` | High
|
||||
11 | ... | ... | ...
|
||||
2 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
|
||||
3 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
|
||||
4 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
5 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
6 | File | `/server-status` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 49 more IOA items available. Please use our online service to access the data.
|
||||
There are 56 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -82,9 +76,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -33,7 +33,7 @@ ID | IP address | Hostname | Confidence
|
|||
3 | 5.183.103.122 | - | High
|
||||
4 | 5.188.93.132 | gcorelabs.paris.vpn015 | High
|
||||
5 | 5.188.108.22 | pol1.htjsq.com | High
|
||||
6 | 5.188.108.228 | xc5.exclusivacondominios.com | High
|
||||
6 | 5.188.108.228 | keyvpn.warsawa | High
|
||||
7 | 5.189.222.33 | spain466.es | High
|
||||
8 | 23.67.95.153 | a23-67-95-153.deploy.static.akamaitechnologies.com | High
|
||||
9 | 43.255.191.255 | - | High
|
||||
|
@ -89,9 +89,10 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `addentry.php` | Medium
|
||||
23 | File | `addrating.php` | High
|
||||
24 | ... | ... | ...
|
||||
24 | File | `admin/conf_users_edit.php` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 203 more IOA items available. Please use our online service to access the data.
|
||||
There are 205 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ These indicators of compromise indicate associated network ressources which are
|
|||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 5.2.67.85 | mail.astrilll.com | High
|
||||
2 | 5.2.73.67 | - | High
|
||||
2 | 5.2.73.67 | brokendip.cfd | High
|
||||
3 | 37.59.236.232 | 37.59.236.232.rdns.hasaserver.com | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
|
@ -58,7 +58,7 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `admin.php` | Medium
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 74 more IOA items available. Please use our online service to access the data.
|
||||
There are 75 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Amnesia - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Amnesia](https://vuldb.com/?actor.amnesia). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Amnesia](https://vuldb.com/?actor.amnesia). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.amnesia](https://vuldb.com/?actor.amnesia)
|
||||
|
||||
|
@ -46,9 +46,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/api/addusers` | High
|
||||
2 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
|
||||
3 | File | `/public/login.htm` | High
|
||||
4 | File | `forumrunner/includes/moderation.php` | High
|
||||
5 | Argument | `Password` | Medium
|
||||
6 | Argument | `postids` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -60,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Astro Locker - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Astro Locker](https://vuldb.com/?actor.astro_locker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Astro Locker](https://vuldb.com/?actor.astro_locker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.astro_locker](https://vuldb.com/?actor.astro_locker)
|
||||
|
||||
|
@ -33,16 +33,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/htmlcode/html/indexdefault.asp` | High
|
||||
2 | File | `ajax_admin_apis.php` | High
|
||||
3 | File | `ajax_php_pecl.php` | High
|
||||
4 | File | `books.php` | Medium
|
||||
5 | File | `category.cfm` | Medium
|
||||
6 | Argument | `bookid` | Low
|
||||
7 | Argument | `cat` | Low
|
||||
8 | Argument | `employee_id` | Medium
|
||||
9 | Argument | `line` | Low
|
||||
10 | Argument | `phpversion` | Medium
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
There are 11 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -54,9 +47,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# BabyShark - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BabyShark](https://vuldb.com/?actor.babyshark). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BabyShark](https://vuldb.com/?actor.babyshark). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.babyshark](https://vuldb.com/?actor.babyshark)
|
||||
|
||||
|
@ -28,9 +28,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# BackdoorDiplomacy - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BackdoorDiplomacy](https://vuldb.com/?actor.backdoordiplomacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BackdoorDiplomacy](https://vuldb.com/?actor.backdoordiplomacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.backdoordiplomacy](https://vuldb.com/?actor.backdoordiplomacy)
|
||||
|
||||
|
@ -24,12 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 23.83.224.178 | 23.83.224.178.16clouds.com | High
|
||||
2 | 23.106.140.207 | 23.106.140.207.16clouds.com | High
|
||||
3 | 23.228.203.130 | unassigned.psychz.net | High
|
||||
4 | 23.247.47.252 | - | High
|
||||
5 | 43.225.126.179 | - | High
|
||||
6 | 43.251.105.139 | - | High
|
||||
7 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -53,16 +50,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/clientes/visualizar` | High
|
||||
2 | File | `/oputilsServlet` | High
|
||||
3 | File | `admin/conf_users_edit.php` | High
|
||||
4 | File | `data/gbconfiguration.dat` | High
|
||||
5 | File | `shoutbox.php` | Medium
|
||||
6 | File | `wp-admin/post.php` | High
|
||||
7 | File | `wp-login.php` | Medium
|
||||
8 | Argument | `action` | Low
|
||||
9 | Argument | `description` | Medium
|
||||
10 | Argument | `filePath0` | Medium
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available. Please use our online service to access the data.
|
||||
There are 18 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -74,9 +64,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# BadPatch - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BadPatch](https://vuldb.com/?actor.badpatch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BadPatch](https://vuldb.com/?actor.badpatch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.badpatch](https://vuldb.com/?actor.badpatch)
|
||||
|
||||
|
@ -28,7 +28,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `includes/pages.inc.php` | High
|
||||
2 | File | `setup.cgi` | Medium
|
||||
3 | Argument | `PagePrefix` | Medium
|
||||
4 | Argument | `TimeToLive` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -40,9 +42,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Banload - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Banload](https://vuldb.com/?actor.banload). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Banload](https://vuldb.com/?actor.banload). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.banload](https://vuldb.com/?actor.banload)
|
||||
|
||||
|
@ -30,15 +30,9 @@ ID | IP address | Hostname | Confidence
|
|||
12 | 52.217.48.70 | s3-1.amazonaws.com | Medium
|
||||
13 | 52.217.79.142 | s3-1.amazonaws.com | Medium
|
||||
14 | 52.217.85.222 | s3-1.amazonaws.com | Medium
|
||||
15 | 74.119.119.139 | - | High
|
||||
16 | 74.125.192.94 | qn-in-f94.1e100.net | High
|
||||
17 | 142.250.80.2 | lga34s33-in-f2.1e100.net | High
|
||||
18 | 142.250.80.3 | lga34s33-in-f3.1e100.net | High
|
||||
19 | 142.250.111.154 | gb-in-f154.1e100.net | High
|
||||
20 | 143.204.150.172 | server-143-204-150-172.ewr52.r.cloudfront.net | High
|
||||
21 | ... | ... | ...
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 50 more IOC items available. Please use our online service to access the data.
|
||||
There are 56 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -65,13 +59,9 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/index.php` | Medium
|
||||
5 | File | `/lua/set-passwd.lua` | High
|
||||
6 | File | `/oauth/authorize` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `/user/user/edit.php` | High
|
||||
9 | File | `backupsettings.html` | High
|
||||
10 | File | `comment_add.asp` | High
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 41 more IOA items available. Please use our online service to access the data.
|
||||
There are 45 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -85,9 +75,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
103
Barys/README.md
103
Barys/README.md
|
@ -1,23 +1,105 @@
|
|||
# Barys - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Barys](https://vuldb.com/?actor.barys). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Barys](https://vuldb.com/?actor.barys). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.barys](https://vuldb.com/?actor.barys)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Barys:
|
||||
|
||||
* US
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Barys.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 52.137.90.34 | - | High
|
||||
2 | 52.185.71.28 | - | High
|
||||
3 | 74.125.192.138 | qn-in-f138.1e100.net | High
|
||||
4 | 104.18.11.39 | - | High
|
||||
5 | 172.217.222.138 | qi-in-f138.1e100.net | High
|
||||
6 | ... | ... | ...
|
||||
1 | 13.107.21.200 | - | High
|
||||
2 | 13.107.22.200 | - | High
|
||||
3 | 23.225.145.234 | - | High
|
||||
4 | 47.246.136.160 | - | High
|
||||
5 | 52.137.90.34 | - | High
|
||||
6 | 52.185.71.28 | - | High
|
||||
7 | 58.215.145.95 | - | High
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
There are 30 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Barys. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | 7PK Security Features | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Barys. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.cdrdao` | High
|
||||
2 | File | `.FBCIndex` | Medium
|
||||
3 | File | `/cgi-bin` | Medium
|
||||
4 | File | `/cgi/cpaddons_feature.pl` | High
|
||||
5 | File | `/dana/nc/ncrun.cgi` | High
|
||||
6 | File | `/firewall/policy/` | High
|
||||
7 | File | `/help/helpredir.aspx` | High
|
||||
8 | File | `/irj/portal/` | Medium
|
||||
9 | File | `/proc` | Low
|
||||
10 | File | `/proc/net/ip6_flowlabel` | High
|
||||
11 | File | `/search` | Low
|
||||
12 | File | `/tmp/.pk11ipc1` | High
|
||||
13 | File | `/tmp/adb.log` | Medium
|
||||
14 | File | `/usr/bin/cu` | Medium
|
||||
15 | File | `/var/crash/vmcore.log` | High
|
||||
16 | File | `aclient.exe` | Medium
|
||||
17 | File | `addadmin.asp` | Medium
|
||||
18 | File | `admin` | Low
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin.rssreader.php` | High
|
||||
21 | File | `admin/configuration/modifier.php` | High
|
||||
22 | File | `admin/skins.php` | High
|
||||
23 | File | `adminconsole` | Medium
|
||||
24 | File | `administrator/mail/download.cfm` | High
|
||||
25 | File | `admin_board.php` | High
|
||||
26 | File | `af_netlink.c` | Medium
|
||||
27 | File | `ajax.php` | Medium
|
||||
28 | File | `ajaxRequest/methodCall.do` | High
|
||||
29 | File | `announcements.php` | High
|
||||
30 | File | `apache2/modsecurity.c` | High
|
||||
31 | File | `apply.cgi` | Medium
|
||||
32 | File | `app_new.php` | Medium
|
||||
33 | File | `aspx` | Low
|
||||
34 | File | `AttachmentsList.aspx` | High
|
||||
35 | File | `Atx45.ocx` | Medium
|
||||
36 | File | `auction_details.php` | High
|
||||
37 | File | `auth.php` | Medium
|
||||
38 | File | `aut_verifica.inc.php` | High
|
||||
39 | File | `awsguest.php` | Medium
|
||||
40 | File | `b2edit.showposts.php` | High
|
||||
41 | File | `backend.php/screen.php/comment.php` | High
|
||||
42 | File | `basicfunctions.php` | High
|
||||
43 | File | `board.cgi` | Medium
|
||||
44 | File | `bug_actiongroup_ext_page.php` | High
|
||||
45 | File | `canned_opr.php` | High
|
||||
46 | File | `cart.cgi` | Medium
|
||||
47 | File | `cat.asp` | Low
|
||||
48 | File | `cddbcontrolaol.cddbaolcontrol` | High
|
||||
49 | File | `channel.asp` | Medium
|
||||
50 | File | `class_auth.php` | High
|
||||
51 | File | `compte.php` | Medium
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 448 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -26,14 +108,15 @@ The following list contains external sources which discuss the actor and the ass
|
|||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
|
||||
* https://blog.talosintelligence.com/2021/08/threat-roundup-0820-0827.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# BazarLoader - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BazarLoader](https://vuldb.com/?actor.bazarloader). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BazarLoader](https://vuldb.com/?actor.bazarloader). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bazarloader](https://vuldb.com/?actor.bazarloader)
|
||||
|
||||
|
@ -10,10 +10,10 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
|
||||
* US
|
||||
* DK
|
||||
* IT
|
||||
* DE
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -26,13 +26,9 @@ ID | IP address | Hostname | Confidence
|
|||
3 | 34.209.40.84 | ec2-34-209-40-84.us-west-2.compute.amazonaws.com | Medium
|
||||
4 | 34.221.188.35 | ec2-34-221-188-35.us-west-2.compute.amazonaws.com | Medium
|
||||
5 | 45.71.112.70 | host-45-71-112-70.nedetel.net | High
|
||||
6 | 45.76.254.23 | 45.76.254.23.vultr.com | Medium
|
||||
7 | 54.184.178.68 | ec2-54-184-178-68.us-west-2.compute.amazonaws.com | Medium
|
||||
8 | 62.108.35.215 | - | High
|
||||
9 | 72.21.81.240 | - | High
|
||||
10 | ... | ... | ...
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 18 more IOC items available. Please use our online service to access the data.
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -43,10 +39,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -64,9 +59,33 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/register.do` | Medium
|
||||
9 | File | `/rest/project-templates/1.0/createshared` | High
|
||||
10 | File | `/restoreinfo.cgi` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `/services` | Medium
|
||||
12 | File | `/var/passwd` | Medium
|
||||
13 | File | `/var/run/storage_account_root` | High
|
||||
14 | File | `/webconsole/APIController` | High
|
||||
15 | File | `802dot1xclientcert.cgi` | High
|
||||
16 | File | `account.asp` | Medium
|
||||
17 | File | `Account.aspx` | Medium
|
||||
18 | File | `ActionsAndOperations` | High
|
||||
19 | File | `adclick.php` | Medium
|
||||
20 | File | `admin/db-backup-security/db-backup-security.php` | High
|
||||
21 | File | `admin/membersearch.php` | High
|
||||
22 | File | `agent_links.pl` | High
|
||||
23 | File | `Ap4StssAtom.cpp` | High
|
||||
24 | File | `Ap4StszAtom.cpp` | High
|
||||
25 | File | `apetag.c` | Medium
|
||||
26 | File | `apply_sec.cgi` | High
|
||||
27 | File | `article.php` | Medium
|
||||
28 | File | `asp` | Low
|
||||
29 | File | `attrs.c` | Low
|
||||
30 | File | `auth-gss2.c` | Medium
|
||||
31 | File | `auth.inc.php` | Medium
|
||||
32 | File | `authuser.php` | Medium
|
||||
33 | File | `bkr/server/widgets.py` | High
|
||||
34 | File | `bson-iter.c` | Medium
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 304 more IOA items available. Please use our online service to access the data.
|
||||
There are 295 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -79,9 +98,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Bifrost - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bifrost](https://vuldb.com/?actor.bifrost). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bifrost](https://vuldb.com/?actor.bifrost). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bifrost](https://vuldb.com/?actor.bifrost)
|
||||
|
||||
|
@ -39,9 +39,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Bisonal - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bisonal](https://vuldb.com/?actor.bisonal). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bisonal](https://vuldb.com/?actor.bisonal). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bisonal](https://vuldb.com/?actor.bisonal)
|
||||
|
||||
|
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -11,9 +11,6 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* US
|
||||
* RU
|
||||
* SV
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -47,32 +44,37 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/index.php?lfj=friendlink&action=add` | High
|
||||
1 | File | `/admin/admin_manage/delete` | High
|
||||
2 | File | `/admin/login.php` | High
|
||||
3 | File | `/ajax_crud` | Medium
|
||||
4 | File | `/api/ZRMacClone/mac_addr_clone` | High
|
||||
5 | File | `/application/common.php#action_log` | High
|
||||
6 | File | `/base/ecma-helpers-string.c` | High
|
||||
7 | File | `/cms/ajax.php` | High
|
||||
8 | File | `/core/table/query` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/dev/ion` | Medium
|
||||
11 | File | `/ecma/operations/ecma-objects.c` | High
|
||||
12 | File | `/GetCopiedFile` | High
|
||||
13 | File | `/hdf5/src/H5Dchunk.c` | High
|
||||
14 | File | `/hdf5/src/H5Fint.c` | High
|
||||
15 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
16 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
|
||||
17 | File | `/jerry-core/parser/js/js-parser-expr.c` | High
|
||||
18 | File | `/leave_system/classes/Login.php` | High
|
||||
19 | File | `/member/post.php?job=postnew&step=post` | High
|
||||
3 | File | `/administrator/components/table_manager/` | High
|
||||
4 | File | `/ajax_crud` | Medium
|
||||
5 | File | `/api/ZRMacClone/mac_addr_clone` | High
|
||||
6 | File | `/application/common.php#action_log` | High
|
||||
7 | File | `/base/ecma-helpers-string.c` | High
|
||||
8 | File | `/cms/ajax.php` | High
|
||||
9 | File | `/core/table/query` | High
|
||||
10 | File | `/debug/pprof` | Medium
|
||||
11 | File | `/dev/ion` | Medium
|
||||
12 | File | `/ecma/operations/ecma-objects.c` | High
|
||||
13 | File | `/GetCopiedFile` | High
|
||||
14 | File | `/hdf5/src/H5Dchunk.c` | High
|
||||
15 | File | `/hdf5/src/H5Fint.c` | High
|
||||
16 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
17 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
|
||||
18 | File | `/jerry-core/parser/js/js-parser-expr.c` | High
|
||||
19 | File | `/leave_system/classes/Login.php` | High
|
||||
20 | File | `/message-bus/_diagnostics` | High
|
||||
21 | File | `/mobile/SelectUsers.jsp` | High
|
||||
22 | File | `/music/ajax.php` | High
|
||||
23 | File | `/orms/` | Low
|
||||
24 | ... | ... | ...
|
||||
24 | File | `/parser/js/js-parser-mem.c` | High
|
||||
25 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
26 | File | `/RPC2` | Low
|
||||
27 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
28 | File | `/usr/bin/pkexec` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 197 more IOA items available. Please use our online service to access the data.
|
||||
There are 246 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Black Vine - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Black Vine](https://vuldb.com/?actor.black_vine). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Black Vine](https://vuldb.com/?actor.black_vine). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.black_vine](https://vuldb.com/?actor.black_vine)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Bookworm - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bookworm](https://vuldb.com/?actor.bookworm). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bookworm](https://vuldb.com/?actor.bookworm). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bookworm](https://vuldb.com/?actor.bookworm)
|
||||
|
||||
|
@ -27,10 +27,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 43.248.8.249 | - | High
|
||||
2 | 103.226.127.47 | - | High
|
||||
3 | 104.156.239.105 | 104.156.239.105.vultr.com | Medium
|
||||
4 | 112.167.143.179 | - | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,12 +49,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/install/index.php` | High
|
||||
2 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
3 | File | `cirrus_vga.c` | Medium
|
||||
4 | File | `func.php` | Medium
|
||||
5 | File | `packages/strapi-admin/controllers/Auth.js` | High
|
||||
6 | File | `register/check/username?username` | High
|
||||
7 | Argument | `returnPath` | Medium
|
||||
8 | Argument | `theme/lang` | Medium
|
||||
9 | Argument | `username` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -67,9 +63,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Bouncing Golf - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bouncing Golf](https://vuldb.com/?actor.bouncing_golf). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bouncing Golf](https://vuldb.com/?actor.bouncing_golf). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bouncing_golf](https://vuldb.com/?actor.bouncing_golf)
|
||||
|
||||
|
@ -10,10 +10,10 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
|
||||
* US
|
||||
* FR
|
||||
* DE
|
||||
* GB
|
||||
* ...
|
||||
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -57,7 +57,19 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/horde/util/go.php` | High
|
||||
9 | File | `/new` | Low
|
||||
10 | File | `/show_news.php` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `/tmp` | Low
|
||||
12 | File | `/uncpath/` | Medium
|
||||
13 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
|
||||
14 | File | `/ViewUserHover.jspa` | High
|
||||
15 | File | `AccountStatus.jsp` | High
|
||||
16 | File | `add.php` | Low
|
||||
17 | File | `admin/systemOutOfBand.do` | High
|
||||
18 | File | `app/application.cpp` | High
|
||||
19 | File | `auth-gss2.c` | Medium
|
||||
20 | File | `authent.php4` | Medium
|
||||
21 | File | `base_maintenance.php` | High
|
||||
22 | File | `boardrule.php` | High
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 195 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -71,9 +83,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Brazil Unknown - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Brazil Unknown](https://vuldb.com/?actor.brazil_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Brazil Unknown](https://vuldb.com/?actor.brazil_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.brazil_unknown](https://vuldb.com/?actor.brazil_unknown)
|
||||
|
||||
|
@ -36,9 +36,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
# Brontok - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Brontok](https://vuldb.com/?actor.brontok). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.brontok](https://vuldb.com/?actor.brontok)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Brontok.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 20.42.65.92 | - | High
|
||||
2 | 20.189.173.20 | - | High
|
||||
3 | 52.168.117.173 | - | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -1,6 +1,6 @@
|
|||
# Bronze Butler - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bronze Butler](https://vuldb.com/?actor.bronze_butler). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bronze Butler](https://vuldb.com/?actor.bronze_butler). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bronze_butler](https://vuldb.com/?actor.bronze_butler)
|
||||
|
||||
|
@ -50,12 +50,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/out.php` | Medium
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `wp-login.php` | Medium
|
||||
4 | File | `Xvpnd.exe` | Medium
|
||||
5 | Library | `jscript9.dll` | Medium
|
||||
6 | Argument | `HOST` | Low
|
||||
7 | Argument | `id` | Low
|
||||
8 | Argument | `reason` | Low
|
||||
9 | Network Port | `tcp/2015` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -67,9 +64,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Bronze Union - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bronze Union](https://vuldb.com/?actor.bronze_union). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bronze Union](https://vuldb.com/?actor.bronze_union). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bronze_union](https://vuldb.com/?actor.bronze_union)
|
||||
|
||||
|
@ -20,10 +20,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 45.114.9.174 | - | High
|
||||
2 | 96.90.63.57 | nleq.com | High
|
||||
3 | 117.136.63.145 | - | High
|
||||
4 | 198.56.185.179 | - | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -33,7 +32,10 @@ ID | Technique | Description | Confidence
|
|||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1548.002 | Improper Authorization | High
|
||||
3 | T1499 | Resource Consumption | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -44,11 +46,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/getcfg.php` | Medium
|
||||
2 | File | `http_auth.c` | Medium
|
||||
3 | File | `public/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]` | High
|
||||
4 | File | `ticket.php` | Medium
|
||||
5 | Argument | `SERVICES` | Medium
|
||||
6 | Argument | `tid` | Low
|
||||
7 | Input Value | `curl -d SERVICES=DEVICE.ACCOUNT http://192.168.0.1/getcfg.php` | High
|
||||
8 | Network Port | `Web Server Port` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -60,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Brunhilda - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Brunhilda](https://vuldb.com/?actor.brunhilda). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Brunhilda](https://vuldb.com/?actor.brunhilda). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.brunhilda](https://vuldb.com/?actor.brunhilda)
|
||||
|
||||
|
@ -18,14 +18,12 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 45.142.212.216 | holkitsor4.example.com | High
|
||||
1 | 45.142.212.216 | vm324137.pq.hosting | High
|
||||
2 | 95.142.40.68 | vm482228.eurodir.ru | High
|
||||
3 | 185.177.92.213 | ip-185-177-92-213.ah-server.com | High
|
||||
4 | 185.177.93.32 | ip-185-177-93-32.ah-server.com | High
|
||||
5 | 185.177.93.44 | ip-185-177-93-44.ah-server.com | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -59,9 +57,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Buhtrap - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Buhtrap](https://vuldb.com/?actor.buhtrap). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Buhtrap](https://vuldb.com/?actor.buhtrap). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.buhtrap](https://vuldb.com/?actor.buhtrap)
|
||||
|
||||
|
@ -19,7 +19,7 @@ ID | IP address | Hostname | Confidence
|
|||
-- | ---------- | -------- | ----------
|
||||
1 | 5.63.159.32 | 5-63-159-32.cloudvps.regruhosting.ru | High
|
||||
2 | 37.140.195.165 | console.teonet.cloud | High
|
||||
3 | 37.143.12.190 | www.portnov.dev | High
|
||||
3 | 37.143.12.190 | hosted-by.ihc.ru | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -41,10 +41,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `adclick.php` | Medium
|
||||
2 | File | `adrotate.pm` | Medium
|
||||
3 | File | `article.php` | Medium
|
||||
4 | File | `_debugging_center_utils___.php` | High
|
||||
5 | Argument | `dest` | Low
|
||||
6 | Argument | `log` | Low
|
||||
7 | Argument | `sid` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -56,9 +55,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Butterfly - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Butterfly](https://vuldb.com/?actor.butterfly). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Butterfly](https://vuldb.com/?actor.butterfly). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.butterfly](https://vuldb.com/?actor.butterfly)
|
||||
|
||||
|
@ -57,9 +57,13 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/Upload.ashx` | Medium
|
||||
9 | File | `/var/tmp/sess_*` | High
|
||||
10 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `admin/killsource` | High
|
||||
12 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
|
||||
13 | File | `auth-gss2.c` | Medium
|
||||
14 | File | `bin/jp2/convert.c` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 120 more IOA items available. Please use our online service to access the data.
|
||||
There are 123 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -71,9 +75,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# CDRThief - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CDRThief](https://vuldb.com/?actor.cdrthief). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CDRThief](https://vuldb.com/?actor.cdrthief). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cdrthief](https://vuldb.com/?actor.cdrthief)
|
||||
|
||||
|
@ -41,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Carbanak - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Carbanak](https://vuldb.com/?actor.carbanak). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Carbanak](https://vuldb.com/?actor.carbanak). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.carbanak](https://vuldb.com/?actor.carbanak)
|
||||
|
||||
|
@ -16,11 +16,11 @@ The following campaigns are known and can be associated with Carbanak:
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Carbanak:
|
||||
|
||||
* US
|
||||
* DE
|
||||
* RU
|
||||
* SE
|
||||
* ...
|
||||
|
||||
There are 28 more country items available. Please use our online service to access the data.
|
||||
There are 29 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -48,9 +48,24 @@ ID | IP address | Hostname | Confidence
|
|||
18 | 37.59.202.124 | ip124.ip-37-59-202.eu | High
|
||||
19 | 37.235.54.48 | 48.54.235.37.in-addr.arpa | High
|
||||
20 | 45.63.23.135 | 45.63.23.135.vultr.com | Medium
|
||||
21 | ... | ... | ...
|
||||
21 | 45.63.96.216 | 45.63.96.216.vultr.com | Medium
|
||||
22 | 50.62.171.62 | ip-50-62-171-62.ip.secureserver.net | High
|
||||
23 | 50.115.127.36 | 50.115.127.36.static.westdc.net | High
|
||||
24 | 50.115.127.37 | mail.ingrampartners.com | High
|
||||
25 | 51.254.95.99 | ip99.ip-51-254-95.eu | High
|
||||
26 | 51.254.95.100 | ip100.ip-51-254-95.eu | High
|
||||
27 | 55.198.6.56 | - | High
|
||||
28 | 59.55.142.171 | - | High
|
||||
29 | 60.228.38.213 | cpe-60-228-38-213.bpe6-r-962.pie.wa.bigpond.net.au | High
|
||||
30 | 61.7.219.61 | - | High
|
||||
31 | 62.75.224.229 | prag178.startdedicated.de | High
|
||||
32 | 62.210.25.121 | svgit.festivalscope.com | High
|
||||
33 | 65.19.141.199 | - | High
|
||||
34 | 66.55.133.86 | 66-55-133-86.choopa.net | High
|
||||
35 | 66.232.124.175 | customer.hivelocity.net | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 155 more IOC items available. Please use our online service to access the data.
|
||||
There are 140 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -61,11 +76,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | T1222 | Permission Issues | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -73,19 +86,44 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$HOME/.cdrdao` | High
|
||||
2 | File | `%windir%\Internet Logs\` | High
|
||||
3 | File | `/+CSCOE+/logon.html` | High
|
||||
4 | File | `//etc/RT2870STA.dat` | High
|
||||
5 | File | `/api/addusers` | High
|
||||
6 | File | `/api/upload` | Medium
|
||||
7 | File | `/bin/boa` | Medium
|
||||
8 | File | `/cgi-bin/hotspot-changepw.cgi` | High
|
||||
9 | File | `/ClickAndBanexDemo/admin/admin.asp` | High
|
||||
10 | File | `/core/vendor/meenie/javascript-packer/example-inline.php` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `%PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `.procmailrc` | Medium
|
||||
4 | File | `/+CSCOE+/logon.html` | High
|
||||
5 | File | `/.htpasswd` | Medium
|
||||
6 | File | `//etc/RT2870STA.dat` | High
|
||||
7 | File | `/admin/index.php` | High
|
||||
8 | File | `/api/addusers` | High
|
||||
9 | File | `/cgi-bin/hotspot-changepw.cgi` | High
|
||||
10 | File | `/ClickAndBanexDemo/admin/admin.asp` | High
|
||||
11 | File | `/config/getuser` | High
|
||||
12 | File | `/filemanager/ajax_calls.php` | High
|
||||
13 | File | `/forum/away.php` | High
|
||||
14 | File | `/owa/auth/logon.aspx` | High
|
||||
15 | File | `/phppath/php` | Medium
|
||||
16 | File | `/proc/self/exe` | High
|
||||
17 | File | `/public/login.htm` | High
|
||||
18 | File | `/server-info` | Medium
|
||||
19 | File | `/server-status` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/user/jobmanage.php` | High
|
||||
22 | File | `/user/zs_elite.php` | High
|
||||
23 | File | `/usr/bin/enq` | Medium
|
||||
24 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
25 | File | `/wp-admin/admin-ajax.php` | High
|
||||
26 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
27 | File | `/zhndnsdisplay.cmd` | High
|
||||
28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
29 | File | `acl.c` | Low
|
||||
30 | File | `adclick.php` | Medium
|
||||
31 | File | `add_comment.php` | High
|
||||
32 | File | `add_vhost.php` | High
|
||||
33 | File | `admin.php` | Medium
|
||||
34 | File | `admin/default.asp` | High
|
||||
35 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 615 more IOA items available. Please use our online service to access the data.
|
||||
There are 306 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -105,9 +143,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Cardinal RAT - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Cardinal RAT](https://vuldb.com/?actor.cardinal_rat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cardinal RAT](https://vuldb.com/?actor.cardinal_rat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cardinal_rat](https://vuldb.com/?actor.cardinal_rat)
|
||||
|
||||
|
@ -77,9 +77,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Carrotbat - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Carrotbat](https://vuldb.com/?actor.carrotbat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Carrotbat](https://vuldb.com/?actor.carrotbat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.carrotbat](https://vuldb.com/?actor.carrotbat)
|
||||
|
||||
|
@ -23,7 +23,7 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 61.14.210.72 | former-enews-out.squarspace.net | High
|
||||
1 | 61.14.210.72 | former-enews-out.businessinsider.org.uk | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -31,7 +31,8 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
1 | T1068 | Execution with Unnecessary Privileges | High
|
||||
2 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -39,19 +40,12 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `anonymous/authenticated` | High
|
||||
2 | File | `count.cgi` | Medium
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | File | `dede\co_do.php` | High
|
||||
5 | File | `email.php` | Medium
|
||||
6 | File | `index.php` | Medium
|
||||
7 | File | `mod_mysql_vhost.c` | High
|
||||
8 | Argument | `id` | Low
|
||||
9 | Argument | `ids` | Low
|
||||
10 | Argument | `skipSessionCheck` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/phppath/php` | Medium
|
||||
2 | File | `anonymous/authenticated` | High
|
||||
3 | File | `auth-gss2.c` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available. Please use our online service to access the data.
|
||||
There are 11 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -63,9 +57,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Center-1 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Center-1](https://vuldb.com/?actor.center-1). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Center-1](https://vuldb.com/?actor.center-1). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.center-1](https://vuldb.com/?actor.center-1)
|
||||
|
||||
|
@ -29,9 +29,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Center-2 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Center-2](https://vuldb.com/?actor.center-2). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Center-2](https://vuldb.com/?actor.center-2). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.center-2](https://vuldb.com/?actor.center-2)
|
||||
|
||||
|
@ -52,11 +52,9 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/webapps/Bb-sites-user-profile-BBLEARN/profile.form` | High
|
||||
7 | File | `/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php` | High
|
||||
8 | File | `action/addproject.php` | High
|
||||
9 | File | `adclick.php` | Medium
|
||||
10 | File | `admin/page/system/nav.php?del` | High
|
||||
11 | ... | ... | ...
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 64 more IOA items available. Please use our online service to access the data.
|
||||
There are 68 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -68,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# CetaRAT - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CetaRAT](https://vuldb.com/?actor.cetarat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CetaRAT](https://vuldb.com/?actor.cetarat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cetarat](https://vuldb.com/?actor.cetarat)
|
||||
|
||||
|
@ -19,7 +19,7 @@ These indicators of compromise indicate associated network ressources which are
|
|||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 109.236.85.152 | customer.worldstream.nl | High
|
||||
2 | 161.97.142.96 | vmi661694.contaboserver.net | High
|
||||
2 | 161.97.142.96 | vmi745943.contaboserver.net | High
|
||||
3 | 164.68.104.126 | vmd76303.contaboserver.net | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
|
@ -42,16 +42,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `adclick.php` | Medium
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `exit.php` | Medium
|
||||
4 | File | `goto.php` | Medium
|
||||
5 | File | `ipsconnect.php` | High
|
||||
6 | File | `redir.php` | Medium
|
||||
7 | File | `register/check/username?username` | High
|
||||
8 | Argument | `dest` | Low
|
||||
9 | Argument | `foaf` | Low
|
||||
10 | Argument | `id` | Low
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available. Please use our online service to access the data.
|
||||
There are 10 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -63,9 +56,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# ChessMaster - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [ChessMaster](https://vuldb.com/?actor.chessmaster). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ChessMaster](https://vuldb.com/?actor.chessmaster). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.chessmaster](https://vuldb.com/?actor.chessmaster)
|
||||
|
||||
|
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# China Unknown - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [China Unknown](https://vuldb.com/?actor.china_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [China Unknown](https://vuldb.com/?actor.china_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.china_unknown](https://vuldb.com/?actor.china_unknown)
|
||||
|
||||
|
@ -25,6 +25,16 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 34.92.228.216 | 216.228.92.34.bc.googleusercontent.com | Medium
|
||||
2 | 158.247.208.230 | 158.247.208.230.vultr.com | Medium
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by China Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `index.php` | Medium
|
||||
2 | File | `wp-includes/class-wp-query.php` | High
|
||||
3 | Argument | `tid` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
@ -35,9 +45,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Chthonic - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Chthonic](https://vuldb.com/?actor.chthonic). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Chthonic](https://vuldb.com/?actor.chthonic). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.chthonic](https://vuldb.com/?actor.chthonic)
|
||||
|
||||
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* US
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -25,12 +25,9 @@ ID | IP address | Hostname | Confidence
|
|||
2 | 51.254.83.231 | pob01.mulx.net | High
|
||||
3 | 52.137.90.34 | - | High
|
||||
4 | 52.185.71.28 | - | High
|
||||
5 | 79.133.44.139 | - | High
|
||||
6 | 82.197.164.46 | aquila.init7.net | High
|
||||
7 | 85.199.214.98 | - | High
|
||||
8 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
There are 17 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -55,15 +52,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
3 | File | `AniGIF.ocx` | Medium
|
||||
4 | File | `config.php` | Medium
|
||||
5 | File | `data/gbconfiguration.dat` | High
|
||||
6 | File | `ext/gd/libgd/gd_interpolation.c` | High
|
||||
7 | File | `http_auth.c` | Medium
|
||||
8 | File | `index.php` | Medium
|
||||
9 | File | `install.php` | Medium
|
||||
10 | File | `login.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 20 more IOA items available. Please use our online service to access the data.
|
||||
There are 26 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -76,9 +67,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Cobalt Strike - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cobalt_strike](https://vuldb.com/?actor.cobalt_strike)
|
||||
|
||||
|
@ -8,12 +8,12 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Strike:
|
||||
|
||||
* CN
|
||||
* US
|
||||
* CN
|
||||
* IT
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -22,8 +22,8 @@ These indicators of compromise indicate associated network ressources which are
|
|||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 23.108.57.108 | - | High
|
||||
2 | 62.128.111.176 | polyminners.nl | High
|
||||
3 | 82.118.21.221 | vds-805975.hosted-by-itldc.com | High
|
||||
2 | 62.128.111.176 | - | High
|
||||
3 | 82.118.21.221 | vds-887334.hosted-by-itldc.com | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOC items available. Please use our online service to access the data.
|
||||
|
@ -44,19 +44,21 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
2 | File | `/notice-edit.php` | High
|
||||
3 | File | `archive_read_support_format_rar5.c` | High
|
||||
4 | File | `burl.c` | Low
|
||||
5 | File | `CFM File Handler` | High
|
||||
6 | File | `http_auth.c` | Medium
|
||||
7 | File | `profile.php?cmd=download` | High
|
||||
8 | File | `ViewLog.asp` | Medium
|
||||
9 | Argument | `aid` | Low
|
||||
10 | Argument | `display name/title name/content` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/admin/success_story.php` | High
|
||||
2 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
3 | File | `/movie-portal-script/movie.php` | High
|
||||
4 | File | `/notice-edit.php` | High
|
||||
5 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
6 | File | `admin/images.php` | High
|
||||
7 | File | `admin/preview.php` | High
|
||||
8 | File | `archive_read_support_format_rar5.c` | High
|
||||
9 | File | `blanko.preview.php` | High
|
||||
10 | File | `burl.c` | Low
|
||||
11 | File | `CFM File Handler` | High
|
||||
12 | File | `cgi-bin/awstats.pl` | High
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available. Please use our online service to access the data.
|
||||
There are 98 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -72,9 +74,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# CoinMiner - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CoinMiner](https://vuldb.com/?actor.coinminer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CoinMiner](https://vuldb.com/?actor.coinminer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.coinminer](https://vuldb.com/?actor.coinminer)
|
||||
|
||||
|
@ -9,11 +9,11 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoinMiner:
|
||||
|
||||
* DE
|
||||
* NL
|
||||
* US
|
||||
* ES
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -32,17 +32,9 @@ ID | IP address | Hostname | Confidence
|
|||
9 | 23.21.252.4 | ec2-23-21-252-4.compute-1.amazonaws.com | Medium
|
||||
10 | 49.12.80.38 | static.38.80.12.49.clients.your-server.de | High
|
||||
11 | 49.12.80.40 | static.40.80.12.49.clients.your-server.de | High
|
||||
12 | 50.19.96.218 | ec2-50-19-96-218.compute-1.amazonaws.com | Medium
|
||||
13 | 50.19.252.36 | ec2-50-19-252-36.compute-1.amazonaws.com | Medium
|
||||
14 | 51.15.54.102 | 102-54-15-51.instances.scw.cloud | High
|
||||
15 | 51.15.58.224 | 224-58-15-51.instances.scw.cloud | High
|
||||
16 | 51.15.65.182 | 182-65-15-51.instances.scw.cloud | High
|
||||
17 | 51.15.67.17 | 17-67-15-51.instances.scw.cloud | High
|
||||
18 | 51.15.69.136 | 136-69-15-51.instances.scw.cloud | High
|
||||
19 | 51.15.78.68 | 68-78-15-51.instances.scw.cloud | High
|
||||
20 | ... | ... | ...
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 38 more IOC items available. Please use our online service to access the data.
|
||||
There are 46 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,14 +42,12 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | Cross Site Scripting | High
|
||||
3 | T1068 | Execution with Unnecessary Privileges | High
|
||||
4 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
5 | T1211 | 7PK Security Features | High
|
||||
6 | ... | ... | ...
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -65,19 +55,52 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%windir%\Internet Logs\` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `.imwheelrc` | Medium
|
||||
4 | File | `.jpilot` | Low
|
||||
5 | File | `.php` | Low
|
||||
6 | File | `.plan` | Low
|
||||
7 | File | `.tin` | Low
|
||||
8 | File | `/?Key=PhoneRequestAuthorization` | High
|
||||
9 | File | `/adfs/ls` | Medium
|
||||
10 | File | `/api/users/admin/check` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `.jpilot` | Low
|
||||
3 | File | `.plan` | Low
|
||||
4 | File | `.tin` | Low
|
||||
5 | File | `/aux` | Low
|
||||
6 | File | `/coreframe/app/guestbook/myissue.php` | High
|
||||
7 | File | `/data/nvram` | Medium
|
||||
8 | File | `/icingaweb2/navigation/add` | High
|
||||
9 | File | `/root/.keeper/` | High
|
||||
10 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
|
||||
11 | File | `/search-result/` | High
|
||||
12 | File | `/usr/bin/sonia` | High
|
||||
13 | File | `/var/log/nginx` | High
|
||||
14 | File | `/var/spool/fax/outgoing/.last_run` | High
|
||||
15 | File | `95.php` | Low
|
||||
16 | File | `123flashchat.php` | High
|
||||
17 | File | `action.php` | Medium
|
||||
18 | File | `Active Browser Profile` | High
|
||||
19 | File | `adb/adb_client.c` | High
|
||||
20 | File | `addons/mod_media/body.php` | High
|
||||
21 | File | `admin.php` | Medium
|
||||
22 | File | `admin/profile_settings_net.html` | High
|
||||
23 | File | `Administrator/add_pictures.php` | High
|
||||
24 | File | `af_netlink.c` | Medium
|
||||
25 | File | `aide.php3` | Medium
|
||||
26 | File | `aim/icq` | Low
|
||||
27 | File | `ajax.php` | Medium
|
||||
28 | File | `akocomment.php` | High
|
||||
29 | File | `album.php` | Medium
|
||||
30 | File | `allmanageup.pl` | High
|
||||
31 | File | `apache2/modsecurity.c` | High
|
||||
32 | File | `ardeaCore/lib/core/ardeaInit.php` | High
|
||||
33 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
34 | File | `attachment_send.php` | High
|
||||
35 | File | `b2edit.showposts.php` | High
|
||||
36 | File | `bar.phtml` | Medium
|
||||
37 | File | `bios.php` | Medium
|
||||
38 | File | `cadastro_usuario.php` | High
|
||||
39 | File | `cartman.php` | Medium
|
||||
40 | File | `cgi-bin/module/sysmanager/admin/SYSAdminUserDialog` | High
|
||||
41 | File | `cgi-bin/NETGEAR_wpn824v3.cfg` | High
|
||||
42 | File | `cgi/actions.py` | High
|
||||
43 | File | `cgiproc` | Low
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 760 more IOA items available. Please use our online service to access the data.
|
||||
There are 376 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -96,9 +119,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -0,0 +1,109 @@
|
|||
# CoinStomp - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CoinStomp](https://vuldb.com/?actor.coinstomp). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.coinstomp](https://vuldb.com/?actor.coinstomp)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoinStomp:
|
||||
|
||||
* US
|
||||
* RU
|
||||
* CN
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of CoinStomp.
|
||||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 106.53.115.114 | - | High
|
||||
2 | 109.234.36.173 | host-109-234-36-173.hosted-by-vdsina.ru | High
|
||||
3 | 205.185.113.151 | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by CoinStomp. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CoinStomp. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/category_view.php` | High
|
||||
2 | File | `/frontend/x3/cpanelpro/filelist-thumbs.html` | High
|
||||
3 | File | `/fs/cifs/file.c` | High
|
||||
4 | File | `/highlight/index.html` | High
|
||||
5 | File | `/hotel.php` | Medium
|
||||
6 | File | `/Login.do` | Medium
|
||||
7 | File | `/var/etc/shadow` | High
|
||||
8 | File | `/var/log/cgred` | High
|
||||
9 | File | `/var/run/hostapd` | High
|
||||
10 | File | `add.php` | Low
|
||||
11 | File | `AddEvent.php` | Medium
|
||||
12 | File | `addlisting.asp` | High
|
||||
13 | File | `add_tmsp.php` | Medium
|
||||
14 | File | `admin.php` | Medium
|
||||
15 | File | `admin/handlers.php` | High
|
||||
16 | File | `admin/help.php` | High
|
||||
17 | File | `admin/modules/system/app_user.php` | High
|
||||
18 | File | `admin/tools/trackback/index.php` | High
|
||||
19 | File | `admin/users_edit.php` | High
|
||||
20 | File | `administrators/backups/` | High
|
||||
21 | File | `afmparse.c` | Medium
|
||||
22 | File | `ajax.php` | Medium
|
||||
23 | File | `answers.php` | Medium
|
||||
24 | File | `apsetup.php` | Medium
|
||||
25 | File | `arch/powerpc/kernel/process.c` | High
|
||||
26 | File | `arch/x86/kvm/vmx.c` | High
|
||||
27 | File | `ArchiveUtil.java` | High
|
||||
28 | File | `bmp.c` | Low
|
||||
29 | File | `browse.php` | Medium
|
||||
30 | File | `buy.php` | Low
|
||||
31 | File | `calendar.class.php` | High
|
||||
32 | File | `calendar/submit/` | High
|
||||
33 | File | `category.php` | Medium
|
||||
34 | File | `cc_guestbook.pl` | High
|
||||
35 | File | `centipaid_class.php` | High
|
||||
36 | File | `channel.c` | Medium
|
||||
37 | File | `chetcpasswd.cgi` | High
|
||||
38 | File | `clastree.htm` | Medium
|
||||
39 | File | `client-assist.php` | High
|
||||
40 | File | `coders/dds.c` | Medium
|
||||
41 | File | `coders/webp.c` | High
|
||||
42 | File | `CollabNetApp.java` | High
|
||||
43 | File | `collection.class.php` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 385 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cadosecurity.com/coinstomp-malware-family-targets-asian-cloud-service-providers/
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -1,6 +1,6 @@
|
|||
# Conti - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Conti](https://vuldb.com/?actor.conti). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Conti](https://vuldb.com/?actor.conti). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.conti](https://vuldb.com/?actor.conti)
|
||||
|
||||
|
@ -53,19 +53,38 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/bin/bw` | Low
|
||||
2 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
3 | File | `/servlet/webacc` | High
|
||||
4 | File | `/uncpath/` | Medium
|
||||
5 | File | `abook_database.php` | High
|
||||
6 | File | `add_comment.php` | High
|
||||
7 | File | `admin/index.php/template/upload` | High
|
||||
8 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
9 | File | `AjaxResponse.jsp` | High
|
||||
10 | File | `apl_42.c` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/admin/success_story.php` | High
|
||||
2 | File | `/bin/bw` | Low
|
||||
3 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
4 | File | `/movie-portal-script/movie.php` | High
|
||||
5 | File | `/servlet/webacc` | High
|
||||
6 | File | `/uncpath/` | Medium
|
||||
7 | File | `abook_database.php` | High
|
||||
8 | File | `add_comment.php` | High
|
||||
9 | File | `admin/images.php` | High
|
||||
10 | File | `admin/index.php/template/upload` | High
|
||||
11 | File | `admin/preview.php` | High
|
||||
12 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
13 | File | `AjaxResponse.jsp` | High
|
||||
14 | File | `apl_42.c` | Medium
|
||||
15 | File | `app/code/core/Mage/Rss/Helper/Order.php` | High
|
||||
16 | File | `archive_read_support_format_rar5.c` | High
|
||||
17 | File | `blanko.preview.php` | High
|
||||
18 | File | `blueprints/sections/edit/1` | High
|
||||
19 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
|
||||
20 | File | `cachemgr.cgi` | Medium
|
||||
21 | File | `CFM File Handler` | High
|
||||
22 | File | `cgi-bin/awstats.pl` | High
|
||||
23 | File | `cgi-bin/webproc` | High
|
||||
24 | File | `Change-password.php` | High
|
||||
25 | File | `class.t3lib_formmail.php` | High
|
||||
26 | File | `content/common/cursors/webcursor.cc` | High
|
||||
27 | File | `content/content.systempreferences.php` | High
|
||||
28 | File | `course/classes/management_renderer.php` | High
|
||||
29 | File | `dapur/index.php` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 181 more IOA items available. Please use our online service to access the data.
|
||||
There are 256 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -79,9 +98,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# CopyKittens - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CopyKittens](https://vuldb.com/?actor.copykittens). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CopyKittens](https://vuldb.com/?actor.copykittens). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.copykittens](https://vuldb.com/?actor.copykittens)
|
||||
|
||||
|
@ -15,11 +15,11 @@ The following campaigns are known and can be associated with CopyKittens:
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CopyKittens:
|
||||
|
||||
* PL
|
||||
* DE
|
||||
* FR
|
||||
* ES
|
||||
* ...
|
||||
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -29,13 +29,13 @@ ID | IP address | Hostname | Confidence
|
|||
-- | ---------- | -------- | ----------
|
||||
1 | 5.34.180.252 | vds-uuallex-113169.hosted-by-itldc.com | High
|
||||
2 | 5.34.181.13 | backups231.com | High
|
||||
3 | 31.192.105.16 | - | High
|
||||
4 | 31.192.105.17 | wikileaks.org | High
|
||||
3 | 31.192.105.16 | down-it-niscat.cosmeticdentistwellesley.com | High
|
||||
4 | 31.192.105.17 | most.muatypecast.com | High
|
||||
5 | 31.192.105.28 | - | High
|
||||
6 | 38.130.75.20 | h20-us75.fcsrv.net | High
|
||||
7 | 51.254.76.54 | - | High
|
||||
8 | 62.109.2.52 | ns.leangroup.ru | High
|
||||
9 | 62.109.2.109 | mediclick.ru | High
|
||||
9 | 62.109.2.109 | l2pvp.life | High
|
||||
10 | 66.55.152.164 | 66-55-152-164.choopa.net | High
|
||||
11 | 68.232.180.122 | 68-232-180-122.choopa.net | High
|
||||
12 | 80.179.42.37 | 80.179.42.37.forward.012.net.il | High
|
||||
|
@ -44,12 +44,9 @@ ID | IP address | Hostname | Confidence
|
|||
15 | 93.190.138.137 | 93-190-138-137.hosted-by-worldstream.net | High
|
||||
16 | 104.200.128.48 | - | High
|
||||
17 | 104.200.128.58 | - | High
|
||||
18 | 104.200.128.64 | - | High
|
||||
19 | 104.200.128.71 | - | High
|
||||
20 | 104.200.128.126 | - | High
|
||||
21 | ... | ... | ...
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 64 more IOC items available. Please use our online service to access the data.
|
||||
There are 67 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -60,11 +57,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | Cross Site Scripting | High
|
||||
3 | T1068 | Execution with Unnecessary Privileges | High
|
||||
4 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
5 | T1211 | 7PK Security Features | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -72,19 +67,36 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%LOCALAPPDATA%\Zemana\ZALSDK\MyRules2.ini` | High
|
||||
2 | File | `.backup/` | Medium
|
||||
3 | File | `.gemspec` | Medium
|
||||
4 | File | `.mscreenrc` | Medium
|
||||
5 | File | `.pref.xml` | Medium
|
||||
6 | File | `/?ajax-request=jnews` | High
|
||||
7 | File | `/?mobile=1` | Medium
|
||||
8 | File | `/admin` | Low
|
||||
9 | File | `/ADMIN.ASP` | Medium
|
||||
10 | File | `/admin.php/Foodcat/editsave` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/about/../` | Medium
|
||||
2 | File | `/admin/admin.php?module=admin_group_edit&agID` | High
|
||||
3 | File | `/admin/comment.php` | High
|
||||
4 | File | `/admin/configure.php` | High
|
||||
5 | File | `/admin/index.php?lfj=member&action=editmember` | High
|
||||
6 | File | `/admin/login.php` | High
|
||||
7 | File | `/admin/media/upload` | High
|
||||
8 | File | `/api/notify.php` | High
|
||||
9 | File | `/auth/v1/sso/config/` | High
|
||||
10 | File | `/EXCU_SHELL` | Medium
|
||||
11 | File | `/forgetpassword.php` | High
|
||||
12 | File | `/formAdvFirewall` | High
|
||||
13 | File | `/function/booksave.php` | High
|
||||
14 | File | `/home/user/dir` | High
|
||||
15 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
16 | File | `/moddable/xs/sources/xsDataView.c` | High
|
||||
17 | File | `abc2ps.c` | Medium
|
||||
18 | File | `acknow.php` | Medium
|
||||
19 | File | `adminlogin.php` | High
|
||||
20 | File | `AdminUpdateController.class.php` | High
|
||||
21 | File | `admin_home.php` | High
|
||||
22 | File | `allocator.cc` | Medium
|
||||
23 | File | `AndroidManifest.xml` | High
|
||||
24 | File | `archeryscores.php` | High
|
||||
25 | File | `archive_read_support_format_iso9660.c` | High
|
||||
26 | File | `AscoServer.exe` | High
|
||||
27 | File | `AudioOutputSpeech.cpp` | High
|
||||
28 | ... | ... | ...
|
||||
|
||||
There are 2718 more IOA items available. Please use our online service to access the data.
|
||||
There are 239 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -99,9 +111,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# CosmicDuke - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CosmicDuke](https://vuldb.com/?actor.cosmicduke). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CosmicDuke](https://vuldb.com/?actor.cosmicduke). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cosmicduke](https://vuldb.com/?actor.cosmicduke)
|
||||
|
||||
|
@ -24,10 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 46.246.120.178 | - | High
|
||||
2 | 91.224.141.235 | - | High
|
||||
3 | 94.242.199.88 | ip-static-94-242-199-88.server.lu | High
|
||||
4 | 176.74.216.14 | cz10131-d1z1-kvm.host-telecom.com | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -47,9 +46,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Crashoverride - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Crashoverride](https://vuldb.com/?actor.crashoverride). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Crashoverride](https://vuldb.com/?actor.crashoverride). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.crashoverride](https://vuldb.com/?actor.crashoverride)
|
||||
|
||||
|
@ -18,7 +18,7 @@ ID | IP address | Hostname | Confidence
|
|||
-- | ---------- | -------- | ----------
|
||||
1 | 5.39.218.152 | - | High
|
||||
2 | 93.115.27.57 | - | High
|
||||
3 | 195.16.88.6 | server10005.hostlife.net | High
|
||||
3 | 195.16.88.6 | server10005.defaulthost.net | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -36,8 +36,10 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
2 | File | `/CMD_SELECT_USERS` | High
|
||||
3 | Argument | `location` | Medium
|
||||
4 | Input Value | `CMD_ALL_USER_SHOW'"><script>alert(/IrIsT.Ir/)</script>` | High
|
||||
3 | File | `web/upload/UploadHandler.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -49,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Crimeware - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Crimeware](https://vuldb.com/?actor.crimeware). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Crimeware](https://vuldb.com/?actor.crimeware). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.crimeware](https://vuldb.com/?actor.crimeware)
|
||||
|
||||
|
@ -52,10 +52,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `admin_store_form` | High
|
||||
2 | File | `cscopf.ocx` | Medium
|
||||
3 | File | `fs/inode.c` | Medium
|
||||
4 | File | `Util/PHP/eval-stdin.php` | High
|
||||
5 | Argument | `cntnt01fbrp_forma_form_template` | High
|
||||
6 | Argument | `Initialization` | High
|
||||
7 | Input Value | `admin/password` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -67,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -13,12 +13,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 8.248.153.254 | - | High
|
||||
2 | 8.248.163.254 | - | High
|
||||
3 | 8.248.167.254 | - | High
|
||||
4 | 8.249.223.254 | - | High
|
||||
5 | 8.249.233.254 | - | High
|
||||
6 | 8.253.45.239 | - | High
|
||||
7 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 13 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -35,4 +32,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# CryptoPHP - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CryptoPHP](https://vuldb.com/?actor.cryptophp). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CryptoPHP](https://vuldb.com/?actor.cryptophp). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cryptophp](https://vuldb.com/?actor.cryptophp)
|
||||
|
||||
|
@ -30,15 +30,9 @@ ID | IP address | Hostname | Confidence
|
|||
7 | 78.138.118.200 | - | High
|
||||
8 | 78.138.118.201 | - | High
|
||||
9 | 78.138.118.202 | - | High
|
||||
10 | 78.138.118.203 | - | High
|
||||
11 | 78.138.118.204 | - | High
|
||||
12 | 78.138.118.205 | - | High
|
||||
13 | 78.138.118.206 | - | High
|
||||
14 | 78.138.118.207 | - | High
|
||||
15 | 78.138.118.208 | - | High
|
||||
16 | ... | ... | ...
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 29 more IOC items available. Please use our online service to access the data.
|
||||
There are 35 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -62,16 +56,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/mics/j_spring_security_check` | High
|
||||
2 | File | `examples/openid.php` | High
|
||||
3 | File | `FormDisplay.php` | High
|
||||
4 | File | `includes/startup.php` | High
|
||||
5 | File | `libraries/Header.php` | High
|
||||
6 | File | `member.php` | Medium
|
||||
7 | File | `shopping-cart.php` | High
|
||||
8 | File | `wp-includes/class-wp-query.php` | High
|
||||
9 | Argument | `cusid` | Low
|
||||
10 | Argument | `j_username` | Medium
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOA items available. Please use our online service to access the data.
|
||||
There are 12 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -83,9 +70,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# DNSBirthday - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DNSBirthday](https://vuldb.com/?actor.dnsbirthday). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DNSBirthday](https://vuldb.com/?actor.dnsbirthday). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dnsbirthday](https://vuldb.com/?actor.dnsbirthday)
|
||||
|
||||
|
@ -46,16 +46,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `/modules/profile/index.php` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | File | `email.php` | Medium
|
||||
5 | File | `goto.php` | Medium
|
||||
6 | File | `inc/config.php` | High
|
||||
7 | File | `index.php` | Medium
|
||||
8 | File | `rcube_plugin_api.php` | High
|
||||
9 | File | `redir.php` | Medium
|
||||
10 | File | `redirect.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 12 more IOA items available. Please use our online service to access the data.
|
||||
There are 19 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -67,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -45,11 +45,11 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/apply.cgi` | Medium
|
||||
2 | File | `apply.cgi` | Medium
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
2 | File | `/usr/bin/pkexec` | High
|
||||
3 | File | `apply.cgi` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 22 more IOA items available. Please use our online service to access the data.
|
||||
There are 23 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -27,4 +27,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# DeputyDog - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DeputyDog](https://vuldb.com/?actor.deputydog). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DeputyDog](https://vuldb.com/?actor.deputydog). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.deputydog](https://vuldb.com/?actor.deputydog)
|
||||
|
||||
|
@ -33,9 +33,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# DetaRAT - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DetaRAT](https://vuldb.com/?actor.detarat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DetaRAT](https://vuldb.com/?actor.detarat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.detarat](https://vuldb.com/?actor.detarat)
|
||||
|
||||
|
@ -43,16 +43,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
2 | File | `admin/index.php` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | File | `filter.php` | Medium
|
||||
5 | File | `inc/config.php` | High
|
||||
6 | File | `lib/krb5/asn.1/asn1_encode.c` | High
|
||||
7 | File | `login.php` | Medium
|
||||
8 | File | `mdeploy.php` | Medium
|
||||
9 | File | `multipart/form-data` | High
|
||||
10 | File | `news.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 16 more IOA items available. Please use our online service to access the data.
|
||||
There are 23 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -64,9 +57,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# DirCrypt - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DirCrypt](https://vuldb.com/?actor.dircrypt). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DirCrypt](https://vuldb.com/?actor.dircrypt). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dircrypt](https://vuldb.com/?actor.dircrypt)
|
||||
|
||||
|
@ -10,7 +10,7 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 164.155.216.36 | sk.s5.ans1.ns148.ztomy.com | High
|
||||
1 | 164.155.216.36 | - | High
|
||||
2 | 169.50.13.61 | 3d.0d.32a9.ip4.static.sl-reverse.com | High
|
||||
|
||||
## References
|
||||
|
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# DragonOK - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DragonOK](https://vuldb.com/?actor.dragonok). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DragonOK](https://vuldb.com/?actor.dragonok). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dragonok](https://vuldb.com/?actor.dragonok)
|
||||
|
||||
|
@ -43,9 +43,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Dukes - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dukes](https://vuldb.com/?actor.dukes). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dukes](https://vuldb.com/?actor.dukes). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dukes](https://vuldb.com/?actor.dukes)
|
||||
|
||||
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* ID
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -26,13 +26,9 @@ ID | IP address | Hostname | Confidence
|
|||
3 | 50.7.192.146 | - | High
|
||||
4 | 64.18.143.66 | - | High
|
||||
5 | 66.29.115.55 | 647807.ds.nac.net | High
|
||||
6 | 69.59.28.57 | - | High
|
||||
7 | 82.146.47.163 | peter.kuveko.vps | High
|
||||
8 | 82.146.51.22 | kassioun.com | High
|
||||
9 | 83.149.74.73 | - | High
|
||||
10 | ... | ... | ...
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 18 more IOC items available. Please use our online service to access the data.
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -53,19 +49,16 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/server-status` | High
|
||||
2 | File | `adclick.php` | Medium
|
||||
3 | File | `ashnews.php/ashheadlines.php` | High
|
||||
4 | File | `cds-fpdf.php` | Medium
|
||||
5 | File | `data/gbconfiguration.dat` | High
|
||||
6 | File | `eepro100.c` | Medium
|
||||
7 | File | `header.php` | Medium
|
||||
8 | File | `iframe.php` | Medium
|
||||
9 | File | `includes/search.php` | High
|
||||
10 | File | `index.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/rest/project-templates/1.0/createshared` | High
|
||||
2 | File | `/server-status` | High
|
||||
3 | File | `act.php` | Low
|
||||
4 | File | `adclick.php` | Medium
|
||||
5 | File | `admin.php` | Medium
|
||||
6 | File | `ashnews.php/ashheadlines.php` | High
|
||||
7 | File | `bbcode.php` | Medium
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 35 more IOA items available. Please use our online service to access the data.
|
||||
There are 55 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -78,9 +71,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Dust Storm - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dust Storm](https://vuldb.com/?actor.dust_storm). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dust Storm](https://vuldb.com/?actor.dust_storm). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dust_storm](https://vuldb.com/?actor.dust_storm)
|
||||
|
||||
|
@ -30,14 +30,9 @@ ID | IP address | Hostname | Confidence
|
|||
5 | 27.255.72.78 | - | High
|
||||
6 | 59.120.59.2 | 59-120-59-2.hinet-ip.hinet.net | High
|
||||
7 | 59.188.13.133 | - | High
|
||||
8 | 59.188.13.137 | - | High
|
||||
9 | 67.192.225.83 | - | High
|
||||
10 | 98.129.119.156 | - | High
|
||||
11 | 111.1.1.66 | - | High
|
||||
12 | 111.67.199.213 | - | High
|
||||
13 | ... | ... | ...
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 22 more IOC items available. Please use our online service to access the data.
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -57,7 +52,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `clonos.php` | Medium
|
||||
2 | File | `ildap.exe` | Medium
|
||||
3 | File | `prod.php` | Medium
|
||||
4 | Argument | `cat` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -69,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Emissary - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Emissary](https://vuldb.com/?actor.emissary). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Emissary](https://vuldb.com/?actor.emissary). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.emissary](https://vuldb.com/?actor.emissary)
|
||||
|
||||
|
@ -20,11 +20,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 101.55.33.92 | - | High
|
||||
2 | 101.55.33.95 | - | High
|
||||
3 | 101.55.121.79 | - | High
|
||||
4 | 103.243.24.179 | - | High
|
||||
5 | 118.193.221.233 | - | High
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -53,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
284
Emotet/README.md
284
Emotet/README.md
|
@ -9,11 +9,11 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:
|
||||
|
||||
* VN
|
||||
* US
|
||||
* CN
|
||||
* US
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -30,105 +30,148 @@ ID | IP address | Hostname | Confidence
|
|||
7 | 5.2.136.90 | static-5-2-136-90.rdsnet.ro | High
|
||||
8 | 5.2.182.7 | static-5-2-182-7.rdsnet.ro | High
|
||||
9 | 5.2.212.254 | static-5-2-212-254.rdsnet.ro | High
|
||||
10 | 5.12.246.155 | 5-12-246-155.residential.rdsnet.ro | High
|
||||
11 | 5.39.91.110 | ns3278366.ip-5-39-91.eu | High
|
||||
12 | 5.79.70.250 | - | High
|
||||
13 | 5.89.33.136 | net-5-89-33-136.cust.vodafonedsl.it | High
|
||||
14 | 5.196.35.138 | vps10.open-techno.net | High
|
||||
15 | 5.230.193.41 | casagarcia-web.sys.netzfabrik.eu | High
|
||||
16 | 8.4.9.137 | onlinehorizons.net | High
|
||||
17 | 12.32.68.154 | mail.sealscoinc.com | High
|
||||
18 | 12.149.72.170 | - | High
|
||||
19 | 12.162.84.2 | - | High
|
||||
20 | 12.163.208.58 | - | High
|
||||
21 | 12.182.146.226 | - | High
|
||||
22 | 12.184.217.101 | - | High
|
||||
23 | 23.6.65.194 | a23-6-65-194.deploy.static.akamaitechnologies.com | High
|
||||
24 | 23.36.85.183 | a23-36-85-183.deploy.static.akamaitechnologies.com | High
|
||||
25 | 23.199.63.11 | a23-199-63-11.deploy.static.akamaitechnologies.com | High
|
||||
26 | 23.199.71.185 | a23-199-71-185.deploy.static.akamaitechnologies.com | High
|
||||
27 | 23.239.2.11 | li683-11.members.linode.com | High
|
||||
28 | 24.43.99.75 | rrcs-24-43-99-75.west.biz.rr.com | High
|
||||
29 | 24.101.229.82 | dynamic-acs-24-101-229-82.zoominternet.net | High
|
||||
30 | 24.119.116.230 | 24-119-116-230.cpe.sparklight.net | High
|
||||
31 | 24.121.176.48 | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | High
|
||||
32 | 24.137.76.62 | host-24-137-76-62.public.eastlink.ca | High
|
||||
33 | 24.178.90.49 | 024-178-090-049.res.spectrum.com | High
|
||||
34 | 24.179.13.119 | 024-179-013-119.res.spectrum.com | High
|
||||
35 | 24.217.117.217 | 024-217-117-217.res.spectrum.com | High
|
||||
36 | 24.232.228.233 | OL233-228.fibertel.com.ar | High
|
||||
37 | 24.244.177.40 | - | High
|
||||
38 | 27.78.27.110 | localhost | High
|
||||
39 | 27.82.13.10 | KD027082013010.ppp-bb.dion.ne.jp | High
|
||||
40 | 27.109.24.214 | - | High
|
||||
41 | 27.114.9.93 | i27-114-9-93.s41.a011.ap.plala.or.jp | High
|
||||
42 | 36.91.44.183 | - | High
|
||||
43 | 37.46.129.215 | we-too.ru | High
|
||||
44 | 37.97.135.82 | 37-97-135-82.colo.transip.net | High
|
||||
45 | 37.139.21.175 | 37.139.21.175-e2-8080-keep-up | High
|
||||
46 | 37.179.204.33 | - | High
|
||||
47 | 37.187.4.178 | ks2.kku.io | High
|
||||
48 | 37.187.57.57 | ns3357940.ovh.net | High
|
||||
49 | 37.187.72.193 | ns3362285.ip-37-187-72.eu | High
|
||||
50 | 37.187.161.206 | toolbox.alabs.io | High
|
||||
51 | 37.205.9.252 | s1.ithelp24.eu | High
|
||||
52 | 37.221.70.250 | b2b-customer.inftele.net | High
|
||||
53 | 41.169.36.237 | - | High
|
||||
54 | 41.185.28.84 | brf01-nix01.wadns.net | High
|
||||
55 | 41.185.29.128 | abp79-nix01.wadns.net | High
|
||||
56 | 41.231.225.139 | - | High
|
||||
57 | 42.62.40.103 | - | High
|
||||
58 | 45.16.226.117 | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | High
|
||||
59 | 45.33.77.42 | li1023-42.members.linode.com | High
|
||||
60 | 45.46.37.97 | cpe-45-46-37-97.maine.res.rr.com | High
|
||||
61 | 45.55.36.51 | - | High
|
||||
62 | 45.55.219.163 | - | High
|
||||
63 | 45.79.95.107 | li1194-107.members.linode.com | High
|
||||
64 | 45.230.45.171 | - | High
|
||||
65 | 46.4.100.178 | support.wizard-shopservice.de | High
|
||||
66 | 46.4.192.185 | static.185.192.4.46.clients.your-server.de | High
|
||||
67 | 46.28.111.142 | enkindu.jsuchy.net | High
|
||||
68 | 46.32.229.152 | 094882.vps-10.com | High
|
||||
69 | 46.32.233.226 | yetitoolusa.com | High
|
||||
70 | 46.38.238.8 | v2202109122001163131.happysrv.de | High
|
||||
71 | 46.43.2.95 | chris.default.cjenkinson.uk0.bigv.io | High
|
||||
72 | 46.101.58.37 | 46.101.58.37-e1-8080 | High
|
||||
73 | 46.105.81.76 | myu0.cylipo.sbs | High
|
||||
74 | 46.105.114.137 | ns3188253.ip-46-105-114.eu | High
|
||||
75 | 46.105.131.68 | http.adven.fr | High
|
||||
76 | 46.105.131.79 | relay.adven.fr | High
|
||||
77 | 46.105.131.87 | pop.adven.fr | High
|
||||
78 | 46.165.254.206 | - | High
|
||||
79 | 47.36.140.164 | 047-036-140-164.res.spectrum.com | High
|
||||
80 | 47.146.39.147 | - | High
|
||||
81 | 47.188.131.94 | - | High
|
||||
82 | 49.12.121.47 | filezilla-project.org | High
|
||||
83 | 49.50.209.131 | 131.host-49-50-209.euba.megatel.co.nz | High
|
||||
84 | 49.212.135.76 | os3-321-50322.vs.sakura.ne.jp | High
|
||||
85 | 49.212.155.94 | os3-325-52340.vs.sakura.ne.jp | High
|
||||
86 | 50.28.51.143 | - | High
|
||||
87 | 50.31.146.101 | mail.brillinjurylaw.com | High
|
||||
88 | 50.91.114.38 | 050-091-114-038.res.spectrum.com | High
|
||||
89 | 50.116.78.109 | intersearchmedia.com | High
|
||||
90 | 50.245.107.73 | 50-245-107-73-static.hfc.comcastbusiness.net | High
|
||||
91 | 51.15.7.145 | 51-15-7-145.rev.poneytelecom.eu | High
|
||||
92 | 51.75.33.127 | ip127.ip-51-75-33.eu | High
|
||||
93 | 51.89.36.180 | ip180.ip-51-89-36.eu | High
|
||||
94 | 51.89.199.141 | ip141.ip-51-89-199.eu | High
|
||||
95 | 51.255.165.160 | 160.ip-51-255-165.eu | High
|
||||
96 | 54.38.143.245 | tools.inovato.me | High
|
||||
97 | 58.27.215.3 | 58-27-215-3.wateen.net | High
|
||||
98 | 58.94.58.13 | i58-94-58-13.s41.a014.ap.plala.or.jp | High
|
||||
99 | 59.148.253.194 | 059148253194.ctinets.com | High
|
||||
100 | 60.93.23.51 | softbank060093023051.bbtec.net | High
|
||||
101 | 60.108.128.186 | softbank060108128186.bbtec.net | High
|
||||
102 | 60.125.114.64 | softbank060125114064.bbtec.net | High
|
||||
103 | 60.249.78.226 | 60-249-78-226.hinet-ip.hinet.net | High
|
||||
104 | 61.19.246.238 | - | High
|
||||
105 | 62.30.7.67 | 67.7-30-62.static.virginmediabusiness.co.uk | High
|
||||
106 | ... | ... | ...
|
||||
10 | 5.9.189.24 | static.24.189.9.5.clients.your-server.de | High
|
||||
11 | 5.12.246.155 | 5-12-246-155.residential.rdsnet.ro | High
|
||||
12 | 5.35.249.46 | rs250366.rs.hosteurope.de | High
|
||||
13 | 5.39.91.110 | ns3278366.ip-5-39-91.eu | High
|
||||
14 | 5.79.70.250 | - | High
|
||||
15 | 5.89.33.136 | net-5-89-33-136.cust.vodafonedsl.it | High
|
||||
16 | 5.159.57.195 | www-riedle.transfermarkt.de | High
|
||||
17 | 5.196.35.138 | vps10.open-techno.net | High
|
||||
18 | 5.230.193.41 | casagarcia-web.sys.netzfabrik.eu | High
|
||||
19 | 8.4.9.137 | onlinehorizons.net | High
|
||||
20 | 8.247.6.134 | - | High
|
||||
21 | 12.32.68.154 | mail.sealscoinc.com | High
|
||||
22 | 12.149.72.170 | - | High
|
||||
23 | 12.162.84.2 | - | High
|
||||
24 | 12.163.208.58 | - | High
|
||||
25 | 12.182.146.226 | - | High
|
||||
26 | 12.184.217.101 | - | High
|
||||
27 | 23.6.65.194 | a23-6-65-194.deploy.static.akamaitechnologies.com | High
|
||||
28 | 23.36.85.183 | a23-36-85-183.deploy.static.akamaitechnologies.com | High
|
||||
29 | 23.199.63.11 | a23-199-63-11.deploy.static.akamaitechnologies.com | High
|
||||
30 | 23.199.71.185 | a23-199-71-185.deploy.static.akamaitechnologies.com | High
|
||||
31 | 23.239.2.11 | li683-11.members.linode.com | High
|
||||
32 | 24.43.99.75 | rrcs-24-43-99-75.west.biz.rr.com | High
|
||||
33 | 24.101.229.82 | dynamic-acs-24-101-229-82.zoominternet.net | High
|
||||
34 | 24.119.116.230 | 24-119-116-230.cpe.sparklight.net | High
|
||||
35 | 24.121.176.48 | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | High
|
||||
36 | 24.137.76.62 | host-24-137-76-62.public.eastlink.ca | High
|
||||
37 | 24.178.90.49 | 024-178-090-049.res.spectrum.com | High
|
||||
38 | 24.179.13.119 | 024-179-013-119.res.spectrum.com | High
|
||||
39 | 24.217.117.217 | 024-217-117-217.res.spectrum.com | High
|
||||
40 | 24.232.228.233 | OL233-228.fibertel.com.ar | High
|
||||
41 | 24.244.177.40 | - | High
|
||||
42 | 27.78.27.110 | localhost | High
|
||||
43 | 27.82.13.10 | KD027082013010.ppp-bb.dion.ne.jp | High
|
||||
44 | 27.109.24.214 | - | High
|
||||
45 | 27.114.9.93 | i27-114-9-93.s41.a011.ap.plala.or.jp | High
|
||||
46 | 36.91.44.183 | - | High
|
||||
47 | 37.46.129.215 | we-too.ru | High
|
||||
48 | 37.97.135.82 | 37-97-135-82.colo.transip.net | High
|
||||
49 | 37.139.21.175 | 37.139.21.175-e2-8080-keep-up | High
|
||||
50 | 37.179.204.33 | - | High
|
||||
51 | 37.187.4.178 | ks2.kku.io | High
|
||||
52 | 37.187.57.57 | ns3357940.ovh.net | High
|
||||
53 | 37.187.72.193 | ns3362285.ip-37-187-72.eu | High
|
||||
54 | 37.187.161.206 | toolbox.alabs.io | High
|
||||
55 | 37.205.9.252 | s1.ithelp24.eu | High
|
||||
56 | 37.221.70.250 | b2b-customer.inftele.net | High
|
||||
57 | 41.76.108.46 | - | High
|
||||
58 | 41.169.36.237 | - | High
|
||||
59 | 41.185.28.84 | brf01-nix01.wadns.net | High
|
||||
60 | 41.185.29.128 | exchange.imali-group.co.za | High
|
||||
61 | 41.231.225.139 | - | High
|
||||
62 | 42.62.40.103 | - | High
|
||||
63 | 45.16.226.117 | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | High
|
||||
64 | 45.33.77.42 | li1023-42.members.linode.com | High
|
||||
65 | 45.46.37.97 | cpe-45-46-37-97.maine.res.rr.com | High
|
||||
66 | 45.55.36.51 | - | High
|
||||
67 | 45.55.219.163 | - | High
|
||||
68 | 45.79.95.107 | li1194-107.members.linode.com | High
|
||||
69 | 45.80.148.200 | - | High
|
||||
70 | 45.118.135.203 | 45-118-135-203.ip.linodeusercontent.com | High
|
||||
71 | 45.142.114.231 | mail.dounutmail.de | High
|
||||
72 | 45.230.45.171 | - | High
|
||||
73 | 46.4.100.178 | support.wizard-shopservice.de | High
|
||||
74 | 46.4.192.185 | static.185.192.4.46.clients.your-server.de | High
|
||||
75 | 46.28.111.142 | enkindu.jsuchy.net | High
|
||||
76 | 46.32.229.152 | 094882.vps-10.com | High
|
||||
77 | 46.32.233.226 | yetitoolusa.com | High
|
||||
78 | 46.38.238.8 | v2202109122001163131.happysrv.de | High
|
||||
79 | 46.43.2.95 | chris.default.cjenkinson.uk0.bigv.io | High
|
||||
80 | 46.101.58.37 | 46.101.58.37-e1-8080 | High
|
||||
81 | 46.105.81.76 | myu0.cylipo.sbs | High
|
||||
82 | 46.105.114.137 | ns3188253.ip-46-105-114.eu | High
|
||||
83 | 46.105.131.68 | http.adven.fr | High
|
||||
84 | 46.105.131.79 | relay.adven.fr | High
|
||||
85 | 46.105.131.87 | pop.adven.fr | High
|
||||
86 | 46.105.236.18 | - | High
|
||||
87 | 46.165.254.206 | - | High
|
||||
88 | 46.214.107.142 | 46-214-107-142.next-gen.ro | High
|
||||
89 | 47.36.140.164 | 047-036-140-164.res.spectrum.com | High
|
||||
90 | 47.146.39.147 | - | High
|
||||
91 | 47.188.131.94 | - | High
|
||||
92 | 49.12.121.47 | filezilla-project.org | High
|
||||
93 | 49.50.209.131 | 131.host-49-50-209.euba.megatel.co.nz | High
|
||||
94 | 49.212.135.76 | os3-321-50322.vs.sakura.ne.jp | High
|
||||
95 | 49.212.155.94 | os3-325-52340.vs.sakura.ne.jp | High
|
||||
96 | 50.28.51.143 | - | High
|
||||
97 | 50.31.146.101 | mail.brillinjurylaw.com | High
|
||||
98 | 50.56.135.44 | - | High
|
||||
99 | 50.91.114.38 | 050-091-114-038.res.spectrum.com | High
|
||||
100 | 50.116.78.109 | intersearchmedia.com | High
|
||||
101 | 50.245.107.73 | 50-245-107-73-static.hfc.comcastbusiness.net | High
|
||||
102 | 51.15.7.145 | 51-15-7-145.rev.poneytelecom.eu | High
|
||||
103 | 51.75.33.127 | ip127.ip-51-75-33.eu | High
|
||||
104 | 51.89.36.180 | ip180.ip-51-89-36.eu | High
|
||||
105 | 51.89.199.141 | ip141.ip-51-89-199.eu | High
|
||||
106 | 51.255.165.160 | 160.ip-51-255-165.eu | High
|
||||
107 | 54.38.143.245 | tools.inovato.me | High
|
||||
108 | 58.27.215.3 | 58-27-215-3.wateen.net | High
|
||||
109 | 58.94.58.13 | i58-94-58-13.s41.a014.ap.plala.or.jp | High
|
||||
110 | 58.227.42.236 | - | High
|
||||
111 | 59.148.253.194 | 059148253194.ctinets.com | High
|
||||
112 | 60.93.23.51 | softbank060093023051.bbtec.net | High
|
||||
113 | 60.108.128.186 | softbank060108128186.bbtec.net | High
|
||||
114 | 60.125.114.64 | softbank060125114064.bbtec.net | High
|
||||
115 | 60.249.78.226 | 60-249-78-226.hinet-ip.hinet.net | High
|
||||
116 | 61.19.246.238 | - | High
|
||||
117 | 62.30.7.67 | 67.7-30-62.static.virginmediabusiness.co.uk | High
|
||||
118 | 62.75.141.82 | static-ip-62-75-141-82.inaddr.ip-pool.com | High
|
||||
119 | 62.84.75.50 | mail.saadegrp.com.lb | High
|
||||
120 | 62.171.142.179 | vmi499457.contaboserver.net | High
|
||||
121 | 62.212.34.102 | - | High
|
||||
122 | 64.207.182.168 | - | High
|
||||
123 | 66.54.51.172 | - | High
|
||||
124 | 66.76.26.33 | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | High
|
||||
125 | 66.228.61.248 | li318-248.members.linode.com | High
|
||||
126 | 67.19.105.107 | ns2.datatrust.com.br | High
|
||||
127 | 67.170.250.203 | c-67-170-250-203.hsd1.ca.comcast.net | High
|
||||
128 | 68.2.97.91 | ip68-2-97-91.ph.ph.cox.net | High
|
||||
129 | 68.183.170.114 | 68.183.170.114-e1-8080-keep-up | High
|
||||
130 | 68.183.190.199 | 68.183.190.199-e1-8080-keep-up | High
|
||||
131 | 69.17.170.58 | unallocated-static.rogers.com | High
|
||||
132 | 69.43.168.200 | ns0.imunplugged.com | High
|
||||
133 | 69.45.19.251 | coastinet.com | High
|
||||
134 | 69.167.152.111 | - | High
|
||||
135 | 70.32.84.74 | - | High
|
||||
136 | 70.32.89.105 | parties-at-sea.com | High
|
||||
137 | 70.32.92.133 | popdesigngroup.com | High
|
||||
138 | 70.32.115.157 | harpotripofalifetime.com | High
|
||||
139 | 70.168.7.6 | wsip-70-168-7-6.ri.ri.cox.net | High
|
||||
140 | 70.182.77.184 | wsip-70-182-77-184.ok.ok.cox.net | High
|
||||
141 | 70.184.125.132 | wsip-70-184-125-132.ph.ph.cox.net | High
|
||||
142 | 71.15.245.148 | 071-015-245-148.res.spectrum.com | High
|
||||
143 | 71.197.211.156 | c-71-197-211-156.hsd1.wa.comcast.net | High
|
||||
144 | 71.244.60.231 | static-71-244-60-231.dllstx.fios.frontiernet.net | High
|
||||
145 | 72.10.49.117 | rtw7-rfpn.accessdomain.com | High
|
||||
146 | 72.18.204.17 | lasvegas-nv-datacenter.com | High
|
||||
147 | 72.45.212.62 | nyinstituteofmassage.com | High
|
||||
148 | 72.186.136.247 | 072-186-136-247.biz.spectrum.com | High
|
||||
149 | ... | ... | ...
|
||||
|
||||
There are 419 more IOC items available. Please use our online service to access the data.
|
||||
There are 594 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -141,7 +184,7 @@ ID | Technique | Description | Confidence
|
|||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 2 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -149,28 +192,23 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?ajax-request=jnews` | High
|
||||
2 | File | `/ajax_crud` | Medium
|
||||
3 | File | `/appliance/users?action=edit` | High
|
||||
4 | File | `/assets/ctx` | Medium
|
||||
5 | File | `/core/table/query` | High
|
||||
6 | File | `/dev/ion` | Medium
|
||||
7 | File | `/ecma/operations/ecma-objects.c` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/GetCopiedFile` | High
|
||||
10 | File | `/goform/activate_process` | High
|
||||
11 | File | `/hdf5/src/H5T.c` | High
|
||||
12 | File | `/include/chart_generator.php` | High
|
||||
13 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
|
||||
14 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
|
||||
15 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
|
||||
16 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
|
||||
17 | File | `/jerry-core/vm/vm.c` | High
|
||||
18 | File | `/ms/mdiy/model/importJson.do` | High
|
||||
19 | File | `/ms/template/writeFileContent.do` | High
|
||||
20 | ... | ... | ...
|
||||
1 | File | `/admin/admin_manage/delete` | High
|
||||
2 | File | `/admin/configure.php` | High
|
||||
3 | File | `/administrator/components/table_manager/` | High
|
||||
4 | File | `/application/common.php#action_log` | High
|
||||
5 | File | `/cgi-bin/luci` | High
|
||||
6 | File | `/Hospital-Management-System-master/func.php` | High
|
||||
7 | File | `/rest/api/1.0/render` | High
|
||||
8 | File | `/usr/bin/pkexec` | High
|
||||
9 | File | `/yzmcms/comment/index/init.html` | High
|
||||
10 | File | `admin/posts.php?source=add_post` | High
|
||||
11 | File | `admin/users.php?source=add_user` | High
|
||||
12 | File | `cgiserver.cgi` | High
|
||||
13 | File | `Controller.php` | High
|
||||
14 | File | `cszcms/controllers/Member.php#viewUser` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 167 more IOA items available. Please use our online service to access the data.
|
||||
There are 123 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -185,7 +223,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html
|
||||
* https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
|
||||
* https://community.blueliv.com/#!/s/5fb2ee2482df413eaf344b29
|
||||
* https://ddanchev.blogspot.com/2022/01/profiling-emotet-botnet-c.html
|
||||
* https://pastebin.com/uPn1zM6b
|
||||
* https://unit42.paloaltonetworks.com/emotet-command-and-control/
|
||||
* https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# EpicenterRAT - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [EpicenterRAT](https://vuldb.com/?actor.epicenterrat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [EpicenterRAT](https://vuldb.com/?actor.epicenterrat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.epicenterrat](https://vuldb.com/?actor.epicenterrat)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Equation - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Equation](https://vuldb.com/?actor.equation). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Equation](https://vuldb.com/?actor.equation). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.equation](https://vuldb.com/?actor.equation)
|
||||
|
||||
|
@ -33,13 +33,9 @@ ID | IP address | Hostname | Confidence
|
|||
4 | 80.77.4.3 | - | High
|
||||
5 | 81.31.34.175 | 81-31-34-175.static.masterinter.net | High
|
||||
6 | 81.31.36.174 | vl504.sl509s.r1-3.dc1.4d.prg.masterinter.net | High
|
||||
7 | 81.31.38.163 | 81-31-38-163.static.masterinter.net | High
|
||||
8 | 81.31.38.166 | 81-31-38-166.static.masterinter.net | High
|
||||
9 | 84.233.205.99 | - | High
|
||||
10 | 85.112.1.83 | - | High
|
||||
11 | ... | ... | ...
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 20 more IOC items available. Please use our online service to access the data.
|
||||
There are 24 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,6 +46,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | 7PK Security Features | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -60,16 +59,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/exec/` | Low
|
||||
2 | File | `/wlanAccess.asp` | High
|
||||
3 | File | `GetRules.asp` | Medium
|
||||
4 | File | `kaiseki.cgi` | Medium
|
||||
5 | File | `phpinfo.php` | Medium
|
||||
6 | File | `rpc.statd` | Medium
|
||||
7 | Library | `DNSAPI.dll` | Medium
|
||||
8 | Library | `isusweb.dll` | Medium
|
||||
9 | Argument | `Connected Clients` | High
|
||||
10 | Network Port | `Ports 137-139` | High
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 2 more IOA items available. Please use our online service to access the data.
|
||||
There are 9 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -82,9 +74,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# EquationDrug - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [EquationDrug](https://vuldb.com/?actor.equationdrug). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [EquationDrug](https://vuldb.com/?actor.equationdrug). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.equationdrug](https://vuldb.com/?actor.equationdrug)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Evilnum - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Evilnum](https://vuldb.com/?actor.evilnum). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Evilnum](https://vuldb.com/?actor.evilnum). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.evilnum](https://vuldb.com/?actor.evilnum)
|
||||
|
||||
|
@ -39,16 +39,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `books.php` | Medium
|
||||
2 | File | `Forms/MAI/list.asp` | High
|
||||
3 | File | `inc/config.php` | High
|
||||
4 | File | `item_show.php` | High
|
||||
5 | File | `password.shtml` | High
|
||||
6 | File | `products.php` | Medium
|
||||
7 | File | `product_details.php` | High
|
||||
8 | File | `smart.cgi` | Medium
|
||||
9 | Argument | `basePath` | Medium
|
||||
10 | Argument | `bookid` | Low
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
There are 11 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -60,9 +53,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# FIN6 - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [FIN6](https://vuldb.com/?actor.fin6). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FIN6](https://vuldb.com/?actor.fin6). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.fin6](https://vuldb.com/?actor.fin6)
|
||||
|
||||
|
@ -19,7 +19,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* ES
|
||||
* ...
|
||||
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -39,17 +39,9 @@ ID | IP address | Hostname | Confidence
|
|||
10 | 89.105.194.236 | - | High
|
||||
11 | 91.208.184.174 | sell.mybeststore.club | High
|
||||
12 | 91.218.114.4 | - | High
|
||||
13 | 91.218.114.31 | - | High
|
||||
14 | 91.218.114.32 | - | High
|
||||
15 | 91.218.114.37 | - | High
|
||||
16 | 91.218.114.38 | - | High
|
||||
17 | 91.218.114.77 | - | High
|
||||
18 | 91.218.114.79 | - | High
|
||||
19 | 92.63.8.47 | 92-63-8-47.netonline.net | High
|
||||
20 | 92.63.11.151 | 92-63-11-151.netonline.net | High
|
||||
21 | ... | ... | ...
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 40 more IOC items available. Please use our online service to access the data.
|
||||
There are 48 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -70,19 +62,60 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `-X/path/to/wwwroot/file.php.` | High
|
||||
2 | File | `/?module=metadata§ion=cpanel&page=list_filetypes` | High
|
||||
3 | File | `/accountancy/admin/accountmodel.php` | High
|
||||
4 | File | `/adm/syscmd.asp` | High
|
||||
5 | File | `/admin/setup` | Medium
|
||||
6 | File | `/advance_push/public/login` | High
|
||||
7 | File | `/ajax-files/postComment.php` | High
|
||||
8 | File | `/anony/mjpg.cgi` | High
|
||||
9 | File | `/api/hosts` | Medium
|
||||
10 | File | `/Applications/PrivateVPN.app/Contents/Resources` | High
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/accountancy/admin/accountmodel.php` | High
|
||||
2 | File | `/admin/setup` | Medium
|
||||
3 | File | `/advance_push/public/login` | High
|
||||
4 | File | `/ajax-files/postComment.php` | High
|
||||
5 | File | `/anony/mjpg.cgi` | High
|
||||
6 | File | `/bin/sh` | Low
|
||||
7 | File | `/catalog` | Medium
|
||||
8 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
9 | File | `/cgi-bin/login_action.cgi` | High
|
||||
10 | File | `/cgi-bin/webproc` | High
|
||||
11 | File | `/checkLogin.cgi` | High
|
||||
12 | File | `/classes/profile.class.php` | High
|
||||
13 | File | `/common/run_report.php` | High
|
||||
14 | File | `/data/inc/images.php` | High
|
||||
15 | File | `/data/syslog.filter.json` | High
|
||||
16 | File | `/data/wps.setup.json` | High
|
||||
17 | File | `/docs/captcha_(number).jpeg` | High
|
||||
18 | File | `/etc/config/rpcd` | High
|
||||
19 | File | `/etc/hosts` | Medium
|
||||
20 | File | `/forum/` | Low
|
||||
21 | File | `/goform/net\_Web\_get_value` | High
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/index.php/weblinks-categories` | High
|
||||
24 | File | `/j_security_check` | High
|
||||
25 | File | `/login.html` | Medium
|
||||
26 | File | `/menu.html` | Medium
|
||||
27 | File | `/mics/j_spring_security_check` | High
|
||||
28 | File | `/mnt/sdcard/$PRO_NAME/upgrade.sh` | High
|
||||
29 | File | `/mnt/skyeye/mode_switch.sh` | High
|
||||
30 | File | `/mybb_1806/Upload/admin/index.php` | High
|
||||
31 | File | `/oauth/token` | Medium
|
||||
32 | File | `/romfile.cfg` | Medium
|
||||
33 | File | `/scp/directory.php` | High
|
||||
34 | File | `/setSystemAdmin` | High
|
||||
35 | File | `/system/WCore/WHelper.php` | High
|
||||
36 | File | `/tmp/connlicj.bin` | High
|
||||
37 | File | `/uncpath/` | Medium
|
||||
38 | File | `/upload` | Low
|
||||
39 | File | `/userfs/bin/tcapi` | High
|
||||
40 | File | `/var/www/xms/application/config/config.php` | High
|
||||
41 | File | `/var/www/xms/application/controllers/gatherLogs.php` | High
|
||||
42 | File | `/var/www/xms/application/controllers/verifyLogin.php` | High
|
||||
43 | File | `/var/www/xms/cleanzip.sh` | High
|
||||
44 | File | `/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php` | High
|
||||
45 | File | `/websocket/exec` | High
|
||||
46 | File | `/workspaceCleanup` | High
|
||||
47 | File | `/wp-admin/admin-ajax.php?action=get_wdtable&table_id=1` | High
|
||||
48 | File | `account/gallery.php` | High
|
||||
49 | File | `add_edit_cat.asp` | High
|
||||
50 | File | `admin.htm` | Medium
|
||||
51 | File | `admin.php` | Medium
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 1061 more IOA items available. Please use our online service to access the data.
|
||||
There are 450 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -97,9 +130,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -16,6 +16,11 @@ The following campaigns are known and can be associated with FIN7:
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FIN7:
|
||||
|
||||
* US
|
||||
* CN
|
||||
* FR
|
||||
* ...
|
||||
|
||||
There are 29 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -70,6 +75,74 @@ ID | IP address | Hostname | Confidence
|
|||
|
||||
There are 172 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by FIN7. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FIN7. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
3 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
4 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
5 | File | `/get_getnetworkconf.cgi` | High
|
||||
6 | File | `/HNAP1` | Low
|
||||
7 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
8 | File | `/monitoring` | Medium
|
||||
9 | File | `/new` | Low
|
||||
10 | File | `/osm/REGISTER.cmd` | High
|
||||
11 | File | `/proc/<pid>/status` | High
|
||||
12 | File | `/public/plugins/` | High
|
||||
13 | File | `/replication` | Medium
|
||||
14 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
15 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
16 | File | `/tmp` | Low
|
||||
17 | File | `/type.php` | Medium
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/usr/bin/pkexec` | High
|
||||
20 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
21 | File | `4.2.0.CP09` | Medium
|
||||
22 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
23 | File | `actions/CompanyDetailsSave.php` | High
|
||||
24 | File | `ActiveServices.java` | High
|
||||
25 | File | `admin.color.php` | High
|
||||
26 | File | `admin.cropcanvas.php` | High
|
||||
27 | File | `admin.joomlaradiov5.php` | High
|
||||
28 | File | `admin.php` | Medium
|
||||
29 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
30 | File | `admin/add-glossary.php` | High
|
||||
31 | File | `admin/conf_users_edit.php` | High
|
||||
32 | File | `admin/edit-comments.php` | High
|
||||
33 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
34 | File | `admin/write-post.php` | High
|
||||
35 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
36 | File | `admin_events.php` | High
|
||||
37 | File | `AjaxApplication.java` | High
|
||||
38 | File | `akocomments.php` | High
|
||||
39 | File | `allopass-error.php` | High
|
||||
40 | File | `AllowBindAppWidgetActivity.java` | High
|
||||
41 | File | `AndroidManifest.xml` | High
|
||||
42 | File | `AnnotateActivity.java` | High
|
||||
43 | File | `announcement.php` | High
|
||||
44 | File | `api/settings/values` | High
|
||||
45 | File | `apply.cgi` | Medium
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 400 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains external sources which discuss the actor and the associated activities:
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# FakeAlert - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [FakeAlert](https://vuldb.com/?actor.fakealert). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FakeAlert](https://vuldb.com/?actor.fakealert). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.fakealert](https://vuldb.com/?actor.fakealert)
|
||||
|
||||
|
@ -24,11 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 3.8.23.195 | ec2-3-8-23-195.eu-west-2.compute.amazonaws.com | Medium
|
||||
2 | 3.8.191.167 | ec2-3-8-191-167.eu-west-2.compute.amazonaws.com | Medium
|
||||
3 | 18.130.240.77 | ec2-18-130-240-77.eu-west-2.compute.amazonaws.com | Medium
|
||||
4 | 47.135.30.181 | 047-135-030-181.res.spectrum.com | High
|
||||
5 | 78.141.234.87 | 78.141.234.87.vultr.com | Medium
|
||||
6 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
There are 10 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -50,15 +48,9 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `books.php` | Medium
|
||||
3 | File | `coders/tiff.c` | High
|
||||
4 | File | `content.php` | Medium
|
||||
5 | File | `detail.php` | Medium
|
||||
6 | File | `DjVmDir.cpp` | Medium
|
||||
7 | File | `ItemReview.php` | High
|
||||
8 | File | `items.queries.php` | High
|
||||
9 | File | `item_show.php` | High
|
||||
10 | File | `LockTaskController.java` | High
|
||||
11 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 23 more IOA items available. Please use our online service to access the data.
|
||||
There are 29 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -70,9 +62,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Farseer - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Farseer](https://vuldb.com/?actor.farseer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Farseer](https://vuldb.com/?actor.farseer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.farseer](https://vuldb.com/?actor.farseer)
|
||||
|
||||
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* CA
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -24,12 +24,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 43.224.33.130 | 43.224.33.130.vultr.com | Medium
|
||||
2 | 45.32.24.39 | 45.32.24.39.vultr.com | Medium
|
||||
3 | 45.32.25.107 | 45.32.25.107.vultr.com | Medium
|
||||
4 | 45.32.44.52 | 45.32.44.52.vultr.com | Medium
|
||||
5 | 45.32.45.77 | 45.32.45.77.vultr.com | Medium
|
||||
6 | 45.32.53.250 | 45.32.53.250.vultr.com | Medium
|
||||
7 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -54,15 +51,14 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `/icingaweb2/navigation/add` | High
|
||||
4 | File | `/phppath/php` | Medium
|
||||
5 | File | `/start_apply.htm` | High
|
||||
6 | File | `/uncpath/` | Medium
|
||||
7 | File | `/WEB-INF/web.xml` | High
|
||||
8 | File | `abook_database.php` | High
|
||||
9 | File | `books.php` | Medium
|
||||
10 | File | `category.cfm` | Medium
|
||||
11 | ... | ... | ...
|
||||
5 | File | `/rest/collectors/1.0/template/custom` | High
|
||||
6 | File | `/start_apply.htm` | High
|
||||
7 | File | `/uncpath/` | Medium
|
||||
8 | File | `/WEB-INF/web.xml` | High
|
||||
9 | File | `abook_database.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 61 more IOA items available. Please use our online service to access the data.
|
||||
There are 74 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -75,9 +71,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Finteam - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Finteam](https://vuldb.com/?actor.finteam). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Finteam](https://vuldb.com/?actor.finteam). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.finteam](https://vuldb.com/?actor.finteam)
|
||||
|
||||
|
@ -41,11 +41,9 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `cart.php` | Medium
|
||||
7 | File | `catalog.asp` | Medium
|
||||
8 | File | `category.php` | Medium
|
||||
9 | File | `cgi-bin/reorder2.asp` | High
|
||||
10 | File | `comersus_optaffiliateregistrationexec.asp` | High
|
||||
11 | ... | ... | ...
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 63 more IOA items available. Please use our online service to access the data.
|
||||
There are 65 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -57,9 +55,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Five Poisons - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Five Poisons](https://vuldb.com/?actor.five_poisons). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Five Poisons](https://vuldb.com/?actor.five_poisons). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.five_poisons](https://vuldb.com/?actor.five_poisons)
|
||||
|
||||
|
@ -42,10 +42,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `add_comment.php` | High
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `inc/config.php` | High
|
||||
4 | File | `user/register.php` | High
|
||||
5 | Argument | `basePath` | Medium
|
||||
6 | Argument | `id` | Low
|
||||
7 | Argument | `_config[site_path]` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -57,9 +56,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# FiveHands - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [FiveHands](https://vuldb.com/?actor.fivehands). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FiveHands](https://vuldb.com/?actor.fivehands). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.fivehands](https://vuldb.com/?actor.fivehands)
|
||||
|
||||
|
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Flying Dragon Eye - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Flying Dragon Eye](https://vuldb.com/?actor.flying_dragon_eye). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Flying Dragon Eye](https://vuldb.com/?actor.flying_dragon_eye). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.flying_dragon_eye](https://vuldb.com/?actor.flying_dragon_eye)
|
||||
|
||||
|
@ -33,9 +33,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -4,17 +4,6 @@ The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of
|
|||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.formbook](https://vuldb.com/?actor.formbook)
|
||||
|
||||
## Countries
|
||||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Formbook:
|
||||
|
||||
* GB
|
||||
* US
|
||||
* CN
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Formbook.
|
||||
|
@ -41,44 +30,10 @@ ID | IP address | Hostname | Confidence
|
|||
18 | 40.77.18.167 | - | High
|
||||
19 | 40.126.26.134 | - | High
|
||||
20 | 44.227.65.245 | ec2-44-227-65-245.us-west-2.compute.amazonaws.com | Medium
|
||||
21 | ... | ... | ...
|
||||
21 | 44.230.27.49 | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | Medium
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 87 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Formbook. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1008 | Algorithm Downgrade | High
|
||||
2 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | Cross Site Scripting | High
|
||||
4 | T1068 | Execution with Unnecessary Privileges | High
|
||||
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Formbook. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\3CXPhone for Windows\PhoneApp` | High
|
||||
2 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
|
||||
3 | File | `%PROGRAMDATA%\WrData\PKG` | High
|
||||
4 | File | `%PROGRAMFILES(X86)%\IDriveWindows` | High
|
||||
5 | File | `.git/hooks/post-update` | High
|
||||
6 | File | `.htaccess` | Medium
|
||||
7 | File | `/admin` | Low
|
||||
8 | File | `/admin/?/plugin/comment/settings` | High
|
||||
9 | File | `/admin/academic/studenview_left.php` | High
|
||||
10 | File | `/admin/admintools/tool.php` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 2064 more IOA items available. Please use our online service to access the data.
|
||||
There are 86 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -100,4 +55,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# GIMF - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [GIMF](https://vuldb.com/?actor.gimf). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GIMF](https://vuldb.com/?actor.gimf). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gimf](https://vuldb.com/?actor.gimf)
|
||||
|
||||
|
@ -49,11 +49,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `cgi-bin/iptest.cgi` | High
|
||||
2 | File | `PingIframeRpm.htm` | High
|
||||
3 | File | `shop_display_products.php` | High
|
||||
4 | File | `upload.php` | Medium
|
||||
5 | Library | `DNSAPI.dll` | Medium
|
||||
6 | Argument | `cat_id` | Low
|
||||
7 | Argument | `url` | Low
|
||||
8 | Network Port | `tcp/32764` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -65,9 +63,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Gamarue - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gamarue](https://vuldb.com/?actor.gamarue). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gamarue](https://vuldb.com/?actor.gamarue). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gamarue](https://vuldb.com/?actor.gamarue)
|
||||
|
||||
|
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
* ES
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,22 +21,18 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 5.154.191.57 | 5-154-191-57.stephost.md | High
|
||||
1 | 5.154.191.57 | - | High
|
||||
2 | 37.187.0.40 | ns3108067.ip-37-187-0.eu | High
|
||||
3 | 45.8.124.25 | sabab.online | High
|
||||
3 | 45.8.124.25 | ouyr.secvolax.store | High
|
||||
4 | 45.128.204.36 | - | High
|
||||
5 | 45.128.207.237 | - | High
|
||||
6 | 46.254.21.69 | h13.ihc.ru | High
|
||||
7 | 50.116.23.211 | www.eqnic.net | High
|
||||
8 | 51.195.53.221 | ip221.ip-51-195-53.eu | High
|
||||
9 | 52.137.90.34 | - | High
|
||||
10 | 78.47.139.102 | test.invidious.io | High
|
||||
11 | 87.98.130.234 | dns.dot-bit.org | High
|
||||
12 | 91.107.126.138 | vds99324.mgn-host.ru | High
|
||||
13 | 95.85.9.86 | - | High
|
||||
14 | ... | ... | ...
|
||||
6 | 46.45.169.106 | 46-45-169-106.turkrdns.com | High
|
||||
7 | 46.254.21.69 | h13.ihc.ru | High
|
||||
8 | 50.116.23.211 | www.eqnic.net | High
|
||||
9 | 51.195.53.221 | ip221.ip-51-195-53.eu | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 26 more IOC items available. Please use our online service to access the data.
|
||||
There are 35 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -47,10 +43,9 @@ ID | Technique | Description | Confidence
|
|||
1 | T1059.007 | Cross Site Scripting | High
|
||||
2 | T1068 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | T1211 | 7PK Security Features | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -68,9 +63,36 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/folder/list` | Medium
|
||||
9 | File | `/forms/nslookupHandler` | High
|
||||
10 | File | `/goform/GetNewDir` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `/goform/right_now_d` | High
|
||||
12 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
13 | File | `/group/comment` | High
|
||||
14 | File | `/home/home_parent.xgi` | High
|
||||
15 | File | `/lookin/info` | Medium
|
||||
16 | File | `/plugins/servlet/jira-blockers/` | High
|
||||
17 | File | `/status/status_log.sys` | High
|
||||
18 | File | `/themes/<php_file_name>` | High
|
||||
19 | File | `/tmp` | Low
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `/upload` | Low
|
||||
22 | File | `/usr/bin/shutter` | High
|
||||
23 | File | `/zm/index.php` | High
|
||||
24 | File | `adclick.php` | Medium
|
||||
25 | File | `admin-ajax.php` | High
|
||||
26 | File | `admin.php` | Medium
|
||||
27 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
28 | File | `admin/controller/pages/localisation/language.php` | High
|
||||
29 | File | `admin/fm/` | Medium
|
||||
30 | File | `admin/pages/*/edit` | High
|
||||
31 | File | `admincp/attachment.php&do=rebuild&type` | High
|
||||
32 | File | `administrator/index.php?option=com_pago&view=comments` | High
|
||||
33 | File | `ajax.php` | Medium
|
||||
34 | File | `ajax_mod_security.php` | High
|
||||
35 | File | `api.php` | Low
|
||||
36 | File | `appconfig.php` | High
|
||||
37 | File | `arch/powerpc/kernel/idle_book3s.S` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 347 more IOA items available. Please use our online service to access the data.
|
||||
There are 326 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -79,14 +101,15 @@ The following list contains external sources which discuss the actor and the ass
|
|||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
|
||||
* https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -10,10 +10,10 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
|
|||
|
||||
* US
|
||||
* ES
|
||||
* CA
|
||||
* FR
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -31,16 +31,9 @@ ID | IP address | Hostname | Confidence
|
|||
8 | 39.107.34.197 | - | High
|
||||
9 | 45.118.145.96 | - | High
|
||||
10 | 51.254.25.115 | ip115.ip-51-254-25.eu | High
|
||||
11 | 51.255.48.78 | vps-ede152ed.vps.ovh.net | High
|
||||
12 | 52.116.175.70 | hs20.name.tools | High
|
||||
13 | 54.36.194.90 | ip90.ip-54-36-194.eu | High
|
||||
14 | 66.96.147.103 | 103.147.96.66.static.eigbox.net | High
|
||||
15 | 66.171.248.178 | api1.whatismyipaddress.com | High
|
||||
16 | 69.163.193.127 | ps608110.dreamhostps.com | High
|
||||
17 | 87.236.16.107 | ssl.spectre.beget.com | High
|
||||
18 | ... | ... | ...
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 33 more IOC items available. Please use our online service to access the data.
|
||||
There are 40 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -48,12 +41,10 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
|
|||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1008 | Algorithm Downgrade | High
|
||||
2 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | Cross Site Scripting | High
|
||||
4 | T1068 | Execution with Unnecessary Privileges | High
|
||||
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
6 | ... | ... | ...
|
||||
1 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | Cross Site Scripting | High
|
||||
3 | T1068 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
@ -64,18 +55,39 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
|
||||
2 | File | `..\WWWRoot\CustomPages\aspshell.asp` | High
|
||||
3 | File | `.htaccess` | Medium
|
||||
4 | File | `/+CSCOE+/logon.html` | High
|
||||
5 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
6 | File | `/admin.php` | Medium
|
||||
7 | File | `/admin/` | Low
|
||||
8 | File | `/admin/admin_login.php` | High
|
||||
9 | File | `/admin/comment.php` | High
|
||||
10 | File | `/AdminDir` | Medium
|
||||
11 | ... | ... | ...
|
||||
2 | File | `/admin/comment.php` | High
|
||||
3 | File | `/agenttrayicon` | High
|
||||
4 | File | `/api/version` | Medium
|
||||
5 | File | `/app1/admin#foo` | High
|
||||
6 | File | `/appsuite` | Medium
|
||||
7 | File | `/article/add` | Medium
|
||||
8 | File | `/Controller/ChinaCityController.class.php` | High
|
||||
9 | File | `/coreframe/app/guestbook/myissue.php` | High
|
||||
10 | File | `/hub/api/user` | High
|
||||
11 | File | `/ics?tool=search` | High
|
||||
12 | File | `/info.xml` | Medium
|
||||
13 | File | `/it-IT/splunkd/__raw/services/get_snapshot` | High
|
||||
14 | File | `/knowage/restful-services/documentnotes/saveNote` | High
|
||||
15 | File | `/netact/sct` | Medium
|
||||
16 | File | `/nova/bin/bfd` | High
|
||||
17 | File | `/php/passport/index.php` | High
|
||||
18 | File | `/run/courier/authdaemon` | High
|
||||
19 | File | `/run/spice-vdagentd/spice-vdagent-sock` | High
|
||||
20 | File | `/service/v1/createUser` | High
|
||||
21 | File | `/settings/profile` | High
|
||||
22 | File | `/status.js` | Medium
|
||||
23 | File | `/suggest` | Medium
|
||||
24 | File | `/thruk/#cgi-bin/status.cgi?style=combined` | High
|
||||
25 | File | `/usr/local/bin/mjs` | High
|
||||
26 | File | `Access/DownloadFeed_Mnt/FileUpload_Upd.cfm` | High
|
||||
27 | File | `action.setdefaulttemplate.php` | High
|
||||
28 | File | `ActiveServices.java` | High
|
||||
29 | File | `Addons/file/mod.file.php` | High
|
||||
30 | File | `admin.php` | Medium
|
||||
31 | File | `admin/dashboard.php` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 1147 more IOA items available. Please use our online service to access the data.
|
||||
There are 272 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -96,4 +108,4 @@ The following articles explain our unique predictive cyber threat intelligence:
|
|||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Gelsemium - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gelsemium](https://vuldb.com/?actor.gelsemium). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gelsemium](https://vuldb.com/?actor.gelsemium). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gelsemium](https://vuldb.com/?actor.gelsemium)
|
||||
|
||||
|
@ -17,7 +17,7 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 149.248.14.53 | - | High
|
||||
1 | 149.248.14.53 | 149.248.14.53.vultr.com | Medium
|
||||
2 | 210.209.72.180 | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
@ -38,9 +38,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/public/login.htm` | High
|
||||
3 | File | `iesfootprint.jsp` | High
|
||||
4 | File | `print.php` | Medium
|
||||
5 | Argument | `x_17` | Low
|
||||
6 | Input Value | `11' AND utl_http.request('http://attackers_host/lalal')='1' GROUP BY panel_name)) --` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 3 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -52,9 +52,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -45,7 +45,7 @@ ID | IP address | Hostname | Confidence
|
|||
22 | 58.218.199.225 | - | High
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 87 more IOC items available. Please use our online service to access the data.
|
||||
There are 90 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -104,7 +104,7 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `/uncpath/` | Medium
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 321 more IOA items available. Please use our online service to access the data.
|
||||
There are 317 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -123,6 +123,7 @@ The following list contains external sources which discuss the actor and the ass
|
|||
* https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-0107-0114.html
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
|
||||
* https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Ghost Dragon - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Ghost Dragon](https://vuldb.com/?actor.ghost_dragon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ghost Dragon](https://vuldb.com/?actor.ghost_dragon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ghost_dragon](https://vuldb.com/?actor.ghost_dragon)
|
||||
|
||||
|
@ -20,11 +20,9 @@ ID | IP address | Hostname | Confidence
|
|||
2 | 58.64.187.22 | - | High
|
||||
3 | 60.215.128.246 | - | High
|
||||
4 | 64.111.220.218 | colt.isprime.com | High
|
||||
5 | 111.68.8.130 | - | High
|
||||
6 | 113.10.148.161 | - | High
|
||||
7 | ... | ... | ...
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -52,9 +50,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Ghoul - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Ghoul](https://vuldb.com/?actor.ghoul). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ghoul](https://vuldb.com/?actor.ghoul). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ghoul](https://vuldb.com/?actor.ghoul)
|
||||
|
||||
|
@ -30,9 +30,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Glupteba - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Glupteba](https://vuldb.com/?actor.glupteba). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Glupteba](https://vuldb.com/?actor.glupteba). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.glupteba](https://vuldb.com/?actor.glupteba)
|
||||
|
||||
|
@ -29,15 +29,9 @@ ID | IP address | Hostname | Confidence
|
|||
6 | 46.165.244.129 | - | High
|
||||
7 | 46.165.249.167 | - | High
|
||||
8 | 46.165.249.195 | - | High
|
||||
9 | 46.165.249.201 | - | High
|
||||
10 | 46.165.249.203 | - | High
|
||||
11 | 46.165.250.25 | - | High
|
||||
12 | 78.31.67.205 | - | High
|
||||
13 | 78.31.67.206 | ve1268.venus.fastwebserver.de | High
|
||||
14 | 80.93.90.27 | ik090027.ikexpress.com | High
|
||||
15 | ... | ... | ...
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 26 more IOC items available. Please use our online service to access the data.
|
||||
There are 32 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -68,9 +62,16 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/etc/sudoers` | Medium
|
||||
9 | File | `/get_getnetworkconf.cgi` | High
|
||||
10 | File | `/mods/_core/users/admins/my_edit.php` | High
|
||||
11 | ... | ... | ...
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/vdesk` | Low
|
||||
13 | File | `/__r1/` | Low
|
||||
14 | File | `admin/getparam.cgi` | High
|
||||
15 | File | `admin/index.php` | High
|
||||
16 | File | `admincp.php?app=apps&do=save` | High
|
||||
17 | File | `admincp.php?app=files` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 138 more IOA items available. Please use our online service to access the data.
|
||||
There are 142 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -82,9 +83,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# GoldDragon - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [GoldDragon](https://vuldb.com/?actor.golddragon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GoldDragon](https://vuldb.com/?actor.golddragon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.golddragon](https://vuldb.com/?actor.golddragon)
|
||||
|
||||
|
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Goldfin - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Goldfin](https://vuldb.com/?actor.goldfin). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Goldfin](https://vuldb.com/?actor.goldfin). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.goldfin](https://vuldb.com/?actor.goldfin)
|
||||
|
||||
|
@ -47,19 +47,12 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/redbin/rpwebutilities.exe/text` | High
|
||||
2 | File | `/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf` | High
|
||||
3 | File | `/uncpath/` | Medium
|
||||
4 | File | `data/gbconfiguration.dat` | High
|
||||
5 | File | `drivers/tty/n_tty.c` | High
|
||||
6 | File | `forumrunner/includes/moderation.php` | High
|
||||
7 | File | `imagemanager.php` | High
|
||||
8 | File | `inc/config.php` | High
|
||||
9 | File | `index.php` | Medium
|
||||
10 | File | `login.php` | Medium
|
||||
11 | ... | ... | ...
|
||||
1 | File | `/debug/pprof` | Medium
|
||||
2 | File | `/redbin/rpwebutilities.exe/text` | High
|
||||
3 | File | `/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 15 more IOA items available. Please use our online service to access the data.
|
||||
There are 23 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -71,9 +64,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# GreedyWonk - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [GreedyWonk](https://vuldb.com/?actor.greedywonk). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GreedyWonk](https://vuldb.com/?actor.greedywonk). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.greedywonk](https://vuldb.com/?actor.greedywonk)
|
||||
|
||||
|
@ -27,9 +27,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -8,12 +8,12 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
|
||||
|
||||
* CN
|
||||
* RU
|
||||
* US
|
||||
* ES
|
||||
* DK
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -160,7 +160,7 @@ ID | Technique | Description | Confidence
|
|||
3 | T1068 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -168,40 +168,38 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/app.php` | High
|
||||
2 | File | `/admin/download_frame.php` | High
|
||||
1 | File | `/.env` | Low
|
||||
2 | File | `/admin/configure.php` | High
|
||||
3 | File | `/admin/index.php?lfj=mysql&action=del` | High
|
||||
4 | File | `/admin/maintenance/` | High
|
||||
5 | File | `/admin/submit-articles` | High
|
||||
6 | File | `/api/v2/labels/` | High
|
||||
7 | File | `/authen/start/` | High
|
||||
8 | File | `/cgi-bin/luci/rc` | High
|
||||
9 | File | `/cms/ajax.php` | High
|
||||
10 | File | `/dl/dl_sendsms.php` | High
|
||||
11 | File | `/domain/service/.ewell-known/caldav` | High
|
||||
12 | File | `/etc/passwd` | Medium
|
||||
13 | File | `/exponent_constants.php` | High
|
||||
14 | File | `/extensionsinstruction` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/graphStatus/displayServiceStatus.php` | High
|
||||
17 | File | `/ifs` | Low
|
||||
18 | File | `/includes/upload.php` | High
|
||||
19 | File | `/index.php?m=ucenter&a=index` | High
|
||||
20 | File | `/info.xml` | Medium
|
||||
21 | File | `/login.php?m=admin&c=Admin&a=admin_add&lang=cn` | High
|
||||
22 | File | `/manage/loginusername` | High
|
||||
23 | File | `/music/ajax.php` | High
|
||||
24 | File | `/planprop` | Medium
|
||||
25 | File | `/question/ask` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/var/ipfire/backup/bin/backup.pl` | High
|
||||
28 | File | `/woocommerce-stock-manager/trunk/admin/views/import-export.php` | High
|
||||
29 | File | `/wp-json` | Medium
|
||||
30 | File | `account.php` | Medium
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | ... | ... | ...
|
||||
4 | File | `/cgi-bin/luci/rc` | High
|
||||
5 | File | `/cms/ajax.php` | High
|
||||
6 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
7 | File | `/domain/service/.ewell-known/caldav` | High
|
||||
8 | File | `/download` | Medium
|
||||
9 | File | `/etc/hosts` | Medium
|
||||
10 | File | `/formWlanSetup` | High
|
||||
11 | File | `/include/chart_generator.php` | High
|
||||
12 | File | `/modules/profile/index.php` | High
|
||||
13 | File | `/monitoring` | Medium
|
||||
14 | File | `/music/ajax.php` | High
|
||||
15 | File | `/new` | Low
|
||||
16 | File | `/pandora_console/ajax.php` | High
|
||||
17 | File | `/plugins/servlet/audit/resource` | High
|
||||
18 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
19 | File | `/proc/<pid>/status` | High
|
||||
20 | File | `/public/plugins/` | High
|
||||
21 | File | `/rest/api/1.0/render` | High
|
||||
22 | File | `/RestAPI` | Medium
|
||||
23 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
24 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
25 | File | `/tmp` | Low
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/var/log/nginx` | High
|
||||
28 | File | `account.php` | Medium
|
||||
29 | File | `actions/CompanyDetailsSave.php` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 268 more IOA items available. Please use our online service to access the data.
|
||||
There are 250 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Groundbait - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Groundbait](https://vuldb.com/?actor.groundbait). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Groundbait](https://vuldb.com/?actor.groundbait). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.groundbait](https://vuldb.com/?actor.groundbait)
|
||||
|
||||
|
@ -19,10 +19,9 @@ ID | IP address | Hostname | Confidence
|
|||
1 | 23.22.38.222 | ec2-23-22-38-222.compute-1.amazonaws.com | Medium
|
||||
2 | 23.22.221.237 | ec2-23-22-221-237.compute-1.amazonaws.com | Medium
|
||||
3 | 52.23.164.7 | ec2-52-23-164-7.compute-1.amazonaws.com | Medium
|
||||
4 | 54.152.171.48 | ec2-54-152-171-48.compute-1.amazonaws.com | Medium
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -46,12 +45,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `admin/salesadmin.php` | High
|
||||
2 | File | `drivers/gpu/drm/udl/udl_fb.c` | High
|
||||
3 | File | `libwav.c` | Medium
|
||||
4 | File | `regexp.c` | Medium
|
||||
5 | File | `src/http.c` | Medium
|
||||
6 | Library | `mshtmled.dll` | Medium
|
||||
7 | Argument | `refresh/branchtotable` | High
|
||||
8 | Argument | `resultpage` | Medium
|
||||
9 | Argument | `searchterm` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -64,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Groundhog - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Groundhog](https://vuldb.com/?actor.groundhog). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Groundhog](https://vuldb.com/?actor.groundhog). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.groundhog](https://vuldb.com/?actor.groundhog)
|
||||
|
||||
|
@ -8,12 +8,7 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
|
|||
|
||||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Groundhog:
|
||||
|
||||
* ES
|
||||
* CO
|
||||
* US
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -41,24 +36,17 @@ ID | IP address | Hostname | Confidence
|
|||
18 | 37.59.210.99 | - | High
|
||||
19 | 43.225.59.7 | - | High
|
||||
20 | 43.240.51.113 | - | High
|
||||
21 | ... | ... | ...
|
||||
21 | 46.229.169.89 | - | High
|
||||
22 | 58.64.187.29 | - | High
|
||||
23 | 58.218.213.237 | - | High
|
||||
24 | 58.221.35.5 | - | High
|
||||
25 | 58.221.45.242 | - | High
|
||||
26 | 59.56.64.169 | - | High
|
||||
27 | 59.188.86.215 | - | High
|
||||
28 | 59.188.86.222 | - | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 121 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Groundhog. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Description | Confidence
|
||||
-- | --------- | ----------- | ----------
|
||||
1 | T1040 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | Cross Site Scripting | High
|
||||
3 | T1068 | Execution with Unnecessary Privileges | High
|
||||
4 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
5 | T1211 | 7PK Security Features | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 113 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -66,19 +54,7 @@ These indicators of attack list the potential fragments used for technical activ
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/addsrv` | Low
|
||||
2 | File | `/admin.php?action=images` | High
|
||||
3 | File | `/admin/mails.php?action=edit` | High
|
||||
4 | File | `/admin/submit-articles` | High
|
||||
5 | File | `/api/version` | Medium
|
||||
6 | File | `/auth/login` | Medium
|
||||
7 | File | `/cgi-bin/nasset.cgi` | High
|
||||
8 | File | `/cgi?` | Low
|
||||
9 | File | `/com.biepie/shared_prefs/com.bitpie_preferences.xml` | High
|
||||
10 | File | `/Config/service/initModel?` | High
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 694 more IOA items available. Please use our online service to access the data.
|
||||
1 | File | `http-domino-enum-passwords.nse` | High
|
||||
|
||||
## References
|
||||
|
||||
|
@ -90,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# HackPhreak - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [HackPhreak](https://vuldb.com/?actor.hackphreak). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [HackPhreak](https://vuldb.com/?actor.hackphreak). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.hackphreak](https://vuldb.com/?actor.hackphreak)
|
||||
|
||||
|
@ -27,9 +27,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Hackers Door - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Hackers Door](https://vuldb.com/?actor.hackers_door). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hackers Door](https://vuldb.com/?actor.hackers_door). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.hackers_door](https://vuldb.com/?actor.hackers_door)
|
||||
|
||||
|
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
# Hangover - Cyber Threat Intelligence
|
||||
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Hangover](https://vuldb.com/?actor.hangover). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hangover](https://vuldb.com/?actor.hangover). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
|
||||
|
||||
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.hangover](https://vuldb.com/?actor.hangover)
|
||||
|
||||
|
@ -15,11 +15,11 @@ The following campaigns are known and can be associated with Hangover:
|
|||
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hangover:
|
||||
|
||||
* US
|
||||
* RU
|
||||
* TR
|
||||
* NL
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -27,13 +27,12 @@ These indicators of compromise indicate associated network ressources which are
|
|||
|
||||
ID | IP address | Hostname | Confidence
|
||||
-- | ---------- | -------- | ----------
|
||||
1 | 37.46.150.102 | medievalopen.bar | High
|
||||
2 | 37.59.175.131 | - | High
|
||||
1 | 37.46.150.102 | - | High
|
||||
2 | 37.59.175.131 | ip131.ip-37-59-175.eu | High
|
||||
3 | 45.133.1.133 | - | High
|
||||
4 | 46.32.235.162 | vps37226820.123-vps.co.uk | High
|
||||
5 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
There are 9 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -57,16 +56,9 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `/it-IT/splunkd/__raw/services/get_snapshot` | High
|
||||
3 | File | `/phpwcms/setup/setup.php` | High
|
||||
4 | File | `/uncpath/` | Medium
|
||||
5 | File | `agent/Core/SpawningKit/Spawner.h` | High
|
||||
6 | File | `base/ErrorHandler.php` | High
|
||||
7 | File | `category.cfm` | Medium
|
||||
8 | File | `cmd.php?cmd=login_form` | High
|
||||
9 | File | `db_central_columns.php` | High
|
||||
10 | File | `wp-postratings.php` | High
|
||||
11 | ... | ... | ...
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOA items available. Please use our online service to access the data.
|
||||
There are 19 more IOA items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -79,9 +71,9 @@ The following list contains external sources which discuss the actor and the ass
|
|||
|
||||
The following articles explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue