Mirrors
/
cyber_threat_intelligence
mirror of https://github.com/vuldb/cyber_threat_intelligence
6
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update

This commit is contained in:
Marc Ruef 2022-02-05 08:47:58 +01:00
parent b9e5acb9da
commit 40e55ae5b0
240 changed files with 6551 additions and 2748 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
9002/README.md
View File

@ -1,6 +1,6 @@
# 9002 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [9002](https://vuldb.com/?actor.9002). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [9002](https://vuldb.com/?actor.9002). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.9002](https://vuldb.com/?actor.9002)
@ -29,9 +29,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

18
APT-C-01/README.md
View File

@ -1,6 +1,6 @@
# APT-C-01 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT-C-01](https://vuldb.com/?actor.apt-c-01). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT-C-01](https://vuldb.com/?actor.apt-c-01). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt-c-01](https://vuldb.com/?actor.apt-c-01)
@ -23,7 +23,7 @@ ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 45.32.8.137 | 45.32.8.137.vultr.com | Medium
2 | 45.76.125.176 | 45.76.125.176.vultr.com | Medium
3 | 45.76.228.61 | 45.76.228.61.vultr.com | Medium
3 | 45.76.228.61 | - | High
4 | ... | ... | ...
There are 4 more IOC items available. Please use our online service to access the data.
@ -47,15 +47,9 @@ ID | Type | Indicator | Confidence
2 | File | `/goform/saveParentControlInfo` | High
3 | File | `/uncpath/` | Medium
4 | File | `2020\Messages\SDNotify.exe` | High
5 | File | `admin/admin_disallow.php` | High
6 | File | `email.php` | Medium
7 | File | `entry.cgi` | Medium
8 | File | `ext/date/lib/parse_date.c` | High
9 | File | `goto.php` | Medium
10 | File | `index.php?tg=delegat&idx=mem` | High
11 | ... | ... | ...
5 | ... | ... | ...
There are 25 more IOA items available. Please use our online service to access the data.
There are 33 more IOA items available. Please use our online service to access the data.
## References
@ -67,9 +61,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

17
APT-C-36/README.md
View File

@ -1,6 +1,6 @@
# APT-C-36 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT-C-36](https://vuldb.com/?actor.apt-c-36). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT-C-36](https://vuldb.com/?actor.apt-c-36). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt-c-36](https://vuldb.com/?actor.apt-c-36)
@ -46,16 +46,9 @@ ID | Type | Indicator | Confidence
1 | File | `.htaccess` | Medium
2 | File | `FileSeek.cgi` | Medium
3 | File | `includes/dbal.php` | High
4 | File | `index.php` | Medium
5 | File | `modules/mappers/mod_rewrite.c` | High
6 | File | `personalData/resumeDetail.cfm` | High
7 | File | `prod.php` | Medium
8 | File | `products.php` | Medium
9 | File | `shop.pl` | Low
10 | File | `software-description.php` | High
11 | ... | ... | ...
4 | ... | ... | ...
There are 10 more IOA items available. Please use our online service to access the data.
There are 17 more IOA items available. Please use our online service to access the data.
## References
@ -67,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

66
APT1/README.md
View File

@ -1,6 +1,6 @@
# APT1 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT1](https://vuldb.com/?actor.apt1). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT1](https://vuldb.com/?actor.apt1). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt1](https://vuldb.com/?actor.apt1)
@ -31,11 +31,9 @@ ID | IP address | Hostname | Confidence
1 | 23.236.62.147 | 147.62.236.23.bc.googleusercontent.com | Medium
2 | 27.102.112.179 | - | High
3 | 58.246. | - | High
4 | 58.247. | - | High
5 | 67.222.16.131 | host.dnsweb.org | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
There are 10 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -46,10 +44,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.
There are 6 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -57,19 +54,44 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `$HOME/.nylas-mail` | High
2 | File | `$JENKINS_HOME/jenkins.security.RekeySecretAdminMonitor/backups` | High
3 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
4 | File | `%ProgramData%\CTES` | High
5 | File | `%PROGRAMFILES%\Cylance\Desktop\log` | High
6 | File | `%SYSTEMDRIVE%\ProgramData\exclusions.dat` | High
7 | File | `'phpshell.php` | High
8 | File | `*-sub-menu.php` | High
9 | File | `-X/path/to/wwwroot/file.php.` | High
10 | File | `.../gogo/` | Medium
11 | ... | ... | ...
1 | File | `.htaccess` | Medium
2 | File | `/+CSCOE+/logon.html` | High
3 | File | `/admin/ajax/file-browser/upload/` | High
4 | File | `/admin/pictures` | High
5 | File | `/authenticationendpoint/domain.jsp` | High
6 | File | `/cmf/process/<process_id>/logs` | High
7 | File | `/dashbuilder/Controller` | High
8 | File | `/getcfg.php` | Medium
9 | File | `/goform/addressNat` | High
10 | File | `/goform/SysToolReboot` | High
11 | File | `/jpg/image.jpg` | High
12 | File | `/main.html` | Medium
13 | File | `/mc-admin/post.php?state=delete&delete` | High
14 | File | `/member/myfriend.php` | High
15 | File | `/member/pm.php` | High
16 | File | `/member/uploads_select.php` | High
17 | File | `/public/common/umeditor/php/getcontent.php` | High
18 | File | `/public/plugins/` | High
19 | File | `/robot/initialize` | High
20 | File | `/systemrw/` | Medium
21 | File | `/tmp` | Low
22 | File | `/tmp/csman/0` | Medium
23 | File | `/UDPUpdates/Config/FullUpdateSettings.xml` | High
24 | File | `/uncpath/` | Medium
25 | File | `/usr/bin/pkexec` | High
26 | File | `/var` | Low
27 | File | `/WebMstr7/servlet/mstrWeb` | High
28 | File | `/wp-admin/admin-ajax.php` | High
29 | File | `adm/boardgroup_form_update.php` | High
30 | File | `admin.php?mod=db&act=del` | High
31 | File | `admin.php?moduleid=2&action=add` | High
32 | File | `admin/category.inc.php` | High
33 | File | `admin/check.asp` | High
34 | File | `admin/code/tce_functions_tcecode_editor.php` | High
35 | File | `admin/content/editcontent?id=29&gopage=1` | High
36 | ... | ... | ...
There are 10537 more IOA items available. Please use our online service to access the data.
There are 308 more IOA items available. Please use our online service to access the data.
## References
@ -84,9 +106,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

67
APT10/README.md
View File

@ -1,6 +1,6 @@
# APT10 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT10](https://vuldb.com/?actor.apt10). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT10](https://vuldb.com/?actor.apt10). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt10](https://vuldb.com/?actor.apt10)
@ -16,11 +16,11 @@ The following campaigns are known and can be associated with APT10:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT10:
* US
* CN
* RU
* DE
* ...
There are 18 more country items available. Please use our online service to access the data.
There are 8 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -46,11 +46,14 @@ ID | IP address | Hostname | Confidence
16 | 38.72.114.16 | - | High
17 | 38.72.115.9 | - | High
18 | 45.62.112.161 | 45.62.112.161.16clouds.com | High
19 | 45.138.157.83 | lilanews.serveexchange.com | High
19 | 45.138.157.83 | vm339806.pq.hosting | High
20 | 46.108.39.134 | - | High
21 | ... | ... | ...
21 | 50.2.160.104 | - | High
22 | 52.74.71.131 | ec2-52-74-71-131.ap-southeast-1.compute.amazonaws.com | Medium
23 | 52.74.213.16 | ec2-52-74-213-16.ap-southeast-1.compute.amazonaws.com | Medium
24 | ... | ... | ...
There are 94 more IOC items available. Please use our online service to access the data.
There are 91 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -63,7 +66,7 @@ ID | Technique | Description | Confidence
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
There are 4 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -71,19 +74,41 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/.env` | Low
3 | File | `/addnews.html` | High
4 | File | `/admin/index.php` | High
5 | File | `/assets/something/services/AppModule.class` | High
6 | File | `/cgi-bin/admin/testserver.cgi` | High
7 | File | `/cgi-bin/go` | Medium
8 | File | `/dev/kvm` | Medium
9 | File | `/etc/config/rpcd` | High
10 | File | `/etc/gsissh/sshd_config` | High
11 | ... | ... | ...
1 | File | `.htpasswd` | Medium
2 | File | `/../conf/config.properties` | High
3 | File | `/drivers/infiniband/core/cm.c` | High
4 | File | `/forum/away.php` | High
5 | File | `/horde/util/go.php` | High
6 | File | `/images/` | Medium
7 | File | `/inc/parser/xhtml.php` | High
8 | File | `/login` | Low
9 | File | `/mgmt/shared/authz/users/` | High
10 | File | `/modules/profile/index.php` | High
11 | File | `/out.php` | Medium
12 | File | `/public/plugins/` | High
13 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
14 | File | `/system/proxy` | High
15 | File | `/tmp/phpglibccheck` | High
16 | File | `/uncpath/` | Medium
17 | File | `adclick.php` | Medium
18 | File | `add.php` | Low
19 | File | `addentry.php` | Medium
20 | File | `addressbookprovider.php` | High
21 | File | `admin/htaccess/bpsunlock.php` | High
22 | File | `ajax_udf.php` | Medium
23 | File | `application.js.php` | High
24 | File | `apply.cgi` | Medium
25 | File | `arm/lithium-codegen-arm.cc` | High
26 | File | `authenticate.c` | High
27 | File | `Authenticate.class.php` | High
28 | File | `base_maintenance.php` | High
29 | File | `booking_details.php` | High
30 | File | `browse.php` | Medium
31 | File | `browser/thumbnails/render_widget_snapshot_taker.cc` | High
32 | File | `bufferobject.c` | High
33 | ... | ... | ...
There are 481 more IOA items available. Please use our online service to access the data.
There are 280 more IOA items available. Please use our online service to access the data.
## References
@ -101,9 +126,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

18
APT12/README.md
View File

@ -1,6 +1,6 @@
# APT12 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT12](https://vuldb.com/?actor.apt12). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT12](https://vuldb.com/?actor.apt12). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt12](https://vuldb.com/?actor.apt12)
@ -15,6 +15,7 @@ The following campaigns are known and can be associated with APT12:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT12:
* ES
* AR
* US
## IOC - Indicator of Compromise
@ -26,12 +27,9 @@ ID | IP address | Hostname | Confidence
1 | 32.114.251.129 | - | High
2 | 59.0.249.11 | - | High
3 | 92.54.232.142 | - | High
4 | 98.188.111.244 | - | High
5 | 133.87.242.63 | turonian.cris.hokudai.ac.jp | High
6 | 133.87.242.631 | - | High
7 | ... | ... | ...
4 | ... | ... | ...
There are 11 more IOC items available. Please use our online service to access the data.
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -48,7 +46,9 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | Network Port | `tcp/264` | Low
1 | File | `/wp-admin/admin-ajax.php` | High
2 | Argument | `repeater` | Medium
3 | Network Port | `tcp/264` | Low
## References
@ -61,9 +61,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
APT19/README.md
View File

@ -1,6 +1,6 @@
# APT19 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT19](https://vuldb.com/?actor.apt19). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT19](https://vuldb.com/?actor.apt19). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt19](https://vuldb.com/?actor.apt19)
@ -40,9 +40,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

16
APT2/README.md
View File

@ -1,6 +1,6 @@
# APT2 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT2](https://vuldb.com/?actor.apt2). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT2](https://vuldb.com/?actor.apt2). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt2](https://vuldb.com/?actor.apt2)
@ -31,15 +31,9 @@ ID | IP address | Hostname | Confidence
6 | 61.78.37.121 | - | High
7 | 61.78.75.96 | - | High
8 | 61.221.54.99 | 61-221-54-99.hinet-ip.hinet.net | High
9 | 67.42.255.50 | rory.net | High
10 | 100.42.216.230 | tfs2480.sipnav.in | High
11 | 121.157.104.122 | - | High
12 | 134.129.140.212 | eercvpn.eerc.und.nodak.edu | High
13 | 140.112.19.195 | ipserver.ee.ntu.edu.tw | High
14 | 140.112.40.7 | bpADServer.bp.ntu.edu.tw | High
15 | ... | ... | ...
9 | ... | ... | ...
There are 28 more IOC items available. Please use our online service to access the data.
There are 34 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -70,9 +64,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

40
APT27/README.md
View File

@ -1,6 +1,6 @@
# APT27 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT27](https://vuldb.com/?actor.apt27). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT27](https://vuldb.com/?actor.apt27). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt27](https://vuldb.com/?actor.apt27)
@ -19,7 +19,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* ES
* ...
There are 3 more country items available. Please use our online service to access the data.
There are 5 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -30,11 +30,9 @@ ID | IP address | Hostname | Confidence
1 | 34.90.207.23 | 23.207.90.34.bc.googleusercontent.com | Medium
2 | 34.93.247.126 | 126.247.93.34.bc.googleusercontent.com | Medium
3 | 35.187.148.253 | 253.148.187.35.bc.googleusercontent.com | Medium
4 | 35.220.135.85 | 85.135.220.35.bc.googleusercontent.com | Medium
5 | 45.142.214.188 | mts.ru | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
There are 10 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -45,10 +43,9 @@ ID | Technique | Description | Confidence
1 | T1008 | Algorithm Downgrade | High
2 | T1040 | Authentication Bypass by Capture-replay | High
3 | T1059.007 | Cross Site Scripting | High
4 | T1068 | Execution with Unnecessary Privileges | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.
There are 9 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -63,12 +60,23 @@ ID | Type | Indicator | Confidence
5 | File | `/infusions/shoutbox_panel/shoutbox_admin.php` | High
6 | File | `/oscommerce/admin/currencies.php` | High
7 | File | `/proc/pid/syscall` | High
8 | File | `/session/list/allActiveSession` | High
9 | File | `/syslog_rules` | High
10 | File | `/upload` | Low
11 | ... | ... | ...
8 | File | `/rapi/read_url` | High
9 | File | `/session/list/allActiveSession` | High
10 | File | `/syslog_rules` | High
11 | File | `/upload` | Low
12 | File | `/users/{id}` | Medium
13 | File | `/video` | Low
14 | File | `ActivityManagerService.java` | High
15 | File | `adaptmap_reg.c` | High
16 | File | `admin.cgi` | Medium
17 | File | `admin.php` | Medium
18 | File | `admin.php?action=files` | High
19 | File | `admin/modules/master_file/rda_cmc.php?keywords` | High
20 | File | `album_portal.php` | High
21 | File | `al_initialize.php` | High
22 | ... | ... | ...
There are 186 more IOA items available. Please use our online service to access the data.
There are 179 more IOA items available. Please use our online service to access the data.
## References
@ -82,9 +90,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

61
APT28/README.md
View File

@ -19,9 +19,12 @@ There are 3 more campaign items available. Please use our online service to acce
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT28:
* NL
* RO
* US
* RU
* BG
* ...
There are 3 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -34,7 +37,7 @@ ID | IP address | Hostname | Confidence
3 | 5.100.155.91 | 5.100.155-91.publicdomainregistry.com | High
4 | 5.135.183.154 | ns3290077.ip-5-135-183.eu | High
5 | 5.199.171.58 | - | High
6 | 23.163.0.59 | naomi.rem2d.com | High
6 | 23.163.0.59 | - | High
7 | 23.227.196.21 | 23-227-196-21.static.hvvc.us | High
8 | 23.227.196.215 | 23-227-196-215.static.hvvc.us | High
9 | 23.227.196.217 | 23-227-196-217.static.hvvc.us | High
@ -61,8 +64,8 @@ ID | IP address | Hostname | Confidence
30 | 58.49.58.58 | - | High
31 | 62.113.232.197 | - | High
32 | 66.172.11.207 | ip-66-172-11-207.chunkhost.com | High
33 | 66.172.12.133 | - | High
34 | 69.12.73.174 | 69.12.73.174.static.quadranet.com | High
33 | 66.172.12.133 | ip-66-172-12-133.chunkhost.com | High
34 | 69.12.73.174 | - | High
35 | 70.85.221.10 | server002.nilsson-it.dk | High
36 | 70.85.221.20 | 14.dd.5546.static.theplanet.com | High
37 | 76.74.177.251 | ip-76-74-177-251.chunkhost.com | High
@ -77,7 +80,7 @@ ID | IP address | Hostname | Confidence
46 | 81.17.30.29 | - | High
47 | ... | ... | ...
There are 185 more IOC items available. Please use our online service to access the data.
There are 184 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -87,7 +90,10 @@ ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1587.003 | Improper Certificate Validation | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -95,12 +101,43 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `elFinder.class.php` | High
2 | File | `inc/config.php` | High
3 | File | `ot_coupon.php` | High
4 | ... | ... | ...
1 | File | `.travis.yml` | Medium
2 | File | `/.env` | Low
3 | File | `/admin.php` | Medium
4 | File | `/admin/config.php?display=disa&view=form` | High
5 | File | `/category_view.php` | High
6 | File | `/dev/kmem` | Medium
7 | File | `/filemanager/upload.php` | High
8 | File | `/medical/inventories.php` | High
9 | File | `/monitoring` | Medium
10 | File | `/NAGErrors` | Medium
11 | File | `/plugins/servlet/audit/resource` | High
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
13 | File | `/proc/ioports` | High
14 | File | `/replication` | Medium
15 | File | `/reports/rwservlet` | High
16 | File | `/RestAPI` | Medium
17 | File | `/tmp` | Low
18 | File | `/tmp/speedtest_urls.xml` | High
19 | File | `/uncpath/` | Medium
20 | File | `/var/log/nginx` | High
21 | File | `/wp-admin/admin.php` | High
22 | File | `/wp-json/wc/v3/webhooks` | High
23 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
24 | File | `admin/app/mediamanager` | High
25 | File | `admin/index.php` | High
26 | File | `admin\model\catalog\download.php` | High
27 | File | `afr.php` | Low
28 | File | `apcupsd.pid` | Medium
29 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
30 | File | `api/sms/send-sms` | High
31 | File | `api/v1/alarms` | High
32 | File | `application/controller/InstallerController.php` | High
33 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
34 | File | `arformcontroller.php` | High
35 | ... | ... | ...
There are 8 more IOA items available. Please use our online service to access the data.
There are 297 more IOA items available. Please use our online service to access the data.
## References

11
APT3/README.md
View File

@ -1,6 +1,6 @@
# APT3 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT3](https://vuldb.com/?actor.apt3). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT3](https://vuldb.com/?actor.apt3). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt3](https://vuldb.com/?actor.apt3)
@ -27,10 +27,9 @@ ID | IP address | Hostname | Confidence
1 | 23.99.20.198 | - | High
2 | 54.169.89.240 | ec2-54-169-89-240.ap-southeast-1.compute.amazonaws.com | Medium
3 | 104.151.248.173 | 173.248-151-104.rdns.scalabledns.com | High
4 | 107.20.255.57 | ec2-107-20-255-57.compute-1.amazonaws.com | Medium
5 | ... | ... | ...
4 | ... | ... | ...
There are 7 more IOC items available. Please use our online service to access the data.
There are 8 more IOC items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -57,9 +56,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

48
APT33/README.md
View File

@ -17,8 +17,8 @@ The following campaigns are known and can be associated with APT33:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with APT33:
* FR
* PL
* SV
* PL
* ...
There are 4 more country items available. Please use our online service to access the data.
@ -69,31 +69,31 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/admin.php?module=admin_access_group_edit&aagID` | High
2 | File | `/admin/customers.php?page=1&cID` | High
3 | File | `/api/ZRMesh/set_ZRMesh` | High
4 | File | `/appliance/shiftmgn.php` | High
5 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
6 | File | `/etc/quagga` | Medium
7 | File | `/fw/index2.do` | High
8 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
9 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
10 | File | `/jerry-core/jmem/jmem-heap.c` | High
11 | File | `/moddable/xs/sources/xsScript.c` | High
12 | File | `/parser/js/js-parser-expr.c` | High
13 | File | `/preferences/tags` | High
14 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
15 | File | `/transmission/web/` | High
16 | File | `/uploads/exam_question/` | High
17 | File | `/usr/bin/pkexec` | High
18 | File | `/usr/local/bin/mjs` | High
19 | File | `AccessPoint.java` | High
20 | File | `account_sponsor_page.php` | High
21 | File | `acknow.php` | Medium
22 | File | `acropora/app/identity/ic.c` | High
23 | File | `acropora/app/identity/identity_support.c` | High
24 | File | `actions.php` | Medium
3 | File | `/administrator/components/menu/` | High
4 | File | `/administrator/components/table_manager/` | High
5 | File | `/api/ZRMesh/set_ZRMesh` | High
6 | File | `/damicms-master/admin.php?s=/Article/doedit` | High
7 | File | `/etc/quagga` | Medium
8 | File | `/fw/index2.do` | High
9 | File | `/Hospital-Management-System-master/func.php` | High
10 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
11 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
12 | File | `/jerry-core/jmem/jmem-heap.c` | High
13 | File | `/moddable/xs/sources/xsScript.c` | High
14 | File | `/parser/js/js-parser-expr.c` | High
15 | File | `/preferences/tags` | High
16 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
17 | File | `/transmission/web/` | High
18 | File | `/uploads/exam_question/` | High
19 | File | `/usr/bin/pkexec` | High
20 | File | `/usr/local/bin/mjs` | High
21 | File | `1.2.2.pl4` | Medium
22 | File | `AccessPoint.java` | High
23 | File | `account_sponsor_page.php` | High
24 | File | `acknow.php` | Medium
25 | ... | ... | ...
There are 207 more IOA items available. Please use our online service to access the data.
There are 214 more IOA items available. Please use our online service to access the data.
## References

5
APT34/README.md
View File

@ -92,10 +92,9 @@ ID | Type | Indicator | Confidence
32 | File | `admin/index.php` | High
33 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
34 | File | `admin/system_manage/save.html` | High
35 | File | `ajax.php` | Medium
36 | ... | ... | ...
35 | ... | ... | ...
There are 304 more IOA items available. Please use our online service to access the data.
There are 303 more IOA items available. Please use our online service to access the data.
## References

52
APT36/README.md
View File

@ -1,6 +1,6 @@
# APT36 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT36](https://vuldb.com/?actor.apt36). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT36](https://vuldb.com/?actor.apt36). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt36](https://vuldb.com/?actor.apt36)
@ -19,7 +19,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* RU
* ...
There are 12 more country items available. Please use our online service to access the data.
There are 13 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -38,17 +38,9 @@ ID | IP address | Hostname | Confidence
9 | 75.98.175.79 | a2s83.a2hosting.com | High
10 | 75.119.139.169 | server1.immacolata.com | High
11 | 80.240.134.51 | - | High
12 | 82.196.13.94 | - | High
13 | 95.85.43.35 | - | High
14 | 95.168.176.141 | - | High
15 | 107.175.64.209 | 107-175-64-209-host.colocrossing.com | High
16 | 107.175.64.251 | 107-175-64-251-host.colocrossing.com | High
17 | 151.106.14.125 | - | High
18 | 151.106.19.218 | - | High
19 | 151.106.56.32 | - | High
20 | ... | ... | ...
12 | ... | ... | ...
There are 38 more IOC items available. Please use our online service to access the data.
There are 46 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -73,15 +65,31 @@ ID | Type | Indicator | Confidence
2 | File | `/forum/away.php` | High
3 | File | `/inc/HTTPClient.php` | High
4 | File | `/out.php` | Medium
5 | File | `/service/upload` | High
6 | File | `/uncpath/` | Medium
7 | File | `adclick.php` | Medium
8 | File | `add_comment.php` | High
9 | File | `admin/system_manage/save.html` | High
10 | File | `admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list` | High
11 | ... | ... | ...
5 | File | `/products/details.asp` | High
6 | File | `/service/upload` | High
7 | File | `/uncpath/` | Medium
8 | File | `adclick.php` | Medium
9 | File | `add_comment.php` | High
10 | File | `admin/system_manage/save.html` | High
11 | File | `admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list` | High
12 | File | `administrator/components/com_media/helpers/media.php` | High
13 | File | `arm/t7xx/r5p0/mali_kbase_core_linux.c` | High
14 | File | `awstats.pl` | Medium
15 | File | `books.php` | Medium
16 | File | `bridge/yabbse.inc.php` | High
17 | File | `cachemgr.cgi` | Medium
18 | File | `captcha.php` | Medium
19 | File | `catagorie.php` | High
20 | File | `category.php` | Medium
21 | File | `cgi-bin/` | Medium
22 | File | `cgi-bin/cmh/webcam.sh` | High
23 | File | `channels/chan_skinny.c` | High
24 | File | `clwarn.cgi` | Medium
25 | File | `coders/dcm.c` | Medium
26 | File | `comment_add.asp` | High
27 | ... | ... | ...
There are 232 more IOA items available. Please use our online service to access the data.
There are 229 more IOA items available. Please use our online service to access the data.
## References
@ -94,9 +102,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

14
APT37/README.md
View File

@ -1,6 +1,6 @@
# APT37 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT37](https://vuldb.com/?actor.apt37). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT37](https://vuldb.com/?actor.apt37). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt37](https://vuldb.com/?actor.apt37)
@ -54,11 +54,9 @@ ID | Type | Indicator | Confidence
1 | File | `examples/openid.php` | High
2 | File | `FormDisplay.php` | High
3 | File | `includes/startup.php` | High
4 | File | `libraries/Header.php` | High
5 | File | `wp-includes/class-wp-query.php` | High
6 | Argument | `name` | Low
7 | Argument | `Password` | Medium
8 | Argument | `STARTTLS` | Medium
4 | ... | ... | ...
There are 5 more IOA items available. Please use our online service to access the data.
## References
@ -71,9 +69,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

34
APT39/README.md
View File

@ -1,6 +1,6 @@
# APT39 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [APT39](https://vuldb.com/?actor.apt39). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [APT39](https://vuldb.com/?actor.apt39). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.apt39](https://vuldb.com/?actor.apt39)
@ -19,7 +19,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* GB
* ...
There are 15 more country items available. Please use our online service to access the data.
There are 18 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -30,12 +30,9 @@ ID | IP address | Hostname | Confidence
1 | 83.142.230.113 | - | High
2 | 86.105.227.224 | - | High
3 | 87.117.204.113 | - | High
4 | 87.117.204.115 | - | High
5 | 89.38.97.112 | - | High
6 | 89.38.97.115 | - | High
7 | ... | ... | ...
4 | ... | ... | ...
There are 11 more IOC items available. Please use our online service to access the data.
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -57,18 +54,15 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `//etc/RT2870STA.dat` | High
2 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
3 | File | `/magnoliaPublic/travel/members/login.html` | High
4 | File | `/Main_AdmStatus_Content.asp` | High
5 | File | `/uncpath/` | Medium
6 | File | `/var/log/nginx` | High
7 | File | `admin/index.php` | High
8 | File | `advertiser.php` | High
9 | File | `akocomments.php` | High
10 | File | `al_initialize.php` | High
11 | ... | ... | ...
2 | File | `/admin/index.php?id=themes&action=edit_template&filename=blog` | High
3 | File | `/cwp_{SESSION_HASH}/admin/loader_ajax.php` | High
4 | File | `/magnoliaPublic/travel/members/login.html` | High
5 | File | `/Main_AdmStatus_Content.asp` | High
6 | File | `/server-status` | High
7 | File | `/uncpath/` | Medium
8 | ... | ... | ...
There are 49 more IOA items available. Please use our online service to access the data.
There are 56 more IOA items available. Please use our online service to access the data.
## References
@ -82,9 +76,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

7
APT41/README.md
View File

@ -33,7 +33,7 @@ ID | IP address | Hostname | Confidence
3 | 5.183.103.122 | - | High
4 | 5.188.93.132 | gcorelabs.paris.vpn015 | High
5 | 5.188.108.22 | pol1.htjsq.com | High
6 | 5.188.108.228 | xc5.exclusivacondominios.com | High
6 | 5.188.108.228 | keyvpn.warsawa | High
7 | 5.189.222.33 | spain466.es | High
8 | 23.67.95.153 | a23-67-95-153.deploy.static.akamaitechnologies.com | High
9 | 43.255.191.255 | - | High
@ -89,9 +89,10 @@ ID | Type | Indicator | Confidence
21 | File | `adclick.php` | Medium
22 | File | `addentry.php` | Medium
23 | File | `addrating.php` | High
24 | ... | ... | ...
24 | File | `admin/conf_users_edit.php` | High
25 | ... | ... | ...
There are 203 more IOA items available. Please use our online service to access the data.
There are 205 more IOA items available. Please use our online service to access the data.
## References

4
Agrius/README.md
View File

@ -22,7 +22,7 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 5.2.67.85 | mail.astrilll.com | High
2 | 5.2.73.67 | - | High
2 | 5.2.73.67 | brokendip.cfd | High
3 | 37.59.236.232 | 37.59.236.232.rdns.hasaserver.com | High
4 | ... | ... | ...
@ -58,7 +58,7 @@ ID | Type | Indicator | Confidence
9 | File | `admin.php` | Medium
10 | ... | ... | ...
There are 74 more IOA items available. Please use our online service to access the data.
There are 75 more IOA items available. Please use our online service to access the data.
## References

12
Amnesia/README.md
View File

@ -1,6 +1,6 @@
# Amnesia - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Amnesia](https://vuldb.com/?actor.amnesia). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Amnesia](https://vuldb.com/?actor.amnesia). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.amnesia](https://vuldb.com/?actor.amnesia)
@ -46,9 +46,9 @@ ID | Type | Indicator | Confidence
1 | File | `/api/addusers` | High
2 | File | `/home/httpd/cgi-bin/cgi.cgi` | High
3 | File | `/public/login.htm` | High
4 | File | `forumrunner/includes/moderation.php` | High
5 | Argument | `Password` | Medium
6 | Argument | `postids` | Low
4 | ... | ... | ...
There are 3 more IOA items available. Please use our online service to access the data.
## References
@ -60,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

17
Astro Locker/README.md
View File

@ -1,6 +1,6 @@
# Astro Locker - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Astro Locker](https://vuldb.com/?actor.astro_locker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Astro Locker](https://vuldb.com/?actor.astro_locker). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.astro_locker](https://vuldb.com/?actor.astro_locker)
@ -33,16 +33,9 @@ ID | Type | Indicator | Confidence
1 | File | `/htmlcode/html/indexdefault.asp` | High
2 | File | `ajax_admin_apis.php` | High
3 | File | `ajax_php_pecl.php` | High
4 | File | `books.php` | Medium
5 | File | `category.cfm` | Medium
6 | Argument | `bookid` | Low
7 | Argument | `cat` | Low
8 | Argument | `employee_id` | Medium
9 | Argument | `line` | Low
10 | Argument | `phpversion` | Medium
11 | ... | ... | ...
4 | ... | ... | ...
There are 4 more IOA items available. Please use our online service to access the data.
There are 11 more IOA items available. Please use our online service to access the data.
## References
@ -54,9 +47,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
BabyShark/README.md
View File

@ -1,6 +1,6 @@
# BabyShark - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BabyShark](https://vuldb.com/?actor.babyshark). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BabyShark](https://vuldb.com/?actor.babyshark). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.babyshark](https://vuldb.com/?actor.babyshark)
@ -28,9 +28,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

24
BackdoorDiplomacy/README.md
View File

@ -1,6 +1,6 @@
# BackdoorDiplomacy - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BackdoorDiplomacy](https://vuldb.com/?actor.backdoordiplomacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BackdoorDiplomacy](https://vuldb.com/?actor.backdoordiplomacy). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.backdoordiplomacy](https://vuldb.com/?actor.backdoordiplomacy)
@ -24,12 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 23.83.224.178 | 23.83.224.178.16clouds.com | High
2 | 23.106.140.207 | 23.106.140.207.16clouds.com | High
3 | 23.228.203.130 | unassigned.psychz.net | High
4 | 23.247.47.252 | - | High
5 | 43.225.126.179 | - | High
6 | 43.251.105.139 | - | High
7 | ... | ... | ...
4 | ... | ... | ...
There are 11 more IOC items available. Please use our online service to access the data.
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -53,16 +50,9 @@ ID | Type | Indicator | Confidence
1 | File | `/clientes/visualizar` | High
2 | File | `/oputilsServlet` | High
3 | File | `admin/conf_users_edit.php` | High
4 | File | `data/gbconfiguration.dat` | High
5 | File | `shoutbox.php` | Medium
6 | File | `wp-admin/post.php` | High
7 | File | `wp-login.php` | Medium
8 | Argument | `action` | Low
9 | Argument | `description` | Medium
10 | Argument | `filePath0` | Medium
11 | ... | ... | ...
4 | ... | ... | ...
There are 6 more IOA items available. Please use our online service to access the data.
There are 18 more IOA items available. Please use our online service to access the data.
## References
@ -74,9 +64,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

10
BadPatch/README.md
View File

@ -1,6 +1,6 @@
# BadPatch - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BadPatch](https://vuldb.com/?actor.badpatch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BadPatch](https://vuldb.com/?actor.badpatch). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.badpatch](https://vuldb.com/?actor.badpatch)
@ -28,7 +28,9 @@ ID | Type | Indicator | Confidence
1 | File | `includes/pages.inc.php` | High
2 | File | `setup.cgi` | Medium
3 | Argument | `PagePrefix` | Medium
4 | Argument | `TimeToLive` | Medium
4 | ... | ... | ...
There are 1 more IOA items available. Please use our online service to access the data.
## References
@ -40,9 +42,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

24
Banload/README.md
View File

@ -1,6 +1,6 @@
# Banload - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Banload](https://vuldb.com/?actor.banload). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Banload](https://vuldb.com/?actor.banload). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.banload](https://vuldb.com/?actor.banload)
@ -30,15 +30,9 @@ ID | IP address | Hostname | Confidence
12 | 52.217.48.70 | s3-1.amazonaws.com | Medium
13 | 52.217.79.142 | s3-1.amazonaws.com | Medium
14 | 52.217.85.222 | s3-1.amazonaws.com | Medium
15 | 74.119.119.139 | - | High
16 | 74.125.192.94 | qn-in-f94.1e100.net | High
17 | 142.250.80.2 | lga34s33-in-f2.1e100.net | High
18 | 142.250.80.3 | lga34s33-in-f3.1e100.net | High
19 | 142.250.111.154 | gb-in-f154.1e100.net | High
20 | 143.204.150.172 | server-143-204-150-172.ewr52.r.cloudfront.net | High
21 | ... | ... | ...
15 | ... | ... | ...
There are 50 more IOC items available. Please use our online service to access the data.
There are 56 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -65,13 +59,9 @@ ID | Type | Indicator | Confidence
4 | File | `/index.php` | Medium
5 | File | `/lua/set-passwd.lua` | High
6 | File | `/oauth/authorize` | High
7 | File | `/uncpath/` | Medium
8 | File | `/user/user/edit.php` | High
9 | File | `backupsettings.html` | High
10 | File | `comment_add.asp` | High
11 | ... | ... | ...
7 | ... | ... | ...
There are 41 more IOA items available. Please use our online service to access the data.
There are 45 more IOA items available. Please use our online service to access the data.
## References
@ -85,9 +75,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

103
Barys/README.md
View File

@ -1,23 +1,105 @@
# Barys - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Barys](https://vuldb.com/?actor.barys). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Barys](https://vuldb.com/?actor.barys). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.barys](https://vuldb.com/?actor.barys)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Barys:
* US
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Barys.
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 52.137.90.34 | - | High
2 | 52.185.71.28 | - | High
3 | 74.125.192.138 | qn-in-f138.1e100.net | High
4 | 104.18.11.39 | - | High
5 | 172.217.222.138 | qi-in-f138.1e100.net | High
6 | ... | ... | ...
1 | 13.107.21.200 | - | High
2 | 13.107.22.200 | - | High
3 | 23.225.145.234 | - | High
4 | 47.246.136.160 | - | High
5 | 52.137.90.34 | - | High
6 | 52.185.71.28 | - | High
7 | 58.215.145.95 | - | High
8 | ... | ... | ...
There are 9 more IOC items available. Please use our online service to access the data.
There are 30 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Barys. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1211 | 7PK Security Features | High
4 | ... | ... | ...
There are 2 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Barys. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `$HOME/.cdrdao` | High
2 | File | `.FBCIndex` | Medium
3 | File | `/cgi-bin` | Medium
4 | File | `/cgi/cpaddons_feature.pl` | High
5 | File | `/dana/nc/ncrun.cgi` | High
6 | File | `/firewall/policy/` | High
7 | File | `/help/helpredir.aspx` | High
8 | File | `/irj/portal/` | Medium
9 | File | `/proc` | Low
10 | File | `/proc/net/ip6_flowlabel` | High
11 | File | `/search` | Low
12 | File | `/tmp/.pk11ipc1` | High
13 | File | `/tmp/adb.log` | Medium
14 | File | `/usr/bin/cu` | Medium
15 | File | `/var/crash/vmcore.log` | High
16 | File | `aclient.exe` | Medium
17 | File | `addadmin.asp` | Medium
18 | File | `admin` | Low
19 | File | `admin.php` | Medium
20 | File | `admin.rssreader.php` | High
21 | File | `admin/configuration/modifier.php` | High
22 | File | `admin/skins.php` | High
23 | File | `adminconsole` | Medium
24 | File | `administrator/mail/download.cfm` | High
25 | File | `admin_board.php` | High
26 | File | `af_netlink.c` | Medium
27 | File | `ajax.php` | Medium
28 | File | `ajaxRequest/methodCall.do` | High
29 | File | `announcements.php` | High
30 | File | `apache2/modsecurity.c` | High
31 | File | `apply.cgi` | Medium
32 | File | `app_new.php` | Medium
33 | File | `aspx` | Low
34 | File | `AttachmentsList.aspx` | High
35 | File | `Atx45.ocx` | Medium
36 | File | `auction_details.php` | High
37 | File | `auth.php` | Medium
38 | File | `aut_verifica.inc.php` | High
39 | File | `awsguest.php` | Medium
40 | File | `b2edit.showposts.php` | High
41 | File | `backend.php/screen.php/comment.php` | High
42 | File | `basicfunctions.php` | High
43 | File | `board.cgi` | Medium
44 | File | `bug_actiongroup_ext_page.php` | High
45 | File | `canned_opr.php` | High
46 | File | `cart.cgi` | Medium
47 | File | `cat.asp` | Low
48 | File | `cddbcontrolaol.cddbaolcontrol` | High
49 | File | `channel.asp` | Medium
50 | File | `class_auth.php` | High
51 | File | `compte.php` | Medium
52 | ... | ... | ...
There are 448 more IOA items available. Please use our online service to access the data.
## References
@ -26,14 +108,15 @@ The following list contains external sources which discuss the actor and the ass
* https://blog.talosintelligence.com/2021/06/threat-roundup-0604-0611.html
* https://blog.talosintelligence.com/2021/08/threat-roundup-0820-0827.html
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
## Literature
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

51
BazarLoader/README.md
View File

@ -1,6 +1,6 @@
# BazarLoader - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [BazarLoader](https://vuldb.com/?actor.bazarloader). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BazarLoader](https://vuldb.com/?actor.bazarloader). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bazarloader](https://vuldb.com/?actor.bazarloader)
@ -10,10 +10,10 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* US
* DK
* IT
* DE
* ...
There are 9 more country items available. Please use our online service to access the data.
There are 11 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -26,13 +26,9 @@ ID | IP address | Hostname | Confidence
3 | 34.209.40.84 | ec2-34-209-40-84.us-west-2.compute.amazonaws.com | Medium
4 | 34.221.188.35 | ec2-34-221-188-35.us-west-2.compute.amazonaws.com | Medium
5 | 45.71.112.70 | host-45-71-112-70.nedetel.net | High
6 | 45.76.254.23 | 45.76.254.23.vultr.com | Medium
7 | 54.184.178.68 | ec2-54-184-178-68.us-west-2.compute.amazonaws.com | Medium
8 | 62.108.35.215 | - | High
9 | 72.21.81.240 | - | High
10 | ... | ... | ...
6 | ... | ... | ...
There are 18 more IOC items available. Please use our online service to access the data.
There are 22 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -43,10 +39,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -64,9 +59,33 @@ ID | Type | Indicator | Confidence
8 | File | `/register.do` | Medium
9 | File | `/rest/project-templates/1.0/createshared` | High
10 | File | `/restoreinfo.cgi` | High
11 | ... | ... | ...
11 | File | `/services` | Medium
12 | File | `/var/passwd` | Medium
13 | File | `/var/run/storage_account_root` | High
14 | File | `/webconsole/APIController` | High
15 | File | `802dot1xclientcert.cgi` | High
16 | File | `account.asp` | Medium
17 | File | `Account.aspx` | Medium
18 | File | `ActionsAndOperations` | High
19 | File | `adclick.php` | Medium
20 | File | `admin/db-backup-security/db-backup-security.php` | High
21 | File | `admin/membersearch.php` | High
22 | File | `agent_links.pl` | High
23 | File | `Ap4StssAtom.cpp` | High
24 | File | `Ap4StszAtom.cpp` | High
25 | File | `apetag.c` | Medium
26 | File | `apply_sec.cgi` | High
27 | File | `article.php` | Medium
28 | File | `asp` | Low
29 | File | `attrs.c` | Low
30 | File | `auth-gss2.c` | Medium
31 | File | `auth.inc.php` | Medium
32 | File | `authuser.php` | Medium
33 | File | `bkr/server/widgets.py` | High
34 | File | `bson-iter.c` | Medium
35 | ... | ... | ...
There are 304 more IOA items available. Please use our online service to access the data.
There are 295 more IOA items available. Please use our online service to access the data.
## References
@ -79,9 +98,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Bifrost/README.md
View File

@ -1,6 +1,6 @@
# Bifrost - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bifrost](https://vuldb.com/?actor.bifrost). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bifrost](https://vuldb.com/?actor.bifrost). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bifrost](https://vuldb.com/?actor.bifrost)
@ -39,9 +39,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Bisonal/README.md
View File

@ -1,6 +1,6 @@
# Bisonal - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bisonal](https://vuldb.com/?actor.bisonal). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bisonal](https://vuldb.com/?actor.bisonal). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bisonal](https://vuldb.com/?actor.bisonal)
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

48
Black KingDom/README.md
View File

@ -11,9 +11,6 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* US
* RU
* SV
* ...
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -47,32 +44,37 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/index.php?lfj=friendlink&action=add` | High
1 | File | `/admin/admin_manage/delete` | High
2 | File | `/admin/login.php` | High
3 | File | `/ajax_crud` | Medium
4 | File | `/api/ZRMacClone/mac_addr_clone` | High
5 | File | `/application/common.php#action_log` | High
6 | File | `/base/ecma-helpers-string.c` | High
7 | File | `/cms/ajax.php` | High
8 | File | `/core/table/query` | High
9 | File | `/debug/pprof` | Medium
10 | File | `/dev/ion` | Medium
11 | File | `/ecma/operations/ecma-objects.c` | High
12 | File | `/GetCopiedFile` | High
13 | File | `/hdf5/src/H5Dchunk.c` | High
14 | File | `/hdf5/src/H5Fint.c` | High
15 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
16 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
17 | File | `/jerry-core/parser/js/js-parser-expr.c` | High
18 | File | `/leave_system/classes/Login.php` | High
19 | File | `/member/post.php?job=postnew&step=post` | High
3 | File | `/administrator/components/table_manager/` | High
4 | File | `/ajax_crud` | Medium
5 | File | `/api/ZRMacClone/mac_addr_clone` | High
6 | File | `/application/common.php#action_log` | High
7 | File | `/base/ecma-helpers-string.c` | High
8 | File | `/cms/ajax.php` | High
9 | File | `/core/table/query` | High
10 | File | `/debug/pprof` | Medium
11 | File | `/dev/ion` | Medium
12 | File | `/ecma/operations/ecma-objects.c` | High
13 | File | `/GetCopiedFile` | High
14 | File | `/hdf5/src/H5Dchunk.c` | High
15 | File | `/hdf5/src/H5Fint.c` | High
16 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
17 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
18 | File | `/jerry-core/parser/js/js-parser-expr.c` | High
19 | File | `/leave_system/classes/Login.php` | High
20 | File | `/message-bus/_diagnostics` | High
21 | File | `/mobile/SelectUsers.jsp` | High
22 | File | `/music/ajax.php` | High
23 | File | `/orms/` | Low
24 | ... | ... | ...
24 | File | `/parser/js/js-parser-mem.c` | High
25 | File | `/rest/collectors/1.0/template/custom` | High
26 | File | `/RPC2` | Low
27 | File | `/UserSelfServiceSettings.jsp` | High
28 | File | `/usr/bin/pkexec` | High
29 | ... | ... | ...
There are 197 more IOA items available. Please use our online service to access the data.
There are 246 more IOA items available. Please use our online service to access the data.
## References

6
Black Vine/README.md
View File

@ -1,6 +1,6 @@
# Black Vine - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Black Vine](https://vuldb.com/?actor.black_vine). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Black Vine](https://vuldb.com/?actor.black_vine). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.black_vine](https://vuldb.com/?actor.black_vine)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

20
Bookworm/README.md
View File

@ -1,6 +1,6 @@
# Bookworm - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bookworm](https://vuldb.com/?actor.bookworm). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bookworm](https://vuldb.com/?actor.bookworm). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bookworm](https://vuldb.com/?actor.bookworm)
@ -27,10 +27,9 @@ ID | IP address | Hostname | Confidence
1 | 43.248.8.249 | - | High
2 | 103.226.127.47 | - | High
3 | 104.156.239.105 | 104.156.239.105.vultr.com | Medium
4 | 112.167.143.179 | - | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 7 more IOC items available. Please use our online service to access the data.
There are 8 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -50,12 +49,9 @@ ID | Type | Indicator | Confidence
1 | File | `/install/index.php` | High
2 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
3 | File | `cirrus_vga.c` | Medium
4 | File | `func.php` | Medium
5 | File | `packages/strapi-admin/controllers/Auth.js` | High
6 | File | `register/check/username?username` | High
7 | Argument | `returnPath` | Medium
8 | Argument | `theme/lang` | Medium
9 | Argument | `username` | Medium
4 | ... | ... | ...
There are 6 more IOA items available. Please use our online service to access the data.
## References
@ -67,9 +63,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

24
Bouncing Golf/README.md
View File

@ -1,6 +1,6 @@
# Bouncing Golf - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bouncing Golf](https://vuldb.com/?actor.bouncing_golf). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bouncing Golf](https://vuldb.com/?actor.bouncing_golf). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bouncing_golf](https://vuldb.com/?actor.bouncing_golf)
@ -10,10 +10,10 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* US
* FR
* DE
* GB
* ...
There are 20 more country items available. Please use our online service to access the data.
There are 21 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -57,7 +57,19 @@ ID | Type | Indicator | Confidence
8 | File | `/horde/util/go.php` | High
9 | File | `/new` | Low
10 | File | `/show_news.php` | High
11 | ... | ... | ...
11 | File | `/tmp` | Low
12 | File | `/uncpath/` | Medium
13 | File | `/userRpm/MediaServerFoldersCfgRpm.htm` | High
14 | File | `/ViewUserHover.jspa` | High
15 | File | `AccountStatus.jsp` | High
16 | File | `add.php` | Low
17 | File | `admin/systemOutOfBand.do` | High
18 | File | `app/application.cpp` | High
19 | File | `auth-gss2.c` | Medium
20 | File | `authent.php4` | Medium
21 | File | `base_maintenance.php` | High
22 | File | `boardrule.php` | High
23 | ... | ... | ...
There are 195 more IOA items available. Please use our online service to access the data.
@ -71,9 +83,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Brazil Unknown/README.md
View File

@ -1,6 +1,6 @@
# Brazil Unknown - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Brazil Unknown](https://vuldb.com/?actor.brazil_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Brazil Unknown](https://vuldb.com/?actor.brazil_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.brazil_unknown](https://vuldb.com/?actor.brazil_unknown)
@ -36,9 +36,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

35
Brontok/README.md Normal file
View File

@ -0,0 +1,35 @@
# Brontok - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Brontok](https://vuldb.com/?actor.brontok). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.brontok](https://vuldb.com/?actor.brontok)
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Brontok.
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 20.42.65.92 | - | High
2 | 20.189.173.20 | - | High
3 | 52.168.117.173 | - | High
4 | ... | ... | ...
There are 1 more IOC items available. Please use our online service to access the data.
## References
The following list contains external sources which discuss the actor and the associated activities:
* https://blog.talosintelligence.com/2022/01/threat-roundup-0114-0121.html
## Literature
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

15
Bronze Butler/README.md
View File

@ -1,6 +1,6 @@
# Bronze Butler - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bronze Butler](https://vuldb.com/?actor.bronze_butler). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bronze Butler](https://vuldb.com/?actor.bronze_butler). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bronze_butler](https://vuldb.com/?actor.bronze_butler)
@ -50,12 +50,9 @@ ID | Type | Indicator | Confidence
1 | File | `/out.php` | Medium
2 | File | `data/gbconfiguration.dat` | High
3 | File | `wp-login.php` | Medium
4 | File | `Xvpnd.exe` | Medium
5 | Library | `jscript9.dll` | Medium
6 | Argument | `HOST` | Low
7 | Argument | `id` | Low
8 | Argument | `reason` | Low
9 | Network Port | `tcp/2015` | Medium
4 | ... | ... | ...
There are 6 more IOA items available. Please use our online service to access the data.
## References
@ -67,9 +64,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

24
Bronze Union/README.md
View File

@ -1,6 +1,6 @@
# Bronze Union - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Bronze Union](https://vuldb.com/?actor.bronze_union). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bronze Union](https://vuldb.com/?actor.bronze_union). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.bronze_union](https://vuldb.com/?actor.bronze_union)
@ -20,10 +20,9 @@ ID | IP address | Hostname | Confidence
1 | 45.114.9.174 | - | High
2 | 96.90.63.57 | nleq.com | High
3 | 117.136.63.145 | - | High
4 | 198.56.185.179 | - | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more IOC items available. Please use our online service to access the data.
There are 7 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -33,7 +32,10 @@ ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1548.002 | Improper Authorization | High
3 | T1499 | Resource Consumption | High
4 | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -44,11 +46,9 @@ ID | Type | Indicator | Confidence
1 | File | `/getcfg.php` | Medium
2 | File | `http_auth.c` | Medium
3 | File | `public/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]` | High
4 | File | `ticket.php` | Medium
5 | Argument | `SERVICES` | Medium
6 | Argument | `tid` | Low
7 | Input Value | `curl -d SERVICES=DEVICE.ACCOUNT http://192.168.0.1/getcfg.php` | High
8 | Network Port | `Web Server Port` | High
4 | ... | ... | ...
There are 5 more IOA items available. Please use our online service to access the data.
## References
@ -60,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

14
Brunhilda/README.md
View File

@ -1,6 +1,6 @@
# Brunhilda - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Brunhilda](https://vuldb.com/?actor.brunhilda). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Brunhilda](https://vuldb.com/?actor.brunhilda). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.brunhilda](https://vuldb.com/?actor.brunhilda)
@ -18,14 +18,12 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 45.142.212.216 | holkitsor4.example.com | High
1 | 45.142.212.216 | vm324137.pq.hosting | High
2 | 95.142.40.68 | vm482228.eurodir.ru | High
3 | 185.177.92.213 | ip-185-177-92-213.ah-server.com | High
4 | 185.177.93.32 | ip-185-177-93-32.ah-server.com | High
5 | 185.177.93.44 | ip-185-177-93-44.ah-server.com | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
There are 10 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -59,9 +57,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

15
Buhtrap/README.md
View File

@ -1,6 +1,6 @@
# Buhtrap - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Buhtrap](https://vuldb.com/?actor.buhtrap). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Buhtrap](https://vuldb.com/?actor.buhtrap). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.buhtrap](https://vuldb.com/?actor.buhtrap)
@ -19,7 +19,7 @@ ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 5.63.159.32 | 5-63-159-32.cloudvps.regruhosting.ru | High
2 | 37.140.195.165 | console.teonet.cloud | High
3 | 37.143.12.190 | www.portnov.dev | High
3 | 37.143.12.190 | hosted-by.ihc.ru | High
4 | ... | ... | ...
There are 6 more IOC items available. Please use our online service to access the data.
@ -41,10 +41,9 @@ ID | Type | Indicator | Confidence
1 | File | `adclick.php` | Medium
2 | File | `adrotate.pm` | Medium
3 | File | `article.php` | Medium
4 | File | `_debugging_center_utils___.php` | High
5 | Argument | `dest` | Low
6 | Argument | `log` | Low
7 | Argument | `sid` | Low
4 | ... | ... | ...
There are 4 more IOA items available. Please use our online service to access the data.
## References
@ -56,9 +55,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

14
Butterfly/README.md
View File

@ -1,6 +1,6 @@
# Butterfly - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Butterfly](https://vuldb.com/?actor.butterfly). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Butterfly](https://vuldb.com/?actor.butterfly). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.butterfly](https://vuldb.com/?actor.butterfly)
@ -57,9 +57,13 @@ ID | Type | Indicator | Confidence
8 | File | `/Upload.ashx` | Medium
9 | File | `/var/tmp/sess_*` | High
10 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
11 | ... | ... | ...
11 | File | `admin/killsource` | High
12 | File | `admin/orion.extfeedbackform_efbf_forms.php` | High
13 | File | `auth-gss2.c` | Medium
14 | File | `bin/jp2/convert.c` | High
15 | ... | ... | ...
There are 120 more IOA items available. Please use our online service to access the data.
There are 123 more IOA items available. Please use our online service to access the data.
## References
@ -71,9 +75,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
CDRThief/README.md
View File

@ -1,6 +1,6 @@
# CDRThief - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CDRThief](https://vuldb.com/?actor.cdrthief). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CDRThief](https://vuldb.com/?actor.cdrthief). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cdrthief](https://vuldb.com/?actor.cdrthief)
@ -41,9 +41,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

84
Carbanak/README.md
View File

@ -1,6 +1,6 @@
# Carbanak - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Carbanak](https://vuldb.com/?actor.carbanak). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Carbanak](https://vuldb.com/?actor.carbanak). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.carbanak](https://vuldb.com/?actor.carbanak)
@ -16,11 +16,11 @@ The following campaigns are known and can be associated with Carbanak:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Carbanak:
* US
* DE
* RU
* SE
* ...
There are 28 more country items available. Please use our online service to access the data.
There are 29 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -48,9 +48,24 @@ ID | IP address | Hostname | Confidence
18 | 37.59.202.124 | ip124.ip-37-59-202.eu | High
19 | 37.235.54.48 | 48.54.235.37.in-addr.arpa | High
20 | 45.63.23.135 | 45.63.23.135.vultr.com | Medium
21 | ... | ... | ...
21 | 45.63.96.216 | 45.63.96.216.vultr.com | Medium
22 | 50.62.171.62 | ip-50-62-171-62.ip.secureserver.net | High
23 | 50.115.127.36 | 50.115.127.36.static.westdc.net | High
24 | 50.115.127.37 | mail.ingrampartners.com | High
25 | 51.254.95.99 | ip99.ip-51-254-95.eu | High
26 | 51.254.95.100 | ip100.ip-51-254-95.eu | High
27 | 55.198.6.56 | - | High
28 | 59.55.142.171 | - | High
29 | 60.228.38.213 | cpe-60-228-38-213.bpe6-r-962.pie.wa.bigpond.net.au | High
30 | 61.7.219.61 | - | High
31 | 62.75.224.229 | prag178.startdedicated.de | High
32 | 62.210.25.121 | svgit.festivalscope.com | High
33 | 65.19.141.199 | - | High
34 | 66.55.133.86 | 66-55-133-86.choopa.net | High
35 | 66.232.124.175 | customer.hivelocity.net | High
36 | ... | ... | ...
There are 155 more IOC items available. Please use our online service to access the data.
There are 140 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -61,11 +76,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | T1222 | Permission Issues | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.
There are 7 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -73,19 +86,44 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `$HOME/.cdrdao` | High
2 | File | `%windir%\Internet Logs\` | High
3 | File | `/+CSCOE+/logon.html` | High
4 | File | `//etc/RT2870STA.dat` | High
5 | File | `/api/addusers` | High
6 | File | `/api/upload` | Medium
7 | File | `/bin/boa` | Medium
8 | File | `/cgi-bin/hotspot-changepw.cgi` | High
9 | File | `/ClickAndBanexDemo/admin/admin.asp` | High
10 | File | `/core/vendor/meenie/javascript-packer/example-inline.php` | High
11 | ... | ... | ...
1 | File | `%PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe` | High
2 | File | `.htaccess` | Medium
3 | File | `.procmailrc` | Medium
4 | File | `/+CSCOE+/logon.html` | High
5 | File | `/.htpasswd` | Medium
6 | File | `//etc/RT2870STA.dat` | High
7 | File | `/admin/index.php` | High
8 | File | `/api/addusers` | High
9 | File | `/cgi-bin/hotspot-changepw.cgi` | High
10 | File | `/ClickAndBanexDemo/admin/admin.asp` | High
11 | File | `/config/getuser` | High
12 | File | `/filemanager/ajax_calls.php` | High
13 | File | `/forum/away.php` | High
14 | File | `/owa/auth/logon.aspx` | High
15 | File | `/phppath/php` | Medium
16 | File | `/proc/self/exe` | High
17 | File | `/public/login.htm` | High
18 | File | `/server-info` | Medium
19 | File | `/server-status` | High
20 | File | `/uncpath/` | Medium
21 | File | `/user/jobmanage.php` | High
22 | File | `/user/zs_elite.php` | High
23 | File | `/usr/bin/enq` | Medium
24 | File | `/web/jquery/uploader/multi_uploadify.php` | High
25 | File | `/wp-admin/admin-ajax.php` | High
26 | File | `/wp-content/plugins/updraftplus/admin.php` | High
27 | File | `/zhndnsdisplay.cmd` | High
28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
29 | File | `acl.c` | Low
30 | File | `adclick.php` | Medium
31 | File | `add_comment.php` | High
32 | File | `add_vhost.php` | High
33 | File | `admin.php` | Medium
34 | File | `admin/default.asp` | High
35 | File | `admin/index.php?n=ui_set&m=admin&c=index&a=doget_text_content&table=lang&field=1` | High
36 | ... | ... | ...
There are 615 more IOA items available. Please use our online service to access the data.
There are 306 more IOA items available. Please use our online service to access the data.
## References
@ -105,9 +143,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Cardinal RAT/README.md
View File

@ -1,6 +1,6 @@
# Cardinal RAT - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Cardinal RAT](https://vuldb.com/?actor.cardinal_rat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cardinal RAT](https://vuldb.com/?actor.cardinal_rat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cardinal_rat](https://vuldb.com/?actor.cardinal_rat)
@ -77,9 +77,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

28
Carrotbat/README.md
View File

@ -1,6 +1,6 @@
# Carrotbat - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Carrotbat](https://vuldb.com/?actor.carrotbat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Carrotbat](https://vuldb.com/?actor.carrotbat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.carrotbat](https://vuldb.com/?actor.carrotbat)
@ -23,7 +23,7 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 61.14.210.72 | former-enews-out.squarspace.net | High
1 | 61.14.210.72 | former-enews-out.businessinsider.org.uk | High
## TTP - Tactics, Techniques, Procedures
@ -31,7 +31,8 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
1 | T1068 | Execution with Unnecessary Privileges | High
2 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
## IOA - Indicator of Attack
@ -39,19 +40,12 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `anonymous/authenticated` | High
2 | File | `count.cgi` | Medium
3 | File | `data/gbconfiguration.dat` | High
4 | File | `dede\co_do.php` | High
5 | File | `email.php` | Medium
6 | File | `index.php` | Medium
7 | File | `mod_mysql_vhost.c` | High
8 | Argument | `id` | Low
9 | Argument | `ids` | Low
10 | Argument | `skipSessionCheck` | High
11 | ... | ... | ...
1 | File | `/phppath/php` | Medium
2 | File | `anonymous/authenticated` | High
3 | File | `auth-gss2.c` | Medium
4 | ... | ... | ...
There are 2 more IOA items available. Please use our online service to access the data.
There are 11 more IOA items available. Please use our online service to access the data.
## References
@ -63,9 +57,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Center-1/README.md
View File

@ -1,6 +1,6 @@
# Center-1 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Center-1](https://vuldb.com/?actor.center-1). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Center-1](https://vuldb.com/?actor.center-1). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.center-1](https://vuldb.com/?actor.center-1)
@ -29,9 +29,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

12
Center-2/README.md
View File

@ -1,6 +1,6 @@
# Center-2 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Center-2](https://vuldb.com/?actor.center-2). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Center-2](https://vuldb.com/?actor.center-2). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.center-2](https://vuldb.com/?actor.center-2)
@ -52,11 +52,9 @@ ID | Type | Indicator | Confidence
6 | File | `/webapps/Bb-sites-user-profile-BBLEARN/profile.form` | High
7 | File | `/wp-content/plugins/emag-marketplace-connector/templates/order/awb-meta-box.php` | High
8 | File | `action/addproject.php` | High
9 | File | `adclick.php` | Medium
10 | File | `admin/page/system/nav.php?del` | High
11 | ... | ... | ...
9 | ... | ... | ...
There are 64 more IOA items available. Please use our online service to access the data.
There are 68 more IOA items available. Please use our online service to access the data.
## References
@ -68,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

19
CetaRAT/README.md
View File

@ -1,6 +1,6 @@
# CetaRAT - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CetaRAT](https://vuldb.com/?actor.cetarat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CetaRAT](https://vuldb.com/?actor.cetarat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cetarat](https://vuldb.com/?actor.cetarat)
@ -19,7 +19,7 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 109.236.85.152 | customer.worldstream.nl | High
2 | 161.97.142.96 | vmi661694.contaboserver.net | High
2 | 161.97.142.96 | vmi745943.contaboserver.net | High
3 | 164.68.104.126 | vmd76303.contaboserver.net | High
4 | ... | ... | ...
@ -42,16 +42,9 @@ ID | Type | Indicator | Confidence
1 | File | `adclick.php` | Medium
2 | File | `data/gbconfiguration.dat` | High
3 | File | `exit.php` | Medium
4 | File | `goto.php` | Medium
5 | File | `ipsconnect.php` | High
6 | File | `redir.php` | Medium
7 | File | `register/check/username?username` | High
8 | Argument | `dest` | Low
9 | Argument | `foaf` | Low
10 | Argument | `id` | Low
11 | ... | ... | ...
4 | ... | ... | ...
There are 3 more IOA items available. Please use our online service to access the data.
There are 10 more IOA items available. Please use our online service to access the data.
## References
@ -63,9 +56,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
ChessMaster/README.md
View File

@ -1,6 +1,6 @@
# ChessMaster - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [ChessMaster](https://vuldb.com/?actor.chessmaster). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [ChessMaster](https://vuldb.com/?actor.chessmaster). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.chessmaster](https://vuldb.com/?actor.chessmaster)
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

16
China Unknown/README.md
View File

@ -1,6 +1,6 @@
# China Unknown - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [China Unknown](https://vuldb.com/?actor.china_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [China Unknown](https://vuldb.com/?actor.china_unknown). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.china_unknown](https://vuldb.com/?actor.china_unknown)
@ -25,6 +25,16 @@ ID | IP address | Hostname | Confidence
1 | 34.92.228.216 | 216.228.92.34.bc.googleusercontent.com | Medium
2 | 158.247.208.230 | 158.247.208.230.vultr.com | Medium
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by China Unknown. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `index.php` | Medium
2 | File | `wp-includes/class-wp-query.php` | High
3 | Argument | `tid` | Low
## References
The following list contains external sources which discuss the actor and the associated activities:
@ -35,9 +45,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

25
Chthonic/README.md
View File

@ -1,6 +1,6 @@
# Chthonic - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Chthonic](https://vuldb.com/?actor.chthonic). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Chthonic](https://vuldb.com/?actor.chthonic). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.chthonic](https://vuldb.com/?actor.chthonic)
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* US
* ...
There are 3 more country items available. Please use our online service to access the data.
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -25,12 +25,9 @@ ID | IP address | Hostname | Confidence
2 | 51.254.83.231 | pob01.mulx.net | High
3 | 52.137.90.34 | - | High
4 | 52.185.71.28 | - | High
5 | 79.133.44.139 | - | High
6 | 82.197.164.46 | aquila.init7.net | High
7 | 85.199.214.98 | - | High
8 | ... | ... | ...
5 | ... | ... | ...
There are 14 more IOC items available. Please use our online service to access the data.
There are 17 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -55,15 +52,9 @@ ID | Type | Indicator | Confidence
2 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
3 | File | `AniGIF.ocx` | Medium
4 | File | `config.php` | Medium
5 | File | `data/gbconfiguration.dat` | High
6 | File | `ext/gd/libgd/gd_interpolation.c` | High
7 | File | `http_auth.c` | Medium
8 | File | `index.php` | Medium
9 | File | `install.php` | Medium
10 | File | `login.php` | Medium
11 | ... | ... | ...
5 | ... | ... | ...
There are 20 more IOA items available. Please use our online service to access the data.
There are 26 more IOA items available. Please use our online service to access the data.
## References
@ -76,9 +67,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

40
Cobalt Strike/README.md
View File

@ -1,6 +1,6 @@
# Cobalt Strike - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cobalt Strike](https://vuldb.com/?actor.cobalt_strike). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cobalt_strike](https://vuldb.com/?actor.cobalt_strike)
@ -8,12 +8,12 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Strike:
* CN
* US
* CN
* IT
* ...
There are 2 more country items available. Please use our online service to access the data.
There are 3 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -22,8 +22,8 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 23.108.57.108 | - | High
2 | 62.128.111.176 | polyminners.nl | High
3 | 82.118.21.221 | vds-805975.hosted-by-itldc.com | High
2 | 62.128.111.176 | - | High
3 | 82.118.21.221 | vds-887334.hosted-by-itldc.com | High
4 | ... | ... | ...
There are 5 more IOC items available. Please use our online service to access the data.
@ -44,19 +44,21 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/etc/tomcat8/Catalina/attack` | High
2 | File | `/notice-edit.php` | High
3 | File | `archive_read_support_format_rar5.c` | High
4 | File | `burl.c` | Low
5 | File | `CFM File Handler` | High
6 | File | `http_auth.c` | Medium
7 | File | `profile.php?cmd=download` | High
8 | File | `ViewLog.asp` | Medium
9 | Argument | `aid` | Low
10 | Argument | `display name/title name/content` | High
11 | ... | ... | ...
1 | File | `/admin/success_story.php` | High
2 | File | `/etc/tomcat8/Catalina/attack` | High
3 | File | `/movie-portal-script/movie.php` | High
4 | File | `/notice-edit.php` | High
5 | File | `/wp-content/plugins/updraftplus/admin.php` | High
6 | File | `admin/images.php` | High
7 | File | `admin/preview.php` | High
8 | File | `archive_read_support_format_rar5.c` | High
9 | File | `blanko.preview.php` | High
10 | File | `burl.c` | Low
11 | File | `CFM File Handler` | High
12 | File | `cgi-bin/awstats.pl` | High
13 | ... | ... | ...
There are 3 more IOA items available. Please use our online service to access the data.
There are 98 more IOA items available. Please use our online service to access the data.
## References
@ -72,9 +74,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

91
CoinMiner/README.md
View File

@ -1,6 +1,6 @@
# CoinMiner - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CoinMiner](https://vuldb.com/?actor.coinminer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CoinMiner](https://vuldb.com/?actor.coinminer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.coinminer](https://vuldb.com/?actor.coinminer)
@ -9,11 +9,11 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoinMiner:
* DE
* NL
* US
* ES
* ...
There are 9 more country items available. Please use our online service to access the data.
There are 3 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -32,17 +32,9 @@ ID | IP address | Hostname | Confidence
9 | 23.21.252.4 | ec2-23-21-252-4.compute-1.amazonaws.com | Medium
10 | 49.12.80.38 | static.38.80.12.49.clients.your-server.de | High
11 | 49.12.80.40 | static.40.80.12.49.clients.your-server.de | High
12 | 50.19.96.218 | ec2-50-19-96-218.compute-1.amazonaws.com | Medium
13 | 50.19.252.36 | ec2-50-19-252-36.compute-1.amazonaws.com | Medium
14 | 51.15.54.102 | 102-54-15-51.instances.scw.cloud | High
15 | 51.15.58.224 | 224-58-15-51.instances.scw.cloud | High
16 | 51.15.65.182 | 182-65-15-51.instances.scw.cloud | High
17 | 51.15.67.17 | 17-67-15-51.instances.scw.cloud | High
18 | 51.15.69.136 | 136-69-15-51.instances.scw.cloud | High
19 | 51.15.78.68 | 68-78-15-51.instances.scw.cloud | High
20 | ... | ... | ...
12 | ... | ... | ...
There are 38 more IOC items available. Please use our online service to access the data.
There are 46 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -50,14 +42,12 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1040 | Authentication Bypass by Capture-replay | High
2 | T1059.007 | Cross Site Scripting | High
3 | T1068 | Execution with Unnecessary Privileges | High
4 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
5 | T1211 | 7PK Security Features | High
6 | ... | ... | ...
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.
There are 6 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -65,19 +55,52 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%windir%\Internet Logs\` | High
2 | File | `.htaccess` | Medium
3 | File | `.imwheelrc` | Medium
4 | File | `.jpilot` | Low
5 | File | `.php` | Low
6 | File | `.plan` | Low
7 | File | `.tin` | Low
8 | File | `/?Key=PhoneRequestAuthorization` | High
9 | File | `/adfs/ls` | Medium
10 | File | `/api/users/admin/check` | High
11 | ... | ... | ...
1 | File | `.htaccess` | Medium
2 | File | `.jpilot` | Low
3 | File | `.plan` | Low
4 | File | `.tin` | Low
5 | File | `/aux` | Low
6 | File | `/coreframe/app/guestbook/myissue.php` | High
7 | File | `/data/nvram` | Medium
8 | File | `/icingaweb2/navigation/add` | High
9 | File | `/root/.keeper/` | High
10 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
11 | File | `/search-result/` | High
12 | File | `/usr/bin/sonia` | High
13 | File | `/var/log/nginx` | High
14 | File | `/var/spool/fax/outgoing/.last_run` | High
15 | File | `95.php` | Low
16 | File | `123flashchat.php` | High
17 | File | `action.php` | Medium
18 | File | `Active Browser Profile` | High
19 | File | `adb/adb_client.c` | High
20 | File | `addons/mod_media/body.php` | High
21 | File | `admin.php` | Medium
22 | File | `admin/profile_settings_net.html` | High
23 | File | `Administrator/add_pictures.php` | High
24 | File | `af_netlink.c` | Medium
25 | File | `aide.php3` | Medium
26 | File | `aim/icq` | Low
27 | File | `ajax.php` | Medium
28 | File | `akocomment.php` | High
29 | File | `album.php` | Medium
30 | File | `allmanageup.pl` | High
31 | File | `apache2/modsecurity.c` | High
32 | File | `ardeaCore/lib/core/ardeaInit.php` | High
33 | File | `arm/lithium-codegen-arm.cc` | High
34 | File | `attachment_send.php` | High
35 | File | `b2edit.showposts.php` | High
36 | File | `bar.phtml` | Medium
37 | File | `bios.php` | Medium
38 | File | `cadastro_usuario.php` | High
39 | File | `cartman.php` | Medium
40 | File | `cgi-bin/module/sysmanager/admin/SYSAdminUserDialog` | High
41 | File | `cgi-bin/NETGEAR_wpn824v3.cfg` | High
42 | File | `cgi/actions.py` | High
43 | File | `cgiproc` | Low
44 | ... | ... | ...
There are 760 more IOA items available. Please use our online service to access the data.
There are 376 more IOA items available. Please use our online service to access the data.
## References
@ -96,9 +119,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

109
CoinStomp/README.md Normal file
View File

@ -0,0 +1,109 @@
# CoinStomp - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CoinStomp](https://vuldb.com/?actor.coinstomp). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.coinstomp](https://vuldb.com/?actor.coinstomp)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CoinStomp:
* US
* RU
* CN
* ...
There are 1 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of CoinStomp.
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 106.53.115.114 | - | High
2 | 109.234.36.173 | host-109-234-36-173.hosted-by-vdsina.ru | High
3 | 205.185.113.151 | - | High
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by CoinStomp. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 6 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by CoinStomp. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/category_view.php` | High
2 | File | `/frontend/x3/cpanelpro/filelist-thumbs.html` | High
3 | File | `/fs/cifs/file.c` | High
4 | File | `/highlight/index.html` | High
5 | File | `/hotel.php` | Medium
6 | File | `/Login.do` | Medium
7 | File | `/var/etc/shadow` | High
8 | File | `/var/log/cgred` | High
9 | File | `/var/run/hostapd` | High
10 | File | `add.php` | Low
11 | File | `AddEvent.php` | Medium
12 | File | `addlisting.asp` | High
13 | File | `add_tmsp.php` | Medium
14 | File | `admin.php` | Medium
15 | File | `admin/handlers.php` | High
16 | File | `admin/help.php` | High
17 | File | `admin/modules/system/app_user.php` | High
18 | File | `admin/tools/trackback/index.php` | High
19 | File | `admin/users_edit.php` | High
20 | File | `administrators/backups/` | High
21 | File | `afmparse.c` | Medium
22 | File | `ajax.php` | Medium
23 | File | `answers.php` | Medium
24 | File | `apsetup.php` | Medium
25 | File | `arch/powerpc/kernel/process.c` | High
26 | File | `arch/x86/kvm/vmx.c` | High
27 | File | `ArchiveUtil.java` | High
28 | File | `bmp.c` | Low
29 | File | `browse.php` | Medium
30 | File | `buy.php` | Low
31 | File | `calendar.class.php` | High
32 | File | `calendar/submit/` | High
33 | File | `category.php` | Medium
34 | File | `cc_guestbook.pl` | High
35 | File | `centipaid_class.php` | High
36 | File | `channel.c` | Medium
37 | File | `chetcpasswd.cgi` | High
38 | File | `clastree.htm` | Medium
39 | File | `client-assist.php` | High
40 | File | `coders/dds.c` | Medium
41 | File | `coders/webp.c` | High
42 | File | `CollabNetApp.java` | High
43 | File | `collection.class.php` | High
44 | ... | ... | ...
There are 385 more IOA items available. Please use our online service to access the data.
## References
The following list contains external sources which discuss the actor and the associated activities:
* https://www.cadosecurity.com/coinstomp-malware-family-targets-asian-cloud-service-providers/
## Literature
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

49
Conti/README.md
View File

@ -1,6 +1,6 @@
# Conti - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Conti](https://vuldb.com/?actor.conti). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Conti](https://vuldb.com/?actor.conti). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.conti](https://vuldb.com/?actor.conti)
@ -53,19 +53,38 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/bin/bw` | Low
2 | File | `/etc/tomcat8/Catalina/attack` | High
3 | File | `/servlet/webacc` | High
4 | File | `/uncpath/` | Medium
5 | File | `abook_database.php` | High
6 | File | `add_comment.php` | High
7 | File | `admin/index.php/template/upload` | High
8 | File | `agent/Core/Controller/SendRequest.cpp` | High
9 | File | `AjaxResponse.jsp` | High
10 | File | `apl_42.c` | Medium
11 | ... | ... | ...
1 | File | `/admin/success_story.php` | High
2 | File | `/bin/bw` | Low
3 | File | `/etc/tomcat8/Catalina/attack` | High
4 | File | `/movie-portal-script/movie.php` | High
5 | File | `/servlet/webacc` | High
6 | File | `/uncpath/` | Medium
7 | File | `abook_database.php` | High
8 | File | `add_comment.php` | High
9 | File | `admin/images.php` | High
10 | File | `admin/index.php/template/upload` | High
11 | File | `admin/preview.php` | High
12 | File | `agent/Core/Controller/SendRequest.cpp` | High
13 | File | `AjaxResponse.jsp` | High
14 | File | `apl_42.c` | Medium
15 | File | `app/code/core/Mage/Rss/Helper/Order.php` | High
16 | File | `archive_read_support_format_rar5.c` | High
17 | File | `blanko.preview.php` | High
18 | File | `blueprints/sections/edit/1` | High
19 | File | `boardData103.php/boardDataJP.php/boardDataNA.php/boardDataWW.php` | High
20 | File | `cachemgr.cgi` | Medium
21 | File | `CFM File Handler` | High
22 | File | `cgi-bin/awstats.pl` | High
23 | File | `cgi-bin/webproc` | High
24 | File | `Change-password.php` | High
25 | File | `class.t3lib_formmail.php` | High
26 | File | `content/common/cursors/webcursor.cc` | High
27 | File | `content/content.systempreferences.php` | High
28 | File | `course/classes/management_renderer.php` | High
29 | File | `dapur/index.php` | High
30 | ... | ... | ...
There are 181 more IOA items available. Please use our online service to access the data.
There are 256 more IOA items available. Please use our online service to access the data.
## References
@ -79,9 +98,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

70
CopyKittens/README.md
View File

@ -1,6 +1,6 @@
# CopyKittens - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CopyKittens](https://vuldb.com/?actor.copykittens). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CopyKittens](https://vuldb.com/?actor.copykittens). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.copykittens](https://vuldb.com/?actor.copykittens)
@ -15,11 +15,11 @@ The following campaigns are known and can be associated with CopyKittens:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CopyKittens:
* PL
* DE
* FR
* ES
* ...
There are 12 more country items available. Please use our online service to access the data.
There are 5 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -29,13 +29,13 @@ ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 5.34.180.252 | vds-uuallex-113169.hosted-by-itldc.com | High
2 | 5.34.181.13 | backups231.com | High
3 | 31.192.105.16 | - | High
4 | 31.192.105.17 | wikileaks.org | High
3 | 31.192.105.16 | down-it-niscat.cosmeticdentistwellesley.com | High
4 | 31.192.105.17 | most.muatypecast.com | High
5 | 31.192.105.28 | - | High
6 | 38.130.75.20 | h20-us75.fcsrv.net | High
7 | 51.254.76.54 | - | High
8 | 62.109.2.52 | ns.leangroup.ru | High
9 | 62.109.2.109 | mediclick.ru | High
9 | 62.109.2.109 | l2pvp.life | High
10 | 66.55.152.164 | 66-55-152-164.choopa.net | High
11 | 68.232.180.122 | 68-232-180-122.choopa.net | High
12 | 80.179.42.37 | 80.179.42.37.forward.012.net.il | High
@ -44,12 +44,9 @@ ID | IP address | Hostname | Confidence
15 | 93.190.138.137 | 93-190-138-137.hosted-by-worldstream.net | High
16 | 104.200.128.48 | - | High
17 | 104.200.128.58 | - | High
18 | 104.200.128.64 | - | High
19 | 104.200.128.71 | - | High
20 | 104.200.128.126 | - | High
21 | ... | ... | ...
18 | ... | ... | ...
There are 64 more IOC items available. Please use our online service to access the data.
There are 67 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -60,11 +57,9 @@ ID | Technique | Description | Confidence
1 | T1040 | Authentication Bypass by Capture-replay | High
2 | T1059.007 | Cross Site Scripting | High
3 | T1068 | Execution with Unnecessary Privileges | High
4 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
5 | T1211 | 7PK Security Features | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 10 more TTP items available. Please use our online service to access the data.
There are 9 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -72,19 +67,36 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%LOCALAPPDATA%\Zemana\ZALSDK\MyRules2.ini` | High
2 | File | `.backup/` | Medium
3 | File | `.gemspec` | Medium
4 | File | `.mscreenrc` | Medium
5 | File | `.pref.xml` | Medium
6 | File | `/?ajax-request=jnews` | High
7 | File | `/?mobile=1` | Medium
8 | File | `/admin` | Low
9 | File | `/ADMIN.ASP` | Medium
10 | File | `/admin.php/Foodcat/editsave` | High
11 | ... | ... | ...
1 | File | `/about/../` | Medium
2 | File | `/admin/admin.php?module=admin_group_edit&agID` | High
3 | File | `/admin/comment.php` | High
4 | File | `/admin/configure.php` | High
5 | File | `/admin/index.php?lfj=member&action=editmember` | High
6 | File | `/admin/login.php` | High
7 | File | `/admin/media/upload` | High
8 | File | `/api/notify.php` | High
9 | File | `/auth/v1/sso/config/` | High
10 | File | `/EXCU_SHELL` | Medium
11 | File | `/forgetpassword.php` | High
12 | File | `/formAdvFirewall` | High
13 | File | `/function/booksave.php` | High
14 | File | `/home/user/dir` | High
15 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
16 | File | `/moddable/xs/sources/xsDataView.c` | High
17 | File | `abc2ps.c` | Medium
18 | File | `acknow.php` | Medium
19 | File | `adminlogin.php` | High
20 | File | `AdminUpdateController.class.php` | High
21 | File | `admin_home.php` | High
22 | File | `allocator.cc` | Medium
23 | File | `AndroidManifest.xml` | High
24 | File | `archeryscores.php` | High
25 | File | `archive_read_support_format_iso9660.c` | High
26 | File | `AscoServer.exe` | High
27 | File | `AudioOutputSpeech.cpp` | High
28 | ... | ... | ...
There are 2718 more IOA items available. Please use our online service to access the data.
There are 239 more IOA items available. Please use our online service to access the data.
## References
@ -99,9 +111,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

11
CosmicDuke/README.md
View File

@ -1,6 +1,6 @@
# CosmicDuke - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CosmicDuke](https://vuldb.com/?actor.cosmicduke). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CosmicDuke](https://vuldb.com/?actor.cosmicduke). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cosmicduke](https://vuldb.com/?actor.cosmicduke)
@ -24,10 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 46.246.120.178 | - | High
2 | 91.224.141.235 | - | High
3 | 94.242.199.88 | ip-static-94-242-199-88.server.lu | High
4 | 176.74.216.14 | cz10131-d1z1-kvm.host-telecom.com | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more IOC items available. Please use our online service to access the data.
There are 7 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -47,9 +46,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

14
Crashoverride/README.md
View File

@ -1,6 +1,6 @@
# Crashoverride - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Crashoverride](https://vuldb.com/?actor.crashoverride). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Crashoverride](https://vuldb.com/?actor.crashoverride). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.crashoverride](https://vuldb.com/?actor.crashoverride)
@ -18,7 +18,7 @@ ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 5.39.218.152 | - | High
2 | 93.115.27.57 | - | High
3 | 195.16.88.6 | server10005.hostlife.net | High
3 | 195.16.88.6 | server10005.defaulthost.net | High
## TTP - Tactics, Techniques, Procedures
@ -36,8 +36,10 @@ ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
2 | File | `/CMD_SELECT_USERS` | High
3 | Argument | `location` | Medium
4 | Input Value | `CMD_ALL_USER_SHOW'"><script>alert(/IrIsT.Ir/)</script>` | High
3 | File | `web/upload/UploadHandler.php` | High
4 | ... | ... | ...
There are 2 more IOA items available. Please use our online service to access the data.
## References
@ -49,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

13
Crimeware/README.md
View File

@ -1,6 +1,6 @@
# Crimeware - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Crimeware](https://vuldb.com/?actor.crimeware). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Crimeware](https://vuldb.com/?actor.crimeware). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.crimeware](https://vuldb.com/?actor.crimeware)
@ -52,10 +52,9 @@ ID | Type | Indicator | Confidence
1 | File | `admin_store_form` | High
2 | File | `cscopf.ocx` | Medium
3 | File | `fs/inode.c` | Medium
4 | File | `Util/PHP/eval-stdin.php` | High
5 | Argument | `cntnt01fbrp_forma_form_template` | High
6 | Argument | `Initialization` | High
7 | Input Value | `admin/password` | High
4 | ... | ... | ...
There are 4 more IOA items available. Please use our online service to access the data.
## References
@ -67,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

9
Cryptbot/README.md
View File

@ -13,12 +13,9 @@ ID | IP address | Hostname | Confidence
1 | 8.248.153.254 | - | High
2 | 8.248.163.254 | - | High
3 | 8.248.167.254 | - | High
4 | 8.249.223.254 | - | High
5 | 8.249.233.254 | - | High
6 | 8.253.45.239 | - | High
7 | ... | ... | ...
4 | ... | ... | ...
There are 10 more IOC items available. Please use our online service to access the data.
There are 13 more IOC items available. Please use our online service to access the data.
## References
@ -35,4 +32,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

27
CryptoPHP/README.md
View File

@ -1,6 +1,6 @@
# CryptoPHP - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [CryptoPHP](https://vuldb.com/?actor.cryptophp). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [CryptoPHP](https://vuldb.com/?actor.cryptophp). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.cryptophp](https://vuldb.com/?actor.cryptophp)
@ -30,15 +30,9 @@ ID | IP address | Hostname | Confidence
7 | 78.138.118.200 | - | High
8 | 78.138.118.201 | - | High
9 | 78.138.118.202 | - | High
10 | 78.138.118.203 | - | High
11 | 78.138.118.204 | - | High
12 | 78.138.118.205 | - | High
13 | 78.138.118.206 | - | High
14 | 78.138.118.207 | - | High
15 | 78.138.118.208 | - | High
16 | ... | ... | ...
10 | ... | ... | ...
There are 29 more IOC items available. Please use our online service to access the data.
There are 35 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -62,16 +56,9 @@ ID | Type | Indicator | Confidence
1 | File | `/mics/j_spring_security_check` | High
2 | File | `examples/openid.php` | High
3 | File | `FormDisplay.php` | High
4 | File | `includes/startup.php` | High
5 | File | `libraries/Header.php` | High
6 | File | `member.php` | Medium
7 | File | `shopping-cart.php` | High
8 | File | `wp-includes/class-wp-query.php` | High
9 | Argument | `cusid` | Low
10 | Argument | `j_username` | Medium
11 | ... | ... | ...
4 | ... | ... | ...
There are 5 more IOA items available. Please use our online service to access the data.
There are 12 more IOA items available. Please use our online service to access the data.
## References
@ -83,9 +70,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

17
DNSBirthday/README.md
View File

@ -1,6 +1,6 @@
# DNSBirthday - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DNSBirthday](https://vuldb.com/?actor.dnsbirthday). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DNSBirthday](https://vuldb.com/?actor.dnsbirthday). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dnsbirthday](https://vuldb.com/?actor.dnsbirthday)
@ -46,16 +46,9 @@ ID | Type | Indicator | Confidence
1 | File | `/forum/away.php` | High
2 | File | `/modules/profile/index.php` | High
3 | File | `data/gbconfiguration.dat` | High
4 | File | `email.php` | Medium
5 | File | `goto.php` | Medium
6 | File | `inc/config.php` | High
7 | File | `index.php` | Medium
8 | File | `rcube_plugin_api.php` | High
9 | File | `redir.php` | Medium
10 | File | `redirect.php` | Medium
11 | ... | ... | ...
4 | ... | ... | ...
There are 12 more IOA items available. Please use our online service to access the data.
There are 19 more IOA items available. Please use our online service to access the data.
## References
@ -67,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Dark Caracal/README.md
View File

@ -45,11 +45,11 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/apply.cgi` | Medium
2 | File | `apply.cgi` | Medium
3 | File | `data/gbconfiguration.dat` | High
2 | File | `/usr/bin/pkexec` | High
3 | File | `apply.cgi` | Medium
4 | ... | ... | ...
There are 22 more IOA items available. Please use our online service to access the data.
There are 23 more IOA items available. Please use our online service to access the data.
## References

2
Darkkomet/README.md
View File

@ -27,4 +27,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
DeputyDog/README.md
View File

@ -1,6 +1,6 @@
# DeputyDog - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DeputyDog](https://vuldb.com/?actor.deputydog). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DeputyDog](https://vuldb.com/?actor.deputydog). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.deputydog](https://vuldb.com/?actor.deputydog)
@ -33,9 +33,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

17
DetaRAT/README.md
View File

@ -1,6 +1,6 @@
# DetaRAT - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DetaRAT](https://vuldb.com/?actor.detarat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DetaRAT](https://vuldb.com/?actor.detarat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.detarat](https://vuldb.com/?actor.detarat)
@ -43,16 +43,9 @@ ID | Type | Indicator | Confidence
1 | File | `/wordpress/wp-admin/admin.php` | High
2 | File | `admin/index.php` | High
3 | File | `data/gbconfiguration.dat` | High
4 | File | `filter.php` | Medium
5 | File | `inc/config.php` | High
6 | File | `lib/krb5/asn.1/asn1_encode.c` | High
7 | File | `login.php` | Medium
8 | File | `mdeploy.php` | Medium
9 | File | `multipart/form-data` | High
10 | File | `news.php` | Medium
11 | ... | ... | ...
4 | ... | ... | ...
There are 16 more IOA items available. Please use our online service to access the data.
There are 23 more IOA items available. Please use our online service to access the data.
## References
@ -64,9 +57,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

8
DirCrypt/README.md
View File

@ -1,6 +1,6 @@
# DirCrypt - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DirCrypt](https://vuldb.com/?actor.dircrypt). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DirCrypt](https://vuldb.com/?actor.dircrypt). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dircrypt](https://vuldb.com/?actor.dircrypt)
@ -10,7 +10,7 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 164.155.216.36 | sk.s5.ans1.ns148.ztomy.com | High
1 | 164.155.216.36 | - | High
2 | 169.50.13.61 | 3d.0d.32a9.ip4.static.sl-reverse.com | High
## References
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
DragonOK/README.md
View File

@ -1,6 +1,6 @@
# DragonOK - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [DragonOK](https://vuldb.com/?actor.dragonok). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DragonOK](https://vuldb.com/?actor.dragonok). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dragonok](https://vuldb.com/?actor.dragonok)
@ -43,9 +43,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

37
Dukes/README.md
View File

@ -1,6 +1,6 @@
# Dukes - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dukes](https://vuldb.com/?actor.dukes). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dukes](https://vuldb.com/?actor.dukes). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dukes](https://vuldb.com/?actor.dukes)
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* ID
* ...
There are 6 more country items available. Please use our online service to access the data.
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -26,13 +26,9 @@ ID | IP address | Hostname | Confidence
3 | 50.7.192.146 | - | High
4 | 64.18.143.66 | - | High
5 | 66.29.115.55 | 647807.ds.nac.net | High
6 | 69.59.28.57 | - | High
7 | 82.146.47.163 | peter.kuveko.vps | High
8 | 82.146.51.22 | kassioun.com | High
9 | 83.149.74.73 | - | High
10 | ... | ... | ...
6 | ... | ... | ...
There are 18 more IOC items available. Please use our online service to access the data.
There are 22 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -53,19 +49,16 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/server-status` | High
2 | File | `adclick.php` | Medium
3 | File | `ashnews.php/ashheadlines.php` | High
4 | File | `cds-fpdf.php` | Medium
5 | File | `data/gbconfiguration.dat` | High
6 | File | `eepro100.c` | Medium
7 | File | `header.php` | Medium
8 | File | `iframe.php` | Medium
9 | File | `includes/search.php` | High
10 | File | `index.php` | Medium
11 | ... | ... | ...
1 | File | `/rest/project-templates/1.0/createshared` | High
2 | File | `/server-status` | High
3 | File | `act.php` | Low
4 | File | `adclick.php` | Medium
5 | File | `admin.php` | Medium
6 | File | `ashnews.php/ashheadlines.php` | High
7 | File | `bbcode.php` | Medium
8 | ... | ... | ...
There are 35 more IOA items available. Please use our online service to access the data.
There are 55 more IOA items available. Please use our online service to access the data.
## References
@ -78,9 +71,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

19
Dust Storm/README.md
View File

@ -1,6 +1,6 @@
# Dust Storm - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Dust Storm](https://vuldb.com/?actor.dust_storm). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dust Storm](https://vuldb.com/?actor.dust_storm). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.dust_storm](https://vuldb.com/?actor.dust_storm)
@ -30,14 +30,9 @@ ID | IP address | Hostname | Confidence
5 | 27.255.72.78 | - | High
6 | 59.120.59.2 | 59-120-59-2.hinet-ip.hinet.net | High
7 | 59.188.13.133 | - | High
8 | 59.188.13.137 | - | High
9 | 67.192.225.83 | - | High
10 | 98.129.119.156 | - | High
11 | 111.1.1.66 | - | High
12 | 111.67.199.213 | - | High
13 | ... | ... | ...
8 | ... | ... | ...
There are 22 more IOC items available. Please use our online service to access the data.
There are 27 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -57,7 +52,9 @@ ID | Type | Indicator | Confidence
1 | File | `clonos.php` | Medium
2 | File | `ildap.exe` | Medium
3 | File | `prod.php` | Medium
4 | Argument | `cat` | Low
4 | ... | ... | ...
There are 1 more IOA items available. Please use our online service to access the data.
## References
@ -69,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

12
Emissary/README.md
View File

@ -1,6 +1,6 @@
# Emissary - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Emissary](https://vuldb.com/?actor.emissary). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Emissary](https://vuldb.com/?actor.emissary). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.emissary](https://vuldb.com/?actor.emissary)
@ -20,11 +20,9 @@ ID | IP address | Hostname | Confidence
1 | 101.55.33.92 | - | High
2 | 101.55.33.95 | - | High
3 | 101.55.121.79 | - | High
4 | 103.243.24.179 | - | High
5 | 118.193.221.233 | - | High
6 | ... | ... | ...
4 | ... | ... | ...
There are 10 more IOC items available. Please use our online service to access the data.
There are 12 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -53,9 +51,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

284
Emotet/README.md
View File

@ -9,11 +9,11 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Emotet:
* VN
* US
* CN
* US
* ...
There are 7 more country items available. Please use our online service to access the data.
There are 2 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -30,105 +30,148 @@ ID | IP address | Hostname | Confidence
7 | 5.2.136.90 | static-5-2-136-90.rdsnet.ro | High
8 | 5.2.182.7 | static-5-2-182-7.rdsnet.ro | High
9 | 5.2.212.254 | static-5-2-212-254.rdsnet.ro | High
10 | 5.12.246.155 | 5-12-246-155.residential.rdsnet.ro | High
11 | 5.39.91.110 | ns3278366.ip-5-39-91.eu | High
12 | 5.79.70.250 | - | High
13 | 5.89.33.136 | net-5-89-33-136.cust.vodafonedsl.it | High
14 | 5.196.35.138 | vps10.open-techno.net | High
15 | 5.230.193.41 | casagarcia-web.sys.netzfabrik.eu | High
16 | 8.4.9.137 | onlinehorizons.net | High
17 | 12.32.68.154 | mail.sealscoinc.com | High
18 | 12.149.72.170 | - | High
19 | 12.162.84.2 | - | High
20 | 12.163.208.58 | - | High
21 | 12.182.146.226 | - | High
22 | 12.184.217.101 | - | High
23 | 23.6.65.194 | a23-6-65-194.deploy.static.akamaitechnologies.com | High
24 | 23.36.85.183 | a23-36-85-183.deploy.static.akamaitechnologies.com | High
25 | 23.199.63.11 | a23-199-63-11.deploy.static.akamaitechnologies.com | High
26 | 23.199.71.185 | a23-199-71-185.deploy.static.akamaitechnologies.com | High
27 | 23.239.2.11 | li683-11.members.linode.com | High
28 | 24.43.99.75 | rrcs-24-43-99-75.west.biz.rr.com | High
29 | 24.101.229.82 | dynamic-acs-24-101-229-82.zoominternet.net | High
30 | 24.119.116.230 | 24-119-116-230.cpe.sparklight.net | High
31 | 24.121.176.48 | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | High
32 | 24.137.76.62 | host-24-137-76-62.public.eastlink.ca | High
33 | 24.178.90.49 | 024-178-090-049.res.spectrum.com | High
34 | 24.179.13.119 | 024-179-013-119.res.spectrum.com | High
35 | 24.217.117.217 | 024-217-117-217.res.spectrum.com | High
36 | 24.232.228.233 | OL233-228.fibertel.com.ar | High
37 | 24.244.177.40 | - | High
38 | 27.78.27.110 | localhost | High
39 | 27.82.13.10 | KD027082013010.ppp-bb.dion.ne.jp | High
40 | 27.109.24.214 | - | High
41 | 27.114.9.93 | i27-114-9-93.s41.a011.ap.plala.or.jp | High
42 | 36.91.44.183 | - | High
43 | 37.46.129.215 | we-too.ru | High
44 | 37.97.135.82 | 37-97-135-82.colo.transip.net | High
45 | 37.139.21.175 | 37.139.21.175-e2-8080-keep-up | High
46 | 37.179.204.33 | - | High
47 | 37.187.4.178 | ks2.kku.io | High
48 | 37.187.57.57 | ns3357940.ovh.net | High
49 | 37.187.72.193 | ns3362285.ip-37-187-72.eu | High
50 | 37.187.161.206 | toolbox.alabs.io | High
51 | 37.205.9.252 | s1.ithelp24.eu | High
52 | 37.221.70.250 | b2b-customer.inftele.net | High
53 | 41.169.36.237 | - | High
54 | 41.185.28.84 | brf01-nix01.wadns.net | High
55 | 41.185.29.128 | abp79-nix01.wadns.net | High
56 | 41.231.225.139 | - | High
57 | 42.62.40.103 | - | High
58 | 45.16.226.117 | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | High
59 | 45.33.77.42 | li1023-42.members.linode.com | High
60 | 45.46.37.97 | cpe-45-46-37-97.maine.res.rr.com | High
61 | 45.55.36.51 | - | High
62 | 45.55.219.163 | - | High
63 | 45.79.95.107 | li1194-107.members.linode.com | High
64 | 45.230.45.171 | - | High
65 | 46.4.100.178 | support.wizard-shopservice.de | High
66 | 46.4.192.185 | static.185.192.4.46.clients.your-server.de | High
67 | 46.28.111.142 | enkindu.jsuchy.net | High
68 | 46.32.229.152 | 094882.vps-10.com | High
69 | 46.32.233.226 | yetitoolusa.com | High
70 | 46.38.238.8 | v2202109122001163131.happysrv.de | High
71 | 46.43.2.95 | chris.default.cjenkinson.uk0.bigv.io | High
72 | 46.101.58.37 | 46.101.58.37-e1-8080 | High
73 | 46.105.81.76 | myu0.cylipo.sbs | High
74 | 46.105.114.137 | ns3188253.ip-46-105-114.eu | High
75 | 46.105.131.68 | http.adven.fr | High
76 | 46.105.131.79 | relay.adven.fr | High
77 | 46.105.131.87 | pop.adven.fr | High
78 | 46.165.254.206 | - | High
79 | 47.36.140.164 | 047-036-140-164.res.spectrum.com | High
80 | 47.146.39.147 | - | High
81 | 47.188.131.94 | - | High
82 | 49.12.121.47 | filezilla-project.org | High
83 | 49.50.209.131 | 131.host-49-50-209.euba.megatel.co.nz | High
84 | 49.212.135.76 | os3-321-50322.vs.sakura.ne.jp | High
85 | 49.212.155.94 | os3-325-52340.vs.sakura.ne.jp | High
86 | 50.28.51.143 | - | High
87 | 50.31.146.101 | mail.brillinjurylaw.com | High
88 | 50.91.114.38 | 050-091-114-038.res.spectrum.com | High
89 | 50.116.78.109 | intersearchmedia.com | High
90 | 50.245.107.73 | 50-245-107-73-static.hfc.comcastbusiness.net | High
91 | 51.15.7.145 | 51-15-7-145.rev.poneytelecom.eu | High
92 | 51.75.33.127 | ip127.ip-51-75-33.eu | High
93 | 51.89.36.180 | ip180.ip-51-89-36.eu | High
94 | 51.89.199.141 | ip141.ip-51-89-199.eu | High
95 | 51.255.165.160 | 160.ip-51-255-165.eu | High
96 | 54.38.143.245 | tools.inovato.me | High
97 | 58.27.215.3 | 58-27-215-3.wateen.net | High
98 | 58.94.58.13 | i58-94-58-13.s41.a014.ap.plala.or.jp | High
99 | 59.148.253.194 | 059148253194.ctinets.com | High
100 | 60.93.23.51 | softbank060093023051.bbtec.net | High
101 | 60.108.128.186 | softbank060108128186.bbtec.net | High
102 | 60.125.114.64 | softbank060125114064.bbtec.net | High
103 | 60.249.78.226 | 60-249-78-226.hinet-ip.hinet.net | High
104 | 61.19.246.238 | - | High
105 | 62.30.7.67 | 67.7-30-62.static.virginmediabusiness.co.uk | High
106 | ... | ... | ...
10 | 5.9.189.24 | static.24.189.9.5.clients.your-server.de | High
11 | 5.12.246.155 | 5-12-246-155.residential.rdsnet.ro | High
12 | 5.35.249.46 | rs250366.rs.hosteurope.de | High
13 | 5.39.91.110 | ns3278366.ip-5-39-91.eu | High
14 | 5.79.70.250 | - | High
15 | 5.89.33.136 | net-5-89-33-136.cust.vodafonedsl.it | High
16 | 5.159.57.195 | www-riedle.transfermarkt.de | High
17 | 5.196.35.138 | vps10.open-techno.net | High
18 | 5.230.193.41 | casagarcia-web.sys.netzfabrik.eu | High
19 | 8.4.9.137 | onlinehorizons.net | High
20 | 8.247.6.134 | - | High
21 | 12.32.68.154 | mail.sealscoinc.com | High
22 | 12.149.72.170 | - | High
23 | 12.162.84.2 | - | High
24 | 12.163.208.58 | - | High
25 | 12.182.146.226 | - | High
26 | 12.184.217.101 | - | High
27 | 23.6.65.194 | a23-6-65-194.deploy.static.akamaitechnologies.com | High
28 | 23.36.85.183 | a23-36-85-183.deploy.static.akamaitechnologies.com | High
29 | 23.199.63.11 | a23-199-63-11.deploy.static.akamaitechnologies.com | High
30 | 23.199.71.185 | a23-199-71-185.deploy.static.akamaitechnologies.com | High
31 | 23.239.2.11 | li683-11.members.linode.com | High
32 | 24.43.99.75 | rrcs-24-43-99-75.west.biz.rr.com | High
33 | 24.101.229.82 | dynamic-acs-24-101-229-82.zoominternet.net | High
34 | 24.119.116.230 | 24-119-116-230.cpe.sparklight.net | High
35 | 24.121.176.48 | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | High
36 | 24.137.76.62 | host-24-137-76-62.public.eastlink.ca | High
37 | 24.178.90.49 | 024-178-090-049.res.spectrum.com | High
38 | 24.179.13.119 | 024-179-013-119.res.spectrum.com | High
39 | 24.217.117.217 | 024-217-117-217.res.spectrum.com | High
40 | 24.232.228.233 | OL233-228.fibertel.com.ar | High
41 | 24.244.177.40 | - | High
42 | 27.78.27.110 | localhost | High
43 | 27.82.13.10 | KD027082013010.ppp-bb.dion.ne.jp | High
44 | 27.109.24.214 | - | High
45 | 27.114.9.93 | i27-114-9-93.s41.a011.ap.plala.or.jp | High
46 | 36.91.44.183 | - | High
47 | 37.46.129.215 | we-too.ru | High
48 | 37.97.135.82 | 37-97-135-82.colo.transip.net | High
49 | 37.139.21.175 | 37.139.21.175-e2-8080-keep-up | High
50 | 37.179.204.33 | - | High
51 | 37.187.4.178 | ks2.kku.io | High
52 | 37.187.57.57 | ns3357940.ovh.net | High
53 | 37.187.72.193 | ns3362285.ip-37-187-72.eu | High
54 | 37.187.161.206 | toolbox.alabs.io | High
55 | 37.205.9.252 | s1.ithelp24.eu | High
56 | 37.221.70.250 | b2b-customer.inftele.net | High
57 | 41.76.108.46 | - | High
58 | 41.169.36.237 | - | High
59 | 41.185.28.84 | brf01-nix01.wadns.net | High
60 | 41.185.29.128 | exchange.imali-group.co.za | High
61 | 41.231.225.139 | - | High
62 | 42.62.40.103 | - | High
63 | 45.16.226.117 | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | High
64 | 45.33.77.42 | li1023-42.members.linode.com | High
65 | 45.46.37.97 | cpe-45-46-37-97.maine.res.rr.com | High
66 | 45.55.36.51 | - | High
67 | 45.55.219.163 | - | High
68 | 45.79.95.107 | li1194-107.members.linode.com | High
69 | 45.80.148.200 | - | High
70 | 45.118.135.203 | 45-118-135-203.ip.linodeusercontent.com | High
71 | 45.142.114.231 | mail.dounutmail.de | High
72 | 45.230.45.171 | - | High
73 | 46.4.100.178 | support.wizard-shopservice.de | High
74 | 46.4.192.185 | static.185.192.4.46.clients.your-server.de | High
75 | 46.28.111.142 | enkindu.jsuchy.net | High
76 | 46.32.229.152 | 094882.vps-10.com | High
77 | 46.32.233.226 | yetitoolusa.com | High
78 | 46.38.238.8 | v2202109122001163131.happysrv.de | High
79 | 46.43.2.95 | chris.default.cjenkinson.uk0.bigv.io | High
80 | 46.101.58.37 | 46.101.58.37-e1-8080 | High
81 | 46.105.81.76 | myu0.cylipo.sbs | High
82 | 46.105.114.137 | ns3188253.ip-46-105-114.eu | High
83 | 46.105.131.68 | http.adven.fr | High
84 | 46.105.131.79 | relay.adven.fr | High
85 | 46.105.131.87 | pop.adven.fr | High
86 | 46.105.236.18 | - | High
87 | 46.165.254.206 | - | High
88 | 46.214.107.142 | 46-214-107-142.next-gen.ro | High
89 | 47.36.140.164 | 047-036-140-164.res.spectrum.com | High
90 | 47.146.39.147 | - | High
91 | 47.188.131.94 | - | High
92 | 49.12.121.47 | filezilla-project.org | High
93 | 49.50.209.131 | 131.host-49-50-209.euba.megatel.co.nz | High
94 | 49.212.135.76 | os3-321-50322.vs.sakura.ne.jp | High
95 | 49.212.155.94 | os3-325-52340.vs.sakura.ne.jp | High
96 | 50.28.51.143 | - | High
97 | 50.31.146.101 | mail.brillinjurylaw.com | High
98 | 50.56.135.44 | - | High
99 | 50.91.114.38 | 050-091-114-038.res.spectrum.com | High
100 | 50.116.78.109 | intersearchmedia.com | High
101 | 50.245.107.73 | 50-245-107-73-static.hfc.comcastbusiness.net | High
102 | 51.15.7.145 | 51-15-7-145.rev.poneytelecom.eu | High
103 | 51.75.33.127 | ip127.ip-51-75-33.eu | High
104 | 51.89.36.180 | ip180.ip-51-89-36.eu | High
105 | 51.89.199.141 | ip141.ip-51-89-199.eu | High
106 | 51.255.165.160 | 160.ip-51-255-165.eu | High
107 | 54.38.143.245 | tools.inovato.me | High
108 | 58.27.215.3 | 58-27-215-3.wateen.net | High
109 | 58.94.58.13 | i58-94-58-13.s41.a014.ap.plala.or.jp | High
110 | 58.227.42.236 | - | High
111 | 59.148.253.194 | 059148253194.ctinets.com | High
112 | 60.93.23.51 | softbank060093023051.bbtec.net | High
113 | 60.108.128.186 | softbank060108128186.bbtec.net | High
114 | 60.125.114.64 | softbank060125114064.bbtec.net | High
115 | 60.249.78.226 | 60-249-78-226.hinet-ip.hinet.net | High
116 | 61.19.246.238 | - | High
117 | 62.30.7.67 | 67.7-30-62.static.virginmediabusiness.co.uk | High
118 | 62.75.141.82 | static-ip-62-75-141-82.inaddr.ip-pool.com | High
119 | 62.84.75.50 | mail.saadegrp.com.lb | High
120 | 62.171.142.179 | vmi499457.contaboserver.net | High
121 | 62.212.34.102 | - | High
122 | 64.207.182.168 | - | High
123 | 66.54.51.172 | - | High
124 | 66.76.26.33 | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | High
125 | 66.228.61.248 | li318-248.members.linode.com | High
126 | 67.19.105.107 | ns2.datatrust.com.br | High
127 | 67.170.250.203 | c-67-170-250-203.hsd1.ca.comcast.net | High
128 | 68.2.97.91 | ip68-2-97-91.ph.ph.cox.net | High
129 | 68.183.170.114 | 68.183.170.114-e1-8080-keep-up | High
130 | 68.183.190.199 | 68.183.190.199-e1-8080-keep-up | High
131 | 69.17.170.58 | unallocated-static.rogers.com | High
132 | 69.43.168.200 | ns0.imunplugged.com | High
133 | 69.45.19.251 | coastinet.com | High
134 | 69.167.152.111 | - | High
135 | 70.32.84.74 | - | High
136 | 70.32.89.105 | parties-at-sea.com | High
137 | 70.32.92.133 | popdesigngroup.com | High
138 | 70.32.115.157 | harpotripofalifetime.com | High
139 | 70.168.7.6 | wsip-70-168-7-6.ri.ri.cox.net | High
140 | 70.182.77.184 | wsip-70-182-77-184.ok.ok.cox.net | High
141 | 70.184.125.132 | wsip-70-184-125-132.ph.ph.cox.net | High
142 | 71.15.245.148 | 071-015-245-148.res.spectrum.com | High
143 | 71.197.211.156 | c-71-197-211-156.hsd1.wa.comcast.net | High
144 | 71.244.60.231 | static-71-244-60-231.dllstx.fios.frontiernet.net | High
145 | 72.10.49.117 | rtw7-rfpn.accessdomain.com | High
146 | 72.18.204.17 | lasvegas-nv-datacenter.com | High
147 | 72.45.212.62 | nyinstituteofmassage.com | High
148 | 72.186.136.247 | 072-186-136-247.biz.spectrum.com | High
149 | ... | ... | ...
There are 419 more IOC items available. Please use our online service to access the data.
There are 594 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -141,7 +184,7 @@ ID | Technique | Description | Confidence
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.
There are 2 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -149,28 +192,23 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/?ajax-request=jnews` | High
2 | File | `/ajax_crud` | Medium
3 | File | `/appliance/users?action=edit` | High
4 | File | `/assets/ctx` | Medium
5 | File | `/core/table/query` | High
6 | File | `/dev/ion` | Medium
7 | File | `/ecma/operations/ecma-objects.c` | High
8 | File | `/forum/away.php` | High
9 | File | `/GetCopiedFile` | High
10 | File | `/goform/activate_process` | High
11 | File | `/hdf5/src/H5T.c` | High
12 | File | `/include/chart_generator.php` | High
13 | File | `/jerry-core/ecma/base/ecma-gc.c` | High
14 | File | `/jerry-core/ecma/base/ecma-helpers-conversion.c` | High
15 | File | `/jerry-core/ecma/base/ecma-lcache.c` | High
16 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
17 | File | `/jerry-core/vm/vm.c` | High
18 | File | `/ms/mdiy/model/importJson.do` | High
19 | File | `/ms/template/writeFileContent.do` | High
20 | ... | ... | ...
1 | File | `/admin/admin_manage/delete` | High
2 | File | `/admin/configure.php` | High
3 | File | `/administrator/components/table_manager/` | High
4 | File | `/application/common.php#action_log` | High
5 | File | `/cgi-bin/luci` | High
6 | File | `/Hospital-Management-System-master/func.php` | High
7 | File | `/rest/api/1.0/render` | High
8 | File | `/usr/bin/pkexec` | High
9 | File | `/yzmcms/comment/index/init.html` | High
10 | File | `admin/posts.php?source=add_post` | High
11 | File | `admin/users.php?source=add_user` | High
12 | File | `cgiserver.cgi` | High
13 | File | `Controller.php` | High
14 | File | `cszcms/controllers/Member.php#viewUser` | High
15 | ... | ... | ...
There are 167 more IOA items available. Please use our online service to access the data.
There are 123 more IOA items available. Please use our online service to access the data.
## References
@ -185,7 +223,9 @@ The following list contains external sources which discuss the actor and the ass
* https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
* https://blog.talosintelligence.com/2021/10/threat-roundup-1022-1029.html
* https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
* https://community.blueliv.com/#!/s/5fb2ee2482df413eaf344b29
* https://ddanchev.blogspot.com/2022/01/profiling-emotet-botnet-c.html
* https://pastebin.com/uPn1zM6b
* https://unit42.paloaltonetworks.com/emotet-command-and-control/
* https://www.trendmicro.com/en_us/research/22/a/emotet-spam-abuses-unconventional-ip-address-formats-spread-malware.html

6
EpicenterRAT/README.md
View File

@ -1,6 +1,6 @@
# EpicenterRAT - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [EpicenterRAT](https://vuldb.com/?actor.epicenterrat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [EpicenterRAT](https://vuldb.com/?actor.epicenterrat). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.epicenterrat](https://vuldb.com/?actor.epicenterrat)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

28
Equation/README.md
View File

@ -1,6 +1,6 @@
# Equation - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Equation](https://vuldb.com/?actor.equation). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Equation](https://vuldb.com/?actor.equation). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.equation](https://vuldb.com/?actor.equation)
@ -33,13 +33,9 @@ ID | IP address | Hostname | Confidence
4 | 80.77.4.3 | - | High
5 | 81.31.34.175 | 81-31-34-175.static.masterinter.net | High
6 | 81.31.36.174 | vl504.sl509s.r1-3.dc1.4d.prg.masterinter.net | High
7 | 81.31.38.163 | 81-31-38-163.static.masterinter.net | High
8 | 81.31.38.166 | 81-31-38-166.static.masterinter.net | High
9 | 84.233.205.99 | - | High
10 | 85.112.1.83 | - | High
11 | ... | ... | ...
7 | ... | ... | ...
There are 20 more IOC items available. Please use our online service to access the data.
There are 24 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -50,6 +46,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1211 | 7PK Security Features | High
4 | ... | ... | ...
There are 1 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -60,16 +59,9 @@ ID | Type | Indicator | Confidence
1 | File | `/exec/` | Low
2 | File | `/wlanAccess.asp` | High
3 | File | `GetRules.asp` | Medium
4 | File | `kaiseki.cgi` | Medium
5 | File | `phpinfo.php` | Medium
6 | File | `rpc.statd` | Medium
7 | Library | `DNSAPI.dll` | Medium
8 | Library | `isusweb.dll` | Medium
9 | Argument | `Connected Clients` | High
10 | Network Port | `Ports 137-139` | High
11 | ... | ... | ...
4 | ... | ... | ...
There are 2 more IOA items available. Please use our online service to access the data.
There are 9 more IOA items available. Please use our online service to access the data.
## References
@ -82,9 +74,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
EquationDrug/README.md
View File

@ -1,6 +1,6 @@
# EquationDrug - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [EquationDrug](https://vuldb.com/?actor.equationdrug). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [EquationDrug](https://vuldb.com/?actor.equationdrug). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.equationdrug](https://vuldb.com/?actor.equationdrug)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

17
Evilnum/README.md
View File

@ -1,6 +1,6 @@
# Evilnum - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Evilnum](https://vuldb.com/?actor.evilnum). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Evilnum](https://vuldb.com/?actor.evilnum). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.evilnum](https://vuldb.com/?actor.evilnum)
@ -39,16 +39,9 @@ ID | Type | Indicator | Confidence
1 | File | `books.php` | Medium
2 | File | `Forms/MAI/list.asp` | High
3 | File | `inc/config.php` | High
4 | File | `item_show.php` | High
5 | File | `password.shtml` | High
6 | File | `products.php` | Medium
7 | File | `product_details.php` | High
8 | File | `smart.cgi` | Medium
9 | Argument | `basePath` | Medium
10 | Argument | `bookid` | Low
11 | ... | ... | ...
4 | ... | ... | ...
There are 4 more IOA items available. Please use our online service to access the data.
There are 11 more IOA items available. Please use our online service to access the data.
## References
@ -60,9 +53,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

85
FIN6/README.md
View File

@ -1,6 +1,6 @@
# FIN6 - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [FIN6](https://vuldb.com/?actor.fin6). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FIN6](https://vuldb.com/?actor.fin6). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.fin6](https://vuldb.com/?actor.fin6)
@ -19,7 +19,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* ES
* ...
There are 13 more country items available. Please use our online service to access the data.
There are 12 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -39,17 +39,9 @@ ID | IP address | Hostname | Confidence
10 | 89.105.194.236 | - | High
11 | 91.208.184.174 | sell.mybeststore.club | High
12 | 91.218.114.4 | - | High
13 | 91.218.114.31 | - | High
14 | 91.218.114.32 | - | High
15 | 91.218.114.37 | - | High
16 | 91.218.114.38 | - | High
17 | 91.218.114.77 | - | High
18 | 91.218.114.79 | - | High
19 | 92.63.8.47 | 92-63-8-47.netonline.net | High
20 | 92.63.11.151 | 92-63-11-151.netonline.net | High
21 | ... | ... | ...
13 | ... | ... | ...
There are 40 more IOC items available. Please use our online service to access the data.
There are 48 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -70,19 +62,60 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `-X/path/to/wwwroot/file.php.` | High
2 | File | `/?module=metadata&section=cpanel&page=list_filetypes` | High
3 | File | `/accountancy/admin/accountmodel.php` | High
4 | File | `/adm/syscmd.asp` | High
5 | File | `/admin/setup` | Medium
6 | File | `/advance_push/public/login` | High
7 | File | `/ajax-files/postComment.php` | High
8 | File | `/anony/mjpg.cgi` | High
9 | File | `/api/hosts` | Medium
10 | File | `/Applications/PrivateVPN.app/Contents/Resources` | High
11 | ... | ... | ...
1 | File | `/accountancy/admin/accountmodel.php` | High
2 | File | `/admin/setup` | Medium
3 | File | `/advance_push/public/login` | High
4 | File | `/ajax-files/postComment.php` | High
5 | File | `/anony/mjpg.cgi` | High
6 | File | `/bin/sh` | Low
7 | File | `/catalog` | Medium
8 | File | `/cgi-bin/ExportSettings.sh` | High
9 | File | `/cgi-bin/login_action.cgi` | High
10 | File | `/cgi-bin/webproc` | High
11 | File | `/checkLogin.cgi` | High
12 | File | `/classes/profile.class.php` | High
13 | File | `/common/run_report.php` | High
14 | File | `/data/inc/images.php` | High
15 | File | `/data/syslog.filter.json` | High
16 | File | `/data/wps.setup.json` | High
17 | File | `/docs/captcha_(number).jpeg` | High
18 | File | `/etc/config/rpcd` | High
19 | File | `/etc/hosts` | Medium
20 | File | `/forum/` | Low
21 | File | `/goform/net\_Web\_get_value` | High
22 | File | `/index.php` | Medium
23 | File | `/index.php/weblinks-categories` | High
24 | File | `/j_security_check` | High
25 | File | `/login.html` | Medium
26 | File | `/menu.html` | Medium
27 | File | `/mics/j_spring_security_check` | High
28 | File | `/mnt/sdcard/$PRO_NAME/upgrade.sh` | High
29 | File | `/mnt/skyeye/mode_switch.sh` | High
30 | File | `/mybb_1806/Upload/admin/index.php` | High
31 | File | `/oauth/token` | Medium
32 | File | `/romfile.cfg` | Medium
33 | File | `/scp/directory.php` | High
34 | File | `/setSystemAdmin` | High
35 | File | `/system/WCore/WHelper.php` | High
36 | File | `/tmp/connlicj.bin` | High
37 | File | `/uncpath/` | Medium
38 | File | `/upload` | Low
39 | File | `/userfs/bin/tcapi` | High
40 | File | `/var/www/xms/application/config/config.php` | High
41 | File | `/var/www/xms/application/controllers/gatherLogs.php` | High
42 | File | `/var/www/xms/application/controllers/verifyLogin.php` | High
43 | File | `/var/www/xms/cleanzip.sh` | High
44 | File | `/vendor/phpdocumentor/reflection-docblock/tests/phpDocumentor/Reflection/DocBlock/Tag/LinkTagTeet.php` | High
45 | File | `/websocket/exec` | High
46 | File | `/workspaceCleanup` | High
47 | File | `/wp-admin/admin-ajax.php?action=get_wdtable&table_id=1` | High
48 | File | `account/gallery.php` | High
49 | File | `add_edit_cat.asp` | High
50 | File | `admin.htm` | Medium
51 | File | `admin.php` | Medium
52 | ... | ... | ...
There are 1061 more IOA items available. Please use our online service to access the data.
There are 450 more IOA items available. Please use our online service to access the data.
## References
@ -97,9 +130,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

73
FIN7/README.md
View File

@ -16,6 +16,11 @@ The following campaigns are known and can be associated with FIN7:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FIN7:
* US
* CN
* FR
* ...
There are 29 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -70,6 +75,74 @@ ID | IP address | Hostname | Confidence
There are 172 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by FIN7. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by FIN7. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/?module=users&section=cpanel&page=list` | High
3 | File | `/concat?/%2557EB-INF/web.xml` | High
4 | File | `/context/%2e/WEB-INF/web.xml` | High
5 | File | `/get_getnetworkconf.cgi` | High
6 | File | `/HNAP1` | Low
7 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
8 | File | `/monitoring` | Medium
9 | File | `/new` | Low
10 | File | `/osm/REGISTER.cmd` | High
11 | File | `/proc/<pid>/status` | High
12 | File | `/public/plugins/` | High
13 | File | `/replication` | Medium
14 | File | `/secure/QueryComponent!Default.jspa` | High
15 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
16 | File | `/tmp` | Low
17 | File | `/type.php` | Medium
18 | File | `/uncpath/` | Medium
19 | File | `/usr/bin/pkexec` | High
20 | File | `/wp-json/wc/v3/webhooks` | High
21 | File | `4.2.0.CP09` | Medium
22 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
23 | File | `actions/CompanyDetailsSave.php` | High
24 | File | `ActiveServices.java` | High
25 | File | `admin.color.php` | High
26 | File | `admin.cropcanvas.php` | High
27 | File | `admin.joomlaradiov5.php` | High
28 | File | `admin.php` | Medium
29 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
30 | File | `admin/add-glossary.php` | High
31 | File | `admin/conf_users_edit.php` | High
32 | File | `admin/edit-comments.php` | High
33 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
34 | File | `admin/write-post.php` | High
35 | File | `administrator/components/com_media/helpers/media.php` | High
36 | File | `admin_events.php` | High
37 | File | `AjaxApplication.java` | High
38 | File | `akocomments.php` | High
39 | File | `allopass-error.php` | High
40 | File | `AllowBindAppWidgetActivity.java` | High
41 | File | `AndroidManifest.xml` | High
42 | File | `AnnotateActivity.java` | High
43 | File | `announcement.php` | High
44 | File | `api/settings/values` | High
45 | File | `apply.cgi` | Medium
46 | ... | ... | ...
There are 400 more IOA items available. Please use our online service to access the data.
## References
The following list contains external sources which discuss the actor and the associated activities:

22
FakeAlert/README.md
View File

@ -1,6 +1,6 @@
# FakeAlert - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [FakeAlert](https://vuldb.com/?actor.fakealert). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FakeAlert](https://vuldb.com/?actor.fakealert). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.fakealert](https://vuldb.com/?actor.fakealert)
@ -24,11 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 3.8.23.195 | ec2-3-8-23-195.eu-west-2.compute.amazonaws.com | Medium
2 | 3.8.191.167 | ec2-3-8-191-167.eu-west-2.compute.amazonaws.com | Medium
3 | 18.130.240.77 | ec2-18-130-240-77.eu-west-2.compute.amazonaws.com | Medium
4 | 47.135.30.181 | 047-135-030-181.res.spectrum.com | High
5 | 78.141.234.87 | 78.141.234.87.vultr.com | Medium
6 | ... | ... | ...
4 | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
There are 10 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -50,15 +48,9 @@ ID | Type | Indicator | Confidence
2 | File | `books.php` | Medium
3 | File | `coders/tiff.c` | High
4 | File | `content.php` | Medium
5 | File | `detail.php` | Medium
6 | File | `DjVmDir.cpp` | Medium
7 | File | `ItemReview.php` | High
8 | File | `items.queries.php` | High
9 | File | `item_show.php` | High
10 | File | `LockTaskController.java` | High
11 | ... | ... | ...
5 | ... | ... | ...
There are 23 more IOA items available. Please use our online service to access the data.
There are 29 more IOA items available. Please use our online service to access the data.
## References
@ -70,9 +62,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

30
Farseer/README.md
View File

@ -1,6 +1,6 @@
# Farseer - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Farseer](https://vuldb.com/?actor.farseer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Farseer](https://vuldb.com/?actor.farseer). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.farseer](https://vuldb.com/?actor.farseer)
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* CA
* ...
There are 4 more country items available. Please use our online service to access the data.
There are 6 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -24,12 +24,9 @@ ID | IP address | Hostname | Confidence
1 | 43.224.33.130 | 43.224.33.130.vultr.com | Medium
2 | 45.32.24.39 | 45.32.24.39.vultr.com | Medium
3 | 45.32.25.107 | 45.32.25.107.vultr.com | Medium
4 | 45.32.44.52 | 45.32.44.52.vultr.com | Medium
5 | 45.32.45.77 | 45.32.45.77.vultr.com | Medium
6 | 45.32.53.250 | 45.32.53.250.vultr.com | Medium
7 | ... | ... | ...
4 | ... | ... | ...
There are 11 more IOC items available. Please use our online service to access the data.
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -54,15 +51,14 @@ ID | Type | Indicator | Confidence
2 | File | `/forum/away.php` | High
3 | File | `/icingaweb2/navigation/add` | High
4 | File | `/phppath/php` | Medium
5 | File | `/start_apply.htm` | High
6 | File | `/uncpath/` | Medium
7 | File | `/WEB-INF/web.xml` | High
8 | File | `abook_database.php` | High
9 | File | `books.php` | Medium
10 | File | `category.cfm` | Medium
11 | ... | ... | ...
5 | File | `/rest/collectors/1.0/template/custom` | High
6 | File | `/start_apply.htm` | High
7 | File | `/uncpath/` | Medium
8 | File | `/WEB-INF/web.xml` | High
9 | File | `abook_database.php` | High
10 | ... | ... | ...
There are 61 more IOA items available. Please use our online service to access the data.
There are 74 more IOA items available. Please use our online service to access the data.
## References
@ -75,9 +71,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

12
Finteam/README.md
View File

@ -1,6 +1,6 @@
# Finteam - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Finteam](https://vuldb.com/?actor.finteam). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Finteam](https://vuldb.com/?actor.finteam). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.finteam](https://vuldb.com/?actor.finteam)
@ -41,11 +41,9 @@ ID | Type | Indicator | Confidence
6 | File | `cart.php` | Medium
7 | File | `catalog.asp` | Medium
8 | File | `category.php` | Medium
9 | File | `cgi-bin/reorder2.asp` | High
10 | File | `comersus_optaffiliateregistrationexec.asp` | High
11 | ... | ... | ...
9 | ... | ... | ...
There are 63 more IOA items available. Please use our online service to access the data.
There are 65 more IOA items available. Please use our online service to access the data.
## References
@ -57,9 +55,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

13
Five Poisons/README.md
View File

@ -1,6 +1,6 @@
# Five Poisons - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Five Poisons](https://vuldb.com/?actor.five_poisons). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Five Poisons](https://vuldb.com/?actor.five_poisons). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.five_poisons](https://vuldb.com/?actor.five_poisons)
@ -42,10 +42,9 @@ ID | Type | Indicator | Confidence
1 | File | `add_comment.php` | High
2 | File | `data/gbconfiguration.dat` | High
3 | File | `inc/config.php` | High
4 | File | `user/register.php` | High
5 | Argument | `basePath` | Medium
6 | Argument | `id` | Low
7 | Argument | `_config[site_path]` | High
4 | ... | ... | ...
There are 4 more IOA items available. Please use our online service to access the data.
## References
@ -57,9 +56,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
FiveHands/README.md
View File

@ -1,6 +1,6 @@
# FiveHands - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [FiveHands](https://vuldb.com/?actor.fivehands). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [FiveHands](https://vuldb.com/?actor.fivehands). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.fivehands](https://vuldb.com/?actor.fivehands)
@ -22,9 +22,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Flying Dragon Eye/README.md
View File

@ -1,6 +1,6 @@
# Flying Dragon Eye - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Flying Dragon Eye](https://vuldb.com/?actor.flying_dragon_eye). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Flying Dragon Eye](https://vuldb.com/?actor.flying_dragon_eye). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.flying_dragon_eye](https://vuldb.com/?actor.flying_dragon_eye)
@ -33,9 +33,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

53
Formbook/README.md
View File

@ -4,17 +4,6 @@ The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.formbook](https://vuldb.com/?actor.formbook)
## Countries
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Formbook:
* GB
* US
* CN
* ...
There are 8 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
These indicators of compromise indicate associated network ressources which are known to be part of research and attack activities of Formbook.
@ -41,44 +30,10 @@ ID | IP address | Hostname | Confidence
18 | 40.77.18.167 | - | High
19 | 40.126.26.134 | - | High
20 | 44.227.65.245 | ec2-44-227-65-245.us-west-2.compute.amazonaws.com | Medium
21 | ... | ... | ...
21 | 44.230.27.49 | ec2-44-230-27-49.us-west-2.compute.amazonaws.com | Medium
22 | ... | ... | ...
There are 87 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Formbook. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1008 | Algorithm Downgrade | High
2 | T1040 | Authentication Bypass by Capture-replay | High
3 | T1059.007 | Cross Site Scripting | High
4 | T1068 | Execution with Unnecessary Privileges | High
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
6 | ... | ... | ...
There are 11 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Formbook. This data is unique as it uses our predictive model for actor profiling.
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMDATA%\3CXPhone for Windows\PhoneApp` | High
2 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
3 | File | `%PROGRAMDATA%\WrData\PKG` | High
4 | File | `%PROGRAMFILES(X86)%\IDriveWindows` | High
5 | File | `.git/hooks/post-update` | High
6 | File | `.htaccess` | Medium
7 | File | `/admin` | Low
8 | File | `/admin/?/plugin/comment/settings` | High
9 | File | `/admin/academic/studenview_left.php` | High
10 | File | `/admin/admintools/tool.php` | High
11 | ... | ... | ...
There are 2064 more IOA items available. Please use our online service to access the data.
There are 86 more IOC items available. Please use our online service to access the data.
## References
@ -100,4 +55,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

14
GIMF/README.md
View File

@ -1,6 +1,6 @@
# GIMF - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [GIMF](https://vuldb.com/?actor.gimf). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GIMF](https://vuldb.com/?actor.gimf). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gimf](https://vuldb.com/?actor.gimf)
@ -49,11 +49,9 @@ ID | Type | Indicator | Confidence
1 | File | `cgi-bin/iptest.cgi` | High
2 | File | `PingIframeRpm.htm` | High
3 | File | `shop_display_products.php` | High
4 | File | `upload.php` | Medium
5 | Library | `DNSAPI.dll` | Medium
6 | Argument | `cat_id` | Low
7 | Argument | `url` | Low
8 | Network Port | `tcp/32764` | Medium
4 | ... | ... | ...
There are 5 more IOA items available. Please use our online service to access the data.
## References
@ -65,9 +63,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

65
Gamarue/README.md
View File

@ -1,6 +1,6 @@
# Gamarue - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gamarue](https://vuldb.com/?actor.gamarue). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gamarue](https://vuldb.com/?actor.gamarue). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gamarue](https://vuldb.com/?actor.gamarue)
@ -13,7 +13,7 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* ES
* ...
There are 8 more country items available. Please use our online service to access the data.
There are 9 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -21,22 +21,18 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 5.154.191.57 | 5-154-191-57.stephost.md | High
1 | 5.154.191.57 | - | High
2 | 37.187.0.40 | ns3108067.ip-37-187-0.eu | High
3 | 45.8.124.25 | sabab.online | High
3 | 45.8.124.25 | ouyr.secvolax.store | High
4 | 45.128.204.36 | - | High
5 | 45.128.207.237 | - | High
6 | 46.254.21.69 | h13.ihc.ru | High
7 | 50.116.23.211 | www.eqnic.net | High
8 | 51.195.53.221 | ip221.ip-51-195-53.eu | High
9 | 52.137.90.34 | - | High
10 | 78.47.139.102 | test.invidious.io | High
11 | 87.98.130.234 | dns.dot-bit.org | High
12 | 91.107.126.138 | vds99324.mgn-host.ru | High
13 | 95.85.9.86 | - | High
14 | ... | ... | ...
6 | 46.45.169.106 | 46-45-169-106.turkrdns.com | High
7 | 46.254.21.69 | h13.ihc.ru | High
8 | 50.116.23.211 | www.eqnic.net | High
9 | 51.195.53.221 | ip221.ip-51-195-53.eu | High
10 | ... | ... | ...
There are 26 more IOC items available. Please use our online service to access the data.
There are 35 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -47,10 +43,9 @@ ID | Technique | Description | Confidence
1 | T1059.007 | Cross Site Scripting | High
2 | T1068 | Execution with Unnecessary Privileges | High
3 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
4 | T1211 | 7PK Security Features | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 7 more TTP items available. Please use our online service to access the data.
There are 8 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -68,9 +63,36 @@ ID | Type | Indicator | Confidence
8 | File | `/folder/list` | Medium
9 | File | `/forms/nslookupHandler` | High
10 | File | `/goform/GetNewDir` | High
11 | ... | ... | ...
11 | File | `/goform/right_now_d` | High
12 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
13 | File | `/group/comment` | High
14 | File | `/home/home_parent.xgi` | High
15 | File | `/lookin/info` | Medium
16 | File | `/plugins/servlet/jira-blockers/` | High
17 | File | `/status/status_log.sys` | High
18 | File | `/themes/<php_file_name>` | High
19 | File | `/tmp` | Low
20 | File | `/uncpath/` | Medium
21 | File | `/upload` | Low
22 | File | `/usr/bin/shutter` | High
23 | File | `/zm/index.php` | High
24 | File | `adclick.php` | Medium
25 | File | `admin-ajax.php` | High
26 | File | `admin.php` | Medium
27 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
28 | File | `admin/controller/pages/localisation/language.php` | High
29 | File | `admin/fm/` | Medium
30 | File | `admin/pages/*/edit` | High
31 | File | `admincp/attachment.php&do=rebuild&type` | High
32 | File | `administrator/index.php?option=com_pago&view=comments` | High
33 | File | `ajax.php` | Medium
34 | File | `ajax_mod_security.php` | High
35 | File | `api.php` | Low
36 | File | `appconfig.php` | High
37 | File | `arch/powerpc/kernel/idle_book3s.S` | High
38 | ... | ... | ...
There are 347 more IOA items available. Please use our online service to access the data.
There are 326 more IOA items available. Please use our online service to access the data.
## References
@ -79,14 +101,15 @@ The following list contains external sources which discuss the actor and the ass
* https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
* https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
## Literature
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

70
GandCrab/README.md
View File

@ -10,10 +10,10 @@ These countries are directly (e.g. origin of attacks) or indirectly (e.g. access
* US
* ES
* CA
* FR
* ...
There are 15 more country items available. Please use our online service to access the data.
There are 5 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -31,16 +31,9 @@ ID | IP address | Hostname | Confidence
8 | 39.107.34.197 | - | High
9 | 45.118.145.96 | - | High
10 | 51.254.25.115 | ip115.ip-51-254-25.eu | High
11 | 51.255.48.78 | vps-ede152ed.vps.ovh.net | High
12 | 52.116.175.70 | hs20.name.tools | High
13 | 54.36.194.90 | ip90.ip-54-36-194.eu | High
14 | 66.96.147.103 | 103.147.96.66.static.eigbox.net | High
15 | 66.171.248.178 | api1.whatismyipaddress.com | High
16 | 69.163.193.127 | ps608110.dreamhostps.com | High
17 | 87.236.16.107 | ssl.spectre.beget.com | High
18 | ... | ... | ...
11 | ... | ... | ...
There are 33 more IOC items available. Please use our online service to access the data.
There are 40 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -48,12 +41,10 @@ Tactics, techniques, and procedures summarize the suspected ATT&CK techniques us
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1008 | Algorithm Downgrade | High
2 | T1040 | Authentication Bypass by Capture-replay | High
3 | T1059.007 | Cross Site Scripting | High
4 | T1068 | Execution with Unnecessary Privileges | High
5 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
6 | ... | ... | ...
1 | T1040 | Authentication Bypass by Capture-replay | High
2 | T1059.007 | Cross Site Scripting | High
3 | T1068 | Execution with Unnecessary Privileges | High
4 | ... | ... | ...
There are 11 more TTP items available. Please use our online service to access the data.
@ -64,18 +55,39 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
2 | File | `..\WWWRoot\CustomPages\aspshell.asp` | High
3 | File | `.htaccess` | Medium
4 | File | `/+CSCOE+/logon.html` | High
5 | File | `/admin-ajax.php?action=eps_redirect_save` | High
6 | File | `/admin.php` | Medium
7 | File | `/admin/` | Low
8 | File | `/admin/admin_login.php` | High
9 | File | `/admin/comment.php` | High
10 | File | `/AdminDir` | Medium
11 | ... | ... | ...
2 | File | `/admin/comment.php` | High
3 | File | `/agenttrayicon` | High
4 | File | `/api/version` | Medium
5 | File | `/app1/admin#foo` | High
6 | File | `/appsuite` | Medium
7 | File | `/article/add` | Medium
8 | File | `/Controller/ChinaCityController.class.php` | High
9 | File | `/coreframe/app/guestbook/myissue.php` | High
10 | File | `/hub/api/user` | High
11 | File | `/ics?tool=search` | High
12 | File | `/info.xml` | Medium
13 | File | `/it-IT/splunkd/__raw/services/get_snapshot` | High
14 | File | `/knowage/restful-services/documentnotes/saveNote` | High
15 | File | `/netact/sct` | Medium
16 | File | `/nova/bin/bfd` | High
17 | File | `/php/passport/index.php` | High
18 | File | `/run/courier/authdaemon` | High
19 | File | `/run/spice-vdagentd/spice-vdagent-sock` | High
20 | File | `/service/v1/createUser` | High
21 | File | `/settings/profile` | High
22 | File | `/status.js` | Medium
23 | File | `/suggest` | Medium
24 | File | `/thruk/#cgi-bin/status.cgi?style=combined` | High
25 | File | `/usr/local/bin/mjs` | High
26 | File | `Access/DownloadFeed_Mnt/FileUpload_Upd.cfm` | High
27 | File | `action.setdefaulttemplate.php` | High
28 | File | `ActiveServices.java` | High
29 | File | `Addons/file/mod.file.php` | High
30 | File | `admin.php` | Medium
31 | File | `admin/dashboard.php` | High
32 | ... | ... | ...
There are 1147 more IOA items available. Please use our online service to access the data.
There are 272 more IOA items available. Please use our online service to access the data.
## References
@ -96,4 +108,4 @@ The following articles explain our unique predictive cyber threat intelligence:
## License
(c) [1997-2021](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

14
Gelsemium/README.md
View File

@ -1,6 +1,6 @@
# Gelsemium - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Gelsemium](https://vuldb.com/?actor.gelsemium). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gelsemium](https://vuldb.com/?actor.gelsemium). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.gelsemium](https://vuldb.com/?actor.gelsemium)
@ -17,7 +17,7 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 149.248.14.53 | - | High
1 | 149.248.14.53 | 149.248.14.53.vultr.com | Medium
2 | 210.209.72.180 | - | High
## TTP - Tactics, Techniques, Procedures
@ -38,9 +38,9 @@ ID | Type | Indicator | Confidence
1 | File | `/+CSCOE+/logon.html` | High
2 | File | `/public/login.htm` | High
3 | File | `iesfootprint.jsp` | High
4 | File | `print.php` | Medium
5 | Argument | `x_17` | Low
6 | Input Value | `11' AND utl_http.request('http://attackers_host/lalal')='1' GROUP BY panel_name)) --` | High
4 | ... | ... | ...
There are 3 more IOA items available. Please use our online service to access the data.
## References
@ -52,9 +52,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

5
Gh0stRAT/README.md
View File

@ -45,7 +45,7 @@ ID | IP address | Hostname | Confidence
22 | 58.218.199.225 | - | High
23 | ... | ... | ...
There are 87 more IOC items available. Please use our online service to access the data.
There are 90 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -104,7 +104,7 @@ ID | Type | Indicator | Confidence
36 | File | `/uncpath/` | Medium
37 | ... | ... | ...
There are 321 more IOA items available. Please use our online service to access the data.
There are 317 more IOA items available. Please use our online service to access the data.
## References
@ -123,6 +123,7 @@ The following list contains external sources which discuss the actor and the ass
* https://blog.talosintelligence.com/2021/10/threat-roundup-0924-1001.html
* https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html
* https://blog.talosintelligence.com/2022/01/threat-roundup-0107-0114.html
* https://blog.talosintelligence.com/2022/01/threat-roundup-0121-0128.html
* https://blog.talosintelligence.com/2022/01/threat-roundup-1231-0107.html
## Literature

12
Ghost Dragon/README.md
View File

@ -1,6 +1,6 @@
# Ghost Dragon - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Ghost Dragon](https://vuldb.com/?actor.ghost_dragon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ghost Dragon](https://vuldb.com/?actor.ghost_dragon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ghost_dragon](https://vuldb.com/?actor.ghost_dragon)
@ -20,11 +20,9 @@ ID | IP address | Hostname | Confidence
2 | 58.64.187.22 | - | High
3 | 60.215.128.246 | - | High
4 | 64.111.220.218 | colt.isprime.com | High
5 | 111.68.8.130 | - | High
6 | 113.10.148.161 | - | High
7 | ... | ... | ...
5 | ... | ... | ...
There are 12 more IOC items available. Please use our online service to access the data.
There are 14 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -52,9 +50,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Ghoul/README.md
View File

@ -1,6 +1,6 @@
# Ghoul - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Ghoul](https://vuldb.com/?actor.ghoul). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ghoul](https://vuldb.com/?actor.ghoul). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.ghoul](https://vuldb.com/?actor.ghoul)
@ -30,9 +30,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

27
Glupteba/README.md
View File

@ -1,6 +1,6 @@
# Glupteba - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Glupteba](https://vuldb.com/?actor.glupteba). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Glupteba](https://vuldb.com/?actor.glupteba). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.glupteba](https://vuldb.com/?actor.glupteba)
@ -29,15 +29,9 @@ ID | IP address | Hostname | Confidence
6 | 46.165.244.129 | - | High
7 | 46.165.249.167 | - | High
8 | 46.165.249.195 | - | High
9 | 46.165.249.201 | - | High
10 | 46.165.249.203 | - | High
11 | 46.165.250.25 | - | High
12 | 78.31.67.205 | - | High
13 | 78.31.67.206 | ve1268.venus.fastwebserver.de | High
14 | 80.93.90.27 | ik090027.ikexpress.com | High
15 | ... | ... | ...
9 | ... | ... | ...
There are 26 more IOC items available. Please use our online service to access the data.
There are 32 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -68,9 +62,16 @@ ID | Type | Indicator | Confidence
8 | File | `/etc/sudoers` | Medium
9 | File | `/get_getnetworkconf.cgi` | High
10 | File | `/mods/_core/users/admins/my_edit.php` | High
11 | ... | ... | ...
11 | File | `/uncpath/` | Medium
12 | File | `/vdesk` | Low
13 | File | `/__r1/` | Low
14 | File | `admin/getparam.cgi` | High
15 | File | `admin/index.php` | High
16 | File | `admincp.php?app=apps&do=save` | High
17 | File | `admincp.php?app=files` | High
18 | ... | ... | ...
There are 138 more IOA items available. Please use our online service to access the data.
There are 142 more IOA items available. Please use our online service to access the data.
## References
@ -82,9 +83,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
GoldDragon/README.md
View File

@ -1,6 +1,6 @@
# GoldDragon - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [GoldDragon](https://vuldb.com/?actor.golddragon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GoldDragon](https://vuldb.com/?actor.golddragon). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.golddragon](https://vuldb.com/?actor.golddragon)
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

23
Goldfin/README.md
View File

@ -1,6 +1,6 @@
# Goldfin - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Goldfin](https://vuldb.com/?actor.goldfin). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Goldfin](https://vuldb.com/?actor.goldfin). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.goldfin](https://vuldb.com/?actor.goldfin)
@ -47,19 +47,12 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/redbin/rpwebutilities.exe/text` | High
2 | File | `/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf` | High
3 | File | `/uncpath/` | Medium
4 | File | `data/gbconfiguration.dat` | High
5 | File | `drivers/tty/n_tty.c` | High
6 | File | `forumrunner/includes/moderation.php` | High
7 | File | `imagemanager.php` | High
8 | File | `inc/config.php` | High
9 | File | `index.php` | Medium
10 | File | `login.php` | Medium
11 | ... | ... | ...
1 | File | `/debug/pprof` | Medium
2 | File | `/redbin/rpwebutilities.exe/text` | High
3 | File | `/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf` | High
4 | ... | ... | ...
There are 15 more IOA items available. Please use our online service to access the data.
There are 23 more IOA items available. Please use our online service to access the data.
## References
@ -71,9 +64,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
GreedyWonk/README.md
View File

@ -1,6 +1,6 @@
# GreedyWonk - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [GreedyWonk](https://vuldb.com/?actor.greedywonk). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GreedyWonk](https://vuldb.com/?actor.greedywonk). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.greedywonk](https://vuldb.com/?actor.greedywonk)
@ -27,9 +27,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

70
Grizzly Steppe/README.md
View File

@ -8,12 +8,12 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
* CN
* RU
* US
* ES
* DK
* ...
There are 7 more country items available. Please use our online service to access the data.
There are 18 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -160,7 +160,7 @@ ID | Technique | Description | Confidence
3 | T1068 | Execution with Unnecessary Privileges | High
4 | ... | ... | ...
There are 10 more TTP items available. Please use our online service to access the data.
There are 9 more TTP items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -168,40 +168,38 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/admin/app.php` | High
2 | File | `/admin/download_frame.php` | High
1 | File | `/.env` | Low
2 | File | `/admin/configure.php` | High
3 | File | `/admin/index.php?lfj=mysql&action=del` | High
4 | File | `/admin/maintenance/` | High
5 | File | `/admin/submit-articles` | High
6 | File | `/api/v2/labels/` | High
7 | File | `/authen/start/` | High
8 | File | `/cgi-bin/luci/rc` | High
9 | File | `/cms/ajax.php` | High
10 | File | `/dl/dl_sendsms.php` | High
11 | File | `/domain/service/.ewell-known/caldav` | High
12 | File | `/etc/passwd` | Medium
13 | File | `/exponent_constants.php` | High
14 | File | `/extensionsinstruction` | High
15 | File | `/forum/away.php` | High
16 | File | `/graphStatus/displayServiceStatus.php` | High
17 | File | `/ifs` | Low
18 | File | `/includes/upload.php` | High
19 | File | `/index.php?m=ucenter&a=index` | High
20 | File | `/info.xml` | Medium
21 | File | `/login.php?m=admin&c=Admin&a=admin_add&lang=cn` | High
22 | File | `/manage/loginusername` | High
23 | File | `/music/ajax.php` | High
24 | File | `/planprop` | Medium
25 | File | `/question/ask` | High
26 | File | `/tmp` | Low
27 | File | `/var/ipfire/backup/bin/backup.pl` | High
28 | File | `/woocommerce-stock-manager/trunk/admin/views/import-export.php` | High
29 | File | `/wp-json` | Medium
30 | File | `account.php` | Medium
31 | File | `adclick.php` | Medium
32 | ... | ... | ...
4 | File | `/cgi-bin/luci/rc` | High
5 | File | `/cms/ajax.php` | High
6 | File | `/context/%2e/WEB-INF/web.xml` | High
7 | File | `/domain/service/.ewell-known/caldav` | High
8 | File | `/download` | Medium
9 | File | `/etc/hosts` | Medium
10 | File | `/formWlanSetup` | High
11 | File | `/include/chart_generator.php` | High
12 | File | `/modules/profile/index.php` | High
13 | File | `/monitoring` | Medium
14 | File | `/music/ajax.php` | High
15 | File | `/new` | Low
16 | File | `/pandora_console/ajax.php` | High
17 | File | `/plugins/servlet/audit/resource` | High
18 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
19 | File | `/proc/<pid>/status` | High
20 | File | `/public/plugins/` | High
21 | File | `/rest/api/1.0/render` | High
22 | File | `/RestAPI` | Medium
23 | File | `/secure/QueryComponent!Default.jspa` | High
24 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
25 | File | `/tmp` | Low
26 | File | `/uncpath/` | Medium
27 | File | `/var/log/nginx` | High
28 | File | `account.php` | Medium
29 | File | `actions/CompanyDetailsSave.php` | High
30 | ... | ... | ...
There are 268 more IOA items available. Please use our online service to access the data.
There are 250 more IOA items available. Please use our online service to access the data.
## References

20
Groundbait/README.md
View File

@ -1,6 +1,6 @@
# Groundbait - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Groundbait](https://vuldb.com/?actor.groundbait). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Groundbait](https://vuldb.com/?actor.groundbait). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.groundbait](https://vuldb.com/?actor.groundbait)
@ -19,10 +19,9 @@ ID | IP address | Hostname | Confidence
1 | 23.22.38.222 | ec2-23-22-38-222.compute-1.amazonaws.com | Medium
2 | 23.22.221.237 | ec2-23-22-221-237.compute-1.amazonaws.com | Medium
3 | 52.23.164.7 | ec2-52-23-164-7.compute-1.amazonaws.com | Medium
4 | 54.152.171.48 | ec2-54-152-171-48.compute-1.amazonaws.com | Medium
5 | ... | ... | ...
4 | ... | ... | ...
There are 6 more IOC items available. Please use our online service to access the data.
There are 7 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -46,12 +45,9 @@ ID | Type | Indicator | Confidence
1 | File | `admin/salesadmin.php` | High
2 | File | `drivers/gpu/drm/udl/udl_fb.c` | High
3 | File | `libwav.c` | Medium
4 | File | `regexp.c` | Medium
5 | File | `src/http.c` | Medium
6 | Library | `mshtmled.dll` | Medium
7 | Argument | `refresh/branchtotable` | High
8 | Argument | `resultpage` | Medium
9 | Argument | `searchterm` | Medium
4 | ... | ... | ...
There are 6 more IOA items available. Please use our online service to access the data.
## References
@ -64,9 +60,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

52
Groundhog/README.md
View File

@ -1,6 +1,6 @@
# Groundhog - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Groundhog](https://vuldb.com/?actor.groundhog). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Groundhog](https://vuldb.com/?actor.groundhog). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.groundhog](https://vuldb.com/?actor.groundhog)
@ -8,12 +8,7 @@ Live data and more analysis capabilities are available at [https://vuldb.com/?ac
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Groundhog:
* ES
* CO
* US
* ...
There are 8 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -41,24 +36,17 @@ ID | IP address | Hostname | Confidence
18 | 37.59.210.99 | - | High
19 | 43.225.59.7 | - | High
20 | 43.240.51.113 | - | High
21 | ... | ... | ...
21 | 46.229.169.89 | - | High
22 | 58.64.187.29 | - | High
23 | 58.218.213.237 | - | High
24 | 58.221.35.5 | - | High
25 | 58.221.45.242 | - | High
26 | 59.56.64.169 | - | High
27 | 59.188.86.215 | - | High
28 | 59.188.86.222 | - | High
29 | ... | ... | ...
There are 121 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
Tactics, techniques, and procedures summarize the suspected ATT&CK techniques used by Groundhog. This data is unique as it uses our predictive model for actor profiling.
ID | Technique | Description | Confidence
-- | --------- | ----------- | ----------
1 | T1040 | Authentication Bypass by Capture-replay | High
2 | T1059.007 | Cross Site Scripting | High
3 | T1068 | Execution with Unnecessary Privileges | High
4 | T1110.001 | Improper Restriction of Excessive Authentication Attempts | High
5 | T1211 | 7PK Security Features | High
6 | ... | ... | ...
There are 8 more TTP items available. Please use our online service to access the data.
There are 113 more IOC items available. Please use our online service to access the data.
## IOA - Indicator of Attack
@ -66,19 +54,7 @@ These indicators of attack list the potential fragments used for technical activ
ID | Type | Indicator | Confidence
-- | ---- | --------- | ----------
1 | File | `/addsrv` | Low
2 | File | `/admin.php?action=images` | High
3 | File | `/admin/mails.php?action=edit` | High
4 | File | `/admin/submit-articles` | High
5 | File | `/api/version` | Medium
6 | File | `/auth/login` | Medium
7 | File | `/cgi-bin/nasset.cgi` | High
8 | File | `/cgi?` | Low
9 | File | `/com.biepie/shared_prefs/com.bitpie_preferences.xml` | High
10 | File | `/Config/service/initModel?` | High
11 | ... | ... | ...
There are 694 more IOA items available. Please use our online service to access the data.
1 | File | `http-domino-enum-passwords.nse` | High
## References
@ -90,9 +66,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
HackPhreak/README.md
View File

@ -1,6 +1,6 @@
# HackPhreak - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [HackPhreak](https://vuldb.com/?actor.hackphreak). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [HackPhreak](https://vuldb.com/?actor.hackphreak). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.hackphreak](https://vuldb.com/?actor.hackphreak)
@ -27,9 +27,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

6
Hackers Door/README.md
View File

@ -1,6 +1,6 @@
# Hackers Door - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Hackers Door](https://vuldb.com/?actor.hackers_door). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hackers Door](https://vuldb.com/?actor.hackers_door). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.hackers_door](https://vuldb.com/?actor.hackers_door)
@ -23,9 +23,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

30
Hangover/README.md
View File

@ -1,6 +1,6 @@
# Hangover - Cyber Threat Intelligence
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?doc.cti) of the actor known as [Hangover](https://vuldb.com/?actor.hangover). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
The indicators are related to [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hangover](https://vuldb.com/?actor.hangover). The activity monitoring correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, activities, intentions, emerging research, and attacks. Our unique predictive model is able to forecast activities and their characteristics.
Live data and more analysis capabilities are available at [https://vuldb.com/?actor.hangover](https://vuldb.com/?actor.hangover)
@ -15,11 +15,11 @@ The following campaigns are known and can be associated with Hangover:
These countries are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hangover:
* US
* RU
* TR
* NL
* ...
There are 2 more country items available. Please use our online service to access the data.
There are 4 more country items available. Please use our online service to access the data.
## IOC - Indicator of Compromise
@ -27,13 +27,12 @@ These indicators of compromise indicate associated network ressources which are
ID | IP address | Hostname | Confidence
-- | ---------- | -------- | ----------
1 | 37.46.150.102 | medievalopen.bar | High
2 | 37.59.175.131 | - | High
1 | 37.46.150.102 | - | High
2 | 37.59.175.131 | ip131.ip-37-59-175.eu | High
3 | 45.133.1.133 | - | High
4 | 46.32.235.162 | vps37226820.123-vps.co.uk | High
5 | ... | ... | ...
4 | ... | ... | ...
There are 8 more IOC items available. Please use our online service to access the data.
There are 9 more IOC items available. Please use our online service to access the data.
## TTP - Tactics, Techniques, Procedures
@ -57,16 +56,9 @@ ID | Type | Indicator | Confidence
1 | File | `.procmailrc` | Medium
2 | File | `/it-IT/splunkd/__raw/services/get_snapshot` | High
3 | File | `/phpwcms/setup/setup.php` | High
4 | File | `/uncpath/` | Medium
5 | File | `agent/Core/SpawningKit/Spawner.h` | High
6 | File | `base/ErrorHandler.php` | High
7 | File | `category.cfm` | Medium
8 | File | `cmd.php?cmd=login_form` | High
9 | File | `db_central_columns.php` | High
10 | File | `wp-postratings.php` | High
11 | ... | ... | ...
4 | ... | ... | ...
There are 10 more IOA items available. Please use our online service to access the data.
There are 19 more IOA items available. Please use our online service to access the data.
## References
@ -79,9 +71,9 @@ The following list contains external sources which discuss the actor and the ass
The following articles explain our unique predictive cyber threat intelligence:
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?doc.cti)
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
## License
(c) [1997-2021](https://vuldb.com/?doc.changelog) by [vuldb.com](https://vuldb.com/?doc.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?doc.faq), read the [documentation](https://vuldb.com/?doc) or [contact us](https://vuldb.com/?contact)!
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!

Some files were not shown because too many files have changed in this diff Show More