Update September 2023
This commit is contained in:
Marc Ruef
parent
8159b0c7b0
commit
437ac97b73
|
|
@ -93,10 +93,11 @@ ID | Type | Indicator | Confidence
|
|||
35 | File | `/pages/processlogin.php` | High
|
||||
36 | File | `/preview.php` | Medium
|
||||
37 | File | `/product/savenewproduct.php?flag=1` | High
|
||||
38 | File | `/services/Card/findUser` | High
|
||||
39 | ... | ... | ...
|
||||
38 | File | `/search` | Low
|
||||
39 | File | `/services/Card/findUser` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 334 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 345 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
There are 20 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -37,11 +37,11 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -49,69 +49,64 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/combine-prs.yml` | High
|
||||
2 | File | `//WEB-INF` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/api/admin/articles/` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
10 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/cashadvance_row.php` | High
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/admin/userprofile.php` | High
|
||||
8 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
9 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
10 | File | `/api/baskets/{name}` | High
|
||||
11 | File | `/APR/login.php` | High
|
||||
12 | File | `/bin/httpd` | Medium
|
||||
13 | File | `/cgi-bin/wapopen` | High
|
||||
14 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
15 | File | `/DocSystem/Repos/getReposAllUsers.do` | High
|
||||
16 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
17 | File | `/feeds/post/publish` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
20 | File | `/fos/admin/index.php?page=menu` | High
|
||||
21 | File | `/h/` | Low
|
||||
22 | File | `/home/masterConsole` | High
|
||||
23 | File | `/home/sendBroadcast` | High
|
||||
24 | File | `/hrm/employeeadd.php` | High
|
||||
25 | File | `/hrm/employeeview.php` | High
|
||||
26 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
27 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
28 | File | `/index.php?page=category_list` | High
|
||||
29 | File | `/jobinfo/` | Medium
|
||||
30 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
31 | File | `/lookin/info` | Medium
|
||||
32 | File | `/Moosikay/order.php` | High
|
||||
33 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
34 | File | `/opac/Actions.php?a=login` | High
|
||||
35 | File | `/out.php` | Medium
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
15 | File | `/cgi-bin/wapopen` | High
|
||||
16 | File | `/company/store` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
19 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
20 | File | `/dev/block/mmcblk0rpmb` | High
|
||||
21 | File | `/etc/passwd` | Medium
|
||||
22 | File | `/feeds/post/publish` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/fos/admin/ajax.php?action=login` | High
|
||||
25 | File | `/fos/admin/index.php?page=menu` | High
|
||||
26 | File | `/h/` | Low
|
||||
27 | File | `/home/masterConsole` | High
|
||||
28 | File | `/home/sendBroadcast` | High
|
||||
29 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
30 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
31 | File | `/index.php?page=category_list` | High
|
||||
32 | File | `/jobinfo/` | Medium
|
||||
33 | File | `/Moosikay/order.php` | High
|
||||
34 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
35 | File | `/opac/Actions.php?a=login` | High
|
||||
36 | File | `/php-opos/index.php` | High
|
||||
37 | File | `/PreviewHandler.ashx` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/public/launchNewWindow.jsp` | High
|
||||
40 | File | `/Redcock-Farm/farm/category.php` | High
|
||||
38 | File | `/public/launchNewWindow.jsp` | High
|
||||
39 | File | `/recipe-result` | High
|
||||
40 | File | `/register.do` | Medium
|
||||
41 | File | `/reports/rwservlet` | High
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/student/bookdetails.php` | High
|
||||
45 | File | `/uncpath/` | Medium
|
||||
46 | File | `/uploads/exam_question/` | High
|
||||
47 | File | `/user/updatePwd` | High
|
||||
48 | File | `/var/lib/docker/<remapping>` | High
|
||||
49 | File | `/wireless/security.asp` | High
|
||||
50 | File | `/wp-admin/admin-ajax.php` | High
|
||||
51 | File | `01article.php` | High
|
||||
52 | File | `a-forms.php` | Medium
|
||||
53 | File | `AbstractScheduleJob.java` | High
|
||||
54 | File | `actionphp/download.File.php` | High
|
||||
43 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/student/bookdetails.php` | High
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/uploads/exam_question/` | High
|
||||
48 | File | `/user/ticket/create` | High
|
||||
49 | File | `/user/updatePwd` | High
|
||||
50 | File | `/var/lib/docker/<remapping>` | High
|
||||
51 | File | `/wireless/security.asp` | High
|
||||
52 | File | `/wp-admin/admin-ajax.php` | High
|
||||
53 | File | `01article.php` | High
|
||||
54 | File | `a-forms.php` | Medium
|
||||
55 | File | `activenews_view.asp` | High
|
||||
56 | File | `adclick.php` | Medium
|
||||
57 | File | `admin.a6mambocredits.php` | High
|
||||
58 | File | `admin.cropcanvas.php` | High
|
||||
59 | File | `admin.php` | Medium
|
||||
60 | File | `admin/abc.php` | High
|
||||
61 | ... | ... | ...
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 530 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 490 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -67,15 +67,15 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/goform/RGFirewallEL` | High
|
||||
7 | File | `/horde/util/go.php` | High
|
||||
8 | File | `/rapi/read_url` | High
|
||||
9 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `/usr/bin/pkexec` | High
|
||||
12 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
13 | File | `/wp-content/uploads/photo-gallery/` | High
|
||||
14 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
9 | File | `/scripts/unlock_tasks.php` | High
|
||||
10 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
11 | File | `/uncpath/` | Medium
|
||||
12 | File | `/usr/bin/pkexec` | High
|
||||
13 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
14 | File | `/wp-content/uploads/photo-gallery/` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 121 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 123 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
|
@ -54,7 +54,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-37 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
|
|
@ -62,7 +62,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -85,53 +85,54 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/admin/orders/update_status.php` | High
|
||||
14 | File | `/admin/sys_sql_query.php` | High
|
||||
15 | File | `/admin/userprofile.php` | High
|
||||
16 | File | `/api/audits` | Medium
|
||||
17 | File | `/author_posts.php` | High
|
||||
18 | File | `/bin/sh` | Low
|
||||
19 | File | `/blog` | Low
|
||||
20 | File | `/booking/show_bookings/` | High
|
||||
21 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
22 | File | `/cas/logout` | Medium
|
||||
23 | File | `/category.php` | High
|
||||
24 | File | `/change-language/de_DE` | High
|
||||
25 | File | `/classes/Login.php` | High
|
||||
26 | File | `/classes/Master.php?f=delete_appointment` | High
|
||||
27 | File | `/classes/Master.php?f=delete_service` | High
|
||||
28 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
29 | File | `/classes/Master.php?f=save_item` | High
|
||||
30 | File | `/classes/Users.php?f=delete_client` | High
|
||||
31 | File | `/clients/profile` | High
|
||||
32 | File | `/cms/notify` | Medium
|
||||
33 | File | `/contact/store` | High
|
||||
34 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
35 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
36 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
|
||||
37 | File | `/ecommerce/support_ticket` | High
|
||||
38 | File | `/en/blog-comment-4` | High
|
||||
39 | File | `/env` | Low
|
||||
40 | File | `/ext/phar/phar_object.c` | High
|
||||
41 | File | `/file_manager/admin/save_user.php` | High
|
||||
42 | File | `/forum/away.php` | High
|
||||
43 | File | `/goform/RgUrlBlock.asp` | High
|
||||
44 | File | `/goform/SysToolReboot` | High
|
||||
45 | File | `/goform/SysToolRestoreSet` | High
|
||||
46 | File | `/goform/WifiBasicSet` | High
|
||||
47 | File | `/goform/wifiSSIDset` | High
|
||||
48 | File | `/h/` | Low
|
||||
49 | File | `/home/courses` | High
|
||||
50 | File | `/home/filter_listings` | High
|
||||
51 | File | `/hss/?page=product_per_brand` | High
|
||||
52 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
53 | File | `/hss/admin/?page=user/manage_user` | High
|
||||
54 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
55 | File | `/index.php` | Medium
|
||||
56 | File | `/index.php?controller=GzUser&action=edit&id=1` | High
|
||||
57 | File | `/jurusan/data` | High
|
||||
58 | File | `/kelasdosen/data` | High
|
||||
59 | File | `/LandingPages/api/otp/send?id=[ID][ampersand]method=sms` | High
|
||||
60 | ... | ... | ...
|
||||
16 | File | `/author_posts.php` | High
|
||||
17 | File | `/bin/sh` | Low
|
||||
18 | File | `/blog` | Low
|
||||
19 | File | `/booking/show_bookings/` | High
|
||||
20 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
21 | File | `/cas/logout` | Medium
|
||||
22 | File | `/category.php` | High
|
||||
23 | File | `/change-language/de_DE` | High
|
||||
24 | File | `/classes/Login.php` | High
|
||||
25 | File | `/classes/Master.php?f=delete_service` | High
|
||||
26 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
27 | File | `/classes/Master.php?f=save_item` | High
|
||||
28 | File | `/clients/profile` | High
|
||||
29 | File | `/cms/notify` | Medium
|
||||
30 | File | `/contact/store` | High
|
||||
31 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
32 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
33 | File | `/Duty/AjaxHandle/Write/UploadFile.ashx` | High
|
||||
34 | File | `/ecommerce/support_ticket` | High
|
||||
35 | File | `/en/blog-comment-4` | High
|
||||
36 | File | `/env` | Low
|
||||
37 | File | `/ext/phar/phar_object.c` | High
|
||||
38 | File | `/file_manager/admin/save_user.php` | High
|
||||
39 | File | `/forum/away.php` | High
|
||||
40 | File | `/goform/RgUrlBlock.asp` | High
|
||||
41 | File | `/goform/SysToolReboot` | High
|
||||
42 | File | `/goform/SysToolRestoreSet` | High
|
||||
43 | File | `/goform/WifiBasicSet` | High
|
||||
44 | File | `/goform/wifiSSIDset` | High
|
||||
45 | File | `/h/` | Low
|
||||
46 | File | `/home/courses` | High
|
||||
47 | File | `/home/filter_listings` | High
|
||||
48 | File | `/hss/?page=product_per_brand` | High
|
||||
49 | File | `/hss/admin/?page=client/manage_client` | High
|
||||
50 | File | `/hss/admin/?page=user/manage_user` | High
|
||||
51 | File | `/importexport.php` | High
|
||||
52 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
53 | File | `/index.php` | Medium
|
||||
54 | File | `/index.php?controller=GzUser&action=edit&id=1` | High
|
||||
55 | File | `/jurusan/data` | High
|
||||
56 | File | `/kelasdosen/data` | High
|
||||
57 | File | `/LandingPages/api/otp/send?id=[ID][ampersand]method=sms` | High
|
||||
58 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
59 | File | `/login` | Low
|
||||
60 | File | `/odlms//classes/Master.php?f=delete_activity` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 524 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 530 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -86,7 +86,7 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `addrating.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 76 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 77 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,64 @@
|
|||
# AcridRain - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AcridRain](https://vuldb.com/?actor.acridrain). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.acridrain](https://vuldb.com/?actor.acridrain)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AcridRain:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AcridRain.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.15.156.111](https://vuldb.com/?ip.45.15.156.111) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _AcridRain_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-269 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AcridRain. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `ad.cgi` | Low
|
||||
3 | File | `allmanageup.pl` | High
|
||||
4 | File | `amadmin.pl` | Medium
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 30 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://tracker.viriback.com/index.php?q=45.15.156.111
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
@ -8,9 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Alien:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [NZ](https://vuldb.com/?country.nz)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -18,12 +21,137 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.75.176.47](https://vuldb.com/?ip.5.75.176.47) | static.47.176.75.5.clients.your-server.de | - | High
|
||||
2 | [5.78.74.58](https://vuldb.com/?ip.5.78.74.58) | static.58.74.78.5.clients.your-server.de | - | High
|
||||
3 | [5.78.105.58](https://vuldb.com/?ip.5.78.105.58) | static.58.105.78.5.clients.your-server.de | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
1 | [1.34.58.110](https://vuldb.com/?ip.1.34.58.110) | 1-34-58-110.hinet-ip.hinet.net | - | High
|
||||
2 | [1.34.226.50](https://vuldb.com/?ip.1.34.226.50) | 1-34-226-50.hinet-ip.hinet.net | - | High
|
||||
3 | [1.161.219.86](https://vuldb.com/?ip.1.161.219.86) | 1-161-219-86.dynamic-ip.hinet.net | - | High
|
||||
4 | [1.171.103.192](https://vuldb.com/?ip.1.171.103.192) | 1-171-103-192.dynamic-ip.hinet.net | - | High
|
||||
5 | [1.173.242.161](https://vuldb.com/?ip.1.173.242.161) | 1-173-242-161.dynamic-ip.hinet.net | - | High
|
||||
6 | [1.246.222.20](https://vuldb.com/?ip.1.246.222.20) | - | - | High
|
||||
7 | [1.246.222.134](https://vuldb.com/?ip.1.246.222.134) | - | - | High
|
||||
8 | [1.246.222.234](https://vuldb.com/?ip.1.246.222.234) | - | - | High
|
||||
9 | [1.246.223.191](https://vuldb.com/?ip.1.246.223.191) | - | - | High
|
||||
10 | [2.106.156.53](https://vuldb.com/?ip.2.106.156.53) | 2-106-156-53-dynamic.dk.customer.tdc.net | - | High
|
||||
11 | [3.21.74.31](https://vuldb.com/?ip.3.21.74.31) | scanner-2.fortifydata.com | - | High
|
||||
12 | [4.71.37.45](https://vuldb.com/?ip.4.71.37.45) | - | - | High
|
||||
13 | [4.71.37.46](https://vuldb.com/?ip.4.71.37.46) | - | - | High
|
||||
14 | [5.75.176.47](https://vuldb.com/?ip.5.75.176.47) | static.47.176.75.5.clients.your-server.de | - | High
|
||||
15 | [5.78.71.159](https://vuldb.com/?ip.5.78.71.159) | static.159.71.78.5.clients.your-server.de | - | High
|
||||
16 | [5.78.74.58](https://vuldb.com/?ip.5.78.74.58) | static.58.74.78.5.clients.your-server.de | - | High
|
||||
17 | [5.78.105.58](https://vuldb.com/?ip.5.78.105.58) | static.58.105.78.5.clients.your-server.de | - | High
|
||||
18 | [5.161.113.183](https://vuldb.com/?ip.5.161.113.183) | static.183.113.161.5.clients.your-server.de | - | High
|
||||
19 | [5.161.178.107](https://vuldb.com/?ip.5.161.178.107) | static.107.178.161.5.clients.your-server.de | - | High
|
||||
20 | [5.161.217.34](https://vuldb.com/?ip.5.161.217.34) | static.34.217.161.5.clients.your-server.de | - | High
|
||||
21 | [5.199.162.217](https://vuldb.com/?ip.5.199.162.217) | - | - | High
|
||||
22 | [5.199.168.237](https://vuldb.com/?ip.5.199.168.237) | - | - | High
|
||||
23 | [5.199.173.52](https://vuldb.com/?ip.5.199.173.52) | - | - | High
|
||||
24 | [14.34.157.101](https://vuldb.com/?ip.14.34.157.101) | - | - | High
|
||||
25 | [14.42.145.172](https://vuldb.com/?ip.14.42.145.172) | - | - | High
|
||||
26 | [14.111.220.134](https://vuldb.com/?ip.14.111.220.134) | - | - | High
|
||||
27 | [14.241.244.250](https://vuldb.com/?ip.14.241.244.250) | - | - | High
|
||||
28 | [18.117.69.135](https://vuldb.com/?ip.18.117.69.135) | ec2-18-117-69-135.us-east-2.compute.amazonaws.com | - | Medium
|
||||
29 | [18.188.148.80](https://vuldb.com/?ip.18.188.148.80) | scanner.fortifydata.com | - | High
|
||||
30 | [20.127.122.139](https://vuldb.com/?ip.20.127.122.139) | - | - | High
|
||||
31 | [23.247.108.44](https://vuldb.com/?ip.23.247.108.44) | - | - | High
|
||||
32 | [24.188.100.85](https://vuldb.com/?ip.24.188.100.85) | ool-18bc6455.dyn.optonline.net | - | High
|
||||
33 | [27.21.147.209](https://vuldb.com/?ip.27.21.147.209) | - | - | High
|
||||
34 | [27.35.154.75](https://vuldb.com/?ip.27.35.154.75) | - | - | High
|
||||
35 | [27.38.61.75](https://vuldb.com/?ip.27.38.61.75) | - | - | High
|
||||
36 | [27.38.61.120](https://vuldb.com/?ip.27.38.61.120) | - | - | High
|
||||
37 | [27.41.36.239](https://vuldb.com/?ip.27.41.36.239) | - | - | High
|
||||
38 | [27.43.119.144](https://vuldb.com/?ip.27.43.119.144) | - | - | High
|
||||
39 | [27.43.178.112](https://vuldb.com/?ip.27.43.178.112) | - | - | High
|
||||
40 | [27.47.116.249](https://vuldb.com/?ip.27.47.116.249) | - | - | High
|
||||
41 | [27.158.79.129](https://vuldb.com/?ip.27.158.79.129) | 129.79.158.27.broad.sm.fj.dynamic.163data.com.cn | - | High
|
||||
42 | [27.159.92.181](https://vuldb.com/?ip.27.159.92.181) | - | - | High
|
||||
43 | [27.194.89.189](https://vuldb.com/?ip.27.194.89.189) | - | - | High
|
||||
44 | [27.194.122.23](https://vuldb.com/?ip.27.194.122.23) | - | - | High
|
||||
45 | [27.197.24.223](https://vuldb.com/?ip.27.197.24.223) | - | - | High
|
||||
46 | [27.199.237.162](https://vuldb.com/?ip.27.199.237.162) | - | - | High
|
||||
47 | [27.203.233.132](https://vuldb.com/?ip.27.203.233.132) | - | - | High
|
||||
48 | [27.207.195.126](https://vuldb.com/?ip.27.207.195.126) | - | - | High
|
||||
49 | [27.215.53.111](https://vuldb.com/?ip.27.215.53.111) | - | - | High
|
||||
50 | [27.215.109.196](https://vuldb.com/?ip.27.215.109.196) | - | - | High
|
||||
51 | [27.215.114.223](https://vuldb.com/?ip.27.215.114.223) | - | - | High
|
||||
52 | [27.215.122.160](https://vuldb.com/?ip.27.215.122.160) | - | - | High
|
||||
53 | [27.217.163.40](https://vuldb.com/?ip.27.217.163.40) | - | - | High
|
||||
54 | [27.217.243.163](https://vuldb.com/?ip.27.217.243.163) | - | - | High
|
||||
55 | [36.228.50.77](https://vuldb.com/?ip.36.228.50.77) | 36-228-50-77.dynamic-ip.hinet.net | - | High
|
||||
56 | [36.231.35.185](https://vuldb.com/?ip.36.231.35.185) | 36-231-35-185.dynamic-ip.hinet.net | - | High
|
||||
57 | [37.0.10.31](https://vuldb.com/?ip.37.0.10.31) | - | - | High
|
||||
58 | [37.27.8.83](https://vuldb.com/?ip.37.27.8.83) | static.83.8.27.37.clients.your-server.de | - | High
|
||||
59 | [39.66.73.50](https://vuldb.com/?ip.39.66.73.50) | - | - | High
|
||||
60 | [39.74.177.167](https://vuldb.com/?ip.39.74.177.167) | - | - | High
|
||||
61 | [39.81.71.78](https://vuldb.com/?ip.39.81.71.78) | - | - | High
|
||||
62 | [41.86.5.232](https://vuldb.com/?ip.41.86.5.232) | - | - | High
|
||||
63 | [41.86.18.34](https://vuldb.com/?ip.41.86.18.34) | - | - | High
|
||||
64 | [41.86.18.165](https://vuldb.com/?ip.41.86.18.165) | - | - | High
|
||||
65 | [41.86.19.146](https://vuldb.com/?ip.41.86.19.146) | - | - | High
|
||||
66 | [42.51.55.157](https://vuldb.com/?ip.42.51.55.157) | - | - | High
|
||||
67 | [42.115.33.98](https://vuldb.com/?ip.42.115.33.98) | - | - | High
|
||||
68 | [42.228.193.67](https://vuldb.com/?ip.42.228.193.67) | hn.kd.ny.adsl | - | High
|
||||
69 | [42.231.171.245](https://vuldb.com/?ip.42.231.171.245) | hn.kd.ny.adsl | - | High
|
||||
70 | [43.251.99.6](https://vuldb.com/?ip.43.251.99.6) | - | - | High
|
||||
71 | [44.192.244.178](https://vuldb.com/?ip.44.192.244.178) | ec2-44-192-244-178.compute-1.amazonaws.com | - | Medium
|
||||
72 | [45.146.164.110](https://vuldb.com/?ip.45.146.164.110) | - | - | High
|
||||
73 | [45.229.54.55](https://vuldb.com/?ip.45.229.54.55) | 55-54-229-45.redevirtualnet.com.br | - | High
|
||||
74 | [45.229.54.83](https://vuldb.com/?ip.45.229.54.83) | 83-54-229-45.redevirtualnet.com.br | - | High
|
||||
75 | [45.229.54.143](https://vuldb.com/?ip.45.229.54.143) | 143-54-229-45.redevirtualnet.com.br | - | High
|
||||
76 | [45.229.54.193](https://vuldb.com/?ip.45.229.54.193) | 193-54-229-45.redevirtualnet.com.br | - | High
|
||||
77 | [45.229.54.199](https://vuldb.com/?ip.45.229.54.199) | 199-54-229-45.redevirtualnet.com.br | - | High
|
||||
78 | [45.229.54.212](https://vuldb.com/?ip.45.229.54.212) | 212-54-229-45.redevirtualnet.com.br | - | High
|
||||
79 | [45.229.55.57](https://vuldb.com/?ip.45.229.55.57) | 57-55-229-45.redevirtualnet.com.br | - | High
|
||||
80 | [45.229.55.69](https://vuldb.com/?ip.45.229.55.69) | 69-55-229-45.redevirtualnet.com.br | - | High
|
||||
81 | [45.229.55.112](https://vuldb.com/?ip.45.229.55.112) | 112-55-229-45.redevirtualnet.com.br | - | High
|
||||
82 | [45.248.192.48](https://vuldb.com/?ip.45.248.192.48) | - | - | High
|
||||
83 | [46.4.123.15](https://vuldb.com/?ip.46.4.123.15) | ullirsrv2.servebbs.net | - | High
|
||||
84 | [46.101.13.94](https://vuldb.com/?ip.46.101.13.94) | - | - | High
|
||||
85 | [46.183.218.151](https://vuldb.com/?ip.46.183.218.151) | ip-218-151.dataclub.info | - | High
|
||||
86 | [49.76.60.132](https://vuldb.com/?ip.49.76.60.132) | - | - | High
|
||||
87 | [49.89.62.252](https://vuldb.com/?ip.49.89.62.252) | - | - | High
|
||||
88 | [49.89.90.173](https://vuldb.com/?ip.49.89.90.173) | - | - | High
|
||||
89 | [49.89.93.21](https://vuldb.com/?ip.49.89.93.21) | - | - | High
|
||||
90 | [49.89.95.159](https://vuldb.com/?ip.49.89.95.159) | - | - | High
|
||||
91 | [49.143.32.6](https://vuldb.com/?ip.49.143.32.6) | - | - | High
|
||||
92 | [49.158.196.18](https://vuldb.com/?ip.49.158.196.18) | 49-158-196-18.dynamic.elinx.com.tw | - | High
|
||||
93 | [49.213.183.219](https://vuldb.com/?ip.49.213.183.219) | 219-183-213-49.tinp.net.tw | - | High
|
||||
94 | [49.213.187.246](https://vuldb.com/?ip.49.213.187.246) | 246-187-213-49.tinp.net.tw | - | High
|
||||
95 | [51.15.228.117](https://vuldb.com/?ip.51.15.228.117) | 117-228-15-51.instances.scw.cloud | - | High
|
||||
96 | [51.15.246.104](https://vuldb.com/?ip.51.15.246.104) | n1.crossmods.com | - | High
|
||||
97 | [51.158.64.113](https://vuldb.com/?ip.51.158.64.113) | 113-64-158-51.instances.scw.cloud | - | High
|
||||
98 | [51.158.102.132](https://vuldb.com/?ip.51.158.102.132) | 132-102-158-51.instances.scw.cloud | - | High
|
||||
99 | [51.158.108.237](https://vuldb.com/?ip.51.158.108.237) | 237-108-158-51.instances.scw.cloud | - | High
|
||||
100 | [51.158.117.164](https://vuldb.com/?ip.51.158.117.164) | 164-117-158-51.instances.scw.cloud | - | High
|
||||
101 | [51.158.125.226](https://vuldb.com/?ip.51.158.125.226) | 226-125-158-51.instances.scw.cloud | - | High
|
||||
102 | [51.211.24.160](https://vuldb.com/?ip.51.211.24.160) | - | - | High
|
||||
103 | [51.211.112.79](https://vuldb.com/?ip.51.211.112.79) | - | - | High
|
||||
104 | [51.211.117.109](https://vuldb.com/?ip.51.211.117.109) | - | - | High
|
||||
105 | [57.128.54.210](https://vuldb.com/?ip.57.128.54.210) | ip210.ip-57-128-54.eu | - | High
|
||||
106 | [58.58.41.106](https://vuldb.com/?ip.58.58.41.106) | - | - | High
|
||||
107 | [58.99.99.34](https://vuldb.com/?ip.58.99.99.34) | 34-99-99-58.tinp.net.tw | - | High
|
||||
108 | [58.219.232.140](https://vuldb.com/?ip.58.219.232.140) | - | - | High
|
||||
109 | [58.248.147.64](https://vuldb.com/?ip.58.248.147.64) | - | - | High
|
||||
110 | [58.248.193.3](https://vuldb.com/?ip.58.248.193.3) | - | - | High
|
||||
111 | [58.248.193.50](https://vuldb.com/?ip.58.248.193.50) | - | - | High
|
||||
112 | [58.248.193.88](https://vuldb.com/?ip.58.248.193.88) | - | - | High
|
||||
113 | [58.248.193.97](https://vuldb.com/?ip.58.248.193.97) | - | - | High
|
||||
114 | [58.248.193.105](https://vuldb.com/?ip.58.248.193.105) | - | - | High
|
||||
115 | [58.248.193.132](https://vuldb.com/?ip.58.248.193.132) | - | - | High
|
||||
116 | [58.248.193.141](https://vuldb.com/?ip.58.248.193.141) | - | - | High
|
||||
117 | [58.248.193.232](https://vuldb.com/?ip.58.248.193.232) | - | - | High
|
||||
118 | [58.248.193.246](https://vuldb.com/?ip.58.248.193.246) | - | - | High
|
||||
119 | [58.249.12.95](https://vuldb.com/?ip.58.249.12.95) | - | - | High
|
||||
120 | [58.249.87.78](https://vuldb.com/?ip.58.249.87.78) | - | - | High
|
||||
121 | [58.249.110.198](https://vuldb.com/?ip.58.249.110.198) | - | - | High
|
||||
122 | [58.253.12.9](https://vuldb.com/?ip.58.253.12.9) | - | - | High
|
||||
123 | [59.63.204.76](https://vuldb.com/?ip.59.63.204.76) | - | - | High
|
||||
124 | [59.63.204.245](https://vuldb.com/?ip.59.63.204.245) | - | - | High
|
||||
125 | [59.63.207.69](https://vuldb.com/?ip.59.63.207.69) | - | - | High
|
||||
126 | [59.126.96.5](https://vuldb.com/?ip.59.126.96.5) | 59-126-96-5.hinet-ip.hinet.net | - | High
|
||||
127 | [59.127.209.88](https://vuldb.com/?ip.59.127.209.88) | 59-127-209-88.hinet-ip.hinet.net | - | High
|
||||
128 | [59.175.63.89](https://vuldb.com/?ip.59.175.63.89) | - | - | High
|
||||
129 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
There are 512 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -31,13 +159,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
|
@ -47,40 +174,60 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMFILES(X86)%\IDriveWindows` | High
|
||||
2 | File | `/.dbus-keyrings` | High
|
||||
3 | File | `/.env` | Low
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin.php?controller=admin_commonuser` | High
|
||||
6 | File | `/admin/?page=inmates/view_inmate` | High
|
||||
7 | File | `/admin/?page=user/list` | High
|
||||
8 | File | `/admin/content/index` | High
|
||||
9 | File | `/admin/convert/export_z3950_new.php` | High
|
||||
10 | File | `/admin/edit_product.php` | High
|
||||
11 | File | `/admin/reg.php` | High
|
||||
12 | File | `/adms/admin/?page=vehicles/sell_vehicle` | High
|
||||
13 | File | `/ajax/update_certificate` | High
|
||||
14 | File | `/api/admin/system/store/order/list` | High
|
||||
15 | File | `/api/jmeter/download/files` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/configs/application.ini` | High
|
||||
18 | File | `/customs/loan_by_class.php?reportView` | High
|
||||
19 | File | `/ecommerce/admin/settings/setDiscount.php` | High
|
||||
20 | File | `/editor/index.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/fos/admin/ajax.php` | High
|
||||
23 | File | `/goform/WifiBasicSet` | High
|
||||
24 | File | `/intern/controller.php` | High
|
||||
25 | File | `/LEPTON_stable_2.2.2/upload/account/logout.php` | High
|
||||
26 | File | `/master/core/PostHandler.php` | High
|
||||
27 | ... | ... | ...
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
3 | File | `/admin/adclass.php` | High
|
||||
4 | File | `/admin/students/view_details.php` | High
|
||||
5 | File | `/ajax-files/followBoard.php` | High
|
||||
6 | File | `/ajax.php?action=read_msg` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/api/upload.php` | High
|
||||
9 | File | `/api?path=profile` | High
|
||||
10 | File | `/auth/callback` | High
|
||||
11 | File | `/authenticationendpoint/login.do` | High
|
||||
12 | File | `/booking/show_bookings/` | High
|
||||
13 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
14 | File | `/cgi-bin/wapopen` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cgi.cgi` | Medium
|
||||
17 | File | `/ci_spms/admin/search/searching/` | High
|
||||
18 | File | `/classes/Master.php?f=save_brand` | High
|
||||
19 | File | `/collection/all` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/etc/pki/pesign` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/getcfg.php` | Medium
|
||||
26 | File | `/goform/setportList` | High
|
||||
27 | File | `/goform/set_LimitClient_cfg` | High
|
||||
28 | File | `/graphql` | Medium
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/h/autoSaveDraft` | High
|
||||
31 | File | `/index.php?page=member` | High
|
||||
32 | File | `/log/decodmail.php` | High
|
||||
33 | File | `/modules/projects/vw_files.php` | High
|
||||
34 | File | `/owa/auth/logon.aspx` | High
|
||||
35 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
36 | File | `/preview.php` | Medium
|
||||
37 | File | `/QueryView.php` | High
|
||||
38 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
39 | File | `/romfile.cfg` | Medium
|
||||
40 | File | `/search.php` | Medium
|
||||
41 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
42 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
43 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
44 | File | `/staff/bookdetails.php` | High
|
||||
45 | File | `/staff/edit_book_details.php` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 230 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 399 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://github.com/firehol/blocklist-ipsets/blob/master/alienvault_reputation.ipset
|
||||
* https://threatfox.abuse.ch
|
||||
|
||||
## Literature
|
||||
|
|
|
|||
|
|
@ -0,0 +1,88 @@
|
|||
# Andariel - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Andariel](https://vuldb.com/?actor.andariel). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.andariel](https://vuldb.com/?actor.andariel)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Andariel:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [BE](https://vuldb.com/?country.be)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Andariel.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [4.246.144.112](https://vuldb.com/?ip.4.246.144.112) | - | - | High
|
||||
2 | [4.246.149.227](https://vuldb.com/?ip.4.246.149.227) | - | - | High
|
||||
3 | [8.213.128.76](https://vuldb.com/?ip.8.213.128.76) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Andariel_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Andariel. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/article.php` | High
|
||||
2 | File | `/admin/uesrs.php&action=type&userrole=Admin&userid=3` | High
|
||||
3 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
4 | File | `/cgi-bin/webproc` | High
|
||||
5 | File | `/dist/index.js` | High
|
||||
6 | File | `/expert_wizard.php` | High
|
||||
7 | File | `/files/list-file` | High
|
||||
8 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
9 | File | `/login.html` | Medium
|
||||
10 | File | `/new` | Low
|
||||
11 | File | `/public/login.htm` | High
|
||||
12 | File | `/static/ueditor/php/controller.php` | High
|
||||
13 | File | `/system?action=ServiceAdmin` | High
|
||||
14 | File | `/upload` | Low
|
||||
15 | File | `/var/log/nginx` | High
|
||||
16 | File | `/wp-json` | Medium
|
||||
17 | File | `add_edit_user.asp` | High
|
||||
18 | File | `add_vhost.php` | High
|
||||
19 | ... | ... | ...
|
||||
|
||||
There are 154 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://asec.ahnlab.com/en/56405/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
# Antibot.pw - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Antibot.pw](https://vuldb.com/?actor.antibot.pw). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.antibot.pw](https://vuldb.com/?actor.antibot.pw)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Antibot.pw:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Antibot.pw.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.63.85.138](https://vuldb.com/?ip.45.63.85.138) | 45.63.85.138.vultrusercontent.com | - | High
|
||||
2 | [45.76.179.109](https://vuldb.com/?ip.45.76.179.109) | 45.76.179.109.vultrusercontent.com | - | High
|
||||
3 | [104.21.11.160](https://vuldb.com/?ip.104.21.11.160) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Antibot.pw_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1055 | CWE-74 | Injection | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Antibot.pw. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/forum/away.php` | High
|
||||
3 | File | `addentry.php` | Medium
|
||||
4 | File | `admin/index.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://inquest.net/blog/adversary-on-the-defense-antibot-pw/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
@ -93,7 +93,7 @@ ID | Type | Indicator | Confidence
|
|||
41 | File | `/members/view_member.php` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 365 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 366 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -69,264 +69,269 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
46 | [3.144.124.4](https://vuldb.com/?ip.3.144.124.4) | ec2-3-144-124-4.us-east-2.compute.amazonaws.com | - | Medium
|
||||
47 | [3.219.26.62](https://vuldb.com/?ip.3.219.26.62) | ec2-3-219-26-62.compute-1.amazonaws.com | - | Medium
|
||||
48 | [3.237.100.172](https://vuldb.com/?ip.3.237.100.172) | ec2-3-237-100-172.compute-1.amazonaws.com | - | Medium
|
||||
49 | [4.227.187.147](https://vuldb.com/?ip.4.227.187.147) | - | - | High
|
||||
50 | [4.229.235.23](https://vuldb.com/?ip.4.229.235.23) | - | - | High
|
||||
51 | [4.231.233.180](https://vuldb.com/?ip.4.231.233.180) | - | - | High
|
||||
52 | [5.39.15.167](https://vuldb.com/?ip.5.39.15.167) | - | - | High
|
||||
53 | [5.68.138.73](https://vuldb.com/?ip.5.68.138.73) | 05448a49.skybroadband.com | - | High
|
||||
54 | [5.68.199.16](https://vuldb.com/?ip.5.68.199.16) | 0544c710.skybroadband.com | - | High
|
||||
55 | [5.78.65.18](https://vuldb.com/?ip.5.78.65.18) | static.18.65.78.5.clients.your-server.de | - | High
|
||||
56 | [5.161.76.198](https://vuldb.com/?ip.5.161.76.198) | static.198.76.161.5.clients.your-server.de | - | High
|
||||
57 | [5.161.115.90](https://vuldb.com/?ip.5.161.115.90) | static.90.115.161.5.clients.your-server.de | - | High
|
||||
58 | [5.161.139.136](https://vuldb.com/?ip.5.161.139.136) | static.136.139.161.5.clients.your-server.de | - | High
|
||||
59 | [5.161.192.28](https://vuldb.com/?ip.5.161.192.28) | static.28.192.161.5.clients.your-server.de | - | High
|
||||
60 | [5.180.104.172](https://vuldb.com/?ip.5.180.104.172) | protection.sdflare.com | - | High
|
||||
61 | [5.180.107.130](https://vuldb.com/?ip.5.180.107.130) | ip.serverscity.net | - | High
|
||||
62 | [5.181.80.120](https://vuldb.com/?ip.5.181.80.120) | alarmedbook.de | - | High
|
||||
63 | [5.181.234.149](https://vuldb.com/?ip.5.181.234.149) | - | - | High
|
||||
64 | [5.188.51.32](https://vuldb.com/?ip.5.188.51.32) | vps.43284172.llhost-inc.eu | - | High
|
||||
65 | [5.188.86.237](https://vuldb.com/?ip.5.188.86.237) | - | - | High
|
||||
66 | [5.196.35.57](https://vuldb.com/?ip.5.196.35.57) | ip57.ip-5-196-35.eu | - | High
|
||||
67 | [5.196.102.93](https://vuldb.com/?ip.5.196.102.93) | ip93.ip-5-196-102.eu | - | High
|
||||
68 | [5.196.174.49](https://vuldb.com/?ip.5.196.174.49) | - | - | High
|
||||
69 | [5.224.222.63](https://vuldb.com/?ip.5.224.222.63) | 5-224-222-63.red-acceso.airtel.net | - | High
|
||||
70 | [5.224.222.214](https://vuldb.com/?ip.5.224.222.214) | 5-224-222-214.red-acceso.airtel.net | - | High
|
||||
71 | [5.230.68.234](https://vuldb.com/?ip.5.230.68.234) | placeholder.noezserver.de | - | High
|
||||
72 | [5.230.69.11](https://vuldb.com/?ip.5.230.69.11) | placeholder.noezserver.de | - | High
|
||||
73 | [5.230.70.13](https://vuldb.com/?ip.5.230.70.13) | placeholder.noezserver.de | - | High
|
||||
74 | [5.230.70.106](https://vuldb.com/?ip.5.230.70.106) | placeholder.noezserver.de | - | High
|
||||
75 | [5.230.72.132](https://vuldb.com/?ip.5.230.72.132) | placeholder.noezserver.de | - | High
|
||||
76 | [5.230.84.50](https://vuldb.com/?ip.5.230.84.50) | - | - | High
|
||||
77 | [5.249.165.85](https://vuldb.com/?ip.5.249.165.85) | vps-zap756760-2.zap-srv.com | - | High
|
||||
78 | [5.252.165.130](https://vuldb.com/?ip.5.252.165.130) | - | - | High
|
||||
79 | [8.39.147.42](https://vuldb.com/?ip.8.39.147.42) | jinis.co.uk | - | High
|
||||
80 | [8.210.121.56](https://vuldb.com/?ip.8.210.121.56) | - | - | High
|
||||
81 | [10.0.10.128](https://vuldb.com/?ip.10.0.10.128) | - | - | High
|
||||
82 | [13.36.178.139](https://vuldb.com/?ip.13.36.178.139) | ec2-13-36-178-139.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
83 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
|
||||
84 | [13.66.153.98](https://vuldb.com/?ip.13.66.153.98) | - | - | High
|
||||
85 | [13.72.107.36](https://vuldb.com/?ip.13.72.107.36) | - | - | High
|
||||
86 | [13.76.94.179](https://vuldb.com/?ip.13.76.94.179) | - | - | High
|
||||
87 | [13.77.222.211](https://vuldb.com/?ip.13.77.222.211) | - | - | High
|
||||
88 | [13.233.168.154](https://vuldb.com/?ip.13.233.168.154) | ec2-13-233-168-154.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
89 | [14.17.115.109](https://vuldb.com/?ip.14.17.115.109) | - | - | High
|
||||
90 | [14.173.70.169](https://vuldb.com/?ip.14.173.70.169) | static.vnpt.vn | - | High
|
||||
91 | [14.186.155.171](https://vuldb.com/?ip.14.186.155.171) | static.vnpt.vn | - | High
|
||||
92 | [14.191.50.101](https://vuldb.com/?ip.14.191.50.101) | static.vnpt.vn | - | High
|
||||
93 | [15.165.236.45](https://vuldb.com/?ip.15.165.236.45) | ec2-15-165-236-45.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
94 | [15.204.170.1](https://vuldb.com/?ip.15.204.170.1) | ip1.ip-15-204-170.us | - | High
|
||||
95 | [15.235.10.108](https://vuldb.com/?ip.15.235.10.108) | ns5008350.ip-15-235-10.net | - | High
|
||||
96 | [15.235.13.122](https://vuldb.com/?ip.15.235.13.122) | ns5009176.ip-15-235-13.net | - | High
|
||||
97 | [18.133.124.202](https://vuldb.com/?ip.18.133.124.202) | ec2-18-133-124-202.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
98 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
99 | [18.141.129.246](https://vuldb.com/?ip.18.141.129.246) | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
100 | [18.188.14.8](https://vuldb.com/?ip.18.188.14.8) | ec2-18-188-14-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
101 | [18.192.31.165](https://vuldb.com/?ip.18.192.31.165) | ec2-18-192-31-165.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
102 | [18.195.138.26](https://vuldb.com/?ip.18.195.138.26) | ec2-18-195-138-26.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
103 | [18.207.218.15](https://vuldb.com/?ip.18.207.218.15) | ec2-18-207-218-15.compute-1.amazonaws.com | - | Medium
|
||||
104 | [20.4.6.16](https://vuldb.com/?ip.20.4.6.16) | - | - | High
|
||||
105 | [20.8.122.174](https://vuldb.com/?ip.20.8.122.174) | - | - | High
|
||||
106 | [20.12.204.46](https://vuldb.com/?ip.20.12.204.46) | - | - | High
|
||||
107 | [20.16.8.148](https://vuldb.com/?ip.20.16.8.148) | - | - | High
|
||||
108 | [20.25.94.83](https://vuldb.com/?ip.20.25.94.83) | - | - | High
|
||||
109 | [20.42.114.46](https://vuldb.com/?ip.20.42.114.46) | - | - | High
|
||||
110 | [20.52.33.123](https://vuldb.com/?ip.20.52.33.123) | - | - | High
|
||||
111 | [20.52.138.14](https://vuldb.com/?ip.20.52.138.14) | - | - | High
|
||||
112 | [20.52.142.130](https://vuldb.com/?ip.20.52.142.130) | - | - | High
|
||||
113 | [20.52.151.53](https://vuldb.com/?ip.20.52.151.53) | - | - | High
|
||||
114 | [20.52.178.148](https://vuldb.com/?ip.20.52.178.148) | - | - | High
|
||||
115 | [20.54.113.5](https://vuldb.com/?ip.20.54.113.5) | - | - | High
|
||||
116 | [20.62.3.66](https://vuldb.com/?ip.20.62.3.66) | - | - | High
|
||||
117 | [20.67.243.141](https://vuldb.com/?ip.20.67.243.141) | - | - | High
|
||||
118 | [20.68.110.75](https://vuldb.com/?ip.20.68.110.75) | - | - | High
|
||||
119 | [20.69.124.187](https://vuldb.com/?ip.20.69.124.187) | - | - | High
|
||||
120 | [20.69.152.28](https://vuldb.com/?ip.20.69.152.28) | - | - | High
|
||||
121 | [20.77.254.176](https://vuldb.com/?ip.20.77.254.176) | - | - | High
|
||||
122 | [20.83.245.27](https://vuldb.com/?ip.20.83.245.27) | - | - | High
|
||||
123 | [20.86.25.230](https://vuldb.com/?ip.20.86.25.230) | - | - | High
|
||||
124 | [20.98.96.97](https://vuldb.com/?ip.20.98.96.97) | - | - | High
|
||||
125 | [20.98.113.24](https://vuldb.com/?ip.20.98.113.24) | - | - | High
|
||||
126 | [20.98.203.218](https://vuldb.com/?ip.20.98.203.218) | - | - | High
|
||||
127 | [20.100.196.69](https://vuldb.com/?ip.20.100.196.69) | - | - | High
|
||||
128 | [20.107.115.162](https://vuldb.com/?ip.20.107.115.162) | - | - | High
|
||||
129 | [20.108.44.45](https://vuldb.com/?ip.20.108.44.45) | - | - | High
|
||||
130 | [20.111.19.215](https://vuldb.com/?ip.20.111.19.215) | - | - | High
|
||||
131 | [20.111.34.199](https://vuldb.com/?ip.20.111.34.199) | - | - | High
|
||||
132 | [20.111.63.231](https://vuldb.com/?ip.20.111.63.231) | - | - | High
|
||||
133 | [20.113.159.145](https://vuldb.com/?ip.20.113.159.145) | - | - | High
|
||||
134 | [20.114.139.208](https://vuldb.com/?ip.20.114.139.208) | - | - | High
|
||||
135 | [20.117.208.193](https://vuldb.com/?ip.20.117.208.193) | - | - | High
|
||||
136 | [20.123.180.103](https://vuldb.com/?ip.20.123.180.103) | - | - | High
|
||||
137 | [20.124.90.72](https://vuldb.com/?ip.20.124.90.72) | - | - | High
|
||||
138 | [20.125.118.35](https://vuldb.com/?ip.20.125.118.35) | - | - | High
|
||||
139 | [20.125.122.98](https://vuldb.com/?ip.20.125.122.98) | - | - | High
|
||||
140 | [20.127.4.172](https://vuldb.com/?ip.20.127.4.172) | - | - | High
|
||||
141 | [20.150.193.28](https://vuldb.com/?ip.20.150.193.28) | - | - | High
|
||||
142 | [20.151.221.59](https://vuldb.com/?ip.20.151.221.59) | - | - | High
|
||||
143 | [20.166.62.124](https://vuldb.com/?ip.20.166.62.124) | - | - | High
|
||||
144 | [20.169.37.196](https://vuldb.com/?ip.20.169.37.196) | - | - | High
|
||||
145 | [20.169.104.228](https://vuldb.com/?ip.20.169.104.228) | - | - | High
|
||||
146 | [20.171.107.243](https://vuldb.com/?ip.20.171.107.243) | - | - | High
|
||||
147 | [20.184.2.45](https://vuldb.com/?ip.20.184.2.45) | - | - | High
|
||||
148 | [20.197.177.229](https://vuldb.com/?ip.20.197.177.229) | - | - | High
|
||||
149 | [20.197.196.201](https://vuldb.com/?ip.20.197.196.201) | - | - | High
|
||||
150 | [20.197.226.40](https://vuldb.com/?ip.20.197.226.40) | - | - | High
|
||||
151 | [20.199.101.68](https://vuldb.com/?ip.20.199.101.68) | - | - | High
|
||||
152 | [20.199.112.16](https://vuldb.com/?ip.20.199.112.16) | - | - | High
|
||||
153 | [20.199.120.149](https://vuldb.com/?ip.20.199.120.149) | - | - | High
|
||||
154 | [20.199.121.197](https://vuldb.com/?ip.20.199.121.197) | - | - | High
|
||||
155 | [20.200.63.2](https://vuldb.com/?ip.20.200.63.2) | - | - | High
|
||||
156 | [20.203.178.116](https://vuldb.com/?ip.20.203.178.116) | - | - | High
|
||||
157 | [20.211.5.151](https://vuldb.com/?ip.20.211.5.151) | - | - | High
|
||||
158 | [20.212.19.59](https://vuldb.com/?ip.20.212.19.59) | - | - | High
|
||||
159 | [20.224.162.224](https://vuldb.com/?ip.20.224.162.224) | - | - | High
|
||||
160 | [20.226.0.95](https://vuldb.com/?ip.20.226.0.95) | - | - | High
|
||||
161 | [20.226.101.17](https://vuldb.com/?ip.20.226.101.17) | - | - | High
|
||||
162 | [20.226.120.127](https://vuldb.com/?ip.20.226.120.127) | - | - | High
|
||||
163 | [20.238.78.172](https://vuldb.com/?ip.20.238.78.172) | - | - | High
|
||||
164 | [20.240.61.211](https://vuldb.com/?ip.20.240.61.211) | - | - | High
|
||||
165 | [23.94.82.24](https://vuldb.com/?ip.23.94.82.24) | 23-94-82-24-host.colocrossing.com | - | High
|
||||
166 | [23.94.159.212](https://vuldb.com/?ip.23.94.159.212) | 23-94-159-212-host.colocrossing.com | - | High
|
||||
167 | [23.94.236.147](https://vuldb.com/?ip.23.94.236.147) | 23-94-236-147-host.colocrossing.com | - | High
|
||||
168 | [23.95.13.189](https://vuldb.com/?ip.23.95.13.189) | 23-95-13-189-host.colocrossing.com | - | High
|
||||
169 | [23.95.115.74](https://vuldb.com/?ip.23.95.115.74) | rawss.futurce.org.uk | - | High
|
||||
170 | [23.101.143.72](https://vuldb.com/?ip.23.101.143.72) | - | - | High
|
||||
171 | [23.101.213.237](https://vuldb.com/?ip.23.101.213.237) | - | - | High
|
||||
172 | [23.102.1.5](https://vuldb.com/?ip.23.102.1.5) | - | - | High
|
||||
173 | [23.102.122.72](https://vuldb.com/?ip.23.102.122.72) | - | - | High
|
||||
174 | [23.102.129.234](https://vuldb.com/?ip.23.102.129.234) | - | - | High
|
||||
175 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
|
||||
176 | [23.105.131.207](https://vuldb.com/?ip.23.105.131.207) | mail207.nessfist.com | - | High
|
||||
177 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | mail209.nessfist.com | - | High
|
||||
178 | [23.105.131.212](https://vuldb.com/?ip.23.105.131.212) | mail212.nessfist.com | - | High
|
||||
179 | [23.105.131.236](https://vuldb.com/?ip.23.105.131.236) | mail236.nessfist.com | - | High
|
||||
180 | [23.105.131.239](https://vuldb.com/?ip.23.105.131.239) | mail239.nessfist.com | - | High
|
||||
181 | [23.129.232.160](https://vuldb.com/?ip.23.129.232.160) | - | - | High
|
||||
182 | [23.146.242.100](https://vuldb.com/?ip.23.146.242.100) | - | - | High
|
||||
183 | [23.226.77.22](https://vuldb.com/?ip.23.226.77.22) | we.love.servers.at.ioflood.net | - | High
|
||||
184 | [23.229.67.133](https://vuldb.com/?ip.23.229.67.133) | gallerymethodwakebottom.as | - | High
|
||||
185 | [23.237.25.246](https://vuldb.com/?ip.23.237.25.246) | - | - | High
|
||||
186 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
|
||||
187 | [23.254.130.126](https://vuldb.com/?ip.23.254.130.126) | hwsrv-1069616.hostwindsdns.com | - | High
|
||||
188 | [23.254.227.121](https://vuldb.com/?ip.23.254.227.121) | hwsrv-1063912.hostwindsdns.com | - | High
|
||||
189 | [23.254.231.83](https://vuldb.com/?ip.23.254.231.83) | hwsrv-1070248.hostwindsdns.com | - | High
|
||||
190 | [31.41.244.135](https://vuldb.com/?ip.31.41.244.135) | - | - | High
|
||||
191 | [31.170.22.28](https://vuldb.com/?ip.31.170.22.28) | - | - | High
|
||||
192 | [31.192.236.139](https://vuldb.com/?ip.31.192.236.139) | winupdate02.pserver.ru | - | High
|
||||
193 | [31.210.20.79](https://vuldb.com/?ip.31.210.20.79) | - | - | High
|
||||
194 | [31.210.20.167](https://vuldb.com/?ip.31.210.20.167) | - | - | High
|
||||
195 | [31.210.20.192](https://vuldb.com/?ip.31.210.20.192) | - | - | High
|
||||
196 | [31.210.21.188](https://vuldb.com/?ip.31.210.21.188) | linir.top | - | High
|
||||
197 | [34.69.119.138](https://vuldb.com/?ip.34.69.119.138) | 138.119.69.34.bc.googleusercontent.com | - | Medium
|
||||
198 | [34.71.81.158](https://vuldb.com/?ip.34.71.81.158) | 158.81.71.34.bc.googleusercontent.com | - | Medium
|
||||
199 | [34.125.144.45](https://vuldb.com/?ip.34.125.144.45) | 45.144.125.34.bc.googleusercontent.com | - | Medium
|
||||
200 | [34.140.211.85](https://vuldb.com/?ip.34.140.211.85) | 85.211.140.34.bc.googleusercontent.com | - | Medium
|
||||
201 | [35.239.113.160](https://vuldb.com/?ip.35.239.113.160) | 160.113.239.35.bc.googleusercontent.com | - | Medium
|
||||
202 | [36.255.96.200](https://vuldb.com/?ip.36.255.96.200) | - | - | High
|
||||
203 | [37.0.8.17](https://vuldb.com/?ip.37.0.8.17) | stokes.springtimemartialarts.com | - | High
|
||||
204 | [37.0.8.20](https://vuldb.com/?ip.37.0.8.20) | jacksonirwin.springtimemartialarts.com | - | High
|
||||
205 | [37.0.8.67](https://vuldb.com/?ip.37.0.8.67) | willis.capitolreservations.com | - | High
|
||||
206 | [37.0.8.93](https://vuldb.com/?ip.37.0.8.93) | shawtran.capitolreservations.com | - | High
|
||||
207 | [37.0.8.191](https://vuldb.com/?ip.37.0.8.191) | frederick.athinneru.com | - | High
|
||||
208 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
|
||||
209 | [37.0.11.45](https://vuldb.com/?ip.37.0.11.45) | - | - | High
|
||||
210 | [37.0.11.246](https://vuldb.com/?ip.37.0.11.246) | - | - | High
|
||||
211 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
|
||||
212 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
213 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
214 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
215 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
216 | [37.49.230.185](https://vuldb.com/?ip.37.49.230.185) | - | - | High
|
||||
217 | [37.120.208.36](https://vuldb.com/?ip.37.120.208.36) | - | - | High
|
||||
218 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
219 | [37.120.212.235](https://vuldb.com/?ip.37.120.212.235) | - | - | High
|
||||
220 | [37.120.217.243](https://vuldb.com/?ip.37.120.217.243) | - | - | High
|
||||
221 | [37.120.247.24](https://vuldb.com/?ip.37.120.247.24) | - | - | High
|
||||
222 | [37.196.152.120](https://vuldb.com/?ip.37.196.152.120) | m37-196-152-120.cust.tele2.se | - | High
|
||||
223 | [37.221.121.20](https://vuldb.com/?ip.37.221.121.20) | chvt-mail-129.stashkeen.com | - | High
|
||||
224 | [37.221.122.76](https://vuldb.com/?ip.37.221.122.76) | server.modernizmir.net | - | High
|
||||
225 | [37.249.78.26](https://vuldb.com/?ip.37.249.78.26) | apn-37-249-78-26.dynamic.gprs.plus.pl | - | High
|
||||
226 | [38.17.51.104](https://vuldb.com/?ip.38.17.51.104) | - | - | High
|
||||
227 | [38.47.205.151](https://vuldb.com/?ip.38.47.205.151) | - | - | High
|
||||
228 | [38.105.209.167](https://vuldb.com/?ip.38.105.209.167) | vmi737189.contaboserver.net | - | High
|
||||
229 | [38.130.221.190](https://vuldb.com/?ip.38.130.221.190) | 38.130.221.190.hosted.at.cloudsouth.com | - | High
|
||||
230 | [38.132.99.156](https://vuldb.com/?ip.38.132.99.156) | - | - | High
|
||||
231 | [38.242.242.149](https://vuldb.com/?ip.38.242.242.149) | vmi1313701.contaboserver.net | - | High
|
||||
232 | [40.90.210.21](https://vuldb.com/?ip.40.90.210.21) | - | - | High
|
||||
233 | [40.113.131.31](https://vuldb.com/?ip.40.113.131.31) | - | - | High
|
||||
234 | [40.118.53.192](https://vuldb.com/?ip.40.118.53.192) | - | - | High
|
||||
235 | [40.122.131.23](https://vuldb.com/?ip.40.122.131.23) | - | - | High
|
||||
236 | [41.72.146.10](https://vuldb.com/?ip.41.72.146.10) | - | - | High
|
||||
237 | [41.141.211.80](https://vuldb.com/?ip.41.141.211.80) | - | - | High
|
||||
238 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
|
||||
239 | [41.216.183.175](https://vuldb.com/?ip.41.216.183.175) | - | - | High
|
||||
240 | [41.250.187.176](https://vuldb.com/?ip.41.250.187.176) | - | - | High
|
||||
241 | [41.251.4.158](https://vuldb.com/?ip.41.251.4.158) | - | - | High
|
||||
242 | [41.251.51.168](https://vuldb.com/?ip.41.251.51.168) | - | - | High
|
||||
243 | [43.138.160.55](https://vuldb.com/?ip.43.138.160.55) | - | - | High
|
||||
244 | [43.139.124.22](https://vuldb.com/?ip.43.139.124.22) | - | - | High
|
||||
245 | [43.154.97.109](https://vuldb.com/?ip.43.154.97.109) | - | - | High
|
||||
246 | [43.226.49.147](https://vuldb.com/?ip.43.226.49.147) | - | - | High
|
||||
247 | [43.249.30.55](https://vuldb.com/?ip.43.249.30.55) | - | - | High
|
||||
248 | [44.192.67.149](https://vuldb.com/?ip.44.192.67.149) | ec2-44-192-67-149.compute-1.amazonaws.com | - | Medium
|
||||
249 | [45.12.253.31](https://vuldb.com/?ip.45.12.253.31) | - | - | High
|
||||
250 | [45.12.253.58](https://vuldb.com/?ip.45.12.253.58) | - | - | High
|
||||
251 | [45.12.253.107](https://vuldb.com/?ip.45.12.253.107) | - | - | High
|
||||
252 | [45.14.224.94](https://vuldb.com/?ip.45.14.224.94) | web117.excw.nl | - | High
|
||||
253 | [45.15.143.183](https://vuldb.com/?ip.45.15.143.183) | - | - | High
|
||||
254 | [45.15.143.191](https://vuldb.com/?ip.45.15.143.191) | - | - | High
|
||||
255 | [45.15.143.199](https://vuldb.com/?ip.45.15.143.199) | - | - | High
|
||||
256 | [45.32.99.249](https://vuldb.com/?ip.45.32.99.249) | 45.32.99.249.vultrusercontent.com | - | High
|
||||
257 | [45.32.211.35](https://vuldb.com/?ip.45.32.211.35) | 45.32.211.35.vultrusercontent.com | - | High
|
||||
258 | [45.58.190.125](https://vuldb.com/?ip.45.58.190.125) | - | - | High
|
||||
259 | [45.66.248.114](https://vuldb.com/?ip.45.66.248.114) | - | - | High
|
||||
260 | [45.74.0.212](https://vuldb.com/?ip.45.74.0.212) | - | - | High
|
||||
261 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
262 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
263 | [45.76.56.26](https://vuldb.com/?ip.45.76.56.26) | 45.76.56.26.vultrusercontent.com | - | High
|
||||
264 | [45.77.142.82](https://vuldb.com/?ip.45.77.142.82) | 45.77.142.82.vultrusercontent.com | - | High
|
||||
265 | [45.80.29.139](https://vuldb.com/?ip.45.80.29.139) | hostifox.com.tr | - | High
|
||||
266 | [45.80.158.57](https://vuldb.com/?ip.45.80.158.57) | - | - | High
|
||||
267 | [45.80.158.65](https://vuldb.com/?ip.45.80.158.65) | - | - | High
|
||||
268 | [45.80.158.108](https://vuldb.com/?ip.45.80.158.108) | - | - | High
|
||||
269 | [45.80.158.114](https://vuldb.com/?ip.45.80.158.114) | - | - | High
|
||||
270 | [45.80.158.116](https://vuldb.com/?ip.45.80.158.116) | - | - | High
|
||||
271 | [45.80.158.127](https://vuldb.com/?ip.45.80.158.127) | - | - | High
|
||||
272 | [45.80.158.160](https://vuldb.com/?ip.45.80.158.160) | - | - | High
|
||||
273 | [45.80.158.237](https://vuldb.com/?ip.45.80.158.237) | - | - | High
|
||||
274 | [45.81.243.217](https://vuldb.com/?ip.45.81.243.217) | - | - | High
|
||||
275 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
276 | [45.88.67.12](https://vuldb.com/?ip.45.88.67.12) | - | - | High
|
||||
277 | [45.88.79.224](https://vuldb.com/?ip.45.88.79.224) | free.example.com | - | High
|
||||
278 | [45.92.1.24](https://vuldb.com/?ip.45.92.1.24) | - | - | High
|
||||
279 | [45.92.1.59](https://vuldb.com/?ip.45.92.1.59) | - | - | High
|
||||
280 | [45.92.1.71](https://vuldb.com/?ip.45.92.1.71) | - | - | High
|
||||
281 | [45.95.168.110](https://vuldb.com/?ip.45.95.168.110) | news.maxko.hr | - | High
|
||||
282 | [45.95.168.116](https://vuldb.com/?ip.45.95.168.116) | maxko-hosting.com | - | High
|
||||
283 | [45.95.169.112](https://vuldb.com/?ip.45.95.169.112) | xdhmhs.com | - | High
|
||||
284 | [45.119.84.166](https://vuldb.com/?ip.45.119.84.166) | - | - | High
|
||||
285 | [45.125.48.112](https://vuldb.com/?ip.45.125.48.112) | - | - | High
|
||||
286 | [45.131.1.70](https://vuldb.com/?ip.45.131.1.70) | ip.serverscity.net | - | High
|
||||
287 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
288 | [45.133.1.152](https://vuldb.com/?ip.45.133.1.152) | - | - | High
|
||||
289 | [45.133.174.122](https://vuldb.com/?ip.45.133.174.122) | - | - | High
|
||||
290 | [45.134.140.152](https://vuldb.com/?ip.45.134.140.152) | unn-45-134-140-152.datapacket.com | - | High
|
||||
291 | [45.134.142.193](https://vuldb.com/?ip.45.134.142.193) | unn-45-134-142-193.datapacket.com | - | High
|
||||
292 | [45.134.142.211](https://vuldb.com/?ip.45.134.142.211) | unn-45-134-142-211.datapacket.com | - | High
|
||||
293 | [45.136.4.99](https://vuldb.com/?ip.45.136.4.99) | host-45.136.4.99.saga.net.tr | - | High
|
||||
294 | [45.136.4.101](https://vuldb.com/?ip.45.136.4.101) | host-45.136.4.101.saga.net.tr | - | High
|
||||
295 | [45.136.6.79](https://vuldb.com/?ip.45.136.6.79) | - | - | High
|
||||
296 | [45.137.22.41](https://vuldb.com/?ip.45.137.22.41) | hosted-by.rootlayer.net | - | High
|
||||
297 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
298 | [45.137.22.111](https://vuldb.com/?ip.45.137.22.111) | hosted-by.rootlayer.net | - | High
|
||||
299 | [45.137.22.115](https://vuldb.com/?ip.45.137.22.115) | hosted-by.rootlayer.net | - | High
|
||||
300 | [45.137.22.182](https://vuldb.com/?ip.45.137.22.182) | hosted-by.rootlayer.net | - | High
|
||||
301 | [45.138.16.39](https://vuldb.com/?ip.45.138.16.39) | - | - | High
|
||||
302 | [45.138.16.48](https://vuldb.com/?ip.45.138.16.48) | - | - | High
|
||||
303 | [45.138.16.71](https://vuldb.com/?ip.45.138.16.71) | - | - | High
|
||||
304 | ... | ... | ... | ...
|
||||
49 | [4.212.242.253](https://vuldb.com/?ip.4.212.242.253) | - | - | High
|
||||
50 | [4.227.187.147](https://vuldb.com/?ip.4.227.187.147) | - | - | High
|
||||
51 | [4.229.235.23](https://vuldb.com/?ip.4.229.235.23) | - | - | High
|
||||
52 | [4.231.233.180](https://vuldb.com/?ip.4.231.233.180) | - | - | High
|
||||
53 | [5.39.15.167](https://vuldb.com/?ip.5.39.15.167) | - | - | High
|
||||
54 | [5.68.138.73](https://vuldb.com/?ip.5.68.138.73) | 05448a49.skybroadband.com | - | High
|
||||
55 | [5.68.199.16](https://vuldb.com/?ip.5.68.199.16) | 0544c710.skybroadband.com | - | High
|
||||
56 | [5.78.65.18](https://vuldb.com/?ip.5.78.65.18) | static.18.65.78.5.clients.your-server.de | - | High
|
||||
57 | [5.161.76.198](https://vuldb.com/?ip.5.161.76.198) | static.198.76.161.5.clients.your-server.de | - | High
|
||||
58 | [5.161.115.90](https://vuldb.com/?ip.5.161.115.90) | static.90.115.161.5.clients.your-server.de | - | High
|
||||
59 | [5.161.139.136](https://vuldb.com/?ip.5.161.139.136) | static.136.139.161.5.clients.your-server.de | - | High
|
||||
60 | [5.161.192.28](https://vuldb.com/?ip.5.161.192.28) | static.28.192.161.5.clients.your-server.de | - | High
|
||||
61 | [5.180.104.172](https://vuldb.com/?ip.5.180.104.172) | protection.sdflare.com | - | High
|
||||
62 | [5.180.107.130](https://vuldb.com/?ip.5.180.107.130) | ip.serverscity.net | - | High
|
||||
63 | [5.181.80.120](https://vuldb.com/?ip.5.181.80.120) | alarmedbook.de | - | High
|
||||
64 | [5.181.234.149](https://vuldb.com/?ip.5.181.234.149) | - | - | High
|
||||
65 | [5.188.51.32](https://vuldb.com/?ip.5.188.51.32) | vps.43284172.llhost-inc.eu | - | High
|
||||
66 | [5.188.86.237](https://vuldb.com/?ip.5.188.86.237) | - | - | High
|
||||
67 | [5.196.35.57](https://vuldb.com/?ip.5.196.35.57) | ip57.ip-5-196-35.eu | - | High
|
||||
68 | [5.196.102.93](https://vuldb.com/?ip.5.196.102.93) | ip93.ip-5-196-102.eu | - | High
|
||||
69 | [5.196.174.49](https://vuldb.com/?ip.5.196.174.49) | - | - | High
|
||||
70 | [5.224.222.63](https://vuldb.com/?ip.5.224.222.63) | 5-224-222-63.red-acceso.airtel.net | - | High
|
||||
71 | [5.224.222.214](https://vuldb.com/?ip.5.224.222.214) | 5-224-222-214.red-acceso.airtel.net | - | High
|
||||
72 | [5.230.68.234](https://vuldb.com/?ip.5.230.68.234) | placeholder.noezserver.de | - | High
|
||||
73 | [5.230.69.11](https://vuldb.com/?ip.5.230.69.11) | placeholder.noezserver.de | - | High
|
||||
74 | [5.230.70.13](https://vuldb.com/?ip.5.230.70.13) | placeholder.noezserver.de | - | High
|
||||
75 | [5.230.70.106](https://vuldb.com/?ip.5.230.70.106) | placeholder.noezserver.de | - | High
|
||||
76 | [5.230.72.132](https://vuldb.com/?ip.5.230.72.132) | placeholder.noezserver.de | - | High
|
||||
77 | [5.230.84.50](https://vuldb.com/?ip.5.230.84.50) | - | - | High
|
||||
78 | [5.249.165.85](https://vuldb.com/?ip.5.249.165.85) | vps-zap756760-2.zap-srv.com | - | High
|
||||
79 | [5.252.165.130](https://vuldb.com/?ip.5.252.165.130) | - | - | High
|
||||
80 | [8.39.147.42](https://vuldb.com/?ip.8.39.147.42) | jinis.co.uk | - | High
|
||||
81 | [8.210.121.56](https://vuldb.com/?ip.8.210.121.56) | - | - | High
|
||||
82 | [10.0.10.128](https://vuldb.com/?ip.10.0.10.128) | - | - | High
|
||||
83 | [13.36.178.139](https://vuldb.com/?ip.13.36.178.139) | ec2-13-36-178-139.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
84 | [13.59.15.185](https://vuldb.com/?ip.13.59.15.185) | ec2-13-59-15-185.us-east-2.compute.amazonaws.com | - | Medium
|
||||
85 | [13.66.153.98](https://vuldb.com/?ip.13.66.153.98) | - | - | High
|
||||
86 | [13.72.107.36](https://vuldb.com/?ip.13.72.107.36) | - | - | High
|
||||
87 | [13.76.94.179](https://vuldb.com/?ip.13.76.94.179) | - | - | High
|
||||
88 | [13.77.222.211](https://vuldb.com/?ip.13.77.222.211) | - | - | High
|
||||
89 | [13.233.168.154](https://vuldb.com/?ip.13.233.168.154) | ec2-13-233-168-154.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
90 | [14.17.115.109](https://vuldb.com/?ip.14.17.115.109) | - | - | High
|
||||
91 | [14.173.70.169](https://vuldb.com/?ip.14.173.70.169) | static.vnpt.vn | - | High
|
||||
92 | [14.186.155.171](https://vuldb.com/?ip.14.186.155.171) | static.vnpt.vn | - | High
|
||||
93 | [14.191.50.101](https://vuldb.com/?ip.14.191.50.101) | static.vnpt.vn | - | High
|
||||
94 | [15.165.236.45](https://vuldb.com/?ip.15.165.236.45) | ec2-15-165-236-45.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
95 | [15.204.170.1](https://vuldb.com/?ip.15.204.170.1) | ip1.ip-15-204-170.us | - | High
|
||||
96 | [15.235.10.108](https://vuldb.com/?ip.15.235.10.108) | ns5008350.ip-15-235-10.net | - | High
|
||||
97 | [15.235.13.122](https://vuldb.com/?ip.15.235.13.122) | ns5009176.ip-15-235-13.net | - | High
|
||||
98 | [18.133.124.202](https://vuldb.com/?ip.18.133.124.202) | ec2-18-133-124-202.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
99 | [18.139.9.214](https://vuldb.com/?ip.18.139.9.214) | ec2-18-139-9-214.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
100 | [18.141.129.246](https://vuldb.com/?ip.18.141.129.246) | ec2-18-141-129-246.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
101 | [18.188.14.8](https://vuldb.com/?ip.18.188.14.8) | ec2-18-188-14-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
102 | [18.192.31.165](https://vuldb.com/?ip.18.192.31.165) | ec2-18-192-31-165.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
103 | [18.195.138.26](https://vuldb.com/?ip.18.195.138.26) | ec2-18-195-138-26.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
104 | [18.207.218.15](https://vuldb.com/?ip.18.207.218.15) | ec2-18-207-218-15.compute-1.amazonaws.com | - | Medium
|
||||
105 | [20.4.6.16](https://vuldb.com/?ip.20.4.6.16) | - | - | High
|
||||
106 | [20.8.122.174](https://vuldb.com/?ip.20.8.122.174) | - | - | High
|
||||
107 | [20.12.204.46](https://vuldb.com/?ip.20.12.204.46) | - | - | High
|
||||
108 | [20.16.8.148](https://vuldb.com/?ip.20.16.8.148) | - | - | High
|
||||
109 | [20.25.94.83](https://vuldb.com/?ip.20.25.94.83) | - | - | High
|
||||
110 | [20.42.114.46](https://vuldb.com/?ip.20.42.114.46) | - | - | High
|
||||
111 | [20.52.33.123](https://vuldb.com/?ip.20.52.33.123) | - | - | High
|
||||
112 | [20.52.138.14](https://vuldb.com/?ip.20.52.138.14) | - | - | High
|
||||
113 | [20.52.142.130](https://vuldb.com/?ip.20.52.142.130) | - | - | High
|
||||
114 | [20.52.151.53](https://vuldb.com/?ip.20.52.151.53) | - | - | High
|
||||
115 | [20.52.178.148](https://vuldb.com/?ip.20.52.178.148) | - | - | High
|
||||
116 | [20.54.113.5](https://vuldb.com/?ip.20.54.113.5) | - | - | High
|
||||
117 | [20.62.3.66](https://vuldb.com/?ip.20.62.3.66) | - | - | High
|
||||
118 | [20.67.243.141](https://vuldb.com/?ip.20.67.243.141) | - | - | High
|
||||
119 | [20.68.110.75](https://vuldb.com/?ip.20.68.110.75) | - | - | High
|
||||
120 | [20.69.124.187](https://vuldb.com/?ip.20.69.124.187) | - | - | High
|
||||
121 | [20.69.152.28](https://vuldb.com/?ip.20.69.152.28) | - | - | High
|
||||
122 | [20.77.254.176](https://vuldb.com/?ip.20.77.254.176) | - | - | High
|
||||
123 | [20.83.245.27](https://vuldb.com/?ip.20.83.245.27) | - | - | High
|
||||
124 | [20.86.25.230](https://vuldb.com/?ip.20.86.25.230) | - | - | High
|
||||
125 | [20.98.96.97](https://vuldb.com/?ip.20.98.96.97) | - | - | High
|
||||
126 | [20.98.113.24](https://vuldb.com/?ip.20.98.113.24) | - | - | High
|
||||
127 | [20.98.203.218](https://vuldb.com/?ip.20.98.203.218) | - | - | High
|
||||
128 | [20.100.196.69](https://vuldb.com/?ip.20.100.196.69) | - | - | High
|
||||
129 | [20.107.115.162](https://vuldb.com/?ip.20.107.115.162) | - | - | High
|
||||
130 | [20.108.44.45](https://vuldb.com/?ip.20.108.44.45) | - | - | High
|
||||
131 | [20.111.19.215](https://vuldb.com/?ip.20.111.19.215) | - | - | High
|
||||
132 | [20.111.34.199](https://vuldb.com/?ip.20.111.34.199) | - | - | High
|
||||
133 | [20.111.63.231](https://vuldb.com/?ip.20.111.63.231) | - | - | High
|
||||
134 | [20.113.159.145](https://vuldb.com/?ip.20.113.159.145) | - | - | High
|
||||
135 | [20.114.139.208](https://vuldb.com/?ip.20.114.139.208) | - | - | High
|
||||
136 | [20.117.208.193](https://vuldb.com/?ip.20.117.208.193) | - | - | High
|
||||
137 | [20.123.180.103](https://vuldb.com/?ip.20.123.180.103) | - | - | High
|
||||
138 | [20.124.90.72](https://vuldb.com/?ip.20.124.90.72) | - | - | High
|
||||
139 | [20.125.118.35](https://vuldb.com/?ip.20.125.118.35) | - | - | High
|
||||
140 | [20.125.122.98](https://vuldb.com/?ip.20.125.122.98) | - | - | High
|
||||
141 | [20.127.4.172](https://vuldb.com/?ip.20.127.4.172) | - | - | High
|
||||
142 | [20.150.193.28](https://vuldb.com/?ip.20.150.193.28) | - | - | High
|
||||
143 | [20.151.221.59](https://vuldb.com/?ip.20.151.221.59) | - | - | High
|
||||
144 | [20.166.62.124](https://vuldb.com/?ip.20.166.62.124) | - | - | High
|
||||
145 | [20.169.37.196](https://vuldb.com/?ip.20.169.37.196) | - | - | High
|
||||
146 | [20.169.104.228](https://vuldb.com/?ip.20.169.104.228) | - | - | High
|
||||
147 | [20.171.107.243](https://vuldb.com/?ip.20.171.107.243) | - | - | High
|
||||
148 | [20.184.2.45](https://vuldb.com/?ip.20.184.2.45) | - | - | High
|
||||
149 | [20.197.177.229](https://vuldb.com/?ip.20.197.177.229) | - | - | High
|
||||
150 | [20.197.196.201](https://vuldb.com/?ip.20.197.196.201) | - | - | High
|
||||
151 | [20.197.226.40](https://vuldb.com/?ip.20.197.226.40) | - | - | High
|
||||
152 | [20.199.101.68](https://vuldb.com/?ip.20.199.101.68) | - | - | High
|
||||
153 | [20.199.112.16](https://vuldb.com/?ip.20.199.112.16) | - | - | High
|
||||
154 | [20.199.120.149](https://vuldb.com/?ip.20.199.120.149) | - | - | High
|
||||
155 | [20.199.121.197](https://vuldb.com/?ip.20.199.121.197) | - | - | High
|
||||
156 | [20.200.63.2](https://vuldb.com/?ip.20.200.63.2) | - | - | High
|
||||
157 | [20.203.178.116](https://vuldb.com/?ip.20.203.178.116) | - | - | High
|
||||
158 | [20.211.5.151](https://vuldb.com/?ip.20.211.5.151) | - | - | High
|
||||
159 | [20.212.19.59](https://vuldb.com/?ip.20.212.19.59) | - | - | High
|
||||
160 | [20.224.162.224](https://vuldb.com/?ip.20.224.162.224) | - | - | High
|
||||
161 | [20.226.0.95](https://vuldb.com/?ip.20.226.0.95) | - | - | High
|
||||
162 | [20.226.101.17](https://vuldb.com/?ip.20.226.101.17) | - | - | High
|
||||
163 | [20.226.120.127](https://vuldb.com/?ip.20.226.120.127) | - | - | High
|
||||
164 | [20.238.78.172](https://vuldb.com/?ip.20.238.78.172) | - | - | High
|
||||
165 | [20.240.61.211](https://vuldb.com/?ip.20.240.61.211) | - | - | High
|
||||
166 | [23.94.82.24](https://vuldb.com/?ip.23.94.82.24) | 23-94-82-24-host.colocrossing.com | - | High
|
||||
167 | [23.94.159.212](https://vuldb.com/?ip.23.94.159.212) | 23-94-159-212-host.colocrossing.com | - | High
|
||||
168 | [23.94.236.147](https://vuldb.com/?ip.23.94.236.147) | 23-94-236-147-host.colocrossing.com | - | High
|
||||
169 | [23.95.13.189](https://vuldb.com/?ip.23.95.13.189) | 23-95-13-189-host.colocrossing.com | - | High
|
||||
170 | [23.95.115.74](https://vuldb.com/?ip.23.95.115.74) | rawss.futurce.org.uk | - | High
|
||||
171 | [23.101.143.72](https://vuldb.com/?ip.23.101.143.72) | - | - | High
|
||||
172 | [23.101.213.237](https://vuldb.com/?ip.23.101.213.237) | - | - | High
|
||||
173 | [23.102.1.5](https://vuldb.com/?ip.23.102.1.5) | - | - | High
|
||||
174 | [23.102.122.72](https://vuldb.com/?ip.23.102.122.72) | - | - | High
|
||||
175 | [23.102.129.234](https://vuldb.com/?ip.23.102.129.234) | - | - | High
|
||||
176 | [23.105.131.196](https://vuldb.com/?ip.23.105.131.196) | mail196.nessfist.com | - | High
|
||||
177 | [23.105.131.207](https://vuldb.com/?ip.23.105.131.207) | mail207.nessfist.com | - | High
|
||||
178 | [23.105.131.209](https://vuldb.com/?ip.23.105.131.209) | mail209.nessfist.com | - | High
|
||||
179 | [23.105.131.212](https://vuldb.com/?ip.23.105.131.212) | mail212.nessfist.com | - | High
|
||||
180 | [23.105.131.236](https://vuldb.com/?ip.23.105.131.236) | mail236.nessfist.com | - | High
|
||||
181 | [23.105.131.239](https://vuldb.com/?ip.23.105.131.239) | mail239.nessfist.com | - | High
|
||||
182 | [23.129.232.160](https://vuldb.com/?ip.23.129.232.160) | - | - | High
|
||||
183 | [23.146.242.100](https://vuldb.com/?ip.23.146.242.100) | - | - | High
|
||||
184 | [23.226.77.22](https://vuldb.com/?ip.23.226.77.22) | we.love.servers.at.ioflood.net | - | High
|
||||
185 | [23.229.67.133](https://vuldb.com/?ip.23.229.67.133) | gallerymethodwakebottom.as | - | High
|
||||
186 | [23.237.25.246](https://vuldb.com/?ip.23.237.25.246) | - | - | High
|
||||
187 | [23.238.217.173](https://vuldb.com/?ip.23.238.217.173) | orja4.teki.notredamians.org | - | High
|
||||
188 | [23.254.130.126](https://vuldb.com/?ip.23.254.130.126) | hwsrv-1069616.hostwindsdns.com | - | High
|
||||
189 | [23.254.227.121](https://vuldb.com/?ip.23.254.227.121) | hwsrv-1063912.hostwindsdns.com | - | High
|
||||
190 | [23.254.231.83](https://vuldb.com/?ip.23.254.231.83) | hwsrv-1070248.hostwindsdns.com | - | High
|
||||
191 | [31.41.244.135](https://vuldb.com/?ip.31.41.244.135) | - | - | High
|
||||
192 | [31.170.22.28](https://vuldb.com/?ip.31.170.22.28) | - | - | High
|
||||
193 | [31.192.236.139](https://vuldb.com/?ip.31.192.236.139) | winupdate02.pserver.ru | - | High
|
||||
194 | [31.210.20.79](https://vuldb.com/?ip.31.210.20.79) | - | - | High
|
||||
195 | [31.210.20.167](https://vuldb.com/?ip.31.210.20.167) | - | - | High
|
||||
196 | [31.210.20.192](https://vuldb.com/?ip.31.210.20.192) | - | - | High
|
||||
197 | [31.210.21.188](https://vuldb.com/?ip.31.210.21.188) | linir.top | - | High
|
||||
198 | [34.69.119.138](https://vuldb.com/?ip.34.69.119.138) | 138.119.69.34.bc.googleusercontent.com | - | Medium
|
||||
199 | [34.71.81.158](https://vuldb.com/?ip.34.71.81.158) | 158.81.71.34.bc.googleusercontent.com | - | Medium
|
||||
200 | [34.125.144.45](https://vuldb.com/?ip.34.125.144.45) | 45.144.125.34.bc.googleusercontent.com | - | Medium
|
||||
201 | [34.140.211.85](https://vuldb.com/?ip.34.140.211.85) | 85.211.140.34.bc.googleusercontent.com | - | Medium
|
||||
202 | [35.239.113.160](https://vuldb.com/?ip.35.239.113.160) | 160.113.239.35.bc.googleusercontent.com | - | Medium
|
||||
203 | [36.255.96.200](https://vuldb.com/?ip.36.255.96.200) | - | - | High
|
||||
204 | [37.0.8.17](https://vuldb.com/?ip.37.0.8.17) | stokes.springtimemartialarts.com | - | High
|
||||
205 | [37.0.8.20](https://vuldb.com/?ip.37.0.8.20) | jacksonirwin.springtimemartialarts.com | - | High
|
||||
206 | [37.0.8.67](https://vuldb.com/?ip.37.0.8.67) | willis.capitolreservations.com | - | High
|
||||
207 | [37.0.8.93](https://vuldb.com/?ip.37.0.8.93) | shawtran.capitolreservations.com | - | High
|
||||
208 | [37.0.8.191](https://vuldb.com/?ip.37.0.8.191) | frederick.athinneru.com | - | High
|
||||
209 | [37.0.10.214](https://vuldb.com/?ip.37.0.10.214) | - | - | High
|
||||
210 | [37.0.11.45](https://vuldb.com/?ip.37.0.11.45) | - | - | High
|
||||
211 | [37.0.11.246](https://vuldb.com/?ip.37.0.11.246) | - | - | High
|
||||
212 | [37.0.14.196](https://vuldb.com/?ip.37.0.14.196) | - | - | High
|
||||
213 | [37.0.14.197](https://vuldb.com/?ip.37.0.14.197) | - | - | High
|
||||
214 | [37.0.14.198](https://vuldb.com/?ip.37.0.14.198) | - | - | High
|
||||
215 | [37.0.14.203](https://vuldb.com/?ip.37.0.14.203) | - | - | High
|
||||
216 | [37.0.14.204](https://vuldb.com/?ip.37.0.14.204) | - | - | High
|
||||
217 | [37.49.230.185](https://vuldb.com/?ip.37.49.230.185) | - | - | High
|
||||
218 | [37.120.208.36](https://vuldb.com/?ip.37.120.208.36) | - | - | High
|
||||
219 | [37.120.210.219](https://vuldb.com/?ip.37.120.210.219) | - | - | High
|
||||
220 | [37.120.212.235](https://vuldb.com/?ip.37.120.212.235) | - | - | High
|
||||
221 | [37.120.217.243](https://vuldb.com/?ip.37.120.217.243) | - | - | High
|
||||
222 | [37.120.247.24](https://vuldb.com/?ip.37.120.247.24) | - | - | High
|
||||
223 | [37.196.152.120](https://vuldb.com/?ip.37.196.152.120) | m37-196-152-120.cust.tele2.se | - | High
|
||||
224 | [37.221.121.20](https://vuldb.com/?ip.37.221.121.20) | chvt-mail-129.stashkeen.com | - | High
|
||||
225 | [37.221.122.76](https://vuldb.com/?ip.37.221.122.76) | server.modernizmir.net | - | High
|
||||
226 | [37.249.78.26](https://vuldb.com/?ip.37.249.78.26) | apn-37-249-78-26.dynamic.gprs.plus.pl | - | High
|
||||
227 | [38.6.189.150](https://vuldb.com/?ip.38.6.189.150) | - | - | High
|
||||
228 | [38.17.51.104](https://vuldb.com/?ip.38.17.51.104) | - | - | High
|
||||
229 | [38.47.205.151](https://vuldb.com/?ip.38.47.205.151) | - | - | High
|
||||
230 | [38.105.209.167](https://vuldb.com/?ip.38.105.209.167) | vmi737189.contaboserver.net | - | High
|
||||
231 | [38.130.221.190](https://vuldb.com/?ip.38.130.221.190) | 38.130.221.190.hosted.at.cloudsouth.com | - | High
|
||||
232 | [38.132.99.156](https://vuldb.com/?ip.38.132.99.156) | - | - | High
|
||||
233 | [38.242.242.149](https://vuldb.com/?ip.38.242.242.149) | vmi1313701.contaboserver.net | - | High
|
||||
234 | [40.90.210.21](https://vuldb.com/?ip.40.90.210.21) | - | - | High
|
||||
235 | [40.113.131.31](https://vuldb.com/?ip.40.113.131.31) | - | - | High
|
||||
236 | [40.118.53.192](https://vuldb.com/?ip.40.118.53.192) | - | - | High
|
||||
237 | [40.122.131.23](https://vuldb.com/?ip.40.122.131.23) | - | - | High
|
||||
238 | [41.72.146.10](https://vuldb.com/?ip.41.72.146.10) | - | - | High
|
||||
239 | [41.141.211.80](https://vuldb.com/?ip.41.141.211.80) | - | - | High
|
||||
240 | [41.216.183.61](https://vuldb.com/?ip.41.216.183.61) | - | - | High
|
||||
241 | [41.216.183.175](https://vuldb.com/?ip.41.216.183.175) | - | - | High
|
||||
242 | [41.250.187.176](https://vuldb.com/?ip.41.250.187.176) | - | - | High
|
||||
243 | [41.251.4.158](https://vuldb.com/?ip.41.251.4.158) | - | - | High
|
||||
244 | [41.251.51.168](https://vuldb.com/?ip.41.251.51.168) | - | - | High
|
||||
245 | [43.138.160.55](https://vuldb.com/?ip.43.138.160.55) | - | - | High
|
||||
246 | [43.139.124.22](https://vuldb.com/?ip.43.139.124.22) | - | - | High
|
||||
247 | [43.154.97.109](https://vuldb.com/?ip.43.154.97.109) | - | - | High
|
||||
248 | [43.226.49.147](https://vuldb.com/?ip.43.226.49.147) | - | - | High
|
||||
249 | [43.249.30.55](https://vuldb.com/?ip.43.249.30.55) | - | - | High
|
||||
250 | [44.192.67.149](https://vuldb.com/?ip.44.192.67.149) | ec2-44-192-67-149.compute-1.amazonaws.com | - | Medium
|
||||
251 | [45.12.253.31](https://vuldb.com/?ip.45.12.253.31) | - | - | High
|
||||
252 | [45.12.253.58](https://vuldb.com/?ip.45.12.253.58) | - | - | High
|
||||
253 | [45.12.253.107](https://vuldb.com/?ip.45.12.253.107) | - | - | High
|
||||
254 | [45.14.224.94](https://vuldb.com/?ip.45.14.224.94) | web117.excw.nl | - | High
|
||||
255 | [45.15.143.183](https://vuldb.com/?ip.45.15.143.183) | - | - | High
|
||||
256 | [45.15.143.191](https://vuldb.com/?ip.45.15.143.191) | - | - | High
|
||||
257 | [45.15.143.199](https://vuldb.com/?ip.45.15.143.199) | - | - | High
|
||||
258 | [45.32.99.249](https://vuldb.com/?ip.45.32.99.249) | 45.32.99.249.vultrusercontent.com | - | High
|
||||
259 | [45.32.211.35](https://vuldb.com/?ip.45.32.211.35) | 45.32.211.35.vultrusercontent.com | - | High
|
||||
260 | [45.58.190.125](https://vuldb.com/?ip.45.58.190.125) | - | - | High
|
||||
261 | [45.66.248.114](https://vuldb.com/?ip.45.66.248.114) | - | - | High
|
||||
262 | [45.74.0.212](https://vuldb.com/?ip.45.74.0.212) | - | - | High
|
||||
263 | [45.74.4.244](https://vuldb.com/?ip.45.74.4.244) | - | - | High
|
||||
264 | [45.74.38.17](https://vuldb.com/?ip.45.74.38.17) | - | - | High
|
||||
265 | [45.76.56.26](https://vuldb.com/?ip.45.76.56.26) | 45.76.56.26.vultrusercontent.com | - | High
|
||||
266 | [45.77.142.82](https://vuldb.com/?ip.45.77.142.82) | 45.77.142.82.vultrusercontent.com | - | High
|
||||
267 | [45.80.29.139](https://vuldb.com/?ip.45.80.29.139) | hostifox.com.tr | - | High
|
||||
268 | [45.80.158.57](https://vuldb.com/?ip.45.80.158.57) | - | - | High
|
||||
269 | [45.80.158.65](https://vuldb.com/?ip.45.80.158.65) | - | - | High
|
||||
270 | [45.80.158.108](https://vuldb.com/?ip.45.80.158.108) | - | - | High
|
||||
271 | [45.80.158.114](https://vuldb.com/?ip.45.80.158.114) | - | - | High
|
||||
272 | [45.80.158.116](https://vuldb.com/?ip.45.80.158.116) | - | - | High
|
||||
273 | [45.80.158.127](https://vuldb.com/?ip.45.80.158.127) | - | - | High
|
||||
274 | [45.80.158.160](https://vuldb.com/?ip.45.80.158.160) | - | - | High
|
||||
275 | [45.80.158.237](https://vuldb.com/?ip.45.80.158.237) | - | - | High
|
||||
276 | [45.81.243.217](https://vuldb.com/?ip.45.81.243.217) | - | - | High
|
||||
277 | [45.88.67.9](https://vuldb.com/?ip.45.88.67.9) | - | - | High
|
||||
278 | [45.88.67.12](https://vuldb.com/?ip.45.88.67.12) | - | - | High
|
||||
279 | [45.88.79.224](https://vuldb.com/?ip.45.88.79.224) | free.example.com | - | High
|
||||
280 | [45.92.1.24](https://vuldb.com/?ip.45.92.1.24) | - | - | High
|
||||
281 | [45.92.1.59](https://vuldb.com/?ip.45.92.1.59) | - | - | High
|
||||
282 | [45.92.1.71](https://vuldb.com/?ip.45.92.1.71) | - | - | High
|
||||
283 | [45.95.168.110](https://vuldb.com/?ip.45.95.168.110) | news.maxko.hr | - | High
|
||||
284 | [45.95.168.116](https://vuldb.com/?ip.45.95.168.116) | maxko-hosting.com | - | High
|
||||
285 | [45.95.169.112](https://vuldb.com/?ip.45.95.169.112) | xdhmhs.com | - | High
|
||||
286 | [45.119.84.166](https://vuldb.com/?ip.45.119.84.166) | - | - | High
|
||||
287 | [45.125.48.112](https://vuldb.com/?ip.45.125.48.112) | - | - | High
|
||||
288 | [45.131.1.70](https://vuldb.com/?ip.45.131.1.70) | ip.serverscity.net | - | High
|
||||
289 | [45.133.1.47](https://vuldb.com/?ip.45.133.1.47) | - | - | High
|
||||
290 | [45.133.1.152](https://vuldb.com/?ip.45.133.1.152) | - | - | High
|
||||
291 | [45.133.174.122](https://vuldb.com/?ip.45.133.174.122) | - | - | High
|
||||
292 | [45.134.140.152](https://vuldb.com/?ip.45.134.140.152) | unn-45-134-140-152.datapacket.com | - | High
|
||||
293 | [45.134.142.193](https://vuldb.com/?ip.45.134.142.193) | unn-45-134-142-193.datapacket.com | - | High
|
||||
294 | [45.134.142.211](https://vuldb.com/?ip.45.134.142.211) | unn-45-134-142-211.datapacket.com | - | High
|
||||
295 | [45.136.4.99](https://vuldb.com/?ip.45.136.4.99) | host-45.136.4.99.saga.net.tr | - | High
|
||||
296 | [45.136.4.101](https://vuldb.com/?ip.45.136.4.101) | host-45.136.4.101.saga.net.tr | - | High
|
||||
297 | [45.136.6.79](https://vuldb.com/?ip.45.136.6.79) | - | - | High
|
||||
298 | [45.137.22.41](https://vuldb.com/?ip.45.137.22.41) | hosted-by.rootlayer.net | - | High
|
||||
299 | [45.137.22.70](https://vuldb.com/?ip.45.137.22.70) | hosted-by.rootlayer.net | - | High
|
||||
300 | [45.137.22.111](https://vuldb.com/?ip.45.137.22.111) | hosted-by.rootlayer.net | - | High
|
||||
301 | [45.137.22.115](https://vuldb.com/?ip.45.137.22.115) | hosted-by.rootlayer.net | - | High
|
||||
302 | [45.137.22.182](https://vuldb.com/?ip.45.137.22.182) | hosted-by.rootlayer.net | - | High
|
||||
303 | [45.138.16.39](https://vuldb.com/?ip.45.138.16.39) | - | - | High
|
||||
304 | [45.138.16.48](https://vuldb.com/?ip.45.138.16.48) | - | - | High
|
||||
305 | [45.138.16.71](https://vuldb.com/?ip.45.138.16.71) | - | - | High
|
||||
306 | [45.138.16.89](https://vuldb.com/?ip.45.138.16.89) | - | - | High
|
||||
307 | [45.138.16.104](https://vuldb.com/?ip.45.138.16.104) | - | - | High
|
||||
308 | [45.138.16.108](https://vuldb.com/?ip.45.138.16.108) | - | - | High
|
||||
309 | ... | ... | ... | ...
|
||||
|
||||
There are 1211 more IOC items available. Please use our online service to access the data.
|
||||
There are 1230 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -334,14 +339,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -349,58 +354,60 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/academy/home/courses` | High
|
||||
3 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
4 | File | `/admin/about-us.php` | High
|
||||
5 | File | `/admin/del_feedback.php` | High
|
||||
6 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
7 | File | `/admin/modal_add_product.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/database` | High
|
||||
10 | File | `/api/sys/set_passwd` | High
|
||||
11 | File | `/api/upload.php` | High
|
||||
12 | File | `/api?path=profile` | High
|
||||
13 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
15 | File | `/c/PluginsController.php` | High
|
||||
16 | File | `/chaincity/user/ticket/create` | High
|
||||
17 | File | `/ci_spms/admin/search/searching/` | High
|
||||
18 | File | `/classes/Master.php?f=save_brand` | High
|
||||
19 | File | `/classes/Users.php?f=save` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/etc/pki/pesign` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/friends/ajax_invite` | High
|
||||
25 | File | `/goform/set_LimitClient_cfg` | High
|
||||
26 | File | `/graphql` | Medium
|
||||
27 | File | `/group1/uploa` | High
|
||||
28 | File | `/home/filter_listings` | High
|
||||
29 | File | `/includes/db_connect.php` | High
|
||||
30 | File | `/includes/session.php` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
33 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
34 | File | `/instance/detail` | High
|
||||
35 | File | `/items/search` | High
|
||||
36 | File | `/knowage/restful-services/dossier/importTemplateFile` | High
|
||||
37 | File | `/languages/install.php` | High
|
||||
38 | File | `/matchmakings/question` | High
|
||||
39 | File | `/modules/projects/vw_files.php` | High
|
||||
40 | File | `/modules/public/calendar.php` | High
|
||||
41 | File | `/modules/public/date_format.php` | High
|
||||
42 | File | `/modules/tasks/gantt.php` | High
|
||||
43 | File | `/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php` | High
|
||||
44 | File | `/out.php` | Medium
|
||||
45 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
46 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
47 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
48 | File | `/resources//../` | High
|
||||
49 | File | `/search.php` | Medium
|
||||
50 | ... | ... | ...
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin/about-us.php` | High
|
||||
3 | File | `/admin/adclass.php` | High
|
||||
4 | File | `/admin/students/view_details.php` | High
|
||||
5 | File | `/ajax-files/followBoard.php` | High
|
||||
6 | File | `/ajax.php?action=read_msg` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/auth/callback` | High
|
||||
9 | File | `/authenticationendpoint/login.do` | High
|
||||
10 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
11 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
12 | File | `/cgi.cgi` | Medium
|
||||
13 | File | `/cgi/get_param.cgi` | High
|
||||
14 | File | `/collection/all` | High
|
||||
15 | File | `/common/info.cgi` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/cstecgi.cgi` | Medium
|
||||
18 | File | `/ecrire/exec/puce_statut.php` | High
|
||||
19 | File | `/etc/pki/pesign` | High
|
||||
20 | File | `/files/` | Low
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/goform/setportList` | High
|
||||
23 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
24 | File | `/group1/uploa` | High
|
||||
25 | File | `/h/autoSaveDraft` | High
|
||||
26 | File | `/index.php?p=admin/actions/users/send-password-reset-email` | High
|
||||
27 | File | `/index.php?page=member` | High
|
||||
28 | File | `/log/decodmail.php` | High
|
||||
29 | File | `/modules/projects/vw_files.php` | High
|
||||
30 | File | `/northstar/Portal/processlogin.jsp` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
33 | File | `/QueryView.php` | High
|
||||
34 | File | `/romfile.cfg` | Medium
|
||||
35 | File | `/scripts/unlock_tasks.php` | High
|
||||
36 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
37 | File | `/staff/bookdetails.php` | High
|
||||
38 | File | `/staff/edit_book_details.php` | High
|
||||
39 | File | `/student/bookdetails.php` | High
|
||||
40 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/upfile.cgi` | Medium
|
||||
43 | File | `/usr/bin/webmgnt` | High
|
||||
44 | File | `/v1/hotlink/proxy` | High
|
||||
45 | File | `/videotalk` | Medium
|
||||
46 | File | `/wireless/basic.asp` | High
|
||||
47 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
48 | File | `/wp-admin/admin-ajax.php` | High
|
||||
49 | File | `?r=dashboard/user/export&uid=X` | High
|
||||
50 | File | `?r=recruit/bgchecks/export&checkids=x` | High
|
||||
51 | File | `?r=recruit/contact/export&contactids=x` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 435 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 450 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
@ -512,7 +519,9 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/7ca93809fbee49c7fdfd1aff84546a5fc31f30b4e44a6ca1f77b36b8ae2692e6/
|
||||
* https://bazaar.abuse.ch/sample/7cdb69e4725d8cd97ba8e9b8d9e072e71cb3b796951dd6e4a0c92dea771a5686/
|
||||
* https://bazaar.abuse.ch/sample/7e0d9eb2633b413db8b036bf905ebb8ec2f18d27230da0cb7c77fc13907f5cbc/
|
||||
* https://bazaar.abuse.ch/sample/7e381d3ddb444239382c13e96c55db0f72b6d13f5d63ad4c5b04d86138d1aeba/
|
||||
* https://bazaar.abuse.ch/sample/7edb2695de8a294a93f6ad48edb3b1e8199fbfbed4a6dd78c180e3c29e7eaae6/
|
||||
* https://bazaar.abuse.ch/sample/7fde9bb248f556d4fceae831cee094ccd613fc990d46549af9a4dcf8cf805c26/
|
||||
* https://bazaar.abuse.ch/sample/8a9d65797203370c9d17d7d125629492d591399f8f4c911a4a8c588c2e0f42c6/
|
||||
* https://bazaar.abuse.ch/sample/8ad036d5f41579768454931925f1a273c98834a033507154f1db95f962dfd45e/
|
||||
* https://bazaar.abuse.ch/sample/8b3bcce39aee0df9fc37b2f009ecc2e9c570c665f632c576f7ae8c2f32a87a1d/
|
||||
|
|
@ -538,6 +547,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/9ead771bd523a5d8cfac632ccd8777fa3641ee9f47de8c474aa1febcbe781a4d/
|
||||
* https://bazaar.abuse.ch/sample/9eb5da00ff6aaf4709a7f564ff9d56913bcfe9a09cb9004c70202e8fffd65953/
|
||||
* https://bazaar.abuse.ch/sample/9f340084a105595091444c4fe491dcb4cee297c296812165dcbe4f23579fff1a/
|
||||
* https://bazaar.abuse.ch/sample/11ad40ff48de5b2427fee0080a486c0438e3c909f85f2d6f78289b96528e7476/
|
||||
* https://bazaar.abuse.ch/sample/11b68b5d2bc9b738db1dea44b2cf8b4a03a7c49e85ea81f1a15bdb7c1ce46a1b/
|
||||
* https://bazaar.abuse.ch/sample/13f9a3448c9f640ce71500fbcdfc51a2d3da47664a37ec9370c92671ceaefa5a/
|
||||
* https://bazaar.abuse.ch/sample/14d3276ca733ff2efebeb3208f7e233da4df8735514c216e5fa52a83e9110f8b/
|
||||
|
|
@ -556,6 +566,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/27e1d651db990e541da6a4721be1631c252b22b90b1566826c91e63460af08a4/
|
||||
* https://bazaar.abuse.ch/sample/29ceb3140cfb9c5816f0af8dd52d939e99455cb68c160e0b292ce9e49650fae6/
|
||||
* https://bazaar.abuse.ch/sample/30df399bde2bf189f04b5c1b3160a015763d9a35e92540a071669b69855dd495/
|
||||
* https://bazaar.abuse.ch/sample/30e641405af2fa5bc1a705bf239a45bf8b8e42d6bf2c2692d98299d4a8ff344e/
|
||||
* https://bazaar.abuse.ch/sample/34a78af77d1a2f1f5480dd329df09ea973e1423cc48c768fffb2374c340b5217/
|
||||
* https://bazaar.abuse.ch/sample/39ae1a73d9326d866c0ea79742243790ed3aeeceac161f1a23f7b0c7b84b4570/
|
||||
* https://bazaar.abuse.ch/sample/42b8be731007bfe95a319be6726441e9da0504048f8402beabaabf712db3f3ef/
|
||||
|
|
@ -687,6 +698,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/357563c38149d4f1770260ec9b97c20ebf2c29f92f4f5f9af21f52bb1ee77de3/
|
||||
* https://bazaar.abuse.ch/sample/474661d119205c20e4e63d68184852b8b4e0b22650b2685631391f19969ca053/
|
||||
* https://bazaar.abuse.ch/sample/523110e3cb2270e27ac155a73ea6491a46ac6c8ef80f5d0172714298306415b4/
|
||||
* https://bazaar.abuse.ch/sample/641926faa61b285dc56392e849301861e5f786a3e45a7373dd334f34aa65d40d/
|
||||
* https://bazaar.abuse.ch/sample/797934da336f36e3e80b71e2d48a5ed7453d27394868cac609989ba11f00c734/
|
||||
* https://bazaar.abuse.ch/sample/835895ee89c69f1fd6b85b8b755d4ec1ae178bfa90a2a056b684b7dd43131f05/
|
||||
* https://bazaar.abuse.ch/sample/900472d781ae88febc11041c1b21936f2c191e4c07896bd1fb5b4e52a6b7a7b1/
|
||||
|
|
@ -759,6 +771,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/b3c03aa6149be60b83639ba25785b99cdc709d5a1e9c025e9b7a79f6553b8b22/
|
||||
* https://bazaar.abuse.ch/sample/b5a07ffef279e824561d2fb7c6f3f8f2ce86f8fd407fd091820fa35f4dc3a99a/
|
||||
* https://bazaar.abuse.ch/sample/b5c98bb2d9391ffb93eea1ff796c1c924493c8e58160278c4ffe7ed3ba234ed2/
|
||||
* https://bazaar.abuse.ch/sample/b7d4b9e9051e99ad6b53905d98e6a2f29eb7c25a012fa7fc1e6e546761a538ec/
|
||||
* https://bazaar.abuse.ch/sample/b8ef460b24a26277b9d6a2a703a3b0e87485bb5ec442b40da6c71e181587b2d2/
|
||||
* https://bazaar.abuse.ch/sample/b11e3001340981c07bfba49edb915ffb4a8f599af6991179ea5d81a79a29c7fa/
|
||||
* https://bazaar.abuse.ch/sample/b24c75d9e1a26e070994807153641fa82130db5b166dfa2ac79412a7c36e37f6/
|
||||
|
|
@ -790,6 +803,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/bf6c15afdc77d81518ec529242a307457e412ed390f556bc04f66e3c809620c9/
|
||||
* https://bazaar.abuse.ch/sample/bf765420bbb03b49f594002013915e508160a4efede03e051075cabad32c51b3/
|
||||
* https://bazaar.abuse.ch/sample/c0bd5fcd7a91eb868dddb6172f5e576b5efa1a4c57a7f5cade8f4cef236fb001/
|
||||
* https://bazaar.abuse.ch/sample/c0273620d37a6ee12ce96c34b6f5428d712860c17541812d99b8ee23e9db95b9/
|
||||
* https://bazaar.abuse.ch/sample/c03e689c3464a47deeed6d77794211565195567f22a286658d91dfa81828751c/
|
||||
* https://bazaar.abuse.ch/sample/c2cda600256314b688cf195f809356e2592ba8df9de9c2b1a117a0ee26ccfa28/
|
||||
* https://bazaar.abuse.ch/sample/c4ce569311f22121bf069cebfeb39abebfd9109cf9a147e550f8801c49529685/
|
||||
|
|
@ -813,6 +827,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/c671d25e21e83929c1853e697f29b0e8ed3b69edc6add61d4d8b8bc2018afe14/
|
||||
* https://bazaar.abuse.ch/sample/c11663b07aa67c29c2ba5a8a52e66eef5c81b0b48ca949bfa83644d53d85ee89/
|
||||
* https://bazaar.abuse.ch/sample/c52613e3099f1cef0cd3bcdf1732504e56300c127fe150816bb30c845eeea620/
|
||||
* https://bazaar.abuse.ch/sample/c868403af8ea5fcad690924167f28c1dc2aa8e1dd342d2ff14d3289f8870fb0b/
|
||||
* https://bazaar.abuse.ch/sample/c8888442d54e17743624d1f50395790864cda90a703be1d1a42fa65568c3da7b/
|
||||
* https://bazaar.abuse.ch/sample/ca0b1b8a0b420154b135f21acdc3612ad594ab31a56f0216979017514443c428/
|
||||
* https://bazaar.abuse.ch/sample/ca32420160b4ba9b029fdc12df95d54c10c2dd7d878265026a461125c6dba745/
|
||||
|
|
@ -953,6 +968,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://twitter.com/malware_traffic/status/1582902300032438272
|
||||
* https://twitter.com/phage_nz/status/1615132638288957440
|
||||
* https://twitter.com/r3dbU7z/status/1600153145585246208
|
||||
* https://twitter.com/r3dbU7z/status/1692693944713326673
|
||||
* https://twitter.com/Racco42/status/1612697711475572738
|
||||
* https://twitter.com/StopMalvertisin/status/1621014077568069633
|
||||
* https://urlhaus.abuse.ch/url/1099999/
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -2984,15 +2984,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-36, CWE-50 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1078.001 | CWE-259 | Use of Hard-coded Password | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-267, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 24 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -3001,46 +3001,45 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
3 | File | `/admin/edit.php` | High
|
||||
4 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
5 | File | `/admin/sys_sql_query.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/v1/snapshots` | High
|
||||
8 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
9 | File | `/bin/ate` | Medium
|
||||
10 | File | `/bin/boa` | Medium
|
||||
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
12 | File | `/blog` | Low
|
||||
13 | File | `/booking/show_bookings/` | High
|
||||
14 | File | `/category.php` | High
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cimom` | Low
|
||||
17 | File | `/classes/master.php?f=delete_order` | High
|
||||
18 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
19 | File | `/classes/Master.php?f=save_service` | High
|
||||
20 | File | `/company/store` | High
|
||||
21 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/download` | Medium
|
||||
24 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/etc/passwd` | Medium
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/goform/aspForm` | High
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/h/` | Low
|
||||
31 | File | `/home/kickPlayer` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/index.php/coins/update_marketboxslider` | High
|
||||
34 | File | `/index.php/payment/getcoinaddress` | High
|
||||
35 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
36 | File | `/jobinfo/` | Medium
|
||||
37 | File | `/librarian/bookdetails.php` | High
|
||||
38 | File | `/owa/auth/logon.aspx` | High
|
||||
39 | ... | ... | ...
|
||||
2 | File | `/admin/edit.php` | High
|
||||
3 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
4 | File | `/admin/sys_sql_query.php` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
7 | File | `/blog` | Low
|
||||
8 | File | `/booking/show_bookings/` | High
|
||||
9 | File | `/category.php` | High
|
||||
10 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
11 | File | `/cgi-bin/wapopen` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/classes/master.php?f=delete_order` | High
|
||||
14 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
15 | File | `/classes/Master.php?f=save_service` | High
|
||||
16 | File | `/company/store` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
19 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/download` | Medium
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/goform/aspForm` | High
|
||||
25 | File | `/group1/uploa` | High
|
||||
26 | File | `/h/` | Low
|
||||
27 | File | `/home/kickPlayer` | High
|
||||
28 | File | `/index.php` | Medium
|
||||
29 | File | `/index.php/coins/update_marketboxslider` | High
|
||||
30 | File | `/index.php/payment/getcoinaddress` | High
|
||||
31 | File | `/iniFile/config.ini` | High
|
||||
32 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
33 | File | `/librarian/bookdetails.php` | High
|
||||
34 | File | `/owa/auth/logon.aspx` | High
|
||||
35 | File | `/password.jsn` | High
|
||||
36 | File | `/patient/appointment.php` | High
|
||||
37 | File | `/public/admin/profile/update.html` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 327 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -173,7 +173,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
150 | [45.148.120.80](https://vuldb.com/?ip.45.148.120.80) | - | - | High
|
||||
151 | ... | ... | ... | ...
|
||||
|
||||
There are 599 more IOC items available. Please use our online service to access the data.
|
||||
There are 601 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -181,14 +181,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-35 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -200,50 +200,51 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/act/ActDao.xml` | High
|
||||
3 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
4 | File | `/admin/?page=user/manage` | High
|
||||
5 | File | `/admin/add-new.php` | High
|
||||
6 | File | `/admin/doctors.php` | High
|
||||
7 | File | `/admin/user/manage_user.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/ajax.php?action=read_msg` | High
|
||||
10 | File | `/alphaware/summary.php` | High
|
||||
11 | File | `/api/` | Low
|
||||
12 | File | `/api/admin/store/product/list` | High
|
||||
13 | File | `/api/baskets/{name}` | High
|
||||
14 | File | `/api/gen/clients/{language}` | High
|
||||
15 | File | `/api/stl/actions/search` | High
|
||||
16 | File | `/api/v2/cli/commands` | High
|
||||
17 | File | `/apply.cgi` | Medium
|
||||
18 | File | `/bin/ate` | Medium
|
||||
19 | File | `/boat/login.php` | High
|
||||
20 | File | `/booking/show_bookings/` | High
|
||||
21 | File | `/bsms_ci/index.php/book` | High
|
||||
5 | File | `/admin/about-us.php` | High
|
||||
6 | File | `/admin/add-new.php` | High
|
||||
7 | File | `/admin/doctors.php` | High
|
||||
8 | File | `/admin/user/manage_user.php` | High
|
||||
9 | File | `/admin/userprofile.php` | High
|
||||
10 | File | `/ajax.php?action=read_msg` | High
|
||||
11 | File | `/alphaware/summary.php` | High
|
||||
12 | File | `/api/` | Low
|
||||
13 | File | `/api/admin/store/product/list` | High
|
||||
14 | File | `/api/baskets/{name}` | High
|
||||
15 | File | `/api/gen/clients/{language}` | High
|
||||
16 | File | `/api/stl/actions/search` | High
|
||||
17 | File | `/api/v2/cli/commands` | High
|
||||
18 | File | `/apply.cgi` | Medium
|
||||
19 | File | `/bin/ate` | Medium
|
||||
20 | File | `/boat/login.php` | High
|
||||
21 | File | `/booking/show_bookings/` | High
|
||||
22 | File | `/cgi-bin` | Medium
|
||||
23 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
24 | File | `/College/admin/teacher.php` | High
|
||||
25 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
26 | File | `/dcim/rack-roles/` | High
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/ebics-server/ebics.aspx` | High
|
||||
29 | File | `/env` | Low
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/goform/aspForm` | High
|
||||
32 | File | `/HNAP1` | Low
|
||||
33 | File | `/HNAP1/SetClientInfo` | High
|
||||
34 | File | `/inc/topBarNav.php` | High
|
||||
35 | File | `/index.php` | Medium
|
||||
36 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
37 | File | `/kelas/data` | Medium
|
||||
38 | File | `/medicines/profile.php` | High
|
||||
39 | File | `/modules/profile/index.php` | High
|
||||
40 | File | `/Moosikay/order.php` | High
|
||||
41 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/resources//../` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
46 | ... | ... | ...
|
||||
25 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
26 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
27 | File | `/dcim/rack-roles/` | High
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/ebics-server/ebics.aspx` | High
|
||||
30 | File | `/env` | Low
|
||||
31 | File | `/forum/away.php` | High
|
||||
32 | File | `/goform/aspForm` | High
|
||||
33 | File | `/group1/uploa` | High
|
||||
34 | File | `/HNAP1` | Low
|
||||
35 | File | `/HNAP1/SetClientInfo` | High
|
||||
36 | File | `/inc/topBarNav.php` | High
|
||||
37 | File | `/index.php` | Medium
|
||||
38 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
39 | File | `/kelas/data` | Medium
|
||||
40 | File | `/modules/profile/index.php` | High
|
||||
41 | File | `/Moosikay/order.php` | High
|
||||
42 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | File | `/scripts/unlock_tasks.php` | High
|
||||
46 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 398 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 406 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
@ -775,6 +776,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.trendmicro.co.jp/archives/20879
|
||||
* https://blog.trendmicro.co.jp/archives/22211
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/SecureSh3ll/status/1691530482993815552
|
||||
* https://www.virustotal.com/gui/file/f88614efbadc891d6c199d80de3ad3d0e08b3811a20c5cf01d66ac2c8d17fe59/behavior
|
||||
|
||||
## Literature
|
||||
|
|
|
|||
|
|
@ -117,9 +117,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
94 | [45.128.156.3](https://vuldb.com/?ip.45.128.156.3) | webfair.store | - | High
|
||||
95 | [45.128.156.10](https://vuldb.com/?ip.45.128.156.10) | frm3-zendable.com | - | High
|
||||
96 | [45.128.156.43](https://vuldb.com/?ip.45.128.156.43) | buyetcapp.store | - | High
|
||||
97 | ... | ... | ... | ...
|
||||
97 | [45.134.174.99](https://vuldb.com/?ip.45.134.174.99) | dedicated.vsys.host | - | High
|
||||
98 | ... | ... | ... | ...
|
||||
|
||||
There are 385 more IOC items available. Please use our online service to access the data.
|
||||
There are 386 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -180,9 +181,10 @@ ID | Type | Indicator | Confidence
|
|||
35 | File | `/web/MCmsAction.java` | High
|
||||
36 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
37 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
38 | ... | ... | ...
|
||||
38 | File | `ABuffer.cpp` | Medium
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 331 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
@ -255,6 +257,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d12ba4226456edac1c9b5937fb0ea3bdc508d1120e5912d7c9d0eb8ee9cc2d32%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d62e30b1ad3e4a5e6af1f3e0451ee6432c7949b73751d3a456be5b40c13a447e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22d360ecb50280e8747808acda5f0e2bc9f7e29f4b60576af14284ec6aa87f676b%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22db12a43510d9c013dd32fd4c5f3d3e8b882f2b3541139a45742c8ddecad999cd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dbddfe3e7c9f992b12a776387ec36baef4689c90e76e70c32f5742fca707cf07%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dc8dec49562c502d5929f89a163adc46ad398ce6767271fbc9cc8ef40561d094%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%22dd4cc003b956b0a908bea3043b14477517ffe658967581ffce3e31abdf7d2021%22
|
||||
|
|
@ -326,6 +329,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225d5ff125ad48581ab86d75669d2ca79c1e02de1be746508c5cdcf767fd6b1eb0%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225ea2161f353b71cc360d245cfdeaafa1cac41d672d0035780aa42cac6da6c5dd%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225eb8ad1c658feb35f33ca16ec02391f23dc44c0f7be5fcd424b1f8eeef424b5a%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%225f18f724111eb6c8aa4ec01984556ecc7357dbc5f030746a3b3f2ec3bc2b343e%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a80cb5adacc61a445d3b1962a79ed40adb62e4eaddebea7131ddbc2bfebf108%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a93688d69aeab73fb28239f0b7ccb8b15ef876d6b134c379ae36a2526d29d83%22
|
||||
* https://search.censys.io/search?resource=hosts&q=services.certificate%3A%226a165551d34f38fd44b9fb1949685d14cc36220c99e0e6b05db8907229f7182d%22
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -69,68 +69,68 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/admin/admin.php` | High
|
||||
3 | File | `/admin/attendance_row.php` | High
|
||||
4 | File | `/admin/maintenance/view_designation.php` | High
|
||||
5 | File | `/admin/test_status.php` | High
|
||||
6 | File | `/admin/user/manage_user.php` | High
|
||||
7 | File | `/api/trackedEntityInstances` | High
|
||||
8 | File | `/bin/login.php` | High
|
||||
9 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
10 | File | `/cgi/sshcheck.cgi` | High
|
||||
11 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
12 | File | `/ConsoleHelp/` | High
|
||||
13 | File | `/etc/sudoers` | Medium
|
||||
14 | File | `/export` | Low
|
||||
15 | File | `/home/filter_listings` | High
|
||||
16 | File | `/horde/imp/search.php` | High
|
||||
17 | File | `/index.php` | Medium
|
||||
18 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
19 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
|
||||
20 | File | `/login` | Low
|
||||
21 | File | `/messageboard/view.php` | High
|
||||
22 | File | `/modules/projects/vw_files.php` | High
|
||||
23 | File | `/opensis/modules/grades/InputFinalGrades.php` | High
|
||||
24 | File | `/opensis/modules/users/Staff.php` | High
|
||||
25 | File | `/plesk-site-preview/` | High
|
||||
26 | File | `/proc/self/environ` | High
|
||||
27 | File | `/rest/api/2/user/picker` | High
|
||||
28 | File | `/s/` | Low
|
||||
29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
30 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
31 | File | `/sendrcpackage?keyid=-2544&keysymbol=-4081` | High
|
||||
32 | File | `/system?action=ServiceAdmin` | High
|
||||
33 | File | `/var/WEB-GUI/cgi-bin/downloadfile.cgi` | High
|
||||
34 | File | `/vicidial/user_stats.php` | High
|
||||
35 | File | `/websocket/exec` | High
|
||||
36 | File | `access.conf` | Medium
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `addsuppliers.php` | High
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin.remository.php` | High
|
||||
41 | File | `admin/admin_users.php` | High
|
||||
42 | File | `admin/login.php` | High
|
||||
43 | File | `admin/upload.php` | High
|
||||
44 | File | `administers` | Medium
|
||||
45 | File | `Administrator_list.php` | High
|
||||
46 | File | `advancedsetup_websiteblocking.html` | High
|
||||
47 | File | `affich.php` | Medium
|
||||
48 | File | `ajax_mail_autoreply.php` | High
|
||||
49 | File | `ajax_save_name.php` | High
|
||||
50 | File | `album_portal.php` | High
|
||||
51 | File | `allocator.cc` | Medium
|
||||
52 | File | `announcements.php` | High
|
||||
53 | File | `ap1.com` | Low
|
||||
54 | File | `apache2/modsecurity.c` | High
|
||||
55 | File | `api_jsonrpc.php` | High
|
||||
56 | File | `app/admin/controller/Ajax.php` | High
|
||||
57 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
|
||||
58 | File | `application.php` | High
|
||||
59 | File | `apply.cgi` | Medium
|
||||
60 | File | `asp:.jpg` | Medium
|
||||
2 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
3 | File | `/admin/admin.php` | High
|
||||
4 | File | `/admin/attendance_row.php` | High
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/admin/test_status.php` | High
|
||||
7 | File | `/admin/user/manage_user.php` | High
|
||||
8 | File | `/api/trackedEntityInstances` | High
|
||||
9 | File | `/bin/login.php` | High
|
||||
10 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
11 | File | `/cgi/sshcheck.cgi` | High
|
||||
12 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
13 | File | `/ConsoleHelp/` | High
|
||||
14 | File | `/etc/sudoers` | Medium
|
||||
15 | File | `/export` | Low
|
||||
16 | File | `/home/filter_listings` | High
|
||||
17 | File | `/horde/imp/search.php` | High
|
||||
18 | File | `/index.php` | Medium
|
||||
19 | File | `/jsoa/hntdCustomDesktopActionContent` | High
|
||||
20 | File | `/LEPTON_stable_2.2.2/upload/admins/media/index.php` | High
|
||||
21 | File | `/login` | Low
|
||||
22 | File | `/messageboard/view.php` | High
|
||||
23 | File | `/modules/projects/vw_files.php` | High
|
||||
24 | File | `/opensis/modules/grades/InputFinalGrades.php` | High
|
||||
25 | File | `/opensis/modules/users/Staff.php` | High
|
||||
26 | File | `/plesk-site-preview/` | High
|
||||
27 | File | `/proc/self/environ` | High
|
||||
28 | File | `/rest/api/2/user/picker` | High
|
||||
29 | File | `/s/` | Low
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
32 | File | `/sendrcpackage?keyid=-2544&keysymbol=-4081` | High
|
||||
33 | File | `/system?action=ServiceAdmin` | High
|
||||
34 | File | `/var/WEB-GUI/cgi-bin/downloadfile.cgi` | High
|
||||
35 | File | `/vicidial/user_stats.php` | High
|
||||
36 | File | `/websocket/exec` | High
|
||||
37 | File | `access.conf` | Medium
|
||||
38 | File | `adclick.php` | Medium
|
||||
39 | File | `addsuppliers.php` | High
|
||||
40 | File | `admin.php` | Medium
|
||||
41 | File | `admin.remository.php` | High
|
||||
42 | File | `admin/admin_users.php` | High
|
||||
43 | File | `admin/login.php` | High
|
||||
44 | File | `admin/upload.php` | High
|
||||
45 | File | `administers` | Medium
|
||||
46 | File | `Administrator_list.php` | High
|
||||
47 | File | `advancedsetup_websiteblocking.html` | High
|
||||
48 | File | `affich.php` | Medium
|
||||
49 | File | `ajax_mail_autoreply.php` | High
|
||||
50 | File | `ajax_save_name.php` | High
|
||||
51 | File | `album_portal.php` | High
|
||||
52 | File | `allocator.cc` | Medium
|
||||
53 | File | `announcements.php` | High
|
||||
54 | File | `ap1.com` | Low
|
||||
55 | File | `apache2/modsecurity.c` | High
|
||||
56 | File | `api_jsonrpc.php` | High
|
||||
57 | File | `app/admin/controller/Ajax.php` | High
|
||||
58 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
|
||||
59 | File | `application.php` | High
|
||||
60 | File | `apply.cgi` | Medium
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 536 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 538 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 10 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -58,9 +58,10 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `cat.asp` | Low
|
||||
10 | File | `catalog.php` | Medium
|
||||
11 | File | `categories.php` | High
|
||||
12 | ... | ... | ...
|
||||
12 | File | `config.php` | Medium
|
||||
13 | ... | ... | ...
|
||||
|
||||
There are 96 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 99 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -32,41 +32,42 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
9 | [8.222.133.105](https://vuldb.com/?ip.8.222.133.105) | - | - | High
|
||||
10 | [13.82.141.216](https://vuldb.com/?ip.13.82.141.216) | - | - | High
|
||||
11 | [13.112.226.27](https://vuldb.com/?ip.13.112.226.27) | ec2-13-112-226-27.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
12 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
13 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
14 | [13.114.110.144](https://vuldb.com/?ip.13.114.110.144) | ec2-13-114-110-144.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
15 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
16 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
17 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
18 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
19 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
20 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
21 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
22 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
23 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
24 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
25 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
27 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
29 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
30 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
31 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
32 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
33 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
34 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
35 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
36 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
37 | [20.212.219.56](https://vuldb.com/?ip.20.212.219.56) | - | - | High
|
||||
38 | [23.92.22.235](https://vuldb.com/?ip.23.92.22.235) | 23-92-22-235.ip.linodeusercontent.com | - | High
|
||||
39 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
|
||||
40 | [24.199.89.40](https://vuldb.com/?ip.24.199.89.40) | - | - | High
|
||||
41 | [24.199.114.243](https://vuldb.com/?ip.24.199.114.243) | - | - | High
|
||||
42 | [24.199.118.20](https://vuldb.com/?ip.24.199.118.20) | airy-fuse.autonode.net | - | High
|
||||
43 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
44 | ... | ... | ... | ...
|
||||
12 | [13.113.45.138](https://vuldb.com/?ip.13.113.45.138) | ec2-13-113-45-138.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
13 | [13.114.48.174](https://vuldb.com/?ip.13.114.48.174) | ec2-13-114-48-174.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
14 | [13.114.78.162](https://vuldb.com/?ip.13.114.78.162) | ec2-13-114-78-162.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
15 | [13.114.110.144](https://vuldb.com/?ip.13.114.110.144) | ec2-13-114-110-144.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
16 | [13.230.243.50](https://vuldb.com/?ip.13.230.243.50) | ec2-13-230-243-50.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
17 | [13.231.24.246](https://vuldb.com/?ip.13.231.24.246) | ec2-13-231-24-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
18 | [15.164.245.79](https://vuldb.com/?ip.15.164.245.79) | ec2-15-164-245-79.ap-northeast-2.compute.amazonaws.com | - | Medium
|
||||
19 | [15.206.79.179](https://vuldb.com/?ip.15.206.79.179) | ec2-15-206-79-179.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
20 | [15.206.84.52](https://vuldb.com/?ip.15.206.84.52) | ec2-15-206-84-52.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
21 | [16.16.162.142](https://vuldb.com/?ip.16.16.162.142) | ec2-16-16-162-142.eu-north-1.compute.amazonaws.com | - | Medium
|
||||
22 | [18.130.233.249](https://vuldb.com/?ip.18.130.233.249) | ec2-18-130-233-249.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
23 | [18.133.26.247](https://vuldb.com/?ip.18.133.26.247) | ec2-18-133-26-247.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
24 | [18.134.141.72](https://vuldb.com/?ip.18.134.141.72) | ec2-18-134-141-72.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
25 | [18.163.6.122](https://vuldb.com/?ip.18.163.6.122) | ec2-18-163-6-122.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
26 | [18.176.20.234](https://vuldb.com/?ip.18.176.20.234) | ec2-18-176-20-234.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
27 | [18.176.35.161](https://vuldb.com/?ip.18.176.35.161) | ec2-18-176-35-161.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
28 | [18.177.226.88](https://vuldb.com/?ip.18.177.226.88) | ec2-18-177-226-88.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
29 | [18.178.161.19](https://vuldb.com/?ip.18.178.161.19) | ec2-18-178-161-19.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
30 | [18.178.244.246](https://vuldb.com/?ip.18.178.244.246) | ec2-18-178-244-246.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
31 | [18.181.114.13](https://vuldb.com/?ip.18.181.114.13) | ec2-18-181-114-13.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
32 | [18.182.126.252](https://vuldb.com/?ip.18.182.126.252) | ec2-18-182-126-252.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
33 | [18.188.54.77](https://vuldb.com/?ip.18.188.54.77) | ec2-18-188-54-77.us-east-2.compute.amazonaws.com | - | Medium
|
||||
34 | [18.193.106.166](https://vuldb.com/?ip.18.193.106.166) | ec2-18-193-106-166.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
35 | [18.208.87.99](https://vuldb.com/?ip.18.208.87.99) | ec2-18-208-87-99.compute-1.amazonaws.com | - | Medium
|
||||
36 | [18.217.179.8](https://vuldb.com/?ip.18.217.179.8) | ec2-18-217-179-8.us-east-2.compute.amazonaws.com | - | Medium
|
||||
37 | [18.236.92.31](https://vuldb.com/?ip.18.236.92.31) | ec2-18-236-92-31.us-west-2.compute.amazonaws.com | - | Medium
|
||||
38 | [20.212.219.56](https://vuldb.com/?ip.20.212.219.56) | - | - | High
|
||||
39 | [23.92.22.235](https://vuldb.com/?ip.23.92.22.235) | 23-92-22-235.ip.linodeusercontent.com | - | High
|
||||
40 | [23.254.167.32](https://vuldb.com/?ip.23.254.167.32) | hwsrv-1075866.hostwindsdns.com | - | High
|
||||
41 | [24.199.89.40](https://vuldb.com/?ip.24.199.89.40) | - | - | High
|
||||
42 | [24.199.114.243](https://vuldb.com/?ip.24.199.114.243) | - | - | High
|
||||
43 | [24.199.118.20](https://vuldb.com/?ip.24.199.118.20) | airy-fuse.autonode.net | - | High
|
||||
44 | [31.42.189.61](https://vuldb.com/?ip.31.42.189.61) | caponystmodo.live | - | High
|
||||
45 | ... | ... | ... | ...
|
||||
|
||||
There are 174 more IOC items available. Please use our online service to access the data.
|
||||
There are 175 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -146,7 +147,7 @@ ID | Type | Indicator | Confidence
|
|||
55 | File | `activenews_view.asp` | High
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 485 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 489 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
@ -160,6 +161,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/8.222.133.105
|
||||
* https://search.censys.io/hosts/13.82.141.216
|
||||
* https://search.censys.io/hosts/13.112.226.27
|
||||
* https://search.censys.io/hosts/13.113.45.138
|
||||
* https://search.censys.io/hosts/13.114.48.174
|
||||
* https://search.censys.io/hosts/13.114.78.162
|
||||
* https://search.censys.io/hosts/13.114.110.144
|
||||
|
|
@ -199,6 +201,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/37.119.57.169
|
||||
* https://search.censys.io/hosts/37.119.57.195
|
||||
* https://search.censys.io/hosts/38.55.96.159
|
||||
* https://search.censys.io/hosts/38.126.114.218
|
||||
* https://search.censys.io/hosts/43.207.8.102
|
||||
* https://search.censys.io/hosts/43.207.23.110
|
||||
* https://search.censys.io/hosts/47.115.215.203
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -383,7 +383,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
|
@ -398,65 +398,61 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
2 | File | `/admin/?page=user/list` | High
|
||||
3 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
4 | File | `/admin/about-us.php` | High
|
||||
5 | File | `/admin/del_category.php` | High
|
||||
6 | File | `/admin/del_service.php` | High
|
||||
7 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
8 | File | `/admin/edit-services.php` | High
|
||||
9 | File | `/admin/edit_category.php` | High
|
||||
10 | File | `/admin/forgot-password.php` | High
|
||||
11 | File | `/admin/index.php` | High
|
||||
12 | File | `/admin/search-appointment.php` | High
|
||||
13 | File | `/admin/sys_sql_query.php` | High
|
||||
14 | File | `/ajax.php?action=read_msg` | High
|
||||
15 | File | `/api/baskets/{name}` | High
|
||||
16 | File | `/api/sys/set_passwd` | High
|
||||
17 | File | `/api/upload.php` | High
|
||||
18 | File | `/api?path=profile` | High
|
||||
19 | File | `/blog` | Low
|
||||
20 | File | `/booking/show_bookings/` | High
|
||||
21 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
22 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
23 | File | `/ci_spms/admin/search/searching/` | High
|
||||
24 | File | `/classes/Master.php?f=save_brand` | High
|
||||
25 | File | `/common/info.cgi` | High
|
||||
26 | File | `/company/store` | High
|
||||
27 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
28 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
29 | File | `/debug/pprof` | Medium
|
||||
30 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
31 | File | `/env` | Low
|
||||
32 | File | `/etc/passwd` | Medium
|
||||
33 | File | `/etc/pki/pesign` | High
|
||||
34 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
35 | File | `/forum/away.php` | High
|
||||
36 | File | `/goform/set_LimitClient_cfg` | High
|
||||
37 | File | `/graphql` | Medium
|
||||
38 | File | `/group1/uploa` | High
|
||||
39 | File | `/includes/db_connect.php` | High
|
||||
40 | File | `/includes/session.php` | High
|
||||
41 | File | `/index.php` | Medium
|
||||
42 | File | `/listplace/user/coverPhotoUpdate` | High
|
||||
43 | File | `/modules/projects/vw_files.php` | High
|
||||
44 | File | `/modules/public/calendar.php` | High
|
||||
45 | File | `/modules/public/date_format.php` | High
|
||||
46 | File | `/modules/tasks/gantt.php` | High
|
||||
47 | File | `/net/sched/cls_fw.c` | High
|
||||
48 | File | `/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php` | High
|
||||
49 | File | `/out.php` | Medium
|
||||
50 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
51 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
52 | File | `/preview.php` | Medium
|
||||
53 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
54 | File | `/resources//../` | High
|
||||
55 | File | `/search.php` | Medium
|
||||
56 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
57 | ... | ... | ...
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
3 | File | `/admin/?page=user/list` | High
|
||||
4 | File | `/admin/adclass.php` | High
|
||||
5 | File | `/admin/students/view_details.php` | High
|
||||
6 | File | `/ajax-files/followBoard.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/sys/set_passwd` | High
|
||||
10 | File | `/api/upload.php` | High
|
||||
11 | File | `/app/search/table` | High
|
||||
12 | File | `/auth/callback` | High
|
||||
13 | File | `/authenticationendpoint/login.do` | High
|
||||
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
15 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/cgi.cgi` | Medium
|
||||
18 | File | `/ci_spms/admin/search/searching/` | High
|
||||
19 | File | `/collection/all` | High
|
||||
20 | File | `/common/info.cgi` | High
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/etc/pki/pesign` | High
|
||||
24 | File | `/file/upload/1` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/getcfg.php` | Medium
|
||||
27 | File | `/goform/setportList` | High
|
||||
28 | File | `/goform/set_LimitClient_cfg` | High
|
||||
29 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
30 | File | `/group1/uploa` | High
|
||||
31 | File | `/h/autoSaveDraft` | High
|
||||
32 | File | `/includes/db_connect.php` | High
|
||||
33 | File | `/includes/session.php` | High
|
||||
34 | File | `/index.php?page=member` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/modules/public/date_format.php` | High
|
||||
38 | File | `/modules/tasks/gantt.php` | High
|
||||
39 | File | `/net/sched/cls_fw.c` | High
|
||||
40 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
41 | File | `/preview.php` | Medium
|
||||
42 | File | `/QueryView.php` | High
|
||||
43 | File | `/romfile.cfg` | Medium
|
||||
44 | File | `/search.php` | Medium
|
||||
45 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/staff/edit_book_details.php` | High
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
49 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
50 | File | `/uncpath/` | Medium
|
||||
51 | File | `/v1/hotlink/proxy` | High
|
||||
52 | File | `/var/log/rkhunter.log` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 496 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 461 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -133,7 +133,7 @@ ID | Type | Indicator | Confidence
|
|||
43 | File | `admin.php` | Medium
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 381 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -577,19 +577,19 @@ ID | Type | Indicator | Confidence
|
|||
39 | File | `/cgi-bin` | Medium
|
||||
40 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
41 | File | `/classes/master.php?f=delete_order` | High
|
||||
42 | File | `/csms/?page=contact_us` | High
|
||||
43 | File | `/debug/pprof` | Medium
|
||||
44 | File | `/dipam/athlete-profile.php` | High
|
||||
45 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
46 | File | `/edoc/doctor/patient.php` | High
|
||||
47 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
48 | File | `/env` | Low
|
||||
49 | File | `/forms/doLogin` | High
|
||||
50 | File | `/forum/away.php` | High
|
||||
51 | File | `/group1/uploa` | High
|
||||
42 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
43 | File | `/csms/?page=contact_us` | High
|
||||
44 | File | `/debug/pprof` | Medium
|
||||
45 | File | `/dipam/athlete-profile.php` | High
|
||||
46 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
47 | File | `/edoc/doctor/patient.php` | High
|
||||
48 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
49 | File | `/env` | Low
|
||||
50 | File | `/forms/doLogin` | High
|
||||
51 | File | `/forum/away.php` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 451 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `archivejson.cgi` | High
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 118 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 123 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 15 more TTP items available. Please use our online service to access the data.
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
|||
|
|
@ -69,24 +69,22 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/classes/Master.php?f=delete_item` | High
|
||||
18 | File | `/classes/Master.php?f=delete_service` | High
|
||||
19 | File | `/classes/Master.php?f=save_course` | High
|
||||
20 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
21 | File | `/dosen/data` | Medium
|
||||
22 | File | `/ecommerce/support_ticket` | High
|
||||
23 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
24 | File | `/Enclave.cpp` | Medium
|
||||
25 | File | `/file_manager/admin/save_user.php` | High
|
||||
26 | File | `/get-artifact` | High
|
||||
27 | File | `/goForm/aspForm` | High
|
||||
28 | File | `/goform/formTcpipSetup` | High
|
||||
29 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
30 | File | `/index.php/archives/1/comment` | High
|
||||
31 | File | `/jerry-core/parser/js/js-lexer.c` | High
|
||||
32 | File | `/jerry-core/parser/js/js-parser-statm.c` | High
|
||||
33 | File | `/jerry-core/parser/js/js-scanner-util.c` | High
|
||||
34 | File | `/jurusan/data` | High
|
||||
35 | ... | ... | ...
|
||||
20 | File | `/collection/all` | High
|
||||
21 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
22 | File | `/dosen/data` | Medium
|
||||
23 | File | `/ecommerce/support_ticket` | High
|
||||
24 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
25 | File | `/Enclave.cpp` | Medium
|
||||
26 | File | `/file_manager/admin/save_user.php` | High
|
||||
27 | File | `/get-artifact` | High
|
||||
28 | File | `/goForm/aspForm` | High
|
||||
29 | File | `/goform/formTcpipSetup` | High
|
||||
30 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
31 | File | `/index.php/archives/1/comment` | High
|
||||
32 | File | `/jerry-core/parser/js/js-lexer.c` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ ID | Type | Indicator | Confidence
|
|||
30 | File | `/usr/bin/rbd-target-api` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 262 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 264 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -83,32 +83,32 @@ ID | Type | Indicator | Confidence
|
|||
31 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
32 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
33 | File | `/index.php?page=category_list` | High
|
||||
34 | File | `/jobinfo/` | Medium
|
||||
35 | File | `/librarian/bookdetails.php` | High
|
||||
36 | File | `/Moosikay/order.php` | High
|
||||
37 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
38 | File | `/opac/Actions.php?a=login` | High
|
||||
39 | File | `/php-opos/index.php` | High
|
||||
40 | File | `/PreviewHandler.ashx` | High
|
||||
41 | File | `/public/launchNewWindow.jsp` | High
|
||||
42 | File | `/recipe-result` | High
|
||||
43 | File | `/register.do` | Medium
|
||||
44 | File | `/reservation/add_message.php` | High
|
||||
45 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | File | `/student/bookdetails.php` | High
|
||||
48 | File | `/uncpath/` | Medium
|
||||
49 | File | `/uploads/exam_question/` | High
|
||||
50 | File | `/user/ticket/create` | High
|
||||
51 | File | `/user/updatePwd` | High
|
||||
52 | File | `/var/lib/docker/<remapping>` | High
|
||||
53 | File | `/var/www/core/controller/index.php` | High
|
||||
54 | File | `/wireless/security.asp` | High
|
||||
55 | File | `/wp-admin/admin-ajax.php` | High
|
||||
56 | File | `01article.php` | High
|
||||
34 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
35 | File | `/jobinfo/` | Medium
|
||||
36 | File | `/librarian/bookdetails.php` | High
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/mygym/admin/index.php?view_exercises` | High
|
||||
39 | File | `/opac/Actions.php?a=login` | High
|
||||
40 | File | `/php-opos/index.php` | High
|
||||
41 | File | `/PreviewHandler.ashx` | High
|
||||
42 | File | `/public/launchNewWindow.jsp` | High
|
||||
43 | File | `/recipe-result` | High
|
||||
44 | File | `/register.do` | Medium
|
||||
45 | File | `/reservation/add_message.php` | High
|
||||
46 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
47 | File | `/spip.php` | Medium
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
49 | File | `/uncpath/` | Medium
|
||||
50 | File | `/uploads/exam_question/` | High
|
||||
51 | File | `/user/ticket/create` | High
|
||||
52 | File | `/user/updatePwd` | High
|
||||
53 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
54 | File | `/var/lib/docker/<remapping>` | High
|
||||
55 | File | `/var/www/core/controller/index.php` | High
|
||||
56 | File | `/wireless/security.asp` | High
|
||||
57 | ... | ... | ...
|
||||
|
||||
There are 496 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 497 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -24,15 +24,15 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
1 | [5.79.66.100](https://vuldb.com/?ip.5.79.66.100) | - | - | High
|
||||
2 | [5.79.66.123](https://vuldb.com/?ip.5.79.66.123) | - | - | High
|
||||
3 | [8.211.4.118](https://vuldb.com/?ip.8.211.4.118) | - | - | High
|
||||
4 | [35.176.231.198](https://vuldb.com/?ip.35.176.231.198) | ec2-35-176-231-198.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
5 | [45.77.195.105](https://vuldb.com/?ip.45.77.195.105) | 45.77.195.105.vultrusercontent.com | - | High
|
||||
6 | [45.90.57.160](https://vuldb.com/?ip.45.90.57.160) | khalasar.omega.spb.ru | - | High
|
||||
7 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
|
||||
8 | [45.130.201.24](https://vuldb.com/?ip.45.130.201.24) | - | - | High
|
||||
9 | [47.91.94.97](https://vuldb.com/?ip.47.91.94.97) | - | - | High
|
||||
4 | [23.146.184.29](https://vuldb.com/?ip.23.146.184.29) | - | - | High
|
||||
5 | [35.176.231.198](https://vuldb.com/?ip.35.176.231.198) | ec2-35-176-231-198.eu-west-2.compute.amazonaws.com | - | Medium
|
||||
6 | [45.77.195.105](https://vuldb.com/?ip.45.77.195.105) | 45.77.195.105.vultrusercontent.com | - | High
|
||||
7 | [45.90.57.160](https://vuldb.com/?ip.45.90.57.160) | khalasar.omega.spb.ru | - | High
|
||||
8 | [45.130.201.23](https://vuldb.com/?ip.45.130.201.23) | - | - | High
|
||||
9 | [45.130.201.24](https://vuldb.com/?ip.45.130.201.24) | - | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
|
||||
There are 36 more IOC items available. Please use our online service to access the data.
|
||||
There are 38 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -78,35 +78,35 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/domains/index.fts` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/foundry/modules/news/newscolumns.php` | High
|
||||
23 | File | `/goform/addUserName` | High
|
||||
24 | File | `/goform/aspForm` | High
|
||||
25 | File | `/goform/delAd` | High
|
||||
26 | File | `/goform/wifiSSIDset` | High
|
||||
27 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
28 | File | `/inc/topBarNav.php` | High
|
||||
29 | File | `/index.asp` | Medium
|
||||
30 | File | `/index.php` | Medium
|
||||
31 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
32 | File | `/jfinal_cms/system/role/list` | High
|
||||
33 | File | `/kelas/data` | Medium
|
||||
34 | File | `/Moosikay/order.php` | High
|
||||
35 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
|
||||
36 | File | `/out.php` | Medium
|
||||
37 | File | `/paysystem/datatable.php` | High
|
||||
38 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
39 | File | `/product_list.php` | High
|
||||
40 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
41 | File | `/server/ajax/events_manager.php` | High
|
||||
42 | File | `/server/ajax/user_manager.php` | High
|
||||
43 | File | `/smstest.html` | High
|
||||
44 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
45 | File | `/staff/edit_book_details.php` | High
|
||||
46 | File | `/uncpath/` | Medium
|
||||
47 | File | `/user/profile` | High
|
||||
48 | File | `/vloggers_merch/admin/?page=product/manage_product` | High
|
||||
49 | File | `/webman/info.cgi` | High
|
||||
50 | File | `/wp-admin/admin-ajax.php` | High
|
||||
51 | File | `acloudCosAction.php.SQL` | High
|
||||
23 | File | `/ghost/preview` | High
|
||||
24 | File | `/goform/addUserName` | High
|
||||
25 | File | `/goform/aspForm` | High
|
||||
26 | File | `/goform/delAd` | High
|
||||
27 | File | `/goform/wifiSSIDset` | High
|
||||
28 | File | `/gpac/src/bifs/unquantize.c` | High
|
||||
29 | File | `/inc/topBarNav.php` | High
|
||||
30 | File | `/index.asp` | Medium
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
33 | File | `/jfinal_cms/system/role/list` | High
|
||||
34 | File | `/kelas/data` | Medium
|
||||
35 | File | `/Moosikay/order.php` | High
|
||||
36 | File | `/Mum.Geo.Services/DataAccessService.svc` | High
|
||||
37 | File | `/out.php` | Medium
|
||||
38 | File | `/paysystem/datatable.php` | High
|
||||
39 | File | `/php-sms/admin/quotes/manage_remark.php` | High
|
||||
40 | File | `/product_list.php` | High
|
||||
41 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
42 | File | `/server/ajax/events_manager.php` | High
|
||||
43 | File | `/server/ajax/user_manager.php` | High
|
||||
44 | File | `/smstest.html` | High
|
||||
45 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
46 | File | `/staff/edit_book_details.php` | High
|
||||
47 | File | `/uncpath/` | Medium
|
||||
48 | File | `/user/profile` | High
|
||||
49 | File | `/vloggers_merch/admin/?page=product/manage_product` | High
|
||||
50 | File | `/webman/info.cgi` | High
|
||||
51 | File | `/wp-admin/admin-ajax.php` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 452 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
@ -126,6 +126,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://infosec.exchange/@rmceoin/110646942587873094
|
||||
* https://infosec.exchange/@rmceoin/110741107977124203
|
||||
* https://infosec.exchange/@rmceoin/110816749930323979
|
||||
* https://ioc.exchange/@monitorsg@infosec.exchange/111015295715515083
|
||||
* https://ioc.exchange/@monitorsg@infosec.exchange/111018596544634373
|
||||
* https://threatfox.abuse.ch
|
||||
* https://twitter.com/threatcat_ch/status/1655819677648420864
|
||||
* https://twitter.com/threatcat_ch/status/1656899336712716289
|
||||
|
|
|
|||
|
|
@ -121,52 +121,51 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/admin/sys_sql_query.php` | High
|
||||
9 | File | `/admin/user/manage_user.php` | High
|
||||
10 | File | `/admin/userprofile.php` | High
|
||||
11 | File | `/api/` | Low
|
||||
12 | File | `/api/admin/store/product/list` | High
|
||||
13 | File | `/api/baskets/{name}` | High
|
||||
14 | File | `/api/stl/actions/search` | High
|
||||
15 | File | `/api/v2/cli/commands` | High
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
18 | File | `/booking/show_bookings/` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/company/store` | High
|
||||
23 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
24 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
25 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/etc/passwd` | Medium
|
||||
29 | File | `/feeds/post/publish` | High
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/group1/uploa` | High
|
||||
32 | File | `/h/` | Low
|
||||
33 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
34 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
35 | File | `/index.php?page=category_list` | High
|
||||
36 | File | `/jobinfo/` | Medium
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/opac/Actions.php?a=login` | High
|
||||
39 | File | `/pharmacy-sales-and-inventory-system/manage_user.php` | High
|
||||
40 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
41 | File | `/PreviewHandler.ashx` | High
|
||||
42 | File | `/recipe-result` | High
|
||||
43 | File | `/register.do` | Medium
|
||||
44 | File | `/reservation/add_message.php` | High
|
||||
45 | File | `/resources//../` | High
|
||||
11 | File | `/api/baskets/{name}` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/bin/ate` | Medium
|
||||
15 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
16 | File | `/booking/show_bookings/` | High
|
||||
17 | File | `/cgi-bin` | Medium
|
||||
18 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
19 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
20 | File | `/company/store` | High
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
23 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
24 | File | `/debug/pprof` | Medium
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/etc/passwd` | Medium
|
||||
27 | File | `/feeds/post/publish` | High
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/group1/uploa` | High
|
||||
30 | File | `/h/` | Low
|
||||
31 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
32 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
33 | File | `/index.php?page=category_list` | High
|
||||
34 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
35 | File | `/jobinfo/` | Medium
|
||||
36 | File | `/Moosikay/order.php` | High
|
||||
37 | File | `/opac/Actions.php?a=login` | High
|
||||
38 | File | `/pharmacy-sales-and-inventory-system/manage_user.php` | High
|
||||
39 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
40 | File | `/PreviewHandler.ashx` | High
|
||||
41 | File | `/recipe-result` | High
|
||||
42 | File | `/register.do` | Medium
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | File | `/scripts/unlock_tasks.php` | High
|
||||
46 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
47 | File | `/Session` | Medium
|
||||
48 | File | `/spip.php` | Medium
|
||||
49 | File | `/student/bookdetails.php` | High
|
||||
50 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
51 | File | `/uploads/exam_question/` | High
|
||||
52 | File | `/user/ticket/create` | High
|
||||
53 | File | `/user/updatePwd` | High
|
||||
54 | ... | ... | ...
|
||||
47 | File | `/spip.php` | Medium
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
49 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
50 | File | `/uploads/exam_question/` | High
|
||||
51 | File | `/user/ticket/create` | High
|
||||
52 | File | `/user/updatePwd` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 472 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 463 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -69,7 +69,8 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/sm/api/v1/firewall/zone/services` | High
|
||||
12 | File | `/usr/bin/pkexec` | High
|
||||
13 | File | `/var/run/zabbix` | High
|
||||
14 | ... | ... | ...
|
||||
14 | File | `adclick.php` | Medium
|
||||
15 | ... | ... | ...
|
||||
|
||||
There are 115 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
|||
|
|
@ -80,28 +80,28 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/group/comment` | High
|
||||
14 | File | `/ipms/imageConvert/image` | High
|
||||
15 | File | `/librarian/bookdetails.php` | High
|
||||
16 | File | `/lookin/info` | Medium
|
||||
17 | File | `/plugins/servlet/jira-blockers/` | High
|
||||
18 | File | `/ptipupgrade.cgi` | High
|
||||
19 | File | `/public/login.htm` | High
|
||||
20 | File | `/register.do` | Medium
|
||||
21 | File | `/sessions/sess_<sessionid>` | High
|
||||
22 | File | `/themes/<php_file_name>` | High
|
||||
23 | File | `/tmp/speedtest_urls.xml` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/upload` | Low
|
||||
26 | File | `/var/log/nginx` | High
|
||||
27 | File | `/wbg/core/_includes/authorization.inc.php` | High
|
||||
28 | File | `/wp-admin/admin.php` | High
|
||||
29 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
30 | File | `adclick.php` | Medium
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
33 | File | `admin/controller/pages/localisation/language.php` | High
|
||||
34 | File | `admincp/attachment.php&do=rebuild&type` | High
|
||||
16 | File | `/log/decodmail.php` | High
|
||||
17 | File | `/lookin/info` | Medium
|
||||
18 | File | `/plugins/servlet/jira-blockers/` | High
|
||||
19 | File | `/ptipupgrade.cgi` | High
|
||||
20 | File | `/public/login.htm` | High
|
||||
21 | File | `/register.do` | Medium
|
||||
22 | File | `/sessions/sess_<sessionid>` | High
|
||||
23 | File | `/themes/<php_file_name>` | High
|
||||
24 | File | `/tmp/speedtest_urls.xml` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/upload` | Low
|
||||
27 | File | `/var/log/nginx` | High
|
||||
28 | File | `/wbg/core/_includes/authorization.inc.php` | High
|
||||
29 | File | `/wp-admin/admin.php` | High
|
||||
30 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
34 | File | `admin/controller/pages/localisation/language.php` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 300 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 302 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -122,41 +122,40 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/api/gen/clients/{language}` | High
|
||||
9 | File | `/api/geojson` | Medium
|
||||
10 | File | `/bin/ate` | Medium
|
||||
11 | File | `/booking/show_bookings/` | High
|
||||
12 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/classes/Master.php?f=delete_category` | High
|
||||
15 | File | `/classes/Master.php?f=save_service` | High
|
||||
16 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
17 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
18 | File | `/data/remove` | Medium
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/Default/Bd` | Medium
|
||||
21 | File | `/env` | Low
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/getcfg.php` | Medium
|
||||
25 | File | `/goform/AdvSetLanip` | High
|
||||
26 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
27 | File | `/goform/setmac` | High
|
||||
28 | File | `/goform/setMacFilterCfg` | High
|
||||
29 | File | `/goform/SetSysTimeCfg` | High
|
||||
30 | File | `/goform/set_LimitClient_cfg` | High
|
||||
31 | File | `/goform/WifiGuestSet` | High
|
||||
32 | File | `/hss/admin/?page=products/view_product` | High
|
||||
33 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
34 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
35 | File | `/kelasdosen/data` | High
|
||||
36 | File | `/modules/profile/index.php` | High
|
||||
37 | File | `/net/sched/cls_fw.c` | High
|
||||
38 | File | `/news/*.html` | Medium
|
||||
39 | File | `/owa/auth/logon.aspx` | High
|
||||
40 | File | `/preview.php` | Medium
|
||||
41 | File | `/search.php` | Medium
|
||||
42 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
43 | ... | ... | ...
|
||||
11 | File | `/bin/login` | Medium
|
||||
12 | File | `/booking/show_bookings/` | High
|
||||
13 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/classes/Master.php?f=delete_category` | High
|
||||
16 | File | `/classes/Master.php?f=save_service` | High
|
||||
17 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
18 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
19 | File | `/data/remove` | Medium
|
||||
20 | File | `/debug/pprof` | Medium
|
||||
21 | File | `/Default/Bd` | Medium
|
||||
22 | File | `/env` | Low
|
||||
23 | File | `/etc/passwd` | Medium
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/getcfg.php` | Medium
|
||||
26 | File | `/goform/AdvSetLanip` | High
|
||||
27 | File | `/goform/fromSetWirelessRepeat` | High
|
||||
28 | File | `/goform/setmac` | High
|
||||
29 | File | `/goform/setMacFilterCfg` | High
|
||||
30 | File | `/goform/SetSysTimeCfg` | High
|
||||
31 | File | `/goform/set_LimitClient_cfg` | High
|
||||
32 | File | `/goform/WifiGuestSet` | High
|
||||
33 | File | `/hss/admin/?page=products/view_product` | High
|
||||
34 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
35 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
36 | File | `/kelasdosen/data` | High
|
||||
37 | File | `/modules/profile/index.php` | High
|
||||
38 | File | `/net/sched/cls_fw.c` | High
|
||||
39 | File | `/news/*.html` | Medium
|
||||
40 | File | `/owa/auth/logon.aspx` | High
|
||||
41 | File | `/preview.php` | Medium
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 370 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -162,7 +162,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -211,16 +211,17 @@ ID | Type | Indicator | Confidence
|
|||
39 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
40 | File | `/company/store` | High
|
||||
41 | File | `/config` | Low
|
||||
42 | File | `/csms/?page=contact_us` | High
|
||||
43 | File | `/debug/pprof` | Medium
|
||||
44 | File | `/dipam/save-delegates.php` | High
|
||||
45 | File | `/env` | Low
|
||||
46 | File | `/etc/pki/pesign` | High
|
||||
47 | File | `/file_manager/admin/save_user.php` | High
|
||||
48 | File | `/forum/away.php` | High
|
||||
49 | ... | ... | ...
|
||||
42 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
43 | File | `/csms/?page=contact_us` | High
|
||||
44 | File | `/debug/pprof` | Medium
|
||||
45 | File | `/dipam/save-delegates.php` | High
|
||||
46 | File | `/env` | Low
|
||||
47 | File | `/etc/pki/pesign` | High
|
||||
48 | File | `/file_manager/admin/save_user.php` | High
|
||||
49 | File | `/forum/away.php` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 430 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 435 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -349,9 +349,13 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
319 | [45.129.99.241](https://vuldb.com/?ip.45.129.99.241) | 354851-vds-mamozw.gmhost.pp.ua | - | High
|
||||
320 | [45.129.199.26](https://vuldb.com/?ip.45.129.199.26) | - | - | High
|
||||
321 | [45.138.172.179](https://vuldb.com/?ip.45.138.172.179) | - | - | High
|
||||
322 | ... | ... | ... | ...
|
||||
322 | [45.138.172.240](https://vuldb.com/?ip.45.138.172.240) | - | - | High
|
||||
323 | [45.142.214.176](https://vuldb.com/?ip.45.142.214.176) | vm546665.stark-industries.solutions | - | High
|
||||
324 | [45.144.178.236](https://vuldb.com/?ip.45.144.178.236) | e.wise-sourcing.com | - | High
|
||||
325 | [45.147.228.138](https://vuldb.com/?ip.45.147.228.138) | - | - | High
|
||||
326 | ... | ... | ... | ...
|
||||
|
||||
There are 1285 more IOC items available. Please use our online service to access the data.
|
||||
There are 1301 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -378,29 +382,29 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/about-us.php` | High
|
||||
5 | File | `/admin/cashadvance_row.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/admin/userprofile.php` | High
|
||||
9 | File | `/api/baskets/{name}` | High
|
||||
10 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/company/store` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
15 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
16 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
17 | File | `/dcim/rack-roles/` | High
|
||||
18 | File | `/etc/passwd` | Medium
|
||||
19 | File | `/feeds/post/publish` | High
|
||||
20 | File | `/forms/doLogin` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/h/` | Low
|
||||
5 | File | `/admin/maintenance/view_designation.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
9 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
10 | File | `/company/store` | High
|
||||
11 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
12 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
13 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
14 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
15 | File | `/csms/?page=contact_us` | High
|
||||
16 | File | `/dcim/rack-roles/` | High
|
||||
17 | File | `/etc/passwd` | Medium
|
||||
18 | File | `/feeds/post/publish` | High
|
||||
19 | File | `/forms/doLogin` | High
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/h/` | Low
|
||||
22 | File | `/home/cavesConsole` | High
|
||||
23 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
24 | File | `/inc/topBarNav.php` | High
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
27 | File | `/index.php?page=category_list` | High
|
||||
24 | File | `/index.php` | Medium
|
||||
25 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
26 | File | `/index.php?page=category_list` | High
|
||||
27 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
28 | File | `/jobinfo/` | Medium
|
||||
29 | File | `/kelas/data` | Medium
|
||||
30 | File | `/Moosikay/order.php` | High
|
||||
|
|
@ -409,7 +413,7 @@ ID | Type | Indicator | Confidence
|
|||
33 | File | `/recipe-result` | High
|
||||
34 | File | `/register.do` | Medium
|
||||
35 | File | `/reservation/add_message.php` | High
|
||||
36 | File | `/rom-0` | Low
|
||||
36 | File | `/scripts/unlock_tasks.php` | High
|
||||
37 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
38 | File | `/ServletAPI/accounts/login` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
|
|
@ -417,14 +421,15 @@ ID | Type | Indicator | Confidence
|
|||
41 | File | `/staff/edit_book_details.php` | High
|
||||
42 | File | `/student/bookdetails.php` | High
|
||||
43 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
44 | File | `/uploads/exam_question/` | High
|
||||
45 | File | `/user/profile` | High
|
||||
46 | File | `/user/ticket/create` | High
|
||||
47 | File | `/var/lib/docker/<remapping>` | High
|
||||
48 | File | `/wp-admin/admin-ajax.php` | High
|
||||
49 | ... | ... | ...
|
||||
44 | File | `/upload` | Low
|
||||
45 | File | `/uploads/exam_question/` | High
|
||||
46 | File | `/user/profile` | High
|
||||
47 | File | `/user/ticket/create` | High
|
||||
48 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
49 | File | `/var/lib/docker/<remapping>` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 425 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 439 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -39,15 +39,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-24, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | T1068 | CWE-250, CWE-264, CWE-267, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -71,36 +71,34 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/api /v3/auth` | High
|
||||
15 | File | `/apply.cgi` | Medium
|
||||
16 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
17 | File | `/asan/asan_interceptors_memintrinsics.cpp` | High
|
||||
17 | File | `/blog/blogpublish.php` | High
|
||||
18 | File | `/boaform/admin/formPing` | High
|
||||
19 | File | `/bsms_ci/index.php/book` | High
|
||||
20 | File | `/cgi-bin/nobody` | High
|
||||
21 | File | `/cgi-bin/nobody/Search.cgi` | High
|
||||
22 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
23 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
24 | File | `/cgi-bin/user/Config.cgi` | High
|
||||
25 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
26 | File | `/churchcrm/EventAttendance.php` | High
|
||||
27 | File | `/classes/Login.php` | High
|
||||
28 | File | `/classes/Master.php` | High
|
||||
29 | File | `/classes/Master.php?f=save_course` | High
|
||||
30 | File | `/classes/Master.php?f=save_service` | High
|
||||
31 | File | `/classes/Users.php` | High
|
||||
32 | File | `/company/store` | High
|
||||
33 | File | `/controllers/Blocks.php` | High
|
||||
34 | File | `/dcim/rack/` | Medium
|
||||
35 | File | `/debug/pprof` | Medium
|
||||
36 | File | `/dede/tpl.php` | High
|
||||
37 | File | `/download` | Medium
|
||||
38 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
39 | File | `/EditEventTypes.php` | High
|
||||
40 | File | `/Electron/download` | High
|
||||
41 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
42 | File | `/etc/tomcat8/Catalina/attack` | High
|
||||
43 | File | `/gaia-job-admin/user/add` | High
|
||||
44 | ... | ... | ...
|
||||
20 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
21 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
22 | File | `/churchcrm/EventAttendance.php` | High
|
||||
23 | File | `/classes/Login.php` | High
|
||||
24 | File | `/classes/Master.php` | High
|
||||
25 | File | `/classes/Master.php?f=save_course` | High
|
||||
26 | File | `/classes/Master.php?f=save_service` | High
|
||||
27 | File | `/classes/Users.php` | High
|
||||
28 | File | `/collection/all` | High
|
||||
29 | File | `/company/store` | High
|
||||
30 | File | `/controllers/Blocks.php` | High
|
||||
31 | File | `/dcim/rack/` | Medium
|
||||
32 | File | `/debug/pprof` | Medium
|
||||
33 | File | `/dede/tpl.php` | High
|
||||
34 | File | `/download` | Medium
|
||||
35 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
36 | File | `/EditEventTypes.php` | High
|
||||
37 | File | `/Electron/download` | High
|
||||
38 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
39 | File | `/file/upload/1` | High
|
||||
40 | File | `/gaia-job-admin/user/add` | High
|
||||
41 | File | `/goform/aspForm` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 378 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 360 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,55 @@
|
|||
# Key Group - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Key Group](https://vuldb.com/?actor.key_group). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.key_group](https://vuldb.com/?actor.key_group)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Key Group:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Key Group.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [77.88.55.60](https://vuldb.com/?ip.77.88.55.60) | yandex.ru | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Key Group_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-264 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
2 | T1202 | CWE-77 | Command Injection | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Key Group. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\` | High
|
||||
2 | File | `main.get.php` | Medium
|
||||
3 | File | `tgetpass.c` | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.eclecticiq.com/decrypting-key-group-ransomware-emerging-financially-motivated-cyber-crime-gang
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
@ -106,9 +106,10 @@ ID | Type | Indicator | Confidence
|
|||
40 | File | `/plugins/Dashboard/Controller.php` | High
|
||||
41 | File | `/public/plugins/` | High
|
||||
42 | File | `/rest/jpo/1.0/hierarchyConfiguration` | High
|
||||
43 | ... | ... | ...
|
||||
43 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
The following _campaigns_ are known and can be associated with Kinsing:
|
||||
|
||||
* CVE-2023-32315
|
||||
* Log4Shell
|
||||
|
||||
## Countries
|
||||
|
|
@ -31,22 +32,24 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
2 | [3.215.110.66](https://vuldb.com/?ip.3.215.110.66) | ec2-3-215-110-66.compute-1.amazonaws.com | Log4Shell | Medium
|
||||
3 | [5.34.183.14](https://vuldb.com/?ip.5.34.183.14) | vds-904894.hosted-by-itldc.com | - | High
|
||||
4 | [5.34.183.145](https://vuldb.com/?ip.5.34.183.145) | a.sadeghi | - | High
|
||||
5 | [31.210.20.181](https://vuldb.com/?ip.31.210.20.181) | - | Log4Shell | High
|
||||
6 | [34.81.218.76](https://vuldb.com/?ip.34.81.218.76) | 76.218.81.34.bc.googleusercontent.com | Log4Shell | Medium
|
||||
7 | [42.112.28.216](https://vuldb.com/?ip.42.112.28.216) | midp.highlatrol.com | Log4Shell | High
|
||||
8 | [45.10.88.102](https://vuldb.com/?ip.45.10.88.102) | 45.10.88.102.cl.darnytsia.net | - | High
|
||||
9 | [45.10.88.124](https://vuldb.com/?ip.45.10.88.124) | - | - | High
|
||||
10 | [45.15.158.124](https://vuldb.com/?ip.45.15.158.124) | - | - | High
|
||||
11 | [45.67.230.68](https://vuldb.com/?ip.45.67.230.68) | vm330138.pq.hosting | - | High
|
||||
12 | [45.95.169.118](https://vuldb.com/?ip.45.95.169.118) | zb64.antoniagavve.live | - | High
|
||||
13 | [45.129.2.107](https://vuldb.com/?ip.45.129.2.107) | - | Log4Shell | High
|
||||
14 | [45.137.151.106](https://vuldb.com/?ip.45.137.151.106) | - | Log4Shell | High
|
||||
15 | [45.137.155.55](https://vuldb.com/?ip.45.137.155.55) | vm360194.pq.hosting | Log4Shell | High
|
||||
16 | [45.142.214.48](https://vuldb.com/?ip.45.142.214.48) | server.com | Log4Shell | High
|
||||
17 | [45.147.201.186](https://vuldb.com/?ip.45.147.201.186) | - | - | High
|
||||
18 | ... | ... | ... | ...
|
||||
5 | [5.35.101.62](https://vuldb.com/?ip.5.35.101.62) | hosted-by.ruweb.net | CVE-2023-32315 | High
|
||||
6 | [31.184.240.34](https://vuldb.com/?ip.31.184.240.34) | 106863.web.hosting-russia.ru | CVE-2023-32315 | High
|
||||
7 | [31.210.20.181](https://vuldb.com/?ip.31.210.20.181) | - | Log4Shell | High
|
||||
8 | [34.81.218.76](https://vuldb.com/?ip.34.81.218.76) | 76.218.81.34.bc.googleusercontent.com | Log4Shell | Medium
|
||||
9 | [42.112.28.216](https://vuldb.com/?ip.42.112.28.216) | midp.highlatrol.com | Log4Shell | High
|
||||
10 | [45.10.88.102](https://vuldb.com/?ip.45.10.88.102) | 45.10.88.102.cl.darnytsia.net | - | High
|
||||
11 | [45.10.88.124](https://vuldb.com/?ip.45.10.88.124) | - | - | High
|
||||
12 | [45.15.158.124](https://vuldb.com/?ip.45.15.158.124) | - | - | High
|
||||
13 | [45.67.230.68](https://vuldb.com/?ip.45.67.230.68) | vm330138.pq.hosting | - | High
|
||||
14 | [45.95.169.118](https://vuldb.com/?ip.45.95.169.118) | zb64.antoniagavve.live | - | High
|
||||
15 | [45.129.2.107](https://vuldb.com/?ip.45.129.2.107) | - | Log4Shell | High
|
||||
16 | [45.137.151.106](https://vuldb.com/?ip.45.137.151.106) | - | Log4Shell | High
|
||||
17 | [45.137.155.55](https://vuldb.com/?ip.45.137.155.55) | vm360194.pq.hosting | Log4Shell | High
|
||||
18 | [45.142.214.48](https://vuldb.com/?ip.45.142.214.48) | server.com | Log4Shell | High
|
||||
19 | [45.147.201.186](https://vuldb.com/?ip.45.147.201.186) | - | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
|
||||
There are 67 more IOC items available. Please use our online service to access the data.
|
||||
There are 75 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -105,39 +108,40 @@ ID | Type | Indicator | Confidence
|
|||
34 | File | `/spip.php` | Medium
|
||||
35 | File | `/SysInfo.htm` | Medium
|
||||
36 | File | `/uncpath/` | Medium
|
||||
37 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
38 | File | `/usr/syno/etc/mount.conf` | High
|
||||
39 | File | `/var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log` | High
|
||||
40 | File | `/var/log/rkhunter.log` | High
|
||||
41 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
42 | File | `/vendor` | Low
|
||||
43 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
44 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
45 | File | `/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2` | High
|
||||
46 | File | `/zm/index.php` | High
|
||||
47 | File | `a-b-membres.php` | High
|
||||
48 | File | `actions.php` | Medium
|
||||
49 | File | `adclick.php` | Medium
|
||||
50 | File | `add.php` | Low
|
||||
51 | File | `addtocart.asp` | High
|
||||
52 | File | `add_2_basket.asp` | High
|
||||
53 | File | `add_edit_cat.asp` | High
|
||||
54 | File | `admin.jcomments.php` | High
|
||||
55 | File | `admin.php` | Medium
|
||||
56 | File | `admin.php/comments/batchdel/` | High
|
||||
57 | File | `admin/aboutus.php` | High
|
||||
58 | File | `admin/adm/test.php` | High
|
||||
59 | File | `admin/article_save.php` | High
|
||||
60 | File | `admin/bitrix.mpbuilder_step2.php` | High
|
||||
37 | File | `/usr/syno/etc/mount.conf` | High
|
||||
38 | File | `/var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log` | High
|
||||
39 | File | `/var/log/rkhunter.log` | High
|
||||
40 | File | `/var/WEB-GUI/cgi-bin/telnet.cgi` | High
|
||||
41 | File | `/vendor` | Low
|
||||
42 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
43 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
44 | File | `/wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2` | High
|
||||
45 | File | `/zm/index.php` | High
|
||||
46 | File | `a-b-membres.php` | High
|
||||
47 | File | `access.conf` | Medium
|
||||
48 | File | `adclick.php` | Medium
|
||||
49 | File | `addtocart.asp` | High
|
||||
50 | File | `add_2_basket.asp` | High
|
||||
51 | File | `add_edit_cat.asp` | High
|
||||
52 | File | `admin.jcomments.php` | High
|
||||
53 | File | `admin.php` | Medium
|
||||
54 | File | `admin.php/comments/batchdel/` | High
|
||||
55 | File | `admin/aboutus.php` | High
|
||||
56 | File | `admin/adm/test.php` | High
|
||||
57 | File | `admin/article_save.php` | High
|
||||
58 | File | `admin/bitrix.mpbuilder_step2.php` | High
|
||||
59 | File | `admin/conf_users_edit.php` | High
|
||||
60 | File | `admin/vqmods.app/vqmods.inc.php` | High
|
||||
61 | ... | ... | ...
|
||||
|
||||
There are 535 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 532 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://1275.ru/ioc/315/kinsing-i-dark-iot-botnet-iocs/
|
||||
* https://blog.aquasec.com/kinsing-malware-exploits-novel-openfire-vulnerability
|
||||
* https://blog.aquasec.com/threat-alert-kinsing-malware-container-vulnerability
|
||||
* https://blogs.infoblox.com/cyber-threat-intelligence/cyber-campaign-briefs/log4j-indicators-of-compromise-to-date/
|
||||
* https://gist.github.com/Iansus/050e121170a864c37b13f979c1883ad4
|
||||
|
|
|
|||
|
|
@ -276,7 +276,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-29 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
|
@ -291,9 +291,9 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.FBCIndex` | Medium
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/act/ActDao.xml` | High
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/act/ActDao.xml` | High
|
||||
3 | File | `/adfs/ls` | Medium
|
||||
4 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
5 | File | `/admin/addproduct.php` | High
|
||||
6 | File | `/admin/categories/manage_category.php` | High
|
||||
|
|
@ -310,35 +310,35 @@ ID | Type | Indicator | Confidence
|
|||
17 | File | `/classes/Users.php?f=save` | High
|
||||
18 | File | `/common/info.cgi` | High
|
||||
19 | File | `/CPE` | Low
|
||||
20 | File | `/DXR.axd` | Medium
|
||||
21 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/ghost/preview` | High
|
||||
24 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
25 | File | `/home/search` | Medium
|
||||
26 | File | `/includes/db_connect.php` | High
|
||||
27 | File | `/includes/session.php` | High
|
||||
28 | File | `/librarian/bookdetails.php` | High
|
||||
29 | File | `/modules/projects/vw_files.php` | High
|
||||
30 | File | `/modules/public/calendar.php` | High
|
||||
31 | File | `/modules/public/date_format.php` | High
|
||||
32 | File | `/modules/tasks/gantt.php` | High
|
||||
33 | File | `/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php` | High
|
||||
34 | File | `/out.php` | Medium
|
||||
35 | File | `/owa/auth/logon.aspx` | High
|
||||
36 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
37 | File | `/send_order.cgi?parameter=restart` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | File | `/src/amf/amf-context.c` | High
|
||||
40 | File | `/tmp` | Low
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/v1/hotlink/proxy` | High
|
||||
43 | File | `/vdesk` | Low
|
||||
44 | File | `/vm/login.php` | High
|
||||
45 | File | `102/tcp` | Low
|
||||
46 | File | `?r=dashboard/approval/del` | High
|
||||
47 | File | `actions/del.php` | High
|
||||
48 | File | `adclick.php` | Medium
|
||||
20 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/ghost/preview` | High
|
||||
23 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
24 | File | `/home/search` | Medium
|
||||
25 | File | `/includes/db_connect.php` | High
|
||||
26 | File | `/includes/session.php` | High
|
||||
27 | File | `/librarian/bookdetails.php` | High
|
||||
28 | File | `/modules/projects/vw_files.php` | High
|
||||
29 | File | `/modules/public/calendar.php` | High
|
||||
30 | File | `/modules/public/date_format.php` | High
|
||||
31 | File | `/modules/tasks/gantt.php` | High
|
||||
32 | File | `/osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php` | High
|
||||
33 | File | `/out.php` | Medium
|
||||
34 | File | `/owa/auth/logon.aspx` | High
|
||||
35 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
36 | File | `/send_order.cgi?parameter=restart` | High
|
||||
37 | File | `/spip.php` | Medium
|
||||
38 | File | `/src/amf/amf-context.c` | High
|
||||
39 | File | `/tmp` | Low
|
||||
40 | File | `/uncpath/` | Medium
|
||||
41 | File | `/v1/hotlink/proxy` | High
|
||||
42 | File | `/vdesk` | Low
|
||||
43 | File | `/vm/login.php` | High
|
||||
44 | File | `102/tcp` | Low
|
||||
45 | File | `actions/del.php` | High
|
||||
46 | File | `adclick.php` | Medium
|
||||
47 | File | `add-product.php` | High
|
||||
48 | File | `addsite.php` | Medium
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 428 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
14 | [38.242.239.137](https://vuldb.com/?ip.38.242.239.137) | vmi1081127.contaboserver.net | - | High
|
||||
15 | ... | ... | ... | ...
|
||||
|
||||
There are 56 more IOC items available. Please use our online service to access the data.
|
||||
There are 57 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -106,9 +106,11 @@ ID | Type | Indicator | Confidence
|
|||
44 | File | `/PC/WebService.asmx` | High
|
||||
45 | File | `/preauth` | Medium
|
||||
46 | File | `/search.php` | Medium
|
||||
47 | ... | ... | ...
|
||||
47 | File | `/Source/C++/Core/Ap4DataBuffer.cpp` | High
|
||||
48 | File | `/spip.php` | Medium
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 406 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 427 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -51,7 +51,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -81,26 +81,27 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/sec/content/sec_asa_users_local_db_add.html` | High
|
||||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | File | `/spip.php` | Medium
|
||||
23 | File | `/student/bookdetails.php` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/bin/pkexec` | High
|
||||
26 | File | `/var/log/nginx` | High
|
||||
27 | File | `/webmail/` | Medium
|
||||
28 | File | `/wp-admin/admin-ajax.php` | High
|
||||
29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
30 | File | `adclick.php` | Medium
|
||||
31 | File | `addmem.php` | Medium
|
||||
32 | File | `add_user.php` | Medium
|
||||
33 | File | `admin.php` | Medium
|
||||
34 | File | `admin.remository.php` | High
|
||||
35 | File | `admin/admin.asp` | High
|
||||
36 | File | `adminHome.php` | High
|
||||
37 | File | `admin_add.php` | High
|
||||
38 | File | `affich.php` | Medium
|
||||
39 | File | `agent/Core/Controller/SendRequest.cpp` | High
|
||||
40 | ... | ... | ...
|
||||
23 | File | `/src/Illuminate/Laravel.php` | High
|
||||
24 | File | `/student/bookdetails.php` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/usr/bin/pkexec` | High
|
||||
27 | File | `/var/log/nginx` | High
|
||||
28 | File | `/webmail/` | Medium
|
||||
29 | File | `/wp-admin/admin-ajax.php` | High
|
||||
30 | File | `/wp-admin/options.php` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `adclick.php` | Medium
|
||||
33 | File | `addmem.php` | Medium
|
||||
34 | File | `add_user.php` | Medium
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin.remository.php` | High
|
||||
37 | File | `admin/admin.asp` | High
|
||||
38 | File | `adminHome.php` | High
|
||||
39 | File | `admin_add.php` | High
|
||||
40 | File | `affich.php` | Medium
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 354 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -87,10 +87,10 @@ ID | Type | Indicator | Confidence
|
|||
41 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/squashfs-root/www/HNAP1/control/SetMasterWLanSettings.php` | High
|
||||
44 | File | `/sys/dict/queryTableData` | High
|
||||
44 | File | `/src/helper.c` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 390 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -61,16 +61,16 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/orrs/admin/?page=user/manage_user` | High
|
||||
10 | File | `/pages/processlogin.php` | High
|
||||
11 | File | `/rapi/read_url` | High
|
||||
12 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
13 | File | `/uncpath/` | Medium
|
||||
14 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
15 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
16 | File | `123flashchat.php` | High
|
||||
17 | File | `admin.jcomments.php` | High
|
||||
18 | File | `admin.php` | Medium
|
||||
12 | File | `/scripts/unlock_tasks.php` | High
|
||||
13 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
14 | File | `/uncpath/` | Medium
|
||||
15 | File | `/usr/local/psa/admin/sbin/wrapper` | High
|
||||
16 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
17 | File | `123flashchat.php` | High
|
||||
18 | File | `admin.jcomments.php` | High
|
||||
19 | ... | ... | ...
|
||||
|
||||
There are 154 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 157 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -92,14 +92,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -118,9 +118,9 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/alphaware/summary.php` | High
|
||||
10 | File | `/api/` | Low
|
||||
11 | File | `/api/admin/store/product/list` | High
|
||||
12 | File | `/api/stl/actions/search` | High
|
||||
13 | File | `/api/v2/cli/commands` | High
|
||||
14 | File | `/app/options.py` | High
|
||||
12 | File | `/api/baskets/{name}` | High
|
||||
13 | File | `/api/stl/actions/search` | High
|
||||
14 | File | `/api/v2/cli/commands` | High
|
||||
15 | File | `/attachments` | Medium
|
||||
16 | File | `/bin/ate` | Medium
|
||||
17 | File | `/boat/login.php` | High
|
||||
|
|
@ -138,19 +138,21 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/setmac` | High
|
||||
31 | File | `/goform/wizard_end` | High
|
||||
32 | File | `/manage-apartment.php` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
35 | File | `/pages/apply_vacancy.php` | High
|
||||
36 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
37 | File | `/proc/<PID>/mem` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/tmp` | Low
|
||||
42 | ... | ... | ...
|
||||
32 | File | `/group1/uploa` | High
|
||||
33 | File | `/manage-apartment.php` | High
|
||||
34 | File | `/medicines/profile.php` | High
|
||||
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
36 | File | `/pages/apply_vacancy.php` | High
|
||||
37 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
38 | File | `/proc/<PID>/mem` | High
|
||||
39 | File | `/proxy` | Low
|
||||
40 | File | `/reservation/add_message.php` | High
|
||||
41 | File | `/resources//../` | High
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/tmp` | Low
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 367 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -123,34 +123,34 @@ ID | Type | Indicator | Confidence
|
|||
46 | File | `/author/list?limit=10&offset=0&order=desc` | High
|
||||
47 | File | `/bilal final/login.php` | High
|
||||
48 | File | `/boat/login.php` | High
|
||||
49 | File | `/cgi-bin/portal` | High
|
||||
50 | File | `/classes/Login.php` | High
|
||||
51 | File | `/classes/Master.php` | High
|
||||
52 | File | `/classes/Master.php?f=delete_img` | High
|
||||
53 | File | `/classes/Master.php?f=save_category` | High
|
||||
54 | File | `/classes/Master.php?f=save_sub_category` | High
|
||||
55 | File | `/classes/Master.php?f=update_order_status` | High
|
||||
56 | File | `/classes/Users.php` | High
|
||||
57 | File | `/Config/service/initModel?` | High
|
||||
58 | File | `/data/config.ftp.php` | High
|
||||
59 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
60 | File | `/edoc/doctor/patient.php` | High
|
||||
61 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
62 | File | `/etc/shadow` | Medium
|
||||
63 | File | `/export` | Low
|
||||
64 | File | `/file/upload/1` | High
|
||||
65 | File | `/files/list-file` | High
|
||||
66 | File | `/file_manager/login.php` | High
|
||||
67 | File | `/forum/PostPrivateMessage` | High
|
||||
68 | File | `/fos/admin/ajax.php?action=save_settings` | High
|
||||
69 | File | `/goform/NTPSyncWithHost` | High
|
||||
70 | File | `/goform/SetVirtualServerCfg` | High
|
||||
71 | File | `/group1/uploa` | High
|
||||
72 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
73 | File | `/home/<user>/SecurityOnion/setup/so-setup` | High
|
||||
49 | File | `/cgi-bin/luci/api/auth` | High
|
||||
50 | File | `/cgi-bin/portal` | High
|
||||
51 | File | `/classes/Login.php` | High
|
||||
52 | File | `/classes/Master.php` | High
|
||||
53 | File | `/classes/Master.php?f=delete_img` | High
|
||||
54 | File | `/classes/Master.php?f=save_category` | High
|
||||
55 | File | `/classes/Master.php?f=save_sub_category` | High
|
||||
56 | File | `/classes/Master.php?f=update_order_status` | High
|
||||
57 | File | `/classes/Users.php` | High
|
||||
58 | File | `/Config/service/initModel?` | High
|
||||
59 | File | `/data/config.ftp.php` | High
|
||||
60 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
61 | File | `/edoc/doctor/patient.php` | High
|
||||
62 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
63 | File | `/etc/shadow` | Medium
|
||||
64 | File | `/export` | Low
|
||||
65 | File | `/file/upload/1` | High
|
||||
66 | File | `/files/list-file` | High
|
||||
67 | File | `/file_manager/login.php` | High
|
||||
68 | File | `/forum/PostPrivateMessage` | High
|
||||
69 | File | `/fos/admin/ajax.php?action=save_settings` | High
|
||||
70 | File | `/goform/NTPSyncWithHost` | High
|
||||
71 | File | `/goform/SetVirtualServerCfg` | High
|
||||
72 | File | `/group1/uploa` | High
|
||||
73 | File | `/HNAP1/SetAccessPointMode` | High
|
||||
74 | ... | ... | ...
|
||||
|
||||
There are 654 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 655 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -71,42 +71,42 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//` | Low
|
||||
2 | File | `/admin/download_frame.php` | High
|
||||
3 | File | `/admin/index.html` | High
|
||||
4 | File | `/bin/boa` | Medium
|
||||
5 | File | `/cgi-bin/luci/admin/network/wireless/status` | High
|
||||
6 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
7 | File | `/cgi-bin/wapopen` | High
|
||||
8 | File | `/dev/urandom` | Medium
|
||||
9 | File | `/DroboAccess/enable_user` | High
|
||||
10 | File | `/etc/quantum/quantum.conf` | High
|
||||
11 | File | `/exec/` | Low
|
||||
12 | File | `/getcfg.php` | Medium
|
||||
13 | File | `/HNAP1` | Low
|
||||
14 | File | `/jquery_file_upload/server/php/index.php` | High
|
||||
15 | File | `/mgmt/tm/util/bash` | High
|
||||
16 | File | `/modules/projects/vw_files.php` | High
|
||||
17 | File | `/mysql/api/drobo.php` | High
|
||||
18 | File | `/plain` | Low
|
||||
19 | File | `/rating.php` | Medium
|
||||
20 | File | `/rom-0` | Low
|
||||
21 | File | `/secure/admin/ConfigureBatching!default.jspa` | High
|
||||
22 | File | `/staff/tools/custom-fields` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
25 | File | `/var/log/nginx` | High
|
||||
26 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
27 | File | `/xyhai.php?s=/Auth/editUser` | High
|
||||
28 | File | `/_next` | Low
|
||||
29 | File | `actionHandler/ajax_managed_services.php` | High
|
||||
30 | File | `actions.hsp` | Medium
|
||||
31 | File | `addtocart.asp` | High
|
||||
32 | File | `admin.jcomments.php` | High
|
||||
33 | File | `admin/admin.shtml` | High
|
||||
34 | File | `admin/shophelp.php` | High
|
||||
35 | File | `ajax-actions.php` | High
|
||||
36 | File | `ajax/api/hook/decodeArguments` | High
|
||||
4 | File | `/api/sys/set_passwd` | High
|
||||
5 | File | `/bin/boa` | Medium
|
||||
6 | File | `/cgi-bin/luci/admin/network/wireless/status` | High
|
||||
7 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
8 | File | `/cgi-bin/wapopen` | High
|
||||
9 | File | `/dev/urandom` | Medium
|
||||
10 | File | `/DroboAccess/enable_user` | High
|
||||
11 | File | `/etc/quantum/quantum.conf` | High
|
||||
12 | File | `/exec/` | Low
|
||||
13 | File | `/getcfg.php` | Medium
|
||||
14 | File | `/HNAP1` | Low
|
||||
15 | File | `/jquery_file_upload/server/php/index.php` | High
|
||||
16 | File | `/mgmt/tm/util/bash` | High
|
||||
17 | File | `/modules/projects/vw_files.php` | High
|
||||
18 | File | `/mysql/api/drobo.php` | High
|
||||
19 | File | `/plain` | Low
|
||||
20 | File | `/rating.php` | Medium
|
||||
21 | File | `/rom-0` | Low
|
||||
22 | File | `/secure/admin/ConfigureBatching!default.jspa` | High
|
||||
23 | File | `/staff/tools/custom-fields` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
26 | File | `/var/log/nginx` | High
|
||||
27 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
28 | File | `/xyhai.php?s=/Auth/editUser` | High
|
||||
29 | File | `/_next` | Low
|
||||
30 | File | `actionHandler/ajax_managed_services.php` | High
|
||||
31 | File | `actions.hsp` | Medium
|
||||
32 | File | `addtocart.asp` | High
|
||||
33 | File | `admin.jcomments.php` | High
|
||||
34 | File | `admin/admin.shtml` | High
|
||||
35 | File | `admin/shophelp.php` | High
|
||||
36 | File | `ajax-actions.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 317 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 319 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -63,55 +63,54 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
6 | File | `/admin/about-us.php` | High
|
||||
7 | File | `/admin/maintenance/view_designation.php` | High
|
||||
8 | File | `/admin/sys_sql_query.php` | High
|
||||
9 | File | `/api/baskets/{name}` | High
|
||||
10 | File | `/api/stl/actions/search` | High
|
||||
11 | File | `/api/v2/cli/commands` | High
|
||||
12 | File | `/bin/ate` | Medium
|
||||
13 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
14 | File | `/booking/show_bookings/` | High
|
||||
15 | File | `/cgi-bin` | Medium
|
||||
16 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
17 | File | `/company/store` | High
|
||||
18 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
19 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
20 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
21 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
22 | File | `/dcim/rack-roles/` | High
|
||||
23 | File | `/debug/pprof` | Medium
|
||||
24 | File | `/env` | Low
|
||||
25 | File | `/etc/passwd` | Medium
|
||||
26 | File | `/feeds/post/publish` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/group1/uploa` | High
|
||||
29 | File | `/h/` | Low
|
||||
30 | File | `/horde/util/go.php` | High
|
||||
31 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
34 | File | `/index.php?page=category_list` | High
|
||||
35 | File | `/jobinfo/` | Medium
|
||||
36 | File | `/kelas/data` | Medium
|
||||
37 | File | `/Moosikay/order.php` | High
|
||||
38 | File | `/opac/Actions.php?a=login` | High
|
||||
39 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
40 | File | `/PreviewHandler.ashx` | High
|
||||
41 | File | `/recipe-result` | High
|
||||
42 | File | `/register.do` | Medium
|
||||
43 | File | `/reservation/add_message.php` | High
|
||||
44 | File | `/resources//../` | High
|
||||
45 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
48 | File | `/staff/edit_book_details.php` | High
|
||||
49 | File | `/student/bookdetails.php` | High
|
||||
50 | File | `/uploads/exam_question/` | High
|
||||
51 | File | `/user/profile` | High
|
||||
52 | File | `/user/ticket/create` | High
|
||||
53 | ... | ... | ...
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/stl/actions/search` | High
|
||||
10 | File | `/api/v2/cli/commands` | High
|
||||
11 | File | `/bin/ate` | Medium
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/booking/show_bookings/` | High
|
||||
14 | File | `/cgi-bin` | Medium
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/company/store` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
19 | File | `/Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx` | High
|
||||
20 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
21 | File | `/dcim/rack-roles/` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/env` | Low
|
||||
24 | File | `/etc/passwd` | Medium
|
||||
25 | File | `/feeds/post/publish` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/group1/uploa` | High
|
||||
28 | File | `/h/` | Low
|
||||
29 | File | `/horde/util/go.php` | High
|
||||
30 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
31 | File | `/index.php` | Medium
|
||||
32 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
33 | File | `/index.php?page=category_list` | High
|
||||
34 | File | `/jobinfo/` | Medium
|
||||
35 | File | `/kelas/data` | Medium
|
||||
36 | File | `/Moosikay/order.php` | High
|
||||
37 | File | `/opac/Actions.php?a=login` | High
|
||||
38 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
39 | File | `/PreviewHandler.ashx` | High
|
||||
40 | File | `/recipe-result` | High
|
||||
41 | File | `/register.do` | Medium
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/resources//../` | High
|
||||
44 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
47 | File | `/staff/edit_book_details.php` | High
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
49 | File | `/uploads/exam_question/` | High
|
||||
50 | File | `/user/profile` | High
|
||||
51 | File | `/user/ticket/create` | High
|
||||
52 | ... | ... | ...
|
||||
|
||||
There are 458 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 448 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -22,35 +22,36 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.42.74.53](https://vuldb.com/?ip.5.42.74.53) | - | - | High
|
||||
2 | [5.45.72.55](https://vuldb.com/?ip.5.45.72.55) | - | - | High
|
||||
3 | [5.45.74.233](https://vuldb.com/?ip.5.45.74.233) | zmta37.corpresponse.com | - | High
|
||||
4 | [5.45.83.127](https://vuldb.com/?ip.5.45.83.127) | - | - | High
|
||||
5 | [5.79.72.218](https://vuldb.com/?ip.5.79.72.218) | - | - | High
|
||||
6 | [5.252.176.69](https://vuldb.com/?ip.5.252.176.69) | 5-252-176-69.mivocloud.com | - | High
|
||||
7 | [5.252.179.5](https://vuldb.com/?ip.5.252.179.5) | 5-252-179-5.mivocloud.com | - | High
|
||||
8 | [5.252.179.13](https://vuldb.com/?ip.5.252.179.13) | 5-252-179-13.mivocloud.com | - | High
|
||||
9 | [5.252.179.17](https://vuldb.com/?ip.5.252.179.17) | mail-good-treat.livewirearea.com | - | High
|
||||
10 | [5.252.179.50](https://vuldb.com/?ip.5.252.179.50) | no-rdns.mivocloud.com | - | High
|
||||
11 | [5.252.179.60](https://vuldb.com/?ip.5.252.179.60) | no-rdns.mivocloud.com | - | High
|
||||
12 | [5.252.179.89](https://vuldb.com/?ip.5.252.179.89) | no-rdns.mivocloud.com | - | High
|
||||
13 | [5.252.179.93](https://vuldb.com/?ip.5.252.179.93) | no-rdns.mivocloud.com | - | High
|
||||
14 | [5.252.179.97](https://vuldb.com/?ip.5.252.179.97) | 5-252-179-97.mivocloud.com | - | High
|
||||
15 | [5.252.179.111](https://vuldb.com/?ip.5.252.179.111) | 5-252-179-111.mivocloud.com | - | High
|
||||
16 | [23.163.0.13](https://vuldb.com/?ip.23.163.0.13) | ht087348.fronews.com | - | High
|
||||
17 | [23.227.193.80](https://vuldb.com/?ip.23.227.193.80) | 23-227-193-80.static.hvvc.us | - | High
|
||||
18 | [37.61.213.242](https://vuldb.com/?ip.37.61.213.242) | - | - | High
|
||||
19 | [45.11.180.120](https://vuldb.com/?ip.45.11.180.120) | - | - | High
|
||||
20 | [45.15.157.144](https://vuldb.com/?ip.45.15.157.144) | - | - | High
|
||||
21 | [45.15.158.212](https://vuldb.com/?ip.45.15.158.212) | - | - | High
|
||||
22 | [45.61.136.72](https://vuldb.com/?ip.45.61.136.72) | - | - | High
|
||||
23 | [45.61.138.73](https://vuldb.com/?ip.45.61.138.73) | - | - | High
|
||||
24 | [45.61.147.162](https://vuldb.com/?ip.45.61.147.162) | - | - | High
|
||||
25 | [45.76.172.113](https://vuldb.com/?ip.45.76.172.113) | 45.76.172.113.vultrusercontent.com | - | High
|
||||
26 | [45.77.31.210](https://vuldb.com/?ip.45.77.31.210) | 45.77.31.210.vultrusercontent.com | - | High
|
||||
27 | [45.133.203.205](https://vuldb.com/?ip.45.133.203.205) | - | - | High
|
||||
28 | ... | ... | ... | ...
|
||||
2 | [5.42.82.229](https://vuldb.com/?ip.5.42.82.229) | - | - | High
|
||||
3 | [5.45.72.55](https://vuldb.com/?ip.5.45.72.55) | - | - | High
|
||||
4 | [5.45.74.233](https://vuldb.com/?ip.5.45.74.233) | zmta37.corpresponse.com | - | High
|
||||
5 | [5.45.83.127](https://vuldb.com/?ip.5.45.83.127) | - | - | High
|
||||
6 | [5.79.72.218](https://vuldb.com/?ip.5.79.72.218) | - | - | High
|
||||
7 | [5.252.176.69](https://vuldb.com/?ip.5.252.176.69) | 5-252-176-69.mivocloud.com | - | High
|
||||
8 | [5.252.178.51](https://vuldb.com/?ip.5.252.178.51) | 5-252-178-51.mivocloud.com | - | High
|
||||
9 | [5.252.179.5](https://vuldb.com/?ip.5.252.179.5) | 5-252-179-5.mivocloud.com | - | High
|
||||
10 | [5.252.179.13](https://vuldb.com/?ip.5.252.179.13) | 5-252-179-13.mivocloud.com | - | High
|
||||
11 | [5.252.179.17](https://vuldb.com/?ip.5.252.179.17) | mail-good-treat.livewirearea.com | - | High
|
||||
12 | [5.252.179.50](https://vuldb.com/?ip.5.252.179.50) | no-rdns.mivocloud.com | - | High
|
||||
13 | [5.252.179.60](https://vuldb.com/?ip.5.252.179.60) | no-rdns.mivocloud.com | - | High
|
||||
14 | [5.252.179.89](https://vuldb.com/?ip.5.252.179.89) | no-rdns.mivocloud.com | - | High
|
||||
15 | [5.252.179.93](https://vuldb.com/?ip.5.252.179.93) | no-rdns.mivocloud.com | - | High
|
||||
16 | [5.252.179.97](https://vuldb.com/?ip.5.252.179.97) | 5-252-179-97.mivocloud.com | - | High
|
||||
17 | [5.252.179.111](https://vuldb.com/?ip.5.252.179.111) | 5-252-179-111.mivocloud.com | - | High
|
||||
18 | [23.163.0.13](https://vuldb.com/?ip.23.163.0.13) | ht087348.fronews.com | - | High
|
||||
19 | [23.227.193.80](https://vuldb.com/?ip.23.227.193.80) | 23-227-193-80.static.hvvc.us | - | High
|
||||
20 | [37.61.213.242](https://vuldb.com/?ip.37.61.213.242) | - | - | High
|
||||
21 | [45.11.180.120](https://vuldb.com/?ip.45.11.180.120) | - | - | High
|
||||
22 | [45.15.157.144](https://vuldb.com/?ip.45.15.157.144) | - | - | High
|
||||
23 | [45.15.158.212](https://vuldb.com/?ip.45.15.158.212) | - | - | High
|
||||
24 | [45.61.136.72](https://vuldb.com/?ip.45.61.136.72) | - | - | High
|
||||
25 | [45.61.138.73](https://vuldb.com/?ip.45.61.138.73) | - | - | High
|
||||
26 | [45.61.147.162](https://vuldb.com/?ip.45.61.147.162) | - | - | High
|
||||
27 | [45.76.172.113](https://vuldb.com/?ip.45.76.172.113) | 45.76.172.113.vultrusercontent.com | - | High
|
||||
28 | [45.77.31.210](https://vuldb.com/?ip.45.77.31.210) | 45.77.31.210.vultrusercontent.com | - | High
|
||||
29 | ... | ... | ... | ...
|
||||
|
||||
There are 109 more IOC items available. Please use our online service to access the data.
|
||||
There are 113 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -82,15 +83,16 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/out.php` | Medium
|
||||
10 | File | `/rapi/read_url` | High
|
||||
11 | File | `/requests.php` | High
|
||||
12 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
13 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
14 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
15 | File | `add.php` | Low
|
||||
16 | File | `admin/index.php` | High
|
||||
17 | File | `appserv/main.php` | High
|
||||
18 | ... | ... | ...
|
||||
12 | File | `/scripts/unlock_tasks.php` | High
|
||||
13 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
14 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
15 | File | `/wp-admin/admin.php?page=wp_file_manager_properties` | High
|
||||
16 | File | `add.php` | Low
|
||||
17 | File | `admin/index.php` | High
|
||||
18 | File | `announce.php` | Medium
|
||||
19 | ... | ... | ...
|
||||
|
||||
There are 150 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 155 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
@ -100,6 +102,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/6fe2ea8db2edb522cd33b8d2539ed73cc708f086a65a0e6f8577b4a001d36bd5/
|
||||
* https://bazaar.abuse.ch/sample/26cad4ec29bc07d7b2c32c94dbbef397391babf1c78cc533950b325aaf11bba8/
|
||||
* https://bazaar.abuse.ch/sample/48a8c57895c2cfdf13a402e669a9964f56128521404e47b4727672f8ca91a90d/
|
||||
* https://bazaar.abuse.ch/sample/73e0975c94ebcdec46fd23664ccecf8953dd70eea1f4e5813e7f8cd8d2dbc4f9/
|
||||
* https://bazaar.abuse.ch/sample/759e159da0592063bb0eb967dd45802caa0a1538867994868d5b883f099286a5/
|
||||
* https://bazaar.abuse.ch/sample/2174b4c58eb43aac8e5e0061ff0bc45125f4cb64404d552fe25ea6ac1777113d/
|
||||
* https://bazaar.abuse.ch/sample/38669dd5ccced3c29f3eb6bad7a04fbdc2cc81ea6f7c76b03cf1c4fee6c5f3f0/
|
||||
|
|
@ -107,6 +110,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://bazaar.abuse.ch/sample/ae2a4c07177c85d3a2611ebbdf54dcee400b6ce6c3b91b2ab5917cdb5966e244/
|
||||
* https://bazaar.abuse.ch/sample/ae49d8d6d68069696428ebd3fce5a003af4a6ccaf4f67331eea37a0cd4dfbb77/
|
||||
* https://bazaar.abuse.ch/sample/c9e6dc44db59f1883e850babac21890e5723d2627a623c47f709e3bb7d073e35/
|
||||
* https://bazaar.abuse.ch/sample/cf4b26813e325da0c821da65e1417bea0045f8349204518b58381609b6662803/
|
||||
* https://bazaar.abuse.ch/sample/d4f6598a76b92b919bccac6394429a94e7e28da1a86d53e3cd5b204e9c9dc8a8/
|
||||
* https://bazaar.abuse.ch/sample/fbfec78acd4e7bdd01056de5d866e26db68430bbdc3e0c58f7e123f5b1f3edbe/
|
||||
* https://infosec.exchange/@malware_traffic/109762477310102114
|
||||
* https://infosec.exchange/@monitorsg/110845381557169819
|
||||
|
|
|
|||
|
|
@ -641,14 +641,15 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-35, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-22, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-267, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -659,55 +660,52 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
|
||||
2 | File | `//WEB-INF` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin` | Low
|
||||
5 | File | `/admin.php/update/getFile.html` | High
|
||||
6 | File | `/admin/cashadvance_row.php` | High
|
||||
7 | File | `/admin/edit.php` | High
|
||||
8 | File | `/admin/maintenance/view_designation.php` | High
|
||||
9 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
10 | File | `/admin/sys_sql_query.php` | High
|
||||
11 | File | `/admin/userprofile.php` | High
|
||||
12 | File | `/api/baskets/{name}` | High
|
||||
13 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
14 | File | `/bin/boa` | Medium
|
||||
15 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
16 | File | `/cimom` | Low
|
||||
17 | File | `/company/store` | High
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/edit.php` | High
|
||||
6 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/Application/Admin/Controller/ConfigController.class.php` | High
|
||||
10 | File | `/bin/boa` | Medium
|
||||
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
12 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
13 | File | `/cgi-bin/wapopen` | High
|
||||
14 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
15 | File | `/cimom` | Low
|
||||
16 | File | `/company/store` | High
|
||||
17 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
18 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
19 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
20 | File | `/Electron/download` | High
|
||||
21 | File | `/feeds/post/publish` | High
|
||||
22 | File | `/forum/away.php` | High
|
||||
23 | File | `/FuguHub/cmsdocs/` | High
|
||||
24 | File | `/h/` | Low
|
||||
25 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
26 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
27 | File | `/index.php?page=category_list` | High
|
||||
28 | File | `/jobinfo/` | Medium
|
||||
29 | File | `/Moosikay/order.php` | High
|
||||
30 | File | `/opac/Actions.php?a=login` | High
|
||||
31 | File | `/owa/auth/logon.aspx` | High
|
||||
32 | File | `/PreviewHandler.ashx` | High
|
||||
33 | File | `/proxy` | Low
|
||||
34 | File | `/public/launchNewWindow.jsp` | High
|
||||
35 | File | `/recipe-result` | High
|
||||
36 | File | `/reservation/add_message.php` | High
|
||||
37 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
38 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
39 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
40 | File | `/student/bookdetails.php` | High
|
||||
41 | File | `/text/pdf/PdfReader.java` | High
|
||||
42 | File | `/uploads/exam_question/` | High
|
||||
43 | File | `/user/ticket/create` | High
|
||||
44 | File | `/user/updatePwd` | High
|
||||
45 | File | `/var/lib/docker/<remapping>` | High
|
||||
46 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
47 | File | `/wp-admin/admin-ajax.php` | High
|
||||
48 | File | `a-forms.php` | Medium
|
||||
49 | File | `activenews_view.asp` | High
|
||||
50 | ... | ... | ...
|
||||
19 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
20 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
21 | File | `/Electron/download` | High
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/feeds/post/publish` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/FuguHub/cmsdocs/` | High
|
||||
26 | File | `/h/` | Low
|
||||
27 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
28 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
29 | File | `/index.php?page=category_list` | High
|
||||
30 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
31 | File | `/jobinfo/` | Medium
|
||||
32 | File | `/Moosikay/order.php` | High
|
||||
33 | File | `/opac/Actions.php?a=login` | High
|
||||
34 | File | `/owa/auth/logon.aspx` | High
|
||||
35 | File | `/PreviewHandler.ashx` | High
|
||||
36 | File | `/proxy` | Low
|
||||
37 | File | `/recipe-result` | High
|
||||
38 | File | `/register.do` | Medium
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
41 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
42 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/student/bookdetails.php` | High
|
||||
45 | File | `/SysManage/AddUpdateRole.aspx` | High
|
||||
46 | File | `/text/pdf/PdfReader.java` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 431 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -44,14 +44,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-25 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -79,35 +79,36 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `/bsms_ci/index.php/book` | High
|
||||
19 | File | `/cgi-bin` | Medium
|
||||
20 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
21 | File | `/debug/pprof` | Medium
|
||||
22 | File | `/DXR.axd` | Medium
|
||||
23 | File | `/env` | Low
|
||||
24 | File | `/forms/doLogin` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/goform/formWPS` | High
|
||||
27 | File | `/group1/uploa` | High
|
||||
28 | File | `/inc/campaign/count_of_send.php` | High
|
||||
29 | File | `/load.php` | Medium
|
||||
30 | File | `/medicines/profile.php` | High
|
||||
31 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
32 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
33 | File | `/reservation/add_message.php` | High
|
||||
34 | File | `/resources//../` | High
|
||||
35 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
36 | File | `/servlet/webacc` | High
|
||||
37 | File | `/servlet/webacc?user.html` | High
|
||||
38 | File | `/spip.php` | Medium
|
||||
39 | File | `/templates/importinline.vm` | High
|
||||
40 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
41 | File | `/uscgi-bin/users.cgi` | High
|
||||
42 | File | `/user/updatePwd` | High
|
||||
43 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
44 | File | `/video-sharing-script/watch-video.php` | High
|
||||
45 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
46 | File | `/wireless/security.asp` | High
|
||||
47 | ... | ... | ...
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/DXR.axd` | Medium
|
||||
24 | File | `/env` | Low
|
||||
25 | File | `/forms/doLogin` | High
|
||||
26 | File | `/forum/away.php` | High
|
||||
27 | File | `/goform/formWPS` | High
|
||||
28 | File | `/group1/uploa` | High
|
||||
29 | File | `/inc/campaign/count_of_send.php` | High
|
||||
30 | File | `/load.php` | Medium
|
||||
31 | File | `/medicines/profile.php` | High
|
||||
32 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
33 | File | `/rdms/admin/?page=user/manage_user` | High
|
||||
34 | File | `/reservation/add_message.php` | High
|
||||
35 | File | `/resources//../` | High
|
||||
36 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
37 | File | `/servlet/webacc` | High
|
||||
38 | File | `/servlet/webacc?user.html` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/templates/importinline.vm` | High
|
||||
41 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
42 | File | `/uscgi-bin/users.cgi` | High
|
||||
43 | File | `/user/updatePwd` | High
|
||||
44 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
45 | File | `/video-sharing-script/watch-video.php` | High
|
||||
46 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
47 | File | `/wireless/security.asp` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 410 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 413 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -61,22 +61,22 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `/cgi-bin/luci/api/diagnose` | High
|
||||
11 | File | `/classes/conf/db.properties&config=filemanager.config.js` | High
|
||||
12 | File | `/coders/palm.c` | High
|
||||
13 | File | `/dcim/rack/` | Medium
|
||||
14 | File | `/EditEventTypes.php` | High
|
||||
15 | File | `/etc/groups` | Medium
|
||||
16 | File | `/file/upload/1` | High
|
||||
17 | File | `/formSetPortTr` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/goform/wlanPrimaryNetwork` | High
|
||||
20 | File | `/index.php?module=help_pages/pages&entities_id=24` | High
|
||||
21 | File | `/it-IT/splunkd/__raw/services/get_snapshot` | High
|
||||
22 | File | `/nova/bin/user` | High
|
||||
23 | File | `/novel-admin/src/main/java/com/java2nb/common/controller/FileController.java` | High
|
||||
24 | File | `/plesk-site-preview/` | High
|
||||
25 | File | `/public/admin/profile/update.html` | High
|
||||
13 | File | `/collection/all` | High
|
||||
14 | File | `/dcim/rack/` | Medium
|
||||
15 | File | `/EditEventTypes.php` | High
|
||||
16 | File | `/etc/groups` | Medium
|
||||
17 | File | `/file/upload/1` | High
|
||||
18 | File | `/formSetPortTr` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/goform/wlanPrimaryNetwork` | High
|
||||
21 | File | `/index.php?module=help_pages/pages&entities_id=24` | High
|
||||
22 | File | `/it-IT/splunkd/__raw/services/get_snapshot` | High
|
||||
23 | File | `/nova/bin/user` | High
|
||||
24 | File | `/novel-admin/src/main/java/com/java2nb/common/controller/FileController.java` | High
|
||||
25 | File | `/plesk-site-preview/` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 215 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 219 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -57,16 +57,17 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/cgi-bin/cstecgi.cgi` | High
|
||||
8 | File | `/cgi-bin/ExportSettings.sh` | High
|
||||
9 | File | `/cgi-bin/upload_vpntar` | High
|
||||
10 | File | `/HNAP1` | Low
|
||||
11 | File | `/lan.asp` | Medium
|
||||
12 | File | `/MTFWU` | Low
|
||||
13 | File | `/network_test.php` | High
|
||||
14 | File | `/okm:root` | Medium
|
||||
15 | File | `/SetTriggerLEDBlink/Blink` | High
|
||||
16 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
17 | ... | ... | ...
|
||||
10 | File | `/getcfg.php` | Medium
|
||||
11 | File | `/HNAP1` | Low
|
||||
12 | File | `/htdocs/web/getcfg.php` | High
|
||||
13 | File | `/lan.asp` | Medium
|
||||
14 | File | `/MTFWU` | Low
|
||||
15 | File | `/network_test.php` | High
|
||||
16 | File | `/okm:root` | Medium
|
||||
17 | File | `/SetTriggerLEDBlink/Blink` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 139 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 144 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `adclick.php` | Medium
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 96 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 97 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -61,83 +61,83 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
4 | File | `/academy/home/courses` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/academy/home/courses` | High
|
||||
4 | File | `/ad-list` | Medium
|
||||
5 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/addproduct.php` | High
|
||||
9 | File | `/admin/attendance_row.php` | High
|
||||
10 | File | `/admin/bookings/manage_booking.php` | High
|
||||
11 | File | `/admin/bookings/view_booking.php` | High
|
||||
12 | File | `/admin/budget/manage_budget.php` | High
|
||||
13 | File | `/admin/cashadvance_row.php` | High
|
||||
14 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
15 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
16 | File | `/admin/deduction_row.php` | High
|
||||
17 | File | `/admin/departments/view_department.php` | High
|
||||
18 | File | `/admin/edit_product.php` | High
|
||||
19 | File | `/admin/edit_subject.php` | High
|
||||
20 | File | `/admin/employee_row.php` | High
|
||||
21 | File | `/admin/index.php` | High
|
||||
22 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
23 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
24 | File | `/admin/login.php` | High
|
||||
25 | File | `/admin/maintenance/brand.php` | High
|
||||
26 | File | `/admin/maintenance/manage_category.php` | High
|
||||
27 | File | `/admin/maintenance/view_designation.php` | High
|
||||
28 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
29 | File | `/admin/modal_add_product.php` | High
|
||||
30 | File | `/admin/orders/update_status.php` | High
|
||||
31 | File | `/admin/products/manage_product.php` | High
|
||||
32 | File | `/admin/products/view_product.php` | High
|
||||
33 | File | `/admin/project/update/2` | High
|
||||
34 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
35 | File | `/admin/reg.php` | High
|
||||
36 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
37 | File | `/admin/report/index.php` | High
|
||||
38 | File | `/admin/reportupload.aspx` | High
|
||||
39 | File | `/admin/sales/manage_sale.php` | High
|
||||
40 | File | `/admin/service.php` | High
|
||||
41 | File | `/admin/services/manage_service.php` | High
|
||||
42 | File | `/admin/services/view_service.php` | High
|
||||
43 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
44 | File | `/admin/sys_sql_query.php` | High
|
||||
45 | File | `/admin/test_status.php` | High
|
||||
46 | File | `/admin/update_s6.php` | High
|
||||
47 | File | `/admin/upload.php` | High
|
||||
48 | File | `/admin/user/manage_user.php` | High
|
||||
49 | File | `/admin/userprofile.php` | High
|
||||
50 | File | `/admin/vote_edit.php` | High
|
||||
51 | File | `/ajax.php?action=read_msg` | High
|
||||
52 | File | `/ajax.php?action=save_company` | High
|
||||
53 | File | `/api/stl/actions/search` | High
|
||||
54 | File | `/api/sys/login` | High
|
||||
55 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
56 | File | `/author_posts.php` | High
|
||||
57 | File | `/bin/sh` | Low
|
||||
58 | File | `/blog` | Low
|
||||
59 | File | `/blog-single.php` | High
|
||||
60 | File | `/booking/show_bookings/` | High
|
||||
61 | File | `/browse` | Low
|
||||
62 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
63 | File | `/cgi-bin/ping.cgi` | High
|
||||
64 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
65 | File | `/chaincity/user/ticket/create` | High
|
||||
66 | File | `/changeimage.php` | High
|
||||
67 | File | `/classes/Login.php` | High
|
||||
68 | File | `/classes/Master.php` | High
|
||||
69 | File | `/classes/Master.php?f=delete_category` | High
|
||||
70 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
71 | File | `/classes/Master.php?f=delete_item` | High
|
||||
72 | File | `/classes/Master.php?f=delete_service` | High
|
||||
73 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
74 | File | `/classes/Master.php?f=save_course` | High
|
||||
75 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
9 | File | `/admin/bookings/manage_booking.php` | High
|
||||
10 | File | `/admin/bookings/view_booking.php` | High
|
||||
11 | File | `/admin/budget/manage_budget.php` | High
|
||||
12 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
13 | File | `/admin/curriculum/view_curriculum.php` | High
|
||||
14 | File | `/admin/departments/view_department.php` | High
|
||||
15 | File | `/admin/edit_product.php` | High
|
||||
16 | File | `/admin/edit_subject.php` | High
|
||||
17 | File | `/admin/index.php` | High
|
||||
18 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
19 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
20 | File | `/admin/maintenance/manage_category.php` | High
|
||||
21 | File | `/admin/maintenance/view_designation.php` | High
|
||||
22 | File | `/admin/mechanics/manage_mechanic.php` | High
|
||||
23 | File | `/admin/modal_add_product.php` | High
|
||||
24 | File | `/admin/orders/update_status.php` | High
|
||||
25 | File | `/admin/products/manage_product.php` | High
|
||||
26 | File | `/admin/products/view_product.php` | High
|
||||
27 | File | `/admin/project/update/2` | High
|
||||
28 | File | `/admin/read.php?mudi=getSignal` | High
|
||||
29 | File | `/admin/reg.php` | High
|
||||
30 | File | `/admin/reminders/manage_reminder.php` | High
|
||||
31 | File | `/admin/report/index.php` | High
|
||||
32 | File | `/admin/reportupload.aspx` | High
|
||||
33 | File | `/admin/sales/manage_sale.php` | High
|
||||
34 | File | `/admin/service.php` | High
|
||||
35 | File | `/admin/services/manage_service.php` | High
|
||||
36 | File | `/admin/services/view_service.php` | High
|
||||
37 | File | `/admin/service_requests/manage_inventory.php` | High
|
||||
38 | File | `/admin/sys_sql_query.php` | High
|
||||
39 | File | `/admin/test_status.php` | High
|
||||
40 | File | `/admin/update_s6.php` | High
|
||||
41 | File | `/admin/upload.php` | High
|
||||
42 | File | `/admin/user/manage_user.php` | High
|
||||
43 | File | `/admin/userprofile.php` | High
|
||||
44 | File | `/admin/vote_edit.php` | High
|
||||
45 | File | `/ajax.php?action=read_msg` | High
|
||||
46 | File | `/ajax.php?action=save_company` | High
|
||||
47 | File | `/api/stl/actions/search` | High
|
||||
48 | File | `/api/sys/login` | High
|
||||
49 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
50 | File | `/author_posts.php` | High
|
||||
51 | File | `/bin/sh` | Low
|
||||
52 | File | `/blog` | Low
|
||||
53 | File | `/blog-single.php` | High
|
||||
54 | File | `/booking/show_bookings/` | High
|
||||
55 | File | `/browse` | Low
|
||||
56 | File | `/cgi-bin/ping.cgi` | High
|
||||
57 | File | `/chaincity/user/ticket/create` | High
|
||||
58 | File | `/changeimage.php` | High
|
||||
59 | File | `/classes/Master.php` | High
|
||||
60 | File | `/classes/Master.php?f=delete_category` | High
|
||||
61 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
62 | File | `/classes/Master.php?f=delete_item` | High
|
||||
63 | File | `/classes/Master.php?f=delete_service` | High
|
||||
64 | File | `/classes/Master.php?f=save_course` | High
|
||||
65 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
66 | File | `/classes/Master.php?f=save_item` | High
|
||||
67 | File | `/classes/Master.php?f=save_service` | High
|
||||
68 | File | `/classes/Users.php?f=save` | High
|
||||
69 | File | `/collection/all` | High
|
||||
70 | File | `/company/store` | High
|
||||
71 | File | `/config` | Low
|
||||
72 | File | `/contact.php` | Medium
|
||||
73 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
74 | File | `/dipam/save-delegates.php` | High
|
||||
75 | File | `/Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx` | High
|
||||
76 | ... | ... | ...
|
||||
|
||||
There are 670 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 667 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -439,7 +439,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
6 | T1068 | CWE-250, CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 23 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -447,49 +447,50 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/students/view_details.php` | High
|
||||
2 | File | `/ajax-files/followBoard.php` | High
|
||||
3 | File | `/ajax.php?action=read_msg` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/sys/set_passwd` | High
|
||||
6 | File | `/api/upload.php` | High
|
||||
7 | File | `/api/user/{ID}` | High
|
||||
8 | File | `/auth/callback` | High
|
||||
9 | File | `/authenticationendpoint/login.do` | High
|
||||
10 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
11 | File | `/ci_spms/admin/search/searching/` | High
|
||||
12 | File | `/cstecgi.cgi` | Medium
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/etc/pki/pesign` | High
|
||||
15 | File | `/forum/away.php` | High
|
||||
16 | File | `/getcfg.php` | Medium
|
||||
17 | File | `/goform/setportList` | High
|
||||
18 | File | `/goform/set_LimitClient_cfg` | High
|
||||
19 | File | `/group1/uploa` | High
|
||||
20 | File | `/h/autoSaveDraft` | High
|
||||
21 | File | `/hss/admin/?page=products/view_product` | High
|
||||
22 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
23 | File | `/index.php?page=member` | High
|
||||
24 | File | `/modules/projects/vw_files.php` | High
|
||||
25 | File | `/net/sched/cls_fw.c` | High
|
||||
26 | File | `/php-opos/index.php` | High
|
||||
27 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
28 | File | `/preview.php` | Medium
|
||||
29 | File | `/romfile.cfg` | Medium
|
||||
30 | File | `/scheduler/index.php` | High
|
||||
31 | File | `/search.php` | Medium
|
||||
32 | File | `/secure/ViewCollectors` | High
|
||||
33 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
34 | File | `/staff/bookdetails.php` | High
|
||||
35 | File | `/staff/edit_book_details.php` | High
|
||||
36 | File | `/student/bookdetails.php` | High
|
||||
37 | File | `/uncpath/` | Medium
|
||||
38 | File | `/upload` | Low
|
||||
39 | File | `/videotalk` | Medium
|
||||
40 | File | `/wireless/basic.asp` | High
|
||||
41 | ... | ... | ...
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/adfs/ls` | Medium
|
||||
3 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
4 | File | `/admin/adclass.php` | High
|
||||
5 | File | `/admin/students/view_details.php` | High
|
||||
6 | File | `/ajax-files/followBoard.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/sys/set_passwd` | High
|
||||
10 | File | `/api/upload.php` | High
|
||||
11 | File | `/auth/callback` | High
|
||||
12 | File | `/authenticationendpoint/login.do` | High
|
||||
13 | File | `/bin/login` | Medium
|
||||
14 | File | `/cgi.cgi` | Medium
|
||||
15 | File | `/ci_spms/admin/search/searching/` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/etc/pki/pesign` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/getcfg.php` | Medium
|
||||
21 | File | `/goform/setportList` | High
|
||||
22 | File | `/group1/uploa` | High
|
||||
23 | File | `/h/autoSaveDraft` | High
|
||||
24 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
25 | File | `/index.php?page=member` | High
|
||||
26 | File | `/modules/projects/vw_files.php` | High
|
||||
27 | File | `/net/sched/cls_fw.c` | High
|
||||
28 | File | `/php-opos/index.php` | High
|
||||
29 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
30 | File | `/preview.php` | Medium
|
||||
31 | File | `/public/login.htm` | High
|
||||
32 | File | `/QueryView.php` | High
|
||||
33 | File | `/romfile.cfg` | Medium
|
||||
34 | File | `/scheduler/index.php` | High
|
||||
35 | File | `/search` | Low
|
||||
36 | File | `/search.php` | Medium
|
||||
37 | File | `/secure/ViewCollectors` | High
|
||||
38 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
39 | File | `/staff/bookdetails.php` | High
|
||||
40 | File | `/staff/edit_book_details.php` | High
|
||||
41 | File | `/student/bookdetails.php` | High
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 359 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -46,207 +46,211 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
23 | [5.42.66.2](https://vuldb.com/?ip.5.42.66.2) | - | - | High
|
||||
24 | [5.42.66.6](https://vuldb.com/?ip.5.42.66.6) | - | - | High
|
||||
25 | [5.42.66.8](https://vuldb.com/?ip.5.42.66.8) | - | - | High
|
||||
26 | [5.42.94.204](https://vuldb.com/?ip.5.42.94.204) | elegant-parcel.aeza.network | - | High
|
||||
27 | [5.61.51.73](https://vuldb.com/?ip.5.61.51.73) | - | - | High
|
||||
28 | [5.75.129.114](https://vuldb.com/?ip.5.75.129.114) | static.114.129.75.5.clients.your-server.de | - | High
|
||||
29 | [5.75.138.1](https://vuldb.com/?ip.5.75.138.1) | static.1.138.75.5.clients.your-server.de | - | High
|
||||
30 | [5.75.159.229](https://vuldb.com/?ip.5.75.159.229) | static.229.159.75.5.clients.your-server.de | - | High
|
||||
31 | [5.75.182.199](https://vuldb.com/?ip.5.75.182.199) | static.199.182.75.5.clients.your-server.de | - | High
|
||||
32 | [5.75.186.33](https://vuldb.com/?ip.5.75.186.33) | static.33.186.75.5.clients.your-server.de | - | High
|
||||
33 | [5.75.186.50](https://vuldb.com/?ip.5.75.186.50) | static.50.186.75.5.clients.your-server.de | - | High
|
||||
34 | [5.75.225.209](https://vuldb.com/?ip.5.75.225.209) | static.209.225.75.5.clients.your-server.de | - | High
|
||||
35 | [5.75.242.235](https://vuldb.com/?ip.5.75.242.235) | static.235.242.75.5.clients.your-server.de | - | High
|
||||
36 | [5.75.243.212](https://vuldb.com/?ip.5.75.243.212) | static.212.243.75.5.clients.your-server.de | - | High
|
||||
37 | [5.75.251.66](https://vuldb.com/?ip.5.75.251.66) | static.66.251.75.5.clients.your-server.de | - | High
|
||||
38 | [5.78.53.188](https://vuldb.com/?ip.5.78.53.188) | static.188.53.78.5.clients.your-server.de | - | High
|
||||
39 | [5.78.74.115](https://vuldb.com/?ip.5.78.74.115) | static.115.74.78.5.clients.your-server.de | - | High
|
||||
40 | [5.78.75.80](https://vuldb.com/?ip.5.78.75.80) | static.80.75.78.5.clients.your-server.de | - | High
|
||||
41 | [5.78.85.103](https://vuldb.com/?ip.5.78.85.103) | static.103.85.78.5.clients.your-server.de | - | High
|
||||
42 | [5.78.89.116](https://vuldb.com/?ip.5.78.89.116) | static.116.89.78.5.clients.your-server.de | - | High
|
||||
43 | [5.78.98.26](https://vuldb.com/?ip.5.78.98.26) | static.26.98.78.5.clients.your-server.de | - | High
|
||||
44 | [5.78.111.161](https://vuldb.com/?ip.5.78.111.161) | static.161.111.78.5.clients.your-server.de | - | High
|
||||
45 | [5.181.156.252](https://vuldb.com/?ip.5.181.156.252) | no-rdns.mivocloud.com | - | High
|
||||
46 | [5.181.159.66](https://vuldb.com/?ip.5.181.159.66) | 5-181-159-66.mivocloud.com | - | High
|
||||
47 | [5.181.159.86](https://vuldb.com/?ip.5.181.159.86) | 5-181-159-86.mivocloud.com | - | High
|
||||
48 | [5.182.36.75](https://vuldb.com/?ip.5.182.36.75) | vm937417.stark-industries.solutions | - | High
|
||||
49 | [5.182.37.217](https://vuldb.com/?ip.5.182.37.217) | - | - | High
|
||||
50 | [5.206.224.181](https://vuldb.com/?ip.5.206.224.181) | bestwebsiteforlifve.com | - | High
|
||||
51 | [5.252.22.62](https://vuldb.com/?ip.5.252.22.62) | vm1204553.stark-industries.solutions | - | High
|
||||
52 | [5.252.22.66](https://vuldb.com/?ip.5.252.22.66) | s-germany.rocks | - | High
|
||||
53 | [5.252.22.107](https://vuldb.com/?ip.5.252.22.107) | vm868975.stark-industries.solutions | - | High
|
||||
54 | [5.252.23.27](https://vuldb.com/?ip.5.252.23.27) | vm1058478.stark-industries.solutions | - | High
|
||||
55 | [5.252.23.112](https://vuldb.com/?ip.5.252.23.112) | vm713221.stark-industries.solutions | - | High
|
||||
56 | [5.252.118.36](https://vuldb.com/?ip.5.252.118.36) | overrated-flavor.aeza.network | - | High
|
||||
57 | [5.252.118.139](https://vuldb.com/?ip.5.252.118.139) | polite-death.aeza.network | - | High
|
||||
58 | [5.252.118.232](https://vuldb.com/?ip.5.252.118.232) | obsolete-discussion.aeza.network | - | High
|
||||
59 | [5.252.177.22](https://vuldb.com/?ip.5.252.177.22) | no-rdns.mivocloud.com | - | High
|
||||
60 | [5.252.177.36](https://vuldb.com/?ip.5.252.177.36) | no-rdns.mivocloud.com | - | High
|
||||
61 | [5.252.177.50](https://vuldb.com/?ip.5.252.177.50) | edc0.dealsfromthenet.com | - | High
|
||||
62 | [5.252.177.71](https://vuldb.com/?ip.5.252.177.71) | no-rdns.mivocloud.com | - | High
|
||||
63 | [5.252.178.5](https://vuldb.com/?ip.5.252.178.5) | no-rdns.mivocloud.com | - | High
|
||||
64 | [5.252.178.86](https://vuldb.com/?ip.5.252.178.86) | 5-252-178-86.mivocloud.com | - | High
|
||||
65 | [5.252.178.139](https://vuldb.com/?ip.5.252.178.139) | no-rdns.mivocloud.com | - | High
|
||||
66 | [5.253.19.65](https://vuldb.com/?ip.5.253.19.65) | helmsman.coolomotion.com | - | High
|
||||
67 | [5.254.118.211](https://vuldb.com/?ip.5.254.118.211) | 4j4.biz | - | High
|
||||
68 | [5.254.118.254](https://vuldb.com/?ip.5.254.118.254) | - | - | High
|
||||
69 | [5.255.97.178](https://vuldb.com/?ip.5.255.97.178) | - | - | High
|
||||
70 | [5.255.100.41](https://vuldb.com/?ip.5.255.100.41) | - | - | High
|
||||
71 | [5.255.103.158](https://vuldb.com/?ip.5.255.103.158) | - | - | High
|
||||
72 | [5.255.111.137](https://vuldb.com/?ip.5.255.111.137) | - | - | High
|
||||
73 | [5.255.127.159](https://vuldb.com/?ip.5.255.127.159) | - | - | High
|
||||
74 | [8.248.161.254](https://vuldb.com/?ip.8.248.161.254) | - | - | High
|
||||
75 | [8.249.225.254](https://vuldb.com/?ip.8.249.225.254) | - | - | High
|
||||
76 | [8.249.241.254](https://vuldb.com/?ip.8.249.241.254) | - | - | High
|
||||
77 | [8.249.245.254](https://vuldb.com/?ip.8.249.245.254) | - | - | High
|
||||
78 | [8.253.132.120](https://vuldb.com/?ip.8.253.132.120) | - | - | High
|
||||
79 | [8.253.156.120](https://vuldb.com/?ip.8.253.156.120) | - | - | High
|
||||
80 | [18.238.4.79](https://vuldb.com/?ip.18.238.4.79) | server-18-238-4-79.phl51.r.cloudfront.net | - | High
|
||||
81 | [18.238.4.82](https://vuldb.com/?ip.18.238.4.82) | server-18-238-4-82.phl51.r.cloudfront.net | - | High
|
||||
82 | [18.238.4.84](https://vuldb.com/?ip.18.238.4.84) | server-18-238-4-84.phl51.r.cloudfront.net | - | High
|
||||
83 | [20.115.112.33](https://vuldb.com/?ip.20.115.112.33) | - | - | High
|
||||
84 | [20.166.60.250](https://vuldb.com/?ip.20.166.60.250) | - | - | High
|
||||
85 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
86 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
87 | [23.19.58.152](https://vuldb.com/?ip.23.19.58.152) | i58.152.lofame.net | - | High
|
||||
88 | [23.46.238.194](https://vuldb.com/?ip.23.46.238.194) | a23-46-238-194.deploy.static.akamaitechnologies.com | - | High
|
||||
89 | [23.88.55.150](https://vuldb.com/?ip.23.88.55.150) | bth3t1t2.myraidbox.de | - | High
|
||||
90 | [23.134.168.112](https://vuldb.com/?ip.23.134.168.112) | hot2.classificationpick2.xyz | - | High
|
||||
91 | [23.134.168.143](https://vuldb.com/?ip.23.134.168.143) | carvalhodds.store | - | High
|
||||
92 | [23.134.168.173](https://vuldb.com/?ip.23.134.168.173) | cfzo.ir | - | High
|
||||
93 | [31.13.195.44](https://vuldb.com/?ip.31.13.195.44) | - | - | High
|
||||
94 | [31.41.244.153](https://vuldb.com/?ip.31.41.244.153) | - | - | High
|
||||
95 | [34.76.8.115](https://vuldb.com/?ip.34.76.8.115) | 115.8.76.34.bc.googleusercontent.com | - | Medium
|
||||
96 | [34.88.52.57](https://vuldb.com/?ip.34.88.52.57) | 57.52.88.34.bc.googleusercontent.com | - | Medium
|
||||
97 | [34.89.184.90](https://vuldb.com/?ip.34.89.184.90) | 90.184.89.34.bc.googleusercontent.com | - | Medium
|
||||
98 | [34.105.169.29](https://vuldb.com/?ip.34.105.169.29) | 29.169.105.34.bc.googleusercontent.com | - | Medium
|
||||
99 | [34.105.219.83](https://vuldb.com/?ip.34.105.219.83) | 83.219.105.34.bc.googleusercontent.com | - | Medium
|
||||
100 | [34.105.255.170](https://vuldb.com/?ip.34.105.255.170) | 170.255.105.34.bc.googleusercontent.com | - | Medium
|
||||
101 | [34.135.32.61](https://vuldb.com/?ip.34.135.32.61) | 61.32.135.34.bc.googleusercontent.com | - | Medium
|
||||
102 | [34.251.53.237](https://vuldb.com/?ip.34.251.53.237) | ec2-34-251-53-237.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
103 | [35.198.88.195](https://vuldb.com/?ip.35.198.88.195) | 195.88.198.35.bc.googleusercontent.com | - | Medium
|
||||
104 | [35.204.89.50](https://vuldb.com/?ip.35.204.89.50) | 50.89.204.35.bc.googleusercontent.com | - | Medium
|
||||
105 | [35.228.95.80](https://vuldb.com/?ip.35.228.95.80) | 80.95.228.35.bc.googleusercontent.com | - | Medium
|
||||
106 | [37.1.208.22](https://vuldb.com/?ip.37.1.208.22) | - | - | High
|
||||
107 | [37.1.212.243](https://vuldb.com/?ip.37.1.212.243) | spinkl.org.uk | - | High
|
||||
108 | [37.27.3.21](https://vuldb.com/?ip.37.27.3.21) | static.21.3.27.37.clients.your-server.de | - | High
|
||||
109 | [37.49.230.54](https://vuldb.com/?ip.37.49.230.54) | - | - | High
|
||||
110 | [37.49.230.114](https://vuldb.com/?ip.37.49.230.114) | - | - | High
|
||||
111 | [37.120.237.242](https://vuldb.com/?ip.37.120.237.242) | - | - | High
|
||||
112 | [37.120.238.179](https://vuldb.com/?ip.37.120.238.179) | - | - | High
|
||||
113 | [37.220.87.7](https://vuldb.com/?ip.37.220.87.7) | ipn-37-220-87-7.artem-catv.ru | - | High
|
||||
114 | [37.220.87.12](https://vuldb.com/?ip.37.220.87.12) | ipn-37-220-87-12.artem-catv.ru | - | High
|
||||
115 | [37.220.87.17](https://vuldb.com/?ip.37.220.87.17) | ipn-37-220-87-17.artem-catv.ru | - | High
|
||||
116 | [37.220.87.18](https://vuldb.com/?ip.37.220.87.18) | ipn-37-220-87-18.artem-catv.ru | - | High
|
||||
117 | [37.220.87.25](https://vuldb.com/?ip.37.220.87.25) | ipn-37-220-87-25.artem-catv.ru | - | High
|
||||
118 | [37.220.87.29](https://vuldb.com/?ip.37.220.87.29) | ipn-37-220-87-29.artem-catv.ru | - | High
|
||||
119 | [37.220.87.34](https://vuldb.com/?ip.37.220.87.34) | ipn-37-220-87-34.artem-catv.ru | - | High
|
||||
120 | [37.220.87.35](https://vuldb.com/?ip.37.220.87.35) | ipn-37-220-87-35.artem-catv.ru | - | High
|
||||
121 | [37.220.87.36](https://vuldb.com/?ip.37.220.87.36) | ipn-37-220-87-36.artem-catv.ru | - | High
|
||||
122 | [37.220.87.38](https://vuldb.com/?ip.37.220.87.38) | ipn-37-220-87-38.artem-catv.ru | - | High
|
||||
123 | [37.220.87.47](https://vuldb.com/?ip.37.220.87.47) | ipn-37-220-87-47.artem-catv.ru | - | High
|
||||
124 | [37.220.87.48](https://vuldb.com/?ip.37.220.87.48) | ipn-37-220-87-48.artem-catv.ru | - | High
|
||||
125 | [37.220.87.49](https://vuldb.com/?ip.37.220.87.49) | ipn-37-220-87-49.artem-catv.ru | - | High
|
||||
126 | [37.220.87.63](https://vuldb.com/?ip.37.220.87.63) | ipn-37-220-87-63.artem-catv.ru | - | High
|
||||
127 | [37.220.87.66](https://vuldb.com/?ip.37.220.87.66) | ipn-37-220-87-66.artem-catv.ru | - | High
|
||||
128 | [37.220.87.68](https://vuldb.com/?ip.37.220.87.68) | ipn-37-220-87-68.artem-catv.ru | - | High
|
||||
129 | [37.220.87.86](https://vuldb.com/?ip.37.220.87.86) | ipn-37-220-87-86.artem-catv.ru | - | High
|
||||
130 | [43.130.118.228](https://vuldb.com/?ip.43.130.118.228) | - | - | High
|
||||
131 | [45.8.144.61](https://vuldb.com/?ip.45.8.144.61) | vm1323244.stark-industries.solutions | - | High
|
||||
132 | [45.8.144.73](https://vuldb.com/?ip.45.8.144.73) | vm1182705.stark-industries.solutions | - | High
|
||||
133 | [45.8.144.148](https://vuldb.com/?ip.45.8.144.148) | vm1332653.stark-industries.solutions | - | High
|
||||
134 | [45.8.146.72](https://vuldb.com/?ip.45.8.146.72) | vm1066019.stark-industries.solutions | - | High
|
||||
135 | [45.9.74.6](https://vuldb.com/?ip.45.9.74.6) | - | - | High
|
||||
136 | [45.9.74.21](https://vuldb.com/?ip.45.9.74.21) | - | - | High
|
||||
137 | [45.9.74.22](https://vuldb.com/?ip.45.9.74.22) | - | - | High
|
||||
138 | [45.9.74.34](https://vuldb.com/?ip.45.9.74.34) | - | - | High
|
||||
139 | [45.9.74.35](https://vuldb.com/?ip.45.9.74.35) | - | - | High
|
||||
140 | [45.9.74.36](https://vuldb.com/?ip.45.9.74.36) | - | - | High
|
||||
141 | [45.9.74.50](https://vuldb.com/?ip.45.9.74.50) | - | - | High
|
||||
142 | [45.9.74.54](https://vuldb.com/?ip.45.9.74.54) | - | - | High
|
||||
143 | [45.9.74.56](https://vuldb.com/?ip.45.9.74.56) | - | - | High
|
||||
144 | [45.9.74.60](https://vuldb.com/?ip.45.9.74.60) | - | - | High
|
||||
145 | [45.9.74.68](https://vuldb.com/?ip.45.9.74.68) | - | - | High
|
||||
146 | [45.9.74.69](https://vuldb.com/?ip.45.9.74.69) | - | - | High
|
||||
147 | [45.9.74.70](https://vuldb.com/?ip.45.9.74.70) | - | - | High
|
||||
148 | [45.9.74.71](https://vuldb.com/?ip.45.9.74.71) | - | - | High
|
||||
149 | [45.9.74.81](https://vuldb.com/?ip.45.9.74.81) | - | - | High
|
||||
150 | [45.9.74.82](https://vuldb.com/?ip.45.9.74.82) | - | - | High
|
||||
151 | [45.9.74.90](https://vuldb.com/?ip.45.9.74.90) | - | - | High
|
||||
152 | [45.9.74.97](https://vuldb.com/?ip.45.9.74.97) | - | - | High
|
||||
153 | [45.9.74.99](https://vuldb.com/?ip.45.9.74.99) | - | - | High
|
||||
154 | [45.9.74.119](https://vuldb.com/?ip.45.9.74.119) | - | - | High
|
||||
155 | [45.9.74.151](https://vuldb.com/?ip.45.9.74.151) | - | - | High
|
||||
156 | [45.9.74.152](https://vuldb.com/?ip.45.9.74.152) | - | - | High
|
||||
157 | [45.9.74.160](https://vuldb.com/?ip.45.9.74.160) | - | - | High
|
||||
158 | [45.9.74.165](https://vuldb.com/?ip.45.9.74.165) | - | - | High
|
||||
159 | [45.9.74.170](https://vuldb.com/?ip.45.9.74.170) | - | - | High
|
||||
160 | [45.9.74.171](https://vuldb.com/?ip.45.9.74.171) | - | - | High
|
||||
161 | [45.9.74.172](https://vuldb.com/?ip.45.9.74.172) | - | - | High
|
||||
162 | [45.9.74.173](https://vuldb.com/?ip.45.9.74.173) | - | - | High
|
||||
163 | [45.9.74.174](https://vuldb.com/?ip.45.9.74.174) | - | - | High
|
||||
164 | [45.9.74.175](https://vuldb.com/?ip.45.9.74.175) | - | - | High
|
||||
165 | [45.9.74.176](https://vuldb.com/?ip.45.9.74.176) | - | - | High
|
||||
166 | [45.9.148.139](https://vuldb.com/?ip.45.9.148.139) | - | - | High
|
||||
167 | [45.15.156.2](https://vuldb.com/?ip.45.15.156.2) | - | - | High
|
||||
168 | [45.15.156.8](https://vuldb.com/?ip.45.15.156.8) | - | - | High
|
||||
169 | [45.15.156.11](https://vuldb.com/?ip.45.15.156.11) | - | - | High
|
||||
170 | [45.15.156.31](https://vuldb.com/?ip.45.15.156.31) | - | - | High
|
||||
171 | [45.15.156.36](https://vuldb.com/?ip.45.15.156.36) | - | - | High
|
||||
172 | [45.15.156.38](https://vuldb.com/?ip.45.15.156.38) | - | - | High
|
||||
173 | [45.15.156.40](https://vuldb.com/?ip.45.15.156.40) | - | - | High
|
||||
174 | [45.15.156.42](https://vuldb.com/?ip.45.15.156.42) | - | - | High
|
||||
175 | [45.15.156.50](https://vuldb.com/?ip.45.15.156.50) | - | - | High
|
||||
176 | [45.15.156.62](https://vuldb.com/?ip.45.15.156.62) | - | - | High
|
||||
177 | [45.15.156.72](https://vuldb.com/?ip.45.15.156.72) | - | - | High
|
||||
178 | [45.15.156.75](https://vuldb.com/?ip.45.15.156.75) | - | - | High
|
||||
179 | [45.15.156.79](https://vuldb.com/?ip.45.15.156.79) | - | - | High
|
||||
180 | [45.15.156.87](https://vuldb.com/?ip.45.15.156.87) | - | - | High
|
||||
181 | [45.15.156.96](https://vuldb.com/?ip.45.15.156.96) | - | - | High
|
||||
182 | [45.15.156.105](https://vuldb.com/?ip.45.15.156.105) | - | - | High
|
||||
183 | [45.15.156.120](https://vuldb.com/?ip.45.15.156.120) | - | - | High
|
||||
184 | [45.15.156.151](https://vuldb.com/?ip.45.15.156.151) | - | - | High
|
||||
185 | [45.15.156.164](https://vuldb.com/?ip.45.15.156.164) | - | - | High
|
||||
186 | [45.15.156.168](https://vuldb.com/?ip.45.15.156.168) | - | - | High
|
||||
187 | [45.15.156.169](https://vuldb.com/?ip.45.15.156.169) | - | - | High
|
||||
188 | [45.15.156.178](https://vuldb.com/?ip.45.15.156.178) | - | - | High
|
||||
189 | [45.15.156.179](https://vuldb.com/?ip.45.15.156.179) | - | - | High
|
||||
190 | [45.15.156.192](https://vuldb.com/?ip.45.15.156.192) | - | - | High
|
||||
191 | [45.15.156.198](https://vuldb.com/?ip.45.15.156.198) | - | - | High
|
||||
192 | [45.15.156.201](https://vuldb.com/?ip.45.15.156.201) | - | - | High
|
||||
193 | [45.15.156.208](https://vuldb.com/?ip.45.15.156.208) | - | - | High
|
||||
194 | [45.15.156.225](https://vuldb.com/?ip.45.15.156.225) | - | - | High
|
||||
195 | [45.15.156.226](https://vuldb.com/?ip.45.15.156.226) | - | - | High
|
||||
196 | [45.15.156.227](https://vuldb.com/?ip.45.15.156.227) | - | - | High
|
||||
197 | [45.15.156.233](https://vuldb.com/?ip.45.15.156.233) | - | - | High
|
||||
198 | [45.15.156.238](https://vuldb.com/?ip.45.15.156.238) | - | - | High
|
||||
199 | [45.15.156.239](https://vuldb.com/?ip.45.15.156.239) | - | - | High
|
||||
200 | [45.15.156.251](https://vuldb.com/?ip.45.15.156.251) | - | - | High
|
||||
201 | [45.15.157.7](https://vuldb.com/?ip.45.15.157.7) | - | - | High
|
||||
202 | [45.15.159.197](https://vuldb.com/?ip.45.15.159.197) | royal-attack.aeza.network | - | High
|
||||
203 | [45.61.136.46](https://vuldb.com/?ip.45.61.136.46) | - | - | High
|
||||
204 | [45.61.136.191](https://vuldb.com/?ip.45.61.136.191) | - | - | High
|
||||
205 | [45.61.136.194](https://vuldb.com/?ip.45.61.136.194) | - | - | High
|
||||
206 | [45.61.137.163](https://vuldb.com/?ip.45.61.137.163) | - | - | High
|
||||
207 | [45.61.138.12](https://vuldb.com/?ip.45.61.138.12) | - | - | High
|
||||
208 | [45.61.138.130](https://vuldb.com/?ip.45.61.138.130) | - | - | High
|
||||
209 | [45.61.138.138](https://vuldb.com/?ip.45.61.138.138) | - | - | High
|
||||
210 | [45.61.139.2](https://vuldb.com/?ip.45.61.139.2) | - | - | High
|
||||
211 | [45.66.230.38](https://vuldb.com/?ip.45.66.230.38) | - | - | High
|
||||
212 | [45.67.34.234](https://vuldb.com/?ip.45.67.34.234) | vm1200564.stark-industries.solutions | - | High
|
||||
213 | [45.67.35.52](https://vuldb.com/?ip.45.67.35.52) | vm1245055.stark-industries.solutions | - | High
|
||||
214 | [45.67.35.164](https://vuldb.com/?ip.45.67.35.164) | vm1323097.stark-industries.solutions | - | High
|
||||
215 | [45.67.35.241](https://vuldb.com/?ip.45.67.35.241) | vm1349287.stark-industries.solutions | - | High
|
||||
216 | [45.67.35.251](https://vuldb.com/?ip.45.67.35.251) | vm1333466.stark-industries.solutions | - | High
|
||||
217 | [45.67.228.180](https://vuldb.com/?ip.45.67.228.180) | vm1330387.stark-industries.solutions | - | High
|
||||
218 | [45.67.231.132](https://vuldb.com/?ip.45.67.231.132) | ironfish.com | - | High
|
||||
219 | [45.77.137.24](https://vuldb.com/?ip.45.77.137.24) | - | - | High
|
||||
220 | [45.82.13.17](https://vuldb.com/?ip.45.82.13.17) | MSK-H-1674545172.msk.host | - | High
|
||||
221 | [45.82.71.192](https://vuldb.com/?ip.45.82.71.192) | papidu.com.ua | - | High
|
||||
222 | [45.82.73.28](https://vuldb.com/?ip.45.82.73.28) | - | - | High
|
||||
223 | [45.82.73.60](https://vuldb.com/?ip.45.82.73.60) | - | - | High
|
||||
224 | ... | ... | ... | ...
|
||||
26 | [5.42.67.7](https://vuldb.com/?ip.5.42.67.7) | - | - | High
|
||||
27 | [5.42.94.204](https://vuldb.com/?ip.5.42.94.204) | elegant-parcel.aeza.network | - | High
|
||||
28 | [5.61.51.73](https://vuldb.com/?ip.5.61.51.73) | - | - | High
|
||||
29 | [5.75.129.114](https://vuldb.com/?ip.5.75.129.114) | static.114.129.75.5.clients.your-server.de | - | High
|
||||
30 | [5.75.138.1](https://vuldb.com/?ip.5.75.138.1) | static.1.138.75.5.clients.your-server.de | - | High
|
||||
31 | [5.75.159.229](https://vuldb.com/?ip.5.75.159.229) | static.229.159.75.5.clients.your-server.de | - | High
|
||||
32 | [5.75.182.199](https://vuldb.com/?ip.5.75.182.199) | static.199.182.75.5.clients.your-server.de | - | High
|
||||
33 | [5.75.186.33](https://vuldb.com/?ip.5.75.186.33) | static.33.186.75.5.clients.your-server.de | - | High
|
||||
34 | [5.75.186.50](https://vuldb.com/?ip.5.75.186.50) | static.50.186.75.5.clients.your-server.de | - | High
|
||||
35 | [5.75.225.209](https://vuldb.com/?ip.5.75.225.209) | static.209.225.75.5.clients.your-server.de | - | High
|
||||
36 | [5.75.242.235](https://vuldb.com/?ip.5.75.242.235) | static.235.242.75.5.clients.your-server.de | - | High
|
||||
37 | [5.75.243.212](https://vuldb.com/?ip.5.75.243.212) | static.212.243.75.5.clients.your-server.de | - | High
|
||||
38 | [5.75.248.141](https://vuldb.com/?ip.5.75.248.141) | static.141.248.75.5.clients.your-server.de | - | High
|
||||
39 | [5.75.251.66](https://vuldb.com/?ip.5.75.251.66) | static.66.251.75.5.clients.your-server.de | - | High
|
||||
40 | [5.78.53.188](https://vuldb.com/?ip.5.78.53.188) | static.188.53.78.5.clients.your-server.de | - | High
|
||||
41 | [5.78.74.115](https://vuldb.com/?ip.5.78.74.115) | static.115.74.78.5.clients.your-server.de | - | High
|
||||
42 | [5.78.75.80](https://vuldb.com/?ip.5.78.75.80) | static.80.75.78.5.clients.your-server.de | - | High
|
||||
43 | [5.78.85.103](https://vuldb.com/?ip.5.78.85.103) | static.103.85.78.5.clients.your-server.de | - | High
|
||||
44 | [5.78.89.116](https://vuldb.com/?ip.5.78.89.116) | static.116.89.78.5.clients.your-server.de | - | High
|
||||
45 | [5.78.98.26](https://vuldb.com/?ip.5.78.98.26) | static.26.98.78.5.clients.your-server.de | - | High
|
||||
46 | [5.78.111.161](https://vuldb.com/?ip.5.78.111.161) | static.161.111.78.5.clients.your-server.de | - | High
|
||||
47 | [5.181.156.252](https://vuldb.com/?ip.5.181.156.252) | no-rdns.mivocloud.com | - | High
|
||||
48 | [5.181.159.66](https://vuldb.com/?ip.5.181.159.66) | 5-181-159-66.mivocloud.com | - | High
|
||||
49 | [5.181.159.86](https://vuldb.com/?ip.5.181.159.86) | 5-181-159-86.mivocloud.com | - | High
|
||||
50 | [5.182.36.75](https://vuldb.com/?ip.5.182.36.75) | vm937417.stark-industries.solutions | - | High
|
||||
51 | [5.182.37.217](https://vuldb.com/?ip.5.182.37.217) | - | - | High
|
||||
52 | [5.206.224.181](https://vuldb.com/?ip.5.206.224.181) | bestwebsiteforlifve.com | - | High
|
||||
53 | [5.252.22.62](https://vuldb.com/?ip.5.252.22.62) | vm1204553.stark-industries.solutions | - | High
|
||||
54 | [5.252.22.66](https://vuldb.com/?ip.5.252.22.66) | s-germany.rocks | - | High
|
||||
55 | [5.252.22.107](https://vuldb.com/?ip.5.252.22.107) | vm868975.stark-industries.solutions | - | High
|
||||
56 | [5.252.23.27](https://vuldb.com/?ip.5.252.23.27) | vm1058478.stark-industries.solutions | - | High
|
||||
57 | [5.252.23.112](https://vuldb.com/?ip.5.252.23.112) | vm713221.stark-industries.solutions | - | High
|
||||
58 | [5.252.118.36](https://vuldb.com/?ip.5.252.118.36) | overrated-flavor.aeza.network | - | High
|
||||
59 | [5.252.118.139](https://vuldb.com/?ip.5.252.118.139) | polite-death.aeza.network | - | High
|
||||
60 | [5.252.118.232](https://vuldb.com/?ip.5.252.118.232) | obsolete-discussion.aeza.network | - | High
|
||||
61 | [5.252.177.22](https://vuldb.com/?ip.5.252.177.22) | no-rdns.mivocloud.com | - | High
|
||||
62 | [5.252.177.36](https://vuldb.com/?ip.5.252.177.36) | no-rdns.mivocloud.com | - | High
|
||||
63 | [5.252.177.50](https://vuldb.com/?ip.5.252.177.50) | edc0.dealsfromthenet.com | - | High
|
||||
64 | [5.252.177.71](https://vuldb.com/?ip.5.252.177.71) | no-rdns.mivocloud.com | - | High
|
||||
65 | [5.252.178.5](https://vuldb.com/?ip.5.252.178.5) | no-rdns.mivocloud.com | - | High
|
||||
66 | [5.252.178.86](https://vuldb.com/?ip.5.252.178.86) | 5-252-178-86.mivocloud.com | - | High
|
||||
67 | [5.252.178.139](https://vuldb.com/?ip.5.252.178.139) | no-rdns.mivocloud.com | - | High
|
||||
68 | [5.253.19.65](https://vuldb.com/?ip.5.253.19.65) | helmsman.coolomotion.com | - | High
|
||||
69 | [5.254.118.211](https://vuldb.com/?ip.5.254.118.211) | 4j4.biz | - | High
|
||||
70 | [5.254.118.254](https://vuldb.com/?ip.5.254.118.254) | - | - | High
|
||||
71 | [5.255.97.178](https://vuldb.com/?ip.5.255.97.178) | - | - | High
|
||||
72 | [5.255.100.41](https://vuldb.com/?ip.5.255.100.41) | - | - | High
|
||||
73 | [5.255.103.158](https://vuldb.com/?ip.5.255.103.158) | - | - | High
|
||||
74 | [5.255.111.137](https://vuldb.com/?ip.5.255.111.137) | - | - | High
|
||||
75 | [5.255.127.159](https://vuldb.com/?ip.5.255.127.159) | - | - | High
|
||||
76 | [8.248.161.254](https://vuldb.com/?ip.8.248.161.254) | - | - | High
|
||||
77 | [8.249.225.254](https://vuldb.com/?ip.8.249.225.254) | - | - | High
|
||||
78 | [8.249.241.254](https://vuldb.com/?ip.8.249.241.254) | - | - | High
|
||||
79 | [8.249.245.254](https://vuldb.com/?ip.8.249.245.254) | - | - | High
|
||||
80 | [8.253.132.120](https://vuldb.com/?ip.8.253.132.120) | - | - | High
|
||||
81 | [8.253.156.120](https://vuldb.com/?ip.8.253.156.120) | - | - | High
|
||||
82 | [18.238.4.79](https://vuldb.com/?ip.18.238.4.79) | server-18-238-4-79.phl51.r.cloudfront.net | - | High
|
||||
83 | [18.238.4.82](https://vuldb.com/?ip.18.238.4.82) | server-18-238-4-82.phl51.r.cloudfront.net | - | High
|
||||
84 | [18.238.4.84](https://vuldb.com/?ip.18.238.4.84) | server-18-238-4-84.phl51.r.cloudfront.net | - | High
|
||||
85 | [20.115.112.33](https://vuldb.com/?ip.20.115.112.33) | - | - | High
|
||||
86 | [20.166.60.250](https://vuldb.com/?ip.20.166.60.250) | - | - | High
|
||||
87 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
88 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
89 | [23.19.58.152](https://vuldb.com/?ip.23.19.58.152) | i58.152.lofame.net | - | High
|
||||
90 | [23.46.238.194](https://vuldb.com/?ip.23.46.238.194) | a23-46-238-194.deploy.static.akamaitechnologies.com | - | High
|
||||
91 | [23.88.55.150](https://vuldb.com/?ip.23.88.55.150) | bth3t1t2.myraidbox.de | - | High
|
||||
92 | [23.134.168.112](https://vuldb.com/?ip.23.134.168.112) | hot2.classificationpick2.xyz | - | High
|
||||
93 | [23.134.168.143](https://vuldb.com/?ip.23.134.168.143) | carvalhodds.store | - | High
|
||||
94 | [23.134.168.173](https://vuldb.com/?ip.23.134.168.173) | cfzo.ir | - | High
|
||||
95 | [23.227.199.27](https://vuldb.com/?ip.23.227.199.27) | 23-227-199-27.static.hvvc.us | - | High
|
||||
96 | [31.13.195.44](https://vuldb.com/?ip.31.13.195.44) | - | - | High
|
||||
97 | [31.41.244.153](https://vuldb.com/?ip.31.41.244.153) | - | - | High
|
||||
98 | [34.76.8.115](https://vuldb.com/?ip.34.76.8.115) | 115.8.76.34.bc.googleusercontent.com | - | Medium
|
||||
99 | [34.88.52.57](https://vuldb.com/?ip.34.88.52.57) | 57.52.88.34.bc.googleusercontent.com | - | Medium
|
||||
100 | [34.89.184.90](https://vuldb.com/?ip.34.89.184.90) | 90.184.89.34.bc.googleusercontent.com | - | Medium
|
||||
101 | [34.105.169.29](https://vuldb.com/?ip.34.105.169.29) | 29.169.105.34.bc.googleusercontent.com | - | Medium
|
||||
102 | [34.105.219.83](https://vuldb.com/?ip.34.105.219.83) | 83.219.105.34.bc.googleusercontent.com | - | Medium
|
||||
103 | [34.105.255.170](https://vuldb.com/?ip.34.105.255.170) | 170.255.105.34.bc.googleusercontent.com | - | Medium
|
||||
104 | [34.135.32.61](https://vuldb.com/?ip.34.135.32.61) | 61.32.135.34.bc.googleusercontent.com | - | Medium
|
||||
105 | [34.251.53.237](https://vuldb.com/?ip.34.251.53.237) | ec2-34-251-53-237.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
106 | [35.198.88.195](https://vuldb.com/?ip.35.198.88.195) | 195.88.198.35.bc.googleusercontent.com | - | Medium
|
||||
107 | [35.204.89.50](https://vuldb.com/?ip.35.204.89.50) | 50.89.204.35.bc.googleusercontent.com | - | Medium
|
||||
108 | [35.228.95.80](https://vuldb.com/?ip.35.228.95.80) | 80.95.228.35.bc.googleusercontent.com | - | Medium
|
||||
109 | [37.1.208.22](https://vuldb.com/?ip.37.1.208.22) | - | - | High
|
||||
110 | [37.1.212.243](https://vuldb.com/?ip.37.1.212.243) | spinkl.org.uk | - | High
|
||||
111 | [37.27.3.21](https://vuldb.com/?ip.37.27.3.21) | static.21.3.27.37.clients.your-server.de | - | High
|
||||
112 | [37.49.230.54](https://vuldb.com/?ip.37.49.230.54) | - | - | High
|
||||
113 | [37.49.230.114](https://vuldb.com/?ip.37.49.230.114) | - | - | High
|
||||
114 | [37.120.237.242](https://vuldb.com/?ip.37.120.237.242) | - | - | High
|
||||
115 | [37.120.238.179](https://vuldb.com/?ip.37.120.238.179) | - | - | High
|
||||
116 | [37.220.87.7](https://vuldb.com/?ip.37.220.87.7) | ipn-37-220-87-7.artem-catv.ru | - | High
|
||||
117 | [37.220.87.12](https://vuldb.com/?ip.37.220.87.12) | ipn-37-220-87-12.artem-catv.ru | - | High
|
||||
118 | [37.220.87.17](https://vuldb.com/?ip.37.220.87.17) | ipn-37-220-87-17.artem-catv.ru | - | High
|
||||
119 | [37.220.87.18](https://vuldb.com/?ip.37.220.87.18) | ipn-37-220-87-18.artem-catv.ru | - | High
|
||||
120 | [37.220.87.25](https://vuldb.com/?ip.37.220.87.25) | ipn-37-220-87-25.artem-catv.ru | - | High
|
||||
121 | [37.220.87.29](https://vuldb.com/?ip.37.220.87.29) | ipn-37-220-87-29.artem-catv.ru | - | High
|
||||
122 | [37.220.87.34](https://vuldb.com/?ip.37.220.87.34) | ipn-37-220-87-34.artem-catv.ru | - | High
|
||||
123 | [37.220.87.35](https://vuldb.com/?ip.37.220.87.35) | ipn-37-220-87-35.artem-catv.ru | - | High
|
||||
124 | [37.220.87.36](https://vuldb.com/?ip.37.220.87.36) | ipn-37-220-87-36.artem-catv.ru | - | High
|
||||
125 | [37.220.87.38](https://vuldb.com/?ip.37.220.87.38) | ipn-37-220-87-38.artem-catv.ru | - | High
|
||||
126 | [37.220.87.47](https://vuldb.com/?ip.37.220.87.47) | ipn-37-220-87-47.artem-catv.ru | - | High
|
||||
127 | [37.220.87.48](https://vuldb.com/?ip.37.220.87.48) | ipn-37-220-87-48.artem-catv.ru | - | High
|
||||
128 | [37.220.87.49](https://vuldb.com/?ip.37.220.87.49) | ipn-37-220-87-49.artem-catv.ru | - | High
|
||||
129 | [37.220.87.63](https://vuldb.com/?ip.37.220.87.63) | ipn-37-220-87-63.artem-catv.ru | - | High
|
||||
130 | [37.220.87.66](https://vuldb.com/?ip.37.220.87.66) | ipn-37-220-87-66.artem-catv.ru | - | High
|
||||
131 | [37.220.87.68](https://vuldb.com/?ip.37.220.87.68) | ipn-37-220-87-68.artem-catv.ru | - | High
|
||||
132 | [37.220.87.86](https://vuldb.com/?ip.37.220.87.86) | ipn-37-220-87-86.artem-catv.ru | - | High
|
||||
133 | [43.130.118.228](https://vuldb.com/?ip.43.130.118.228) | - | - | High
|
||||
134 | [45.8.144.61](https://vuldb.com/?ip.45.8.144.61) | vm1323244.stark-industries.solutions | - | High
|
||||
135 | [45.8.144.73](https://vuldb.com/?ip.45.8.144.73) | vm1182705.stark-industries.solutions | - | High
|
||||
136 | [45.8.144.148](https://vuldb.com/?ip.45.8.144.148) | vm1332653.stark-industries.solutions | - | High
|
||||
137 | [45.8.145.219](https://vuldb.com/?ip.45.8.145.219) | vm1589638.stark-industries.solutions | - | High
|
||||
138 | [45.8.146.72](https://vuldb.com/?ip.45.8.146.72) | vm1066019.stark-industries.solutions | - | High
|
||||
139 | [45.9.74.6](https://vuldb.com/?ip.45.9.74.6) | - | - | High
|
||||
140 | [45.9.74.21](https://vuldb.com/?ip.45.9.74.21) | - | - | High
|
||||
141 | [45.9.74.22](https://vuldb.com/?ip.45.9.74.22) | - | - | High
|
||||
142 | [45.9.74.34](https://vuldb.com/?ip.45.9.74.34) | - | - | High
|
||||
143 | [45.9.74.35](https://vuldb.com/?ip.45.9.74.35) | - | - | High
|
||||
144 | [45.9.74.36](https://vuldb.com/?ip.45.9.74.36) | - | - | High
|
||||
145 | [45.9.74.50](https://vuldb.com/?ip.45.9.74.50) | - | - | High
|
||||
146 | [45.9.74.54](https://vuldb.com/?ip.45.9.74.54) | - | - | High
|
||||
147 | [45.9.74.56](https://vuldb.com/?ip.45.9.74.56) | - | - | High
|
||||
148 | [45.9.74.60](https://vuldb.com/?ip.45.9.74.60) | - | - | High
|
||||
149 | [45.9.74.68](https://vuldb.com/?ip.45.9.74.68) | - | - | High
|
||||
150 | [45.9.74.69](https://vuldb.com/?ip.45.9.74.69) | - | - | High
|
||||
151 | [45.9.74.70](https://vuldb.com/?ip.45.9.74.70) | - | - | High
|
||||
152 | [45.9.74.71](https://vuldb.com/?ip.45.9.74.71) | - | - | High
|
||||
153 | [45.9.74.81](https://vuldb.com/?ip.45.9.74.81) | - | - | High
|
||||
154 | [45.9.74.82](https://vuldb.com/?ip.45.9.74.82) | - | - | High
|
||||
155 | [45.9.74.90](https://vuldb.com/?ip.45.9.74.90) | - | - | High
|
||||
156 | [45.9.74.97](https://vuldb.com/?ip.45.9.74.97) | - | - | High
|
||||
157 | [45.9.74.99](https://vuldb.com/?ip.45.9.74.99) | - | - | High
|
||||
158 | [45.9.74.119](https://vuldb.com/?ip.45.9.74.119) | - | - | High
|
||||
159 | [45.9.74.151](https://vuldb.com/?ip.45.9.74.151) | - | - | High
|
||||
160 | [45.9.74.152](https://vuldb.com/?ip.45.9.74.152) | - | - | High
|
||||
161 | [45.9.74.160](https://vuldb.com/?ip.45.9.74.160) | - | - | High
|
||||
162 | [45.9.74.165](https://vuldb.com/?ip.45.9.74.165) | - | - | High
|
||||
163 | [45.9.74.170](https://vuldb.com/?ip.45.9.74.170) | - | - | High
|
||||
164 | [45.9.74.171](https://vuldb.com/?ip.45.9.74.171) | - | - | High
|
||||
165 | [45.9.74.172](https://vuldb.com/?ip.45.9.74.172) | - | - | High
|
||||
166 | [45.9.74.173](https://vuldb.com/?ip.45.9.74.173) | - | - | High
|
||||
167 | [45.9.74.174](https://vuldb.com/?ip.45.9.74.174) | - | - | High
|
||||
168 | [45.9.74.175](https://vuldb.com/?ip.45.9.74.175) | - | - | High
|
||||
169 | [45.9.74.176](https://vuldb.com/?ip.45.9.74.176) | - | - | High
|
||||
170 | [45.9.148.139](https://vuldb.com/?ip.45.9.148.139) | - | - | High
|
||||
171 | [45.9.149.237](https://vuldb.com/?ip.45.9.149.237) | - | - | High
|
||||
172 | [45.15.156.2](https://vuldb.com/?ip.45.15.156.2) | - | - | High
|
||||
173 | [45.15.156.8](https://vuldb.com/?ip.45.15.156.8) | - | - | High
|
||||
174 | [45.15.156.11](https://vuldb.com/?ip.45.15.156.11) | - | - | High
|
||||
175 | [45.15.156.31](https://vuldb.com/?ip.45.15.156.31) | - | - | High
|
||||
176 | [45.15.156.36](https://vuldb.com/?ip.45.15.156.36) | - | - | High
|
||||
177 | [45.15.156.38](https://vuldb.com/?ip.45.15.156.38) | - | - | High
|
||||
178 | [45.15.156.40](https://vuldb.com/?ip.45.15.156.40) | - | - | High
|
||||
179 | [45.15.156.42](https://vuldb.com/?ip.45.15.156.42) | - | - | High
|
||||
180 | [45.15.156.50](https://vuldb.com/?ip.45.15.156.50) | - | - | High
|
||||
181 | [45.15.156.62](https://vuldb.com/?ip.45.15.156.62) | - | - | High
|
||||
182 | [45.15.156.72](https://vuldb.com/?ip.45.15.156.72) | - | - | High
|
||||
183 | [45.15.156.75](https://vuldb.com/?ip.45.15.156.75) | - | - | High
|
||||
184 | [45.15.156.79](https://vuldb.com/?ip.45.15.156.79) | - | - | High
|
||||
185 | [45.15.156.87](https://vuldb.com/?ip.45.15.156.87) | - | - | High
|
||||
186 | [45.15.156.96](https://vuldb.com/?ip.45.15.156.96) | - | - | High
|
||||
187 | [45.15.156.105](https://vuldb.com/?ip.45.15.156.105) | - | - | High
|
||||
188 | [45.15.156.120](https://vuldb.com/?ip.45.15.156.120) | - | - | High
|
||||
189 | [45.15.156.151](https://vuldb.com/?ip.45.15.156.151) | - | - | High
|
||||
190 | [45.15.156.164](https://vuldb.com/?ip.45.15.156.164) | - | - | High
|
||||
191 | [45.15.156.168](https://vuldb.com/?ip.45.15.156.168) | - | - | High
|
||||
192 | [45.15.156.169](https://vuldb.com/?ip.45.15.156.169) | - | - | High
|
||||
193 | [45.15.156.178](https://vuldb.com/?ip.45.15.156.178) | - | - | High
|
||||
194 | [45.15.156.179](https://vuldb.com/?ip.45.15.156.179) | - | - | High
|
||||
195 | [45.15.156.192](https://vuldb.com/?ip.45.15.156.192) | - | - | High
|
||||
196 | [45.15.156.198](https://vuldb.com/?ip.45.15.156.198) | - | - | High
|
||||
197 | [45.15.156.201](https://vuldb.com/?ip.45.15.156.201) | - | - | High
|
||||
198 | [45.15.156.208](https://vuldb.com/?ip.45.15.156.208) | - | - | High
|
||||
199 | [45.15.156.225](https://vuldb.com/?ip.45.15.156.225) | - | - | High
|
||||
200 | [45.15.156.226](https://vuldb.com/?ip.45.15.156.226) | - | - | High
|
||||
201 | [45.15.156.227](https://vuldb.com/?ip.45.15.156.227) | - | - | High
|
||||
202 | [45.15.156.233](https://vuldb.com/?ip.45.15.156.233) | - | - | High
|
||||
203 | [45.15.156.238](https://vuldb.com/?ip.45.15.156.238) | - | - | High
|
||||
204 | [45.15.156.239](https://vuldb.com/?ip.45.15.156.239) | - | - | High
|
||||
205 | [45.15.156.251](https://vuldb.com/?ip.45.15.156.251) | - | - | High
|
||||
206 | [45.15.157.7](https://vuldb.com/?ip.45.15.157.7) | - | - | High
|
||||
207 | [45.15.159.197](https://vuldb.com/?ip.45.15.159.197) | royal-attack.aeza.network | - | High
|
||||
208 | [45.61.136.46](https://vuldb.com/?ip.45.61.136.46) | - | - | High
|
||||
209 | [45.61.136.191](https://vuldb.com/?ip.45.61.136.191) | - | - | High
|
||||
210 | [45.61.136.194](https://vuldb.com/?ip.45.61.136.194) | - | - | High
|
||||
211 | [45.61.137.163](https://vuldb.com/?ip.45.61.137.163) | - | - | High
|
||||
212 | [45.61.138.12](https://vuldb.com/?ip.45.61.138.12) | - | - | High
|
||||
213 | [45.61.138.130](https://vuldb.com/?ip.45.61.138.130) | - | - | High
|
||||
214 | [45.61.138.138](https://vuldb.com/?ip.45.61.138.138) | - | - | High
|
||||
215 | [45.61.139.2](https://vuldb.com/?ip.45.61.139.2) | - | - | High
|
||||
216 | [45.66.230.38](https://vuldb.com/?ip.45.66.230.38) | - | - | High
|
||||
217 | [45.67.34.234](https://vuldb.com/?ip.45.67.34.234) | vm1200564.stark-industries.solutions | - | High
|
||||
218 | [45.67.35.52](https://vuldb.com/?ip.45.67.35.52) | vm1245055.stark-industries.solutions | - | High
|
||||
219 | [45.67.35.164](https://vuldb.com/?ip.45.67.35.164) | vm1323097.stark-industries.solutions | - | High
|
||||
220 | [45.67.35.241](https://vuldb.com/?ip.45.67.35.241) | vm1349287.stark-industries.solutions | - | High
|
||||
221 | [45.67.35.251](https://vuldb.com/?ip.45.67.35.251) | vm1333466.stark-industries.solutions | - | High
|
||||
222 | [45.67.228.180](https://vuldb.com/?ip.45.67.228.180) | vm1330387.stark-industries.solutions | - | High
|
||||
223 | [45.67.231.132](https://vuldb.com/?ip.45.67.231.132) | ironfish.com | - | High
|
||||
224 | [45.77.137.24](https://vuldb.com/?ip.45.77.137.24) | - | - | High
|
||||
225 | [45.82.13.17](https://vuldb.com/?ip.45.82.13.17) | MSK-H-1674545172.msk.host | - | High
|
||||
226 | [45.82.71.192](https://vuldb.com/?ip.45.82.71.192) | papidu.com.ua | - | High
|
||||
227 | [45.82.73.28](https://vuldb.com/?ip.45.82.73.28) | - | - | High
|
||||
228 | ... | ... | ... | ...
|
||||
|
||||
There are 894 more IOC items available. Please use our online service to access the data.
|
||||
There are 910 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -259,7 +263,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
|
@ -275,45 +280,45 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/admin/modal_add_product.php` | High
|
||||
5 | File | `/admin/positions_add.php` | High
|
||||
6 | File | `/admin/sys_sql_query.php` | High
|
||||
7 | File | `/ajax.php?action=save_company` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/database` | High
|
||||
10 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
11 | File | `/bin/ate` | Medium
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/booking/show_bookings/` | High
|
||||
14 | File | `/c/PluginsController.php` | High
|
||||
15 | File | `/category.php` | High
|
||||
16 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
17 | File | `/chaincity/user/ticket/create` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/api/database` | High
|
||||
9 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
10 | File | `/bin/ate` | Medium
|
||||
11 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
12 | File | `/booking/show_bookings/` | High
|
||||
13 | File | `/c/PluginsController.php` | High
|
||||
14 | File | `/category.php` | High
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/chaincity/user/ticket/create` | High
|
||||
17 | File | `/collection/all` | High
|
||||
18 | File | `/company/store` | High
|
||||
19 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
21 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/DXR.axd` | Medium
|
||||
24 | File | `/ecommerce/support_ticket` | High
|
||||
25 | File | `/ecrire/exec/puce_statut.php` | High
|
||||
26 | File | `/env` | Low
|
||||
27 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/ecommerce/support_ticket` | High
|
||||
24 | File | `/ecrire/exec/puce_statut.php` | High
|
||||
25 | File | `/env` | Low
|
||||
26 | File | `/etc/passwd` | Medium
|
||||
27 | File | `/files/` | Low
|
||||
28 | File | `/forum/away.php` | High
|
||||
29 | File | `/friends/ajax_invite` | High
|
||||
30 | File | `/goform/WifiGuestSet` | High
|
||||
31 | File | `/group1/uploa` | High
|
||||
32 | File | `/h/` | Low
|
||||
33 | File | `/home/filter_listings` | High
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
36 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
37 | File | `/index.php?page=category_list` | High
|
||||
38 | File | `/instance/detail` | High
|
||||
39 | File | `/items/search` | High
|
||||
40 | File | `/jobinfo/` | Medium
|
||||
41 | File | `/knowage/restful-services/dossier/importTemplateFile` | High
|
||||
42 | File | `/languages/install.php` | High
|
||||
30 | File | `/group1/uploa` | High
|
||||
31 | File | `/h/` | Low
|
||||
32 | File | `/home/filter_listings` | High
|
||||
33 | File | `/index.php` | Medium
|
||||
34 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
35 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
36 | File | `/instance/detail` | High
|
||||
37 | File | `/items/search` | High
|
||||
38 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
39 | File | `/jobinfo/` | Medium
|
||||
40 | File | `/knowage/restful-services/dossier/importTemplateFile` | High
|
||||
41 | File | `/languages/install.php` | High
|
||||
42 | File | `/log/decodmail.php` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 374 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
@ -351,6 +356,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://twitter.com/crep1x/status/1588297309313699842
|
||||
* https://twitter.com/crep1x/status/1592270229190881280
|
||||
* https://twitter.com/crep1x/status/1635034096949940224
|
||||
* https://twitter.com/crep1x/status/1697559871284035603
|
||||
* https://twitter.com/Gi7w0rm/status/1610872426492985344
|
||||
* https://twitter.com/Iamdeadlyz/status/1562823487932100608
|
||||
* https://www.zscaler.com/blogs/security-research/raccoon-stealer-v2-latest-generation-raccoon-family
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with RevengeRAT:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -41,7 +41,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -53,8 +53,8 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin/upload/upload` | High
|
||||
3 | File | `/api/baskets/{name}` | High
|
||||
4 | File | `/api/gen/clients/{language}` | High
|
||||
5 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
6 | File | `/config/getuser` | High
|
||||
5 | File | `/bin/login` | Medium
|
||||
6 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
7 | File | `/config/myfield/test.php` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/ecshop/admin/template.php` | High
|
||||
|
|
@ -64,37 +64,39 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/goform/set_LimitClient_cfg` | High
|
||||
14 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
15 | File | `/hss/admin/?page=products/view_product` | High
|
||||
16 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
17 | File | `/net-banking/customer_transactions.php` | High
|
||||
18 | File | `/obs/book.php` | High
|
||||
19 | File | `/ossn/administrator/com_installer` | High
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/pms/update_user.php?user_id=1` | High
|
||||
22 | File | `/preview.php` | Medium
|
||||
23 | File | `/requests.php` | High
|
||||
24 | File | `/spip.php` | Medium
|
||||
25 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
26 | File | `/sre/params.php` | High
|
||||
27 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
28 | File | `/uncpath/` | Medium
|
||||
29 | File | `/user/upload/upload` | High
|
||||
30 | File | `/Users` | Low
|
||||
31 | File | `/var/spool/hylafax` | High
|
||||
32 | File | `/vendor` | Low
|
||||
33 | File | `AccessibilityManagerService.java` | High
|
||||
34 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `add_contestant.php` | High
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin/edit_category.php` | High
|
||||
39 | File | `admin/index.php` | High
|
||||
40 | File | `admin/make_payments.php` | High
|
||||
41 | File | `admin/_cmdstat.jsp` | High
|
||||
42 | File | `af_netlink.c` | Medium
|
||||
43 | File | `album_portal.php` | High
|
||||
44 | ... | ... | ...
|
||||
16 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
17 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
18 | File | `/net-banking/customer_transactions.php` | High
|
||||
19 | File | `/obs/book.php` | High
|
||||
20 | File | `/ossn/administrator/com_installer` | High
|
||||
21 | File | `/owa/auth/logon.aspx` | High
|
||||
22 | File | `/pms/update_user.php?user_id=1` | High
|
||||
23 | File | `/preview.php` | Medium
|
||||
24 | File | `/requests.php` | High
|
||||
25 | File | `/secure/ViewCollectors` | High
|
||||
26 | File | `/spip.php` | Medium
|
||||
27 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
28 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
29 | File | `/sre/params.php` | High
|
||||
30 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
31 | File | `/sys/user/querySysUser?username=admin` | High
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/user/upload/upload` | High
|
||||
34 | File | `/Users` | Low
|
||||
35 | File | `/usr/local/www/csrf/csrf-magic.php` | High
|
||||
36 | File | `/vendor` | Low
|
||||
37 | File | `AccessibilityManagerService.java` | High
|
||||
38 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
39 | File | `adclick.php` | Medium
|
||||
40 | File | `add_contestant.php` | High
|
||||
41 | File | `admin.php` | Medium
|
||||
42 | File | `admin/edit_category.php` | High
|
||||
43 | File | `admin/index.php` | High
|
||||
44 | File | `admin/make_payments.php` | High
|
||||
45 | File | `admin/_cmdstat.jsp` | High
|
||||
46 | ... | ... | ...
|
||||
|
||||
There are 382 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -43,12 +43,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | T1068 | CWE-264, CWE-269, CWE-274, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
7 | ... | ... | ... | ...
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
|
@ -59,40 +58,49 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
3 | File | `/api/baskets/{name}` | High
|
||||
4 | File | `/api/upload.php` | High
|
||||
5 | File | `/api?path=profile` | High
|
||||
6 | File | `/Applications/Google\ Drive.app/Contents/MacOS` | High
|
||||
7 | File | `/authenticationendpoint/login.do` | High
|
||||
8 | File | `/bin/login` | Medium
|
||||
9 | File | `/cgi-bin/luci` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/contact/store` | High
|
||||
12 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
13 | File | `/ecommerce/support_ticket` | High
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/FuguHub/cmsdocs/` | High
|
||||
16 | File | `/goform/formLogin` | High
|
||||
17 | File | `/graphql` | Medium
|
||||
18 | File | `/h/autoSaveDraft` | High
|
||||
19 | File | `/HNAP1` | Low
|
||||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
22 | File | `/Log/Query?appid=0B736354-9473-4D66-B9C0-15CAC149EB05&tabid=tab_0B73635494734D66B9C015CAC149EB05` | High
|
||||
23 | File | `/mc` | Low
|
||||
24 | File | `/php-inventory-management-system/product.php` | High
|
||||
25 | File | `/plain` | Low
|
||||
26 | File | `/registration.php` | High
|
||||
27 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
28 | File | `/search.php` | Medium
|
||||
29 | File | `/settings/account` | High
|
||||
30 | File | `/student/bookdetails.php` | High
|
||||
31 | File | `/tmp/boa-temp` | High
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | ... | ... | ...
|
||||
2 | File | `/academy/home/courses` | High
|
||||
3 | File | `/admin/about-us.php` | High
|
||||
4 | File | `/admin/adclass.php` | High
|
||||
5 | File | `/admin/students/view_details.php` | High
|
||||
6 | File | `/ajax-files/followBoard.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/upload.php` | High
|
||||
10 | File | `/api?path=profile` | High
|
||||
11 | File | `/auth/callback` | High
|
||||
12 | File | `/authenticationendpoint/login.do` | High
|
||||
13 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
14 | File | `/cgi.cgi` | Medium
|
||||
15 | File | `/ci_spms/admin/search/searching/` | High
|
||||
16 | File | `/classes/Master.php?f=save_brand` | High
|
||||
17 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
18 | File | `/etc/pki/pesign` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/FuguHub/cmsdocs/` | High
|
||||
21 | File | `/goform/formLogin` | High
|
||||
22 | File | `/goform/setportList` | High
|
||||
23 | File | `/goform/set_LimitClient_cfg` | High
|
||||
24 | File | `/graphql` | Medium
|
||||
25 | File | `/h/autoSaveDraft` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/index.php?page=member` | High
|
||||
28 | File | `/modules/projects/vw_files.php` | High
|
||||
29 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
30 | File | `/QueryView.php` | High
|
||||
31 | File | `/registration.php` | High
|
||||
32 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
33 | File | `/romfile.cfg` | Medium
|
||||
34 | File | `/search.php` | Medium
|
||||
35 | File | `/settings/account` | High
|
||||
36 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
37 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
38 | File | `/staff/bookdetails.php` | High
|
||||
39 | File | `/staff/edit_book_details.php` | High
|
||||
40 | File | `/student/bookdetails.php` | High
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | ... | ... | ...
|
||||
|
||||
There are 282 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -16,11 +16,11 @@ The following _campaigns_ are known and can be associated with Russia Unknown:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Russia Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [JP](https://vuldb.com/?country.jp)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 23 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -3147,14 +3147,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-425 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1006 | CWE-22, CWE-23, CWE-24, CWE-36, CWE-425 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -3162,57 +3162,57 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.github/workflows/comment.yml` | High
|
||||
2 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
3 | File | `/account/delivery` | High
|
||||
4 | File | `/admin/addproduct.php` | High
|
||||
5 | File | `/admin/add_user_modal.php` | High
|
||||
6 | File | `/admin/del_category.php` | High
|
||||
7 | File | `/admin/del_service.php` | High
|
||||
8 | File | `/admin/edit_product.php` | High
|
||||
9 | File | `/admin/forgot-password.php` | High
|
||||
10 | File | `/admin/index.php` | High
|
||||
11 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
12 | File | `/admin/read.php?mudi=announContent` | High
|
||||
13 | File | `/admin/reg.php` | High
|
||||
14 | File | `/admin/search-appointment.php` | High
|
||||
15 | File | `/admin/sys_sql_query.php` | High
|
||||
16 | File | `/admin/test_status.php` | High
|
||||
17 | File | `/api/baskets/{name}` | High
|
||||
18 | File | `/api/ping` | Medium
|
||||
19 | File | `/api/set-password` | High
|
||||
20 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
21 | File | `/author_posts.php` | High
|
||||
22 | File | `/bin/ate` | Medium
|
||||
23 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
24 | File | `/blog` | Low
|
||||
25 | File | `/booking/show_bookings/` | High
|
||||
26 | File | `/browse` | Low
|
||||
27 | File | `/cgi-bin/adm.cgi` | High
|
||||
28 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
29 | File | `/chaincity/user/ticket/create` | High
|
||||
30 | File | `/classes/Master.php?f=delete_category` | High
|
||||
31 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
32 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
33 | File | `/classes/Master.php?f=save_item` | High
|
||||
34 | File | `/classes/Users.php?f=save` | High
|
||||
35 | File | `/company/store` | High
|
||||
36 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
37 | File | `/config` | Low
|
||||
38 | File | `/contact.php` | Medium
|
||||
39 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
40 | File | `/debug/pprof` | Medium
|
||||
41 | File | `/dipam/athlete-profile.php` | High
|
||||
42 | File | `/dipam/save-delegates.php` | High
|
||||
43 | File | `/Duty/AjaxHandle/UpLoadFloodPlanFile.ashx` | High
|
||||
44 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
45 | File | `/en/blog-comment-4` | High
|
||||
46 | File | `/etc/passwd` | Medium
|
||||
47 | File | `/forum/away.php` | High
|
||||
48 | File | `/getcfg.php` | Medium
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/ad-list` | Medium
|
||||
3 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
4 | File | `/admin/?page=user/list` | High
|
||||
5 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
6 | File | `/admin/about-us.php` | High
|
||||
7 | File | `/admin/add-category.php` | High
|
||||
8 | File | `/admin/add-services.php` | High
|
||||
9 | File | `/admin/admin-profile.php` | High
|
||||
10 | File | `/admin/del_category.php` | High
|
||||
11 | File | `/admin/del_feedback.php` | High
|
||||
12 | File | `/admin/del_service.php` | High
|
||||
13 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
14 | File | `/admin/edit_category.php` | High
|
||||
15 | File | `/admin/edit_product.php` | High
|
||||
16 | File | `/admin/files` | Medium
|
||||
17 | File | `/admin/forgot-password.php` | High
|
||||
18 | File | `/admin/index.php` | High
|
||||
19 | File | `/admin/invoice.php` | High
|
||||
20 | File | `/admin/search-appointment.php` | High
|
||||
21 | File | `/admin/sys_sql_query.php` | High
|
||||
22 | File | `/api/baskets/{name}` | High
|
||||
23 | File | `/api/sys/login` | High
|
||||
24 | File | `/api/sys/set_passwd` | High
|
||||
25 | File | `/app/sys1.php` | High
|
||||
26 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
27 | File | `/blog-single.php` | High
|
||||
28 | File | `/booking/show_bookings/` | High
|
||||
29 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
30 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
31 | File | `/classes/Master.php?f=delete_category` | High
|
||||
32 | File | `/collection/all` | High
|
||||
33 | File | `/conf/` | Low
|
||||
34 | File | `/config/php.ini` | High
|
||||
35 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
36 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
37 | File | `/debug/pprof` | Medium
|
||||
38 | File | `/etc/passwd` | Medium
|
||||
39 | File | `/find-a-match` | High
|
||||
40 | File | `/forum/away.php` | High
|
||||
41 | File | `/friends` | Medium
|
||||
42 | File | `/friends/ajax_invite` | High
|
||||
43 | File | `/fusion/portal/action/Link` | High
|
||||
44 | File | `/getcfg.php` | Medium
|
||||
45 | File | `/goform/fast_setting_wifi_set` | High
|
||||
46 | File | `/goform/NatStaticSetting` | High
|
||||
47 | File | `/goform/PowerSaveSet` | High
|
||||
48 | File | `/goform/SetPptpServerCfg` | High
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 422 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 429 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 22 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -84,24 +84,24 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `/release-x64/otfccdump` | High
|
||||
22 | File | `/rom-0` | Low
|
||||
23 | File | `/sbin/conf.d/SuSEconfig.javarunt` | High
|
||||
24 | File | `/see_more_details.php` | High
|
||||
25 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
26 | File | `/tmp` | Low
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/user-utils/users/md5.json` | High
|
||||
29 | File | `/usr/lib/utmp_update` | High
|
||||
30 | File | `/usr/local` | Medium
|
||||
31 | File | `/wp-admin` | Medium
|
||||
32 | File | `/wp-admin/admin-post.php?es_skip=1&option_name` | High
|
||||
33 | File | `2020\Messages\SDNotify.exe` | High
|
||||
34 | File | `adclick.php` | Medium
|
||||
35 | File | `admin/plugin-index.php` | High
|
||||
36 | File | `administration` | High
|
||||
37 | File | `administrative` | High
|
||||
38 | File | `ag_server_service.exe` | High
|
||||
24 | File | `/scripts/unlock_tasks.php` | High
|
||||
25 | File | `/see_more_details.php` | High
|
||||
26 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
27 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
28 | File | `/tmp` | Low
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/user-utils/users/md5.json` | High
|
||||
31 | File | `/usr/lib/utmp_update` | High
|
||||
32 | File | `/usr/local` | Medium
|
||||
33 | File | `/wp-admin` | Medium
|
||||
34 | File | `2020\Messages\SDNotify.exe` | High
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `admin/plugin-index.php` | High
|
||||
37 | File | `administration` | High
|
||||
38 | File | `administrative` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 338 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -70,93 +70,95 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
47 | [13.236.149.120](https://vuldb.com/?ip.13.236.149.120) | ec2-13-236-149-120.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
48 | [13.238.218.206](https://vuldb.com/?ip.13.238.218.206) | ec2-13-238-218-206.ap-southeast-2.compute.amazonaws.com | - | Medium
|
||||
49 | [14.1.29.189](https://vuldb.com/?ip.14.1.29.189) | - | - | High
|
||||
50 | [18.140.228.104](https://vuldb.com/?ip.18.140.228.104) | ec2-18-140-228-104.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
51 | [18.159.62.29](https://vuldb.com/?ip.18.159.62.29) | ec2-18-159-62-29.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
52 | [18.163.80.92](https://vuldb.com/?ip.18.163.80.92) | ec2-18-163-80-92.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
53 | [18.234.7.23](https://vuldb.com/?ip.18.234.7.23) | ec2-18-234-7-23.compute-1.amazonaws.com | - | Medium
|
||||
54 | [20.1.134.133](https://vuldb.com/?ip.20.1.134.133) | - | - | High
|
||||
55 | [20.58.167.202](https://vuldb.com/?ip.20.58.167.202) | - | - | High
|
||||
56 | [20.61.4.19](https://vuldb.com/?ip.20.61.4.19) | - | - | High
|
||||
57 | [20.118.135.66](https://vuldb.com/?ip.20.118.135.66) | - | - | High
|
||||
58 | [20.123.75.93](https://vuldb.com/?ip.20.123.75.93) | - | - | High
|
||||
59 | [20.227.28.202](https://vuldb.com/?ip.20.227.28.202) | - | - | High
|
||||
60 | [20.248.225.130](https://vuldb.com/?ip.20.248.225.130) | - | - | High
|
||||
61 | [23.19.227.106](https://vuldb.com/?ip.23.19.227.106) | - | - | High
|
||||
62 | [23.81.246.193](https://vuldb.com/?ip.23.81.246.193) | - | - | High
|
||||
63 | [23.82.141.146](https://vuldb.com/?ip.23.82.141.146) | - | - | High
|
||||
64 | [23.83.127.233](https://vuldb.com/?ip.23.83.127.233) | - | - | High
|
||||
65 | [23.83.133.53](https://vuldb.com/?ip.23.83.133.53) | - | - | High
|
||||
66 | [23.94.131.51](https://vuldb.com/?ip.23.94.131.51) | beikeet.com | - | High
|
||||
67 | [23.94.200.202](https://vuldb.com/?ip.23.94.200.202) | ju7-ry.insulin-pumpers.org | - | High
|
||||
68 | [23.95.44.80](https://vuldb.com/?ip.23.95.44.80) | 23-95-44-80-host.colocrossing.com | - | High
|
||||
69 | [23.105.193.194](https://vuldb.com/?ip.23.105.193.194) | cs.hax0x.win | - | High
|
||||
70 | [23.224.135.138](https://vuldb.com/?ip.23.224.135.138) | - | - | High
|
||||
71 | [23.224.135.139](https://vuldb.com/?ip.23.224.135.139) | - | - | High
|
||||
72 | [23.224.135.140](https://vuldb.com/?ip.23.224.135.140) | - | - | High
|
||||
73 | [23.224.135.141](https://vuldb.com/?ip.23.224.135.141) | - | - | High
|
||||
74 | [23.224.135.142](https://vuldb.com/?ip.23.224.135.142) | - | - | High
|
||||
75 | [23.234.199.141](https://vuldb.com/?ip.23.234.199.141) | 141-199-234-23-dedicated.multacom.com | - | High
|
||||
76 | [23.234.200.38](https://vuldb.com/?ip.23.234.200.38) | - | - | High
|
||||
77 | [23.239.30.17](https://vuldb.com/?ip.23.239.30.17) | 23-239-30-17.ip.linodeusercontent.com | - | High
|
||||
78 | [31.41.44.19](https://vuldb.com/?ip.31.41.44.19) | huotovich.maks.example.com | - | High
|
||||
79 | [34.105.151.117](https://vuldb.com/?ip.34.105.151.117) | 117.151.105.34.bc.googleusercontent.com | - | Medium
|
||||
80 | [34.136.159.101](https://vuldb.com/?ip.34.136.159.101) | 101.159.136.34.bc.googleusercontent.com | - | Medium
|
||||
81 | [34.150.49.203](https://vuldb.com/?ip.34.150.49.203) | 203.49.150.34.bc.googleusercontent.com | - | Medium
|
||||
82 | [34.162.188.150](https://vuldb.com/?ip.34.162.188.150) | 150.188.162.34.bc.googleusercontent.com | - | Medium
|
||||
83 | [34.171.81.60](https://vuldb.com/?ip.34.171.81.60) | 60.81.171.34.bc.googleusercontent.com | - | Medium
|
||||
84 | [34.172.52.13](https://vuldb.com/?ip.34.172.52.13) | 13.52.172.34.bc.googleusercontent.com | - | Medium
|
||||
85 | [34.176.0.227](https://vuldb.com/?ip.34.176.0.227) | 227.0.176.34.bc.googleusercontent.com | - | Medium
|
||||
86 | [34.201.98.138](https://vuldb.com/?ip.34.201.98.138) | ec2-34-201-98-138.compute-1.amazonaws.com | - | Medium
|
||||
87 | [34.212.32.244](https://vuldb.com/?ip.34.212.32.244) | ec2-34-212-32-244.us-west-2.compute.amazonaws.com | - | Medium
|
||||
88 | [34.221.238.130](https://vuldb.com/?ip.34.221.238.130) | ec2-34-221-238-130.us-west-2.compute.amazonaws.com | - | Medium
|
||||
89 | [35.72.242.198](https://vuldb.com/?ip.35.72.242.198) | ec2-35-72-242-198.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
90 | [35.167.111.43](https://vuldb.com/?ip.35.167.111.43) | ec2-35-167-111-43.us-west-2.compute.amazonaws.com | - | Medium
|
||||
91 | [35.180.5.225](https://vuldb.com/?ip.35.180.5.225) | ec2-35-180-5-225.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
92 | [35.180.135.137](https://vuldb.com/?ip.35.180.135.137) | ec2-35-180-135-137.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
93 | [35.185.58.57](https://vuldb.com/?ip.35.185.58.57) | 57.58.185.35.bc.googleusercontent.com | - | Medium
|
||||
94 | [35.212.172.98](https://vuldb.com/?ip.35.212.172.98) | 98.172.212.35.bc.googleusercontent.com | - | Medium
|
||||
95 | [35.225.60.206](https://vuldb.com/?ip.35.225.60.206) | 206.60.225.35.bc.googleusercontent.com | - | Medium
|
||||
96 | [35.232.112.155](https://vuldb.com/?ip.35.232.112.155) | 155.112.232.35.bc.googleusercontent.com | - | Medium
|
||||
97 | [35.236.117.76](https://vuldb.com/?ip.35.236.117.76) | 76.117.236.35.bc.googleusercontent.com | - | Medium
|
||||
98 | [35.240.171.140](https://vuldb.com/?ip.35.240.171.140) | 140.171.240.35.bc.googleusercontent.com | - | Medium
|
||||
99 | [37.10.71.215](https://vuldb.com/?ip.37.10.71.215) | pewna-kamagra.pl | - | High
|
||||
100 | [37.27.17.204](https://vuldb.com/?ip.37.27.17.204) | static.204.17.27.37.clients.your-server.de | - | High
|
||||
101 | [37.28.157.7](https://vuldb.com/?ip.37.28.157.7) | d157007.artnet.gda.pl | - | High
|
||||
102 | [37.48.120.35](https://vuldb.com/?ip.37.48.120.35) | - | - | High
|
||||
103 | [37.120.238.184](https://vuldb.com/?ip.37.120.238.184) | - | - | High
|
||||
104 | [37.187.123.146](https://vuldb.com/?ip.37.187.123.146) | ns332345.ip-37-187-123.eu | - | High
|
||||
105 | [37.235.49.25](https://vuldb.com/?ip.37.235.49.25) | ns2.test-ipv6.is | - | High
|
||||
106 | [38.55.24.35](https://vuldb.com/?ip.38.55.24.35) | - | - | High
|
||||
107 | [38.55.97.95](https://vuldb.com/?ip.38.55.97.95) | - | - | High
|
||||
108 | [39.98.48.67](https://vuldb.com/?ip.39.98.48.67) | - | - | High
|
||||
109 | [42.194.137.196](https://vuldb.com/?ip.42.194.137.196) | - | - | High
|
||||
110 | [43.133.22.89](https://vuldb.com/?ip.43.133.22.89) | - | - | High
|
||||
111 | [43.137.3.222](https://vuldb.com/?ip.43.137.3.222) | - | - | High
|
||||
112 | [43.137.17.156](https://vuldb.com/?ip.43.137.17.156) | - | - | High
|
||||
113 | [43.138.196.138](https://vuldb.com/?ip.43.138.196.138) | - | - | High
|
||||
114 | [43.142.109.133](https://vuldb.com/?ip.43.142.109.133) | - | - | High
|
||||
115 | [43.153.101.130](https://vuldb.com/?ip.43.153.101.130) | - | - | High
|
||||
116 | [43.154.223.31](https://vuldb.com/?ip.43.154.223.31) | - | - | High
|
||||
117 | [43.156.59.135](https://vuldb.com/?ip.43.156.59.135) | - | - | High
|
||||
118 | [43.207.147.229](https://vuldb.com/?ip.43.207.147.229) | ec2-43-207-147-229.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
119 | [43.248.136.99](https://vuldb.com/?ip.43.248.136.99) | - | - | High
|
||||
120 | [44.202.249.7](https://vuldb.com/?ip.44.202.249.7) | ec2-44-202-249-7.compute-1.amazonaws.com | - | Medium
|
||||
121 | [44.211.101.170](https://vuldb.com/?ip.44.211.101.170) | ec2-44-211-101-170.compute-1.amazonaws.com | - | Medium
|
||||
122 | [45.8.146.160](https://vuldb.com/?ip.45.8.146.160) | vm1125144.stark-industries.solutions | - | High
|
||||
123 | [45.8.157.45](https://vuldb.com/?ip.45.8.157.45) | super-links777.com | - | High
|
||||
124 | [45.9.148.64](https://vuldb.com/?ip.45.9.148.64) | - | - | High
|
||||
125 | [45.9.148.212](https://vuldb.com/?ip.45.9.148.212) | - | - | High
|
||||
126 | [45.9.148.252](https://vuldb.com/?ip.45.9.148.252) | - | - | High
|
||||
127 | [45.9.150.109](https://vuldb.com/?ip.45.9.150.109) | - | - | High
|
||||
128 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
129 | [45.14.224.102](https://vuldb.com/?ip.45.14.224.102) | hosted-by.spectraip.net | - | High
|
||||
130 | [45.32.233.220](https://vuldb.com/?ip.45.32.233.220) | 45.32.233.220.vultrusercontent.com | - | High
|
||||
131 | [45.42.200.237](https://vuldb.com/?ip.45.42.200.237) | - | - | High
|
||||
132 | [45.56.113.227](https://vuldb.com/?ip.45.56.113.227) | 45-56-113-227.ip.linodeusercontent.com | - | High
|
||||
133 | [45.56.114.203](https://vuldb.com/?ip.45.56.114.203) | 45-56-114-203.ip.linodeusercontent.com | - | High
|
||||
134 | ... | ... | ... | ...
|
||||
50 | [15.237.24.169](https://vuldb.com/?ip.15.237.24.169) | ec2-15-237-24-169.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
51 | [18.140.228.104](https://vuldb.com/?ip.18.140.228.104) | ec2-18-140-228-104.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
52 | [18.159.62.29](https://vuldb.com/?ip.18.159.62.29) | ec2-18-159-62-29.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
53 | [18.163.80.92](https://vuldb.com/?ip.18.163.80.92) | ec2-18-163-80-92.ap-east-1.compute.amazonaws.com | - | Medium
|
||||
54 | [18.234.7.23](https://vuldb.com/?ip.18.234.7.23) | ec2-18-234-7-23.compute-1.amazonaws.com | - | Medium
|
||||
55 | [20.1.134.133](https://vuldb.com/?ip.20.1.134.133) | - | - | High
|
||||
56 | [20.58.167.202](https://vuldb.com/?ip.20.58.167.202) | - | - | High
|
||||
57 | [20.61.4.19](https://vuldb.com/?ip.20.61.4.19) | - | - | High
|
||||
58 | [20.118.135.66](https://vuldb.com/?ip.20.118.135.66) | - | - | High
|
||||
59 | [20.123.75.93](https://vuldb.com/?ip.20.123.75.93) | - | - | High
|
||||
60 | [20.227.28.202](https://vuldb.com/?ip.20.227.28.202) | - | - | High
|
||||
61 | [20.248.225.130](https://vuldb.com/?ip.20.248.225.130) | - | - | High
|
||||
62 | [23.19.227.106](https://vuldb.com/?ip.23.19.227.106) | - | - | High
|
||||
63 | [23.81.246.193](https://vuldb.com/?ip.23.81.246.193) | - | - | High
|
||||
64 | [23.82.141.146](https://vuldb.com/?ip.23.82.141.146) | - | - | High
|
||||
65 | [23.83.127.233](https://vuldb.com/?ip.23.83.127.233) | - | - | High
|
||||
66 | [23.83.133.53](https://vuldb.com/?ip.23.83.133.53) | - | - | High
|
||||
67 | [23.94.131.51](https://vuldb.com/?ip.23.94.131.51) | beikeet.com | - | High
|
||||
68 | [23.94.200.202](https://vuldb.com/?ip.23.94.200.202) | ju7-ry.insulin-pumpers.org | - | High
|
||||
69 | [23.95.44.80](https://vuldb.com/?ip.23.95.44.80) | 23-95-44-80-host.colocrossing.com | - | High
|
||||
70 | [23.105.193.194](https://vuldb.com/?ip.23.105.193.194) | cs.hax0x.win | - | High
|
||||
71 | [23.224.135.138](https://vuldb.com/?ip.23.224.135.138) | - | - | High
|
||||
72 | [23.224.135.139](https://vuldb.com/?ip.23.224.135.139) | - | - | High
|
||||
73 | [23.224.135.140](https://vuldb.com/?ip.23.224.135.140) | - | - | High
|
||||
74 | [23.224.135.141](https://vuldb.com/?ip.23.224.135.141) | - | - | High
|
||||
75 | [23.224.135.142](https://vuldb.com/?ip.23.224.135.142) | - | - | High
|
||||
76 | [23.234.199.141](https://vuldb.com/?ip.23.234.199.141) | 141-199-234-23-dedicated.multacom.com | - | High
|
||||
77 | [23.234.200.38](https://vuldb.com/?ip.23.234.200.38) | - | - | High
|
||||
78 | [23.239.30.17](https://vuldb.com/?ip.23.239.30.17) | 23-239-30-17.ip.linodeusercontent.com | - | High
|
||||
79 | [31.41.44.19](https://vuldb.com/?ip.31.41.44.19) | huotovich.maks.example.com | - | High
|
||||
80 | [34.105.151.117](https://vuldb.com/?ip.34.105.151.117) | 117.151.105.34.bc.googleusercontent.com | - | Medium
|
||||
81 | [34.136.159.101](https://vuldb.com/?ip.34.136.159.101) | 101.159.136.34.bc.googleusercontent.com | - | Medium
|
||||
82 | [34.150.49.203](https://vuldb.com/?ip.34.150.49.203) | 203.49.150.34.bc.googleusercontent.com | - | Medium
|
||||
83 | [34.162.188.150](https://vuldb.com/?ip.34.162.188.150) | 150.188.162.34.bc.googleusercontent.com | - | Medium
|
||||
84 | [34.171.81.60](https://vuldb.com/?ip.34.171.81.60) | 60.81.171.34.bc.googleusercontent.com | - | Medium
|
||||
85 | [34.172.52.13](https://vuldb.com/?ip.34.172.52.13) | 13.52.172.34.bc.googleusercontent.com | - | Medium
|
||||
86 | [34.176.0.227](https://vuldb.com/?ip.34.176.0.227) | 227.0.176.34.bc.googleusercontent.com | - | Medium
|
||||
87 | [34.201.98.138](https://vuldb.com/?ip.34.201.98.138) | ec2-34-201-98-138.compute-1.amazonaws.com | - | Medium
|
||||
88 | [34.212.32.244](https://vuldb.com/?ip.34.212.32.244) | ec2-34-212-32-244.us-west-2.compute.amazonaws.com | - | Medium
|
||||
89 | [34.221.238.130](https://vuldb.com/?ip.34.221.238.130) | ec2-34-221-238-130.us-west-2.compute.amazonaws.com | - | Medium
|
||||
90 | [35.72.242.198](https://vuldb.com/?ip.35.72.242.198) | ec2-35-72-242-198.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
91 | [35.167.111.43](https://vuldb.com/?ip.35.167.111.43) | ec2-35-167-111-43.us-west-2.compute.amazonaws.com | - | Medium
|
||||
92 | [35.180.5.225](https://vuldb.com/?ip.35.180.5.225) | ec2-35-180-5-225.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
93 | [35.180.135.137](https://vuldb.com/?ip.35.180.135.137) | ec2-35-180-135-137.eu-west-3.compute.amazonaws.com | - | Medium
|
||||
94 | [35.185.58.57](https://vuldb.com/?ip.35.185.58.57) | 57.58.185.35.bc.googleusercontent.com | - | Medium
|
||||
95 | [35.212.172.98](https://vuldb.com/?ip.35.212.172.98) | 98.172.212.35.bc.googleusercontent.com | - | Medium
|
||||
96 | [35.225.60.206](https://vuldb.com/?ip.35.225.60.206) | 206.60.225.35.bc.googleusercontent.com | - | Medium
|
||||
97 | [35.232.112.155](https://vuldb.com/?ip.35.232.112.155) | 155.112.232.35.bc.googleusercontent.com | - | Medium
|
||||
98 | [35.236.117.76](https://vuldb.com/?ip.35.236.117.76) | 76.117.236.35.bc.googleusercontent.com | - | Medium
|
||||
99 | [35.240.171.140](https://vuldb.com/?ip.35.240.171.140) | 140.171.240.35.bc.googleusercontent.com | - | Medium
|
||||
100 | [37.10.71.215](https://vuldb.com/?ip.37.10.71.215) | pewna-kamagra.pl | - | High
|
||||
101 | [37.27.17.204](https://vuldb.com/?ip.37.27.17.204) | static.204.17.27.37.clients.your-server.de | - | High
|
||||
102 | [37.28.157.7](https://vuldb.com/?ip.37.28.157.7) | d157007.artnet.gda.pl | - | High
|
||||
103 | [37.48.120.35](https://vuldb.com/?ip.37.48.120.35) | - | - | High
|
||||
104 | [37.120.238.184](https://vuldb.com/?ip.37.120.238.184) | - | - | High
|
||||
105 | [37.187.123.146](https://vuldb.com/?ip.37.187.123.146) | ns332345.ip-37-187-123.eu | - | High
|
||||
106 | [37.235.49.25](https://vuldb.com/?ip.37.235.49.25) | ns2.test-ipv6.is | - | High
|
||||
107 | [38.55.24.35](https://vuldb.com/?ip.38.55.24.35) | - | - | High
|
||||
108 | [38.55.97.95](https://vuldb.com/?ip.38.55.97.95) | - | - | High
|
||||
109 | [39.98.48.67](https://vuldb.com/?ip.39.98.48.67) | - | - | High
|
||||
110 | [42.194.137.196](https://vuldb.com/?ip.42.194.137.196) | - | - | High
|
||||
111 | [43.133.22.89](https://vuldb.com/?ip.43.133.22.89) | - | - | High
|
||||
112 | [43.137.3.222](https://vuldb.com/?ip.43.137.3.222) | - | - | High
|
||||
113 | [43.137.17.156](https://vuldb.com/?ip.43.137.17.156) | - | - | High
|
||||
114 | [43.138.196.138](https://vuldb.com/?ip.43.138.196.138) | - | - | High
|
||||
115 | [43.142.109.133](https://vuldb.com/?ip.43.142.109.133) | - | - | High
|
||||
116 | [43.153.101.130](https://vuldb.com/?ip.43.153.101.130) | - | - | High
|
||||
117 | [43.154.223.31](https://vuldb.com/?ip.43.154.223.31) | - | - | High
|
||||
118 | [43.156.59.135](https://vuldb.com/?ip.43.156.59.135) | - | - | High
|
||||
119 | [43.207.147.229](https://vuldb.com/?ip.43.207.147.229) | ec2-43-207-147-229.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
120 | [43.230.161.37](https://vuldb.com/?ip.43.230.161.37) | - | - | High
|
||||
121 | [43.248.136.99](https://vuldb.com/?ip.43.248.136.99) | - | - | High
|
||||
122 | [44.202.249.7](https://vuldb.com/?ip.44.202.249.7) | ec2-44-202-249-7.compute-1.amazonaws.com | - | Medium
|
||||
123 | [44.211.101.170](https://vuldb.com/?ip.44.211.101.170) | ec2-44-211-101-170.compute-1.amazonaws.com | - | Medium
|
||||
124 | [45.8.146.160](https://vuldb.com/?ip.45.8.146.160) | vm1125144.stark-industries.solutions | - | High
|
||||
125 | [45.8.157.45](https://vuldb.com/?ip.45.8.157.45) | super-links777.com | - | High
|
||||
126 | [45.9.148.64](https://vuldb.com/?ip.45.9.148.64) | - | - | High
|
||||
127 | [45.9.148.212](https://vuldb.com/?ip.45.9.148.212) | - | - | High
|
||||
128 | [45.9.148.252](https://vuldb.com/?ip.45.9.148.252) | - | - | High
|
||||
129 | [45.9.150.109](https://vuldb.com/?ip.45.9.150.109) | - | - | High
|
||||
130 | [45.9.150.132](https://vuldb.com/?ip.45.9.150.132) | - | - | High
|
||||
131 | [45.14.224.102](https://vuldb.com/?ip.45.14.224.102) | hosted-by.spectraip.net | - | High
|
||||
132 | [45.32.233.220](https://vuldb.com/?ip.45.32.233.220) | 45.32.233.220.vultrusercontent.com | - | High
|
||||
133 | [45.42.200.237](https://vuldb.com/?ip.45.42.200.237) | - | - | High
|
||||
134 | [45.56.113.227](https://vuldb.com/?ip.45.56.113.227) | 45-56-113-227.ip.linodeusercontent.com | - | High
|
||||
135 | [45.56.114.203](https://vuldb.com/?ip.45.56.114.203) | 45-56-114-203.ip.linodeusercontent.com | - | High
|
||||
136 | ... | ... | ... | ...
|
||||
|
||||
There are 531 more IOC items available. Please use our online service to access the data.
|
||||
There are 538 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -201,35 +203,31 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/index.php` | Medium
|
||||
21 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
22 | File | `/index.php?page=category_list` | High
|
||||
23 | File | `/jobinfo/` | Medium
|
||||
24 | File | `/kelas/data` | Medium
|
||||
25 | File | `/lan.asp` | Medium
|
||||
26 | File | `/Moosikay/order.php` | High
|
||||
27 | File | `/opac/Actions.php?a=login` | High
|
||||
28 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
29 | File | `/pharmacy-sales-and-inventory-system/manage_user.php` | High
|
||||
30 | File | `/PreviewHandler.ashx` | High
|
||||
31 | File | `/recipe-result` | High
|
||||
32 | File | `/register.do` | Medium
|
||||
33 | File | `/reservation/add_message.php` | High
|
||||
34 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
35 | File | `/ServletAPI/accounts/login` | High
|
||||
36 | File | `/spip.php` | Medium
|
||||
37 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
38 | File | `/staff/edit_book_details.php` | High
|
||||
39 | File | `/student/bookdetails.php` | High
|
||||
40 | File | `/uploads/exam_question/` | High
|
||||
41 | File | `/user/profile` | High
|
||||
42 | File | `/user/ticket/create` | High
|
||||
43 | File | `/var/lib/docker/<remapping>` | High
|
||||
44 | File | `/wp-admin/admin-ajax.php` | High
|
||||
45 | File | `a-forms.php` | Medium
|
||||
46 | File | `active.log` | Medium
|
||||
47 | File | `adclick.php` | Medium
|
||||
48 | File | `admin-ajax.php` | High
|
||||
49 | ... | ... | ...
|
||||
23 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
24 | File | `/jobinfo/` | Medium
|
||||
25 | File | `/kelas/data` | Medium
|
||||
26 | File | `/lan.asp` | Medium
|
||||
27 | File | `/Moosikay/order.php` | High
|
||||
28 | File | `/opac/Actions.php?a=login` | High
|
||||
29 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
30 | File | `/pharmacy-sales-and-inventory-system/manage_user.php` | High
|
||||
31 | File | `/PreviewHandler.ashx` | High
|
||||
32 | File | `/recipe-result` | High
|
||||
33 | File | `/register.do` | Medium
|
||||
34 | File | `/reservation/add_message.php` | High
|
||||
35 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
36 | File | `/ServletAPI/accounts/login` | High
|
||||
37 | File | `/spip.php` | Medium
|
||||
38 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
39 | File | `/staff/edit_book_details.php` | High
|
||||
40 | File | `/student/bookdetails.php` | High
|
||||
41 | File | `/uploads/exam_question/` | High
|
||||
42 | File | `/user/profile` | High
|
||||
43 | File | `/user/ticket/create` | High
|
||||
44 | File | `/UserSelfServiceSettings.jsp` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 426 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 389 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
@ -260,6 +258,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/8.218.200.114
|
||||
* https://search.censys.io/hosts/13.115.21.133
|
||||
* https://search.censys.io/hosts/14.1.29.189
|
||||
* https://search.censys.io/hosts/15.237.24.169
|
||||
* https://search.censys.io/hosts/20.61.4.19
|
||||
* https://search.censys.io/hosts/20.118.135.66
|
||||
* https://search.censys.io/hosts/20.248.225.130
|
||||
|
|
@ -293,6 +292,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/43.138.196.138
|
||||
* https://search.censys.io/hosts/43.153.101.130
|
||||
* https://search.censys.io/hosts/43.207.147.229
|
||||
* https://search.censys.io/hosts/43.230.161.37
|
||||
* https://search.censys.io/hosts/43.248.136.99
|
||||
* https://search.censys.io/hosts/44.211.101.170
|
||||
* https://search.censys.io/hosts/45.8.146.160
|
||||
|
|
@ -347,6 +347,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/54.238.83.76
|
||||
* https://search.censys.io/hosts/54.255.40.113
|
||||
* https://search.censys.io/hosts/58.87.87.59
|
||||
* https://search.censys.io/hosts/60.204.140.244
|
||||
* https://search.censys.io/hosts/60.204.185.123
|
||||
* https://search.censys.io/hosts/62.210.124.105
|
||||
* https://search.censys.io/hosts/64.44.102.190
|
||||
|
|
@ -361,6 +362,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/77.91.73.143
|
||||
* https://search.censys.io/hosts/80.78.22.106
|
||||
* https://search.censys.io/hosts/81.19.141.14
|
||||
* https://search.censys.io/hosts/81.161.229.45
|
||||
* https://search.censys.io/hosts/82.156.227.47
|
||||
* https://search.censys.io/hosts/82.157.142.84
|
||||
* https://search.censys.io/hosts/85.204.116.80
|
||||
|
|
@ -419,6 +421,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/118.107.46.133
|
||||
* https://search.censys.io/hosts/118.193.37.157
|
||||
* https://search.censys.io/hosts/118.195.164.144
|
||||
* https://search.censys.io/hosts/119.45.20.55
|
||||
* https://search.censys.io/hosts/119.45.121.239
|
||||
* https://search.censys.io/hosts/119.45.206.25
|
||||
* https://search.censys.io/hosts/119.91.77.189
|
||||
|
|
@ -469,6 +472,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/144.34.160.57
|
||||
* https://search.censys.io/hosts/144.34.180.27
|
||||
* https://search.censys.io/hosts/144.126.211.191
|
||||
* https://search.censys.io/hosts/146.56.198.25
|
||||
* https://search.censys.io/hosts/147.182.137.225
|
||||
* https://search.censys.io/hosts/147.189.131.188
|
||||
* https://search.censys.io/hosts/149.28.90.162
|
||||
|
|
@ -526,6 +530,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://search.censys.io/hosts/185.150.119.7
|
||||
* https://search.censys.io/hosts/185.186.245.34
|
||||
* https://search.censys.io/hosts/185.225.70.191
|
||||
* https://search.censys.io/hosts/188.127.227.207
|
||||
* https://search.censys.io/hosts/188.127.227.216
|
||||
* https://search.censys.io/hosts/188.166.27.178
|
||||
* https://search.censys.io/hosts/188.166.81.141
|
||||
|
|
@ -573,6 +578,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://twitter.com/MichalKoczwara/status/1639587828899147777
|
||||
* https://twitter.com/r3dhttps://twitter.com/r3dbU7z/status/1627205584108896256bU7z/status/1627205584108896256
|
||||
* https://twitter.com/sicehice/status/1647641806190911494
|
||||
* https://twitter.com/sicehice/status/1697092495916552361
|
||||
* https://www.virustotal.com/gui/file/6385c94a74aa8a6abafc6b398f43ba4039926a242e0f62d9c2e433a496fabc5d
|
||||
|
||||
## Literature
|
||||
|
|
|
|||
|
|
@ -9,8 +9,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with South Asia Unknown:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 6 more country items available. Please use our online service to access the data.
|
||||
|
|
@ -57,7 +57,7 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `app/topic/action/admin/topic.php` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 68 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 70 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -83,12 +83,13 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
60 | [45.141.86.121](https://vuldb.com/?ip.45.141.86.121) | - | - | High
|
||||
61 | [45.144.28.84](https://vuldb.com/?ip.45.144.28.84) | dresgdrfgbd.com | - | High
|
||||
62 | [45.144.28.154](https://vuldb.com/?ip.45.144.28.154) | vm1226483.stark-industries.solutions | - | High
|
||||
63 | [45.147.197.188](https://vuldb.com/?ip.45.147.197.188) | vm4456743.1nvme.had.wf | - | High
|
||||
64 | [45.147.229.23](https://vuldb.com/?ip.45.147.229.23) | - | - | High
|
||||
65 | [45.147.231.118](https://vuldb.com/?ip.45.147.231.118) | - | - | High
|
||||
66 | ... | ... | ... | ...
|
||||
63 | [45.147.197.114](https://vuldb.com/?ip.45.147.197.114) | vm4576730.1nvme.had.wf | - | High
|
||||
64 | [45.147.197.188](https://vuldb.com/?ip.45.147.197.188) | vm4456743.1nvme.had.wf | - | High
|
||||
65 | [45.147.229.23](https://vuldb.com/?ip.45.147.229.23) | - | - | High
|
||||
66 | [45.147.231.118](https://vuldb.com/?ip.45.147.231.118) | - | - | High
|
||||
67 | ... | ... | ... | ...
|
||||
|
||||
There are 261 more IOC items available. Please use our online service to access the data.
|
||||
There are 264 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -103,7 +104,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -111,47 +112,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin/about-us.php` | High
|
||||
3 | File | `/admin/students/view_details.php` | High
|
||||
4 | File | `/ajax.php?action=read_msg` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/api/upload.php` | High
|
||||
7 | File | `/api?path=profile` | High
|
||||
8 | File | `/auth/callback` | High
|
||||
9 | File | `/booking/show_bookings/` | High
|
||||
10 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
11 | File | `/ci_spms/admin/search/searching/` | High
|
||||
12 | File | `/classes/Master.php?f=save_brand` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
15 | File | `/ecommerce/support_ticket` | High
|
||||
16 | File | `/etc/pki/pesign` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/FuguHub/cmsdocs/` | High
|
||||
19 | File | `/goform/setportList` | High
|
||||
20 | File | `/goform/set_LimitClient_cfg` | High
|
||||
21 | File | `/graphql` | Medium
|
||||
22 | File | `/group1/uploa` | High
|
||||
23 | File | `/h/autoSaveDraft` | High
|
||||
24 | File | `/HNAP1` | Low
|
||||
3 | File | `/admin/adclass.php` | High
|
||||
4 | File | `/admin/students/view_details.php` | High
|
||||
5 | File | `/ajax-files/followBoard.php` | High
|
||||
6 | File | `/ajax.php?action=read_msg` | High
|
||||
7 | File | `/api/baskets/{name}` | High
|
||||
8 | File | `/api/upload.php` | High
|
||||
9 | File | `/api?path=profile` | High
|
||||
10 | File | `/auth/callback` | High
|
||||
11 | File | `/authenticationendpoint/login.do` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/cgi.cgi` | Medium
|
||||
14 | File | `/ci_spms/admin/search/searching/` | High
|
||||
15 | File | `/classes/Master.php?f=save_brand` | High
|
||||
16 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/etc/pki/pesign` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/goform/setportList` | High
|
||||
21 | File | `/goform/set_LimitClient_cfg` | High
|
||||
22 | File | `/graphql` | Medium
|
||||
23 | File | `/group1/uploa` | High
|
||||
24 | File | `/h/autoSaveDraft` | High
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/modules/projects/vw_files.php` | High
|
||||
27 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
28 | File | `/registration.php` | High
|
||||
29 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
30 | File | `/resources//../` | High
|
||||
31 | File | `/romfile.cfg` | Medium
|
||||
32 | File | `/search.php` | Medium
|
||||
33 | File | `/settings/account` | High
|
||||
26 | File | `/index.php?page=member` | High
|
||||
27 | File | `/modules/projects/vw_files.php` | High
|
||||
28 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
29 | File | `/QueryView.php` | High
|
||||
30 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
31 | File | `/resources//../` | High
|
||||
32 | File | `/romfile.cfg` | Medium
|
||||
33 | File | `/search.php` | Medium
|
||||
34 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
35 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
36 | File | `/staff/edit_book_details.php` | High
|
||||
37 | File | `/student/bookdetails.php` | High
|
||||
38 | File | `/user/profile` | High
|
||||
39 | ... | ... | ...
|
||||
36 | File | `/staff/bookdetails.php` | High
|
||||
37 | File | `/staff/edit_book_details.php` | High
|
||||
38 | File | `/student/bookdetails.php` | High
|
||||
39 | File | `/uncpath/` | Medium
|
||||
40 | File | `/user/profile` | High
|
||||
41 | File | `/videotalk` | Medium
|
||||
42 | File | `/wireless/basic.asp` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 339 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 374 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -85,9 +85,10 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `/htdocs/utils/Files.php` | High
|
||||
27 | File | `/jpg/image.jpg` | High
|
||||
28 | File | `/Main_AdmStatus_Content.asp` | High
|
||||
29 | ... | ... | ...
|
||||
29 | File | `/mgmt/tm/util/bash` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 250 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 251 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -15,8 +15,8 @@ The following _campaigns_ are known and can be associated with TEMP.Heretic:
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with TEMP.Heretic:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
|
@ -58,7 +58,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/WebMstr7/servlet/mstrWeb` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 14 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -43,7 +43,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
4 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
|
@ -61,7 +62,7 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `conf.c` | Low
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 50 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 51 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ ID | Type | Indicator | Confidence
|
|||
19 | File | `/spip.php` | Medium
|
||||
20 | ... | ... | ...
|
||||
|
||||
There are 165 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 166 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -927,14 +927,14 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -945,61 +945,56 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/?p=products` | Medium
|
||||
3 | File | `/about.php` | Medium
|
||||
4 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
5 | File | `/admin.php/update/getFile.html` | High
|
||||
6 | File | `/admin/?page=user/manage` | High
|
||||
7 | File | `/admin/add-new.php` | High
|
||||
8 | File | `/admin/cashadvance_row.php` | High
|
||||
9 | File | `/admin/doctors.php` | High
|
||||
10 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
11 | File | `/admin/maintenance/view_designation.php` | High
|
||||
12 | File | `/admin/report/index.php` | High
|
||||
13 | File | `/admin/userprofile.php` | High
|
||||
14 | File | `/alphaware/summary.php` | High
|
||||
15 | File | `/api/` | Low
|
||||
16 | File | `/api/admin/store/product/list` | High
|
||||
17 | File | `/api/stl/actions/search` | High
|
||||
18 | File | `/api/v2/cli/commands` | High
|
||||
19 | File | `/APR/login.php` | High
|
||||
20 | File | `/bin/ate` | Medium
|
||||
21 | File | `/boat/login.php` | High
|
||||
22 | File | `/booking/show_bookings/` | High
|
||||
23 | File | `/cgi-bin` | Medium
|
||||
24 | File | `/cgi-bin/wapopen` | High
|
||||
25 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
26 | File | `/classes/Master.php?f=delete_service` | High
|
||||
27 | File | `/classes/Master.php?f=save_course` | High
|
||||
28 | File | `/debug/pprof` | Medium
|
||||
29 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
30 | File | `/env` | Low
|
||||
31 | File | `/feeds/post/publish` | High
|
||||
32 | File | `/forum/away.php` | High
|
||||
33 | File | `/h/` | Low
|
||||
34 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
35 | File | `/inc/topBarNav.php` | High
|
||||
36 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
37 | File | `/index.php?page=category_list` | High
|
||||
38 | File | `/jobinfo/` | Medium
|
||||
39 | File | `/Moosikay/order.php` | High
|
||||
40 | File | `/opac/Actions.php?a=login` | High
|
||||
41 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
42 | File | `/PreviewHandler.ashx` | High
|
||||
43 | File | `/public/launchNewWindow.jsp` | High
|
||||
44 | File | `/reservation/add_message.php` | High
|
||||
45 | File | `/spip.php` | Medium
|
||||
46 | File | `/student/bookdetails.php` | High
|
||||
47 | File | `/uploads/exam_question/` | High
|
||||
48 | File | `/user/updatePwd` | High
|
||||
49 | File | `/var/lib/docker/<remapping>` | High
|
||||
50 | File | `/var/www/core/controller/index.php` | High
|
||||
51 | File | `/wireless/security.asp` | High
|
||||
52 | File | `/wp-admin/admin-ajax.php` | High
|
||||
53 | File | `a-forms.php` | Medium
|
||||
54 | File | `AcquisiAction.class.php` | High
|
||||
55 | File | `activenews_view.asp` | High
|
||||
56 | ... | ... | ...
|
||||
4 | File | `/admin.php/update/getFile.html` | High
|
||||
5 | File | `/admin/inquiries/view_inquiry.php` | High
|
||||
6 | File | `/admin/maintenance/view_designation.php` | High
|
||||
7 | File | `/admin/sys_sql_query.php` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/stl/actions/search` | High
|
||||
10 | File | `/api/v2/cli/commands` | High
|
||||
11 | File | `/bin/ate` | Medium
|
||||
12 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
13 | File | `/booking/show_bookings/` | High
|
||||
14 | File | `/cgi-bin` | Medium
|
||||
15 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
16 | File | `/classes/Master.php?f=delete_service` | High
|
||||
17 | File | `/classes/Master.php?f=save_course` | High
|
||||
18 | File | `/company/store` | High
|
||||
19 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
20 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
21 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
24 | File | `/env` | Low
|
||||
25 | File | `/etc/passwd` | Medium
|
||||
26 | File | `/feeds/post/publish` | High
|
||||
27 | File | `/forum/away.php` | High
|
||||
28 | File | `/group1/uploa` | High
|
||||
29 | File | `/h/` | Low
|
||||
30 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
31 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
32 | File | `/index.php?page=category_list` | High
|
||||
33 | File | `/jobinfo/` | Medium
|
||||
34 | File | `/Moosikay/order.php` | High
|
||||
35 | File | `/opac/Actions.php?a=login` | High
|
||||
36 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
37 | File | `/PreviewHandler.ashx` | High
|
||||
38 | File | `/recipe-result` | High
|
||||
39 | File | `/register.do` | Medium
|
||||
40 | File | `/reservation/add_message.php` | High
|
||||
41 | File | `/resources//../` | High
|
||||
42 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
43 | File | `/spip.php` | Medium
|
||||
44 | File | `/student/bookdetails.php` | High
|
||||
45 | File | `/uploads/exam_question/` | High
|
||||
46 | File | `/user/ticket/create` | High
|
||||
47 | File | `/user/updatePwd` | High
|
||||
48 | File | `/var/lib/docker/<remapping>` | High
|
||||
49 | File | `/wp-admin/admin-ajax.php` | High
|
||||
50 | File | `/xxl-job-admin/user/add` | High
|
||||
51 | ... | ... | ...
|
||||
|
||||
There are 485 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 441 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* ...
|
||||
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
|
@ -82,7 +82,7 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `ajax_calls.php` | High
|
||||
30 | ... | ... | ...
|
||||
|
||||
There are 257 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 259 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -91,32 +91,34 @@ ID | Type | Indicator | Confidence
|
|||
35 | File | `/wordpress/wp-admin/options-general.php` | High
|
||||
36 | File | `/wp-admin` | Medium
|
||||
37 | File | `/wp-admin/admin-ajax.php` | High
|
||||
38 | File | `account.asp` | Medium
|
||||
39 | File | `adclick.php` | Medium
|
||||
40 | File | `adm/systools.asp` | High
|
||||
41 | File | `admin.php` | Medium
|
||||
42 | File | `admin/admin.shtml` | High
|
||||
43 | File | `Admin/ADM_Pagina.php` | High
|
||||
44 | File | `admin/category.inc.php` | High
|
||||
45 | File | `admin/main.asp` | High
|
||||
46 | File | `admin/param/param_func.inc.php` | High
|
||||
47 | File | `admin/y_admin.asp` | High
|
||||
48 | File | `adminer.php` | Medium
|
||||
49 | File | `administration/admins.php` | High
|
||||
50 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
51 | File | `admin_ok.asp` | Medium
|
||||
52 | File | `album_portal.php` | High
|
||||
53 | File | `app/Core/Paginator.php` | High
|
||||
54 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
55 | File | `artlinks.dispnew.php` | High
|
||||
56 | File | `auth.php` | Medium
|
||||
57 | File | `bin/named/query.c` | High
|
||||
58 | File | `blank.php` | Medium
|
||||
59 | File | `blocklayered-ajax.php` | High
|
||||
60 | File | `blogger-importer.php` | High
|
||||
61 | ... | ... | ...
|
||||
38 | File | `4.2.0.CP09` | Medium
|
||||
39 | File | `account.asp` | Medium
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `adm/systools.asp` | High
|
||||
42 | File | `admin.php` | Medium
|
||||
43 | File | `admin/admin.shtml` | High
|
||||
44 | File | `Admin/ADM_Pagina.php` | High
|
||||
45 | File | `admin/category.inc.php` | High
|
||||
46 | File | `admin/main.asp` | High
|
||||
47 | File | `admin/param/param_func.inc.php` | High
|
||||
48 | File | `admin/y_admin.asp` | High
|
||||
49 | File | `adminer.php` | Medium
|
||||
50 | File | `administration/admins.php` | High
|
||||
51 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
52 | File | `admin_ok.asp` | Medium
|
||||
53 | File | `album_portal.php` | High
|
||||
54 | File | `app/Core/Paginator.php` | High
|
||||
55 | File | `app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1` | High
|
||||
56 | File | `artlinks.dispnew.php` | High
|
||||
57 | File | `auth.php` | Medium
|
||||
58 | File | `bin/named/query.c` | High
|
||||
59 | File | `blank.php` | Medium
|
||||
60 | File | `blocklayered-ajax.php` | High
|
||||
61 | File | `blogger-importer.php` | High
|
||||
62 | File | `bluegate_seo.inc.php` | High
|
||||
63 | ... | ... | ...
|
||||
|
||||
There are 535 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 552 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 17 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -49,8 +49,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
|
@ -100,11 +99,9 @@ ID | Type | Indicator | Confidence
|
|||
38 | File | `/index.php?route=extension/module/so_filter_shop_by/filter_data` | High
|
||||
39 | File | `/isomedia/box_funcs.c` | High
|
||||
40 | File | `/isomedia/meta.c` | High
|
||||
41 | File | `/kruxton/receipt.php` | High
|
||||
42 | File | `/opt/zimbra/jetty/webapps/zimbra/public` | High
|
||||
43 | ... | ... | ...
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 376 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 358 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
39786
actors/Unknown/README.md
39786
actors/Unknown/README.md
File diff suppressed because it is too large
Load Diff
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -48,7 +48,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -62,8 +62,8 @@ ID | Type | Indicator | Confidence
|
|||
4 | File | `/academy/home/courses` | High
|
||||
5 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
6 | File | `/admin/?page=user/list` | High
|
||||
7 | File | `/admin/addproduct.php` | High
|
||||
8 | File | `/admin/ajax.php?action=save_queue` | High
|
||||
7 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
8 | File | `/admin/addproduct.php` | High
|
||||
9 | File | `/admin/bookings/manage_booking.php` | High
|
||||
10 | File | `/admin/bookings/view_booking.php` | High
|
||||
11 | File | `/admin/budget/manage_budget.php` | High
|
||||
|
|
@ -103,29 +103,35 @@ ID | Type | Indicator | Confidence
|
|||
45 | File | `/admin/userprofile.php` | High
|
||||
46 | File | `/admin/vote_edit.php` | High
|
||||
47 | File | `/api/stl/actions/search` | High
|
||||
48 | File | `/apply.cgi` | Medium
|
||||
49 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
50 | File | `/author_posts.php` | High
|
||||
51 | File | `/blog` | Low
|
||||
52 | File | `/blog-single.php` | High
|
||||
53 | File | `/booking/show_bookings/` | High
|
||||
54 | File | `/browse` | Low
|
||||
55 | File | `/bsms_ci/index.php/book` | High
|
||||
56 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
57 | File | `/cgi-bin/ping.cgi` | High
|
||||
58 | File | `/chaincity/user/ticket/create` | High
|
||||
59 | File | `/changeimage.php` | High
|
||||
60 | File | `/classes/Login.php` | High
|
||||
61 | File | `/classes/Master.php` | High
|
||||
62 | File | `/classes/Master.php?f=delete_category` | High
|
||||
63 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
64 | File | `/classes/Master.php?f=delete_item` | High
|
||||
65 | File | `/classes/Master.php?f=delete_service` | High
|
||||
66 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
67 | File | `/classes/Master.php?f=save_course` | High
|
||||
68 | ... | ... | ...
|
||||
48 | File | `/api/sys/login` | High
|
||||
49 | File | `/apply.cgi` | Medium
|
||||
50 | File | `/App_Resource/UEditor/server/upload.aspx` | High
|
||||
51 | File | `/author_posts.php` | High
|
||||
52 | File | `/blog` | Low
|
||||
53 | File | `/blog-single.php` | High
|
||||
54 | File | `/booking/show_bookings/` | High
|
||||
55 | File | `/browse` | Low
|
||||
56 | File | `/bsms_ci/index.php/book` | High
|
||||
57 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
58 | File | `/cgi-bin/ping.cgi` | High
|
||||
59 | File | `/chaincity/user/ticket/create` | High
|
||||
60 | File | `/changeimage.php` | High
|
||||
61 | File | `/classes/Login.php` | High
|
||||
62 | File | `/classes/Master.php` | High
|
||||
63 | File | `/classes/Master.php?f=delete_category` | High
|
||||
64 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
65 | File | `/classes/Master.php?f=delete_item` | High
|
||||
66 | File | `/classes/Master.php?f=delete_service` | High
|
||||
67 | File | `/classes/Master.php?f=delete_sub_category` | High
|
||||
68 | File | `/classes/Master.php?f=save_course` | High
|
||||
69 | File | `/classes/Master.php?f=save_inquiry` | High
|
||||
70 | File | `/classes/Master.php?f=save_item` | High
|
||||
71 | File | `/classes/Master.php?f=save_service` | High
|
||||
72 | File | `/classes/Users.php` | High
|
||||
73 | File | `/classes/Users.php?f=save` | High
|
||||
74 | ... | ... | ...
|
||||
|
||||
There are 601 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 650 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -66,14 +66,14 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `/ossn/administrator/com_installer` | High
|
||||
19 | File | `/Source/C++/Core/Ap4DataBuffer.cpp` | High
|
||||
20 | File | `/squashfs-root/www/HNAP1/control/SetWizardConfig.php` | High
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/user-utils/users/md5.json` | High
|
||||
23 | File | `/user/check.php` | High
|
||||
24 | File | `/var/avamar/f_cache.dat` | High
|
||||
25 | File | `/vloggers_merch/admin/?page=maintenance/manage_sub_category` | High
|
||||
21 | File | `/src/helper.c` | High
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/user-utils/users/md5.json` | High
|
||||
24 | File | `/user/check.php` | High
|
||||
25 | File | `/var/avamar/f_cache.dat` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 215 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 216 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,37 @@
|
|||
# WhiteSnake Stealer - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [WhiteSnake Stealer](https://vuldb.com/?actor.whitesnake_stealer). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.whitesnake_stealer](https://vuldb.com/?actor.whitesnake_stealer)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with WhiteSnake Stealer:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of WhiteSnake Stealer.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [78.46.66.9](https://vuldb.com/?ip.78.46.66.9) | mx.inqrt.com | - | High
|
||||
2 | [217.145.238.175](https://vuldb.com/?ip.217.145.238.175) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://threatfox.abuse.ch
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
@ -43,7 +43,8 @@ ID | Technique | Weakness | Description | Confidence
|
|||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 14 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
|
|
|
|||
|
|
@ -143,9 +143,10 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `add_comment.php` | High
|
||||
21 | File | `admin-ajax.php` | High
|
||||
22 | File | `admin.php` | Medium
|
||||
23 | ... | ... | ...
|
||||
23 | File | `admin/add_user/UID` | High
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 195 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 201 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
|
@ -138,8 +138,8 @@ ID | Type | Indicator | Confidence
|
|||
20 | File | `/cgi-bin` | Medium
|
||||
21 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
22 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
23 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
24 | File | `/dashboard/reports/logs/view` | High
|
||||
23 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
24 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
25 | File | `/debian/patches/load_ppp_generic_if_needed` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/env` | Low
|
||||
|
|
@ -147,22 +147,21 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/setmac` | High
|
||||
31 | File | `/goform/wizard_end` | High
|
||||
32 | File | `/manage-apartment.php` | High
|
||||
33 | File | `/medicines/profile.php` | High
|
||||
34 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
35 | File | `/pages/apply_vacancy.php` | High
|
||||
36 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
37 | File | `/proc/<PID>/mem` | High
|
||||
32 | File | `/group1/uploa` | High
|
||||
33 | File | `/manage-apartment.php` | High
|
||||
34 | File | `/medicines/profile.php` | High
|
||||
35 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
36 | File | `/pages/apply_vacancy.php` | High
|
||||
37 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
38 | File | `/proxy` | Low
|
||||
39 | File | `/reservation/add_message.php` | High
|
||||
40 | File | `/resources//../` | High
|
||||
41 | File | `/spip.php` | Medium
|
||||
42 | File | `/tmp` | Low
|
||||
43 | File | `/uncpath/` | Medium
|
||||
44 | File | `/upload` | Low
|
||||
45 | ... | ... | ...
|
||||
44 | ... | ... | ...
|
||||
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 384 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -132,7 +132,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -189,13 +189,13 @@ ID | Type | Indicator | Confidence
|
|||
47 | File | `/upfile.cgi` | Medium
|
||||
48 | File | `/user/s.php` | Medium
|
||||
49 | File | `/user/updatePwd` | High
|
||||
50 | File | `/var/log/nginx` | High
|
||||
51 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
52 | File | `/video-sharing-script/watch-video.php` | High
|
||||
53 | File | `/wireless/guestnetwork.asp` | High
|
||||
54 | File | `/wireless/security.asp` | High
|
||||
55 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
56 | File | `?r=recruit/interview/export&interviews=x` | High
|
||||
50 | File | `/vendor/htmlawed/htmlawed/htmLawedTest.php` | High
|
||||
51 | File | `/video-sharing-script/watch-video.php` | High
|
||||
52 | File | `/wireless/guestnetwork.asp` | High
|
||||
53 | File | `/wireless/security.asp` | High
|
||||
54 | File | `/wordpress/wp-admin/admin.php` | High
|
||||
55 | File | `?r=recruit/interview/export&interviews=x` | High
|
||||
56 | File | `account_footer.php` | High
|
||||
57 | ... | ... | ...
|
||||
|
||||
There are 496 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
|||
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with NjRAT:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
@ -185,37 +185,38 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
162 | [41.43.207.74](https://vuldb.com/?ip.41.43.207.74) | host-41.43.207.74.tedata.net | - | High
|
||||
163 | [41.44.233.236](https://vuldb.com/?ip.41.44.233.236) | host-41.44.233.236.tedata.net | - | High
|
||||
164 | [41.47.35.252](https://vuldb.com/?ip.41.47.35.252) | host-41.47.35.252.tedata.net | - | High
|
||||
165 | [41.97.3.243](https://vuldb.com/?ip.41.97.3.243) | - | - | High
|
||||
166 | [41.97.242.171](https://vuldb.com/?ip.41.97.242.171) | - | - | High
|
||||
167 | [41.98.30.114](https://vuldb.com/?ip.41.98.30.114) | - | - | High
|
||||
168 | [41.102.0.15](https://vuldb.com/?ip.41.102.0.15) | - | - | High
|
||||
169 | [41.102.39.1](https://vuldb.com/?ip.41.102.39.1) | - | - | High
|
||||
170 | [41.102.190.225](https://vuldb.com/?ip.41.102.190.225) | - | - | High
|
||||
171 | [41.103.11.65](https://vuldb.com/?ip.41.103.11.65) | - | - | High
|
||||
172 | [41.103.17.182](https://vuldb.com/?ip.41.103.17.182) | - | - | High
|
||||
173 | [41.103.60.237](https://vuldb.com/?ip.41.103.60.237) | - | - | High
|
||||
174 | [41.103.172.79](https://vuldb.com/?ip.41.103.172.79) | - | - | High
|
||||
175 | [41.103.178.158](https://vuldb.com/?ip.41.103.178.158) | - | - | High
|
||||
176 | [41.103.180.209](https://vuldb.com/?ip.41.103.180.209) | - | - | High
|
||||
177 | [41.104.37.66](https://vuldb.com/?ip.41.104.37.66) | - | - | High
|
||||
178 | [41.105.208.43](https://vuldb.com/?ip.41.105.208.43) | - | - | High
|
||||
179 | [41.107.120.88](https://vuldb.com/?ip.41.107.120.88) | - | - | High
|
||||
180 | [41.108.115.221](https://vuldb.com/?ip.41.108.115.221) | - | - | High
|
||||
181 | [41.108.181.141](https://vuldb.com/?ip.41.108.181.141) | - | - | High
|
||||
182 | [41.108.184.148](https://vuldb.com/?ip.41.108.184.148) | - | - | High
|
||||
183 | [41.109.68.239](https://vuldb.com/?ip.41.109.68.239) | - | - | High
|
||||
184 | [41.109.74.58](https://vuldb.com/?ip.41.109.74.58) | - | - | High
|
||||
185 | [41.109.224.182](https://vuldb.com/?ip.41.109.224.182) | - | - | High
|
||||
186 | [41.109.251.66](https://vuldb.com/?ip.41.109.251.66) | - | - | High
|
||||
187 | [41.141.118.138](https://vuldb.com/?ip.41.141.118.138) | - | - | High
|
||||
188 | [41.200.44.39](https://vuldb.com/?ip.41.200.44.39) | - | - | High
|
||||
189 | [41.200.126.237](https://vuldb.com/?ip.41.200.126.237) | - | - | High
|
||||
190 | [41.200.143.212](https://vuldb.com/?ip.41.200.143.212) | - | - | High
|
||||
191 | [41.200.209.143](https://vuldb.com/?ip.41.200.209.143) | - | - | High
|
||||
192 | [41.226.95.248](https://vuldb.com/?ip.41.226.95.248) | - | - | High
|
||||
193 | ... | ... | ... | ...
|
||||
165 | [41.68.165.218](https://vuldb.com/?ip.41.68.165.218) | - | - | High
|
||||
166 | [41.97.3.243](https://vuldb.com/?ip.41.97.3.243) | - | - | High
|
||||
167 | [41.97.242.171](https://vuldb.com/?ip.41.97.242.171) | - | - | High
|
||||
168 | [41.98.30.114](https://vuldb.com/?ip.41.98.30.114) | - | - | High
|
||||
169 | [41.102.0.15](https://vuldb.com/?ip.41.102.0.15) | - | - | High
|
||||
170 | [41.102.39.1](https://vuldb.com/?ip.41.102.39.1) | - | - | High
|
||||
171 | [41.102.190.225](https://vuldb.com/?ip.41.102.190.225) | - | - | High
|
||||
172 | [41.103.11.65](https://vuldb.com/?ip.41.103.11.65) | - | - | High
|
||||
173 | [41.103.17.182](https://vuldb.com/?ip.41.103.17.182) | - | - | High
|
||||
174 | [41.103.60.237](https://vuldb.com/?ip.41.103.60.237) | - | - | High
|
||||
175 | [41.103.172.79](https://vuldb.com/?ip.41.103.172.79) | - | - | High
|
||||
176 | [41.103.178.158](https://vuldb.com/?ip.41.103.178.158) | - | - | High
|
||||
177 | [41.103.180.209](https://vuldb.com/?ip.41.103.180.209) | - | - | High
|
||||
178 | [41.104.37.66](https://vuldb.com/?ip.41.104.37.66) | - | - | High
|
||||
179 | [41.105.208.43](https://vuldb.com/?ip.41.105.208.43) | - | - | High
|
||||
180 | [41.107.120.88](https://vuldb.com/?ip.41.107.120.88) | - | - | High
|
||||
181 | [41.108.115.221](https://vuldb.com/?ip.41.108.115.221) | - | - | High
|
||||
182 | [41.108.181.141](https://vuldb.com/?ip.41.108.181.141) | - | - | High
|
||||
183 | [41.108.184.148](https://vuldb.com/?ip.41.108.184.148) | - | - | High
|
||||
184 | [41.109.68.239](https://vuldb.com/?ip.41.109.68.239) | - | - | High
|
||||
185 | [41.109.74.58](https://vuldb.com/?ip.41.109.74.58) | - | - | High
|
||||
186 | [41.109.224.182](https://vuldb.com/?ip.41.109.224.182) | - | - | High
|
||||
187 | [41.109.251.66](https://vuldb.com/?ip.41.109.251.66) | - | - | High
|
||||
188 | [41.141.118.138](https://vuldb.com/?ip.41.141.118.138) | - | - | High
|
||||
189 | [41.200.44.39](https://vuldb.com/?ip.41.200.44.39) | - | - | High
|
||||
190 | [41.200.126.237](https://vuldb.com/?ip.41.200.126.237) | - | - | High
|
||||
191 | [41.200.143.212](https://vuldb.com/?ip.41.200.143.212) | - | - | High
|
||||
192 | [41.200.209.143](https://vuldb.com/?ip.41.200.209.143) | - | - | High
|
||||
193 | [41.226.95.248](https://vuldb.com/?ip.41.226.95.248) | - | - | High
|
||||
194 | ... | ... | ... | ...
|
||||
|
||||
There are 767 more IOC items available. Please use our online service to access the data.
|
||||
There are 773 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -230,7 +231,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -240,47 +241,46 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `//WEB-INF` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin.php/update/getFile.html` | High
|
||||
4 | File | `/admin/modal_add_product.php` | High
|
||||
5 | File | `/admin/sys_sql_query.php` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/geojson` | Medium
|
||||
8 | File | `/api/login` | Medium
|
||||
9 | File | `/Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML` | High
|
||||
10 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
11 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
12 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
13 | File | `/classes/Users.php?f=save` | High
|
||||
14 | File | `/company/store` | High
|
||||
15 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
16 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
17 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
18 | File | `/databases/database/list` | High
|
||||
19 | File | `/DXR.axd` | Medium
|
||||
20 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
21 | File | `/Electron/download` | High
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/feeds/post/publish` | High
|
||||
24 | File | `/forum/away.php` | High
|
||||
25 | File | `/h/` | Low
|
||||
26 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
27 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
28 | File | `/index.php?page=category_list` | High
|
||||
29 | File | `/jobinfo/` | Medium
|
||||
30 | File | `/Moosikay/order.php` | High
|
||||
31 | File | `/opac/Actions.php?a=login` | High
|
||||
32 | File | `/PreviewHandler.ashx` | High
|
||||
33 | File | `/recipe-result` | High
|
||||
34 | File | `/register.do` | Medium
|
||||
35 | File | `/reservation/add_message.php` | High
|
||||
36 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
37 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
38 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
39 | File | `/spip.php` | Medium
|
||||
40 | File | `/student/bookdetails.php` | High
|
||||
41 | ... | ... | ...
|
||||
3 | File | `/admin/modal_add_product.php` | High
|
||||
4 | File | `/admin/sys_sql_query.php` | High
|
||||
5 | File | `/api/baskets/{name}` | High
|
||||
6 | File | `/api/geojson` | Medium
|
||||
7 | File | `/api/login` | Medium
|
||||
8 | File | `/Applications/Content%20Manager/Execute.aspx?cmd=convert&mode=HTML` | High
|
||||
9 | File | `/bitrix/admin/ldap_server_edit.php` | High
|
||||
10 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
11 | File | `/classes/Users.php?f=save` | High
|
||||
12 | File | `/company/store` | High
|
||||
13 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
14 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
15 | File | `/core/conditions/AbstractWrapper.java` | High
|
||||
16 | File | `/databases/database/list` | High
|
||||
17 | File | `/DXR.axd` | Medium
|
||||
18 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
19 | File | `/Electron/download` | High
|
||||
20 | File | `/etc/passwd` | Medium
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/h/` | Low
|
||||
23 | File | `/inc/jquery/uploadify/uploadify.php` | High
|
||||
24 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
25 | File | `/index.php?page=category_list` | High
|
||||
26 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
27 | File | `/jobinfo/` | Medium
|
||||
28 | File | `/Moosikay/order.php` | High
|
||||
29 | File | `/PreviewHandler.ashx` | High
|
||||
30 | File | `/recipe-result` | High
|
||||
31 | File | `/register.do` | Medium
|
||||
32 | File | `/reviewer/system/system/admins/manage/users/user-update.php` | High
|
||||
33 | File | `/scripts/unlock_tasks.php` | High
|
||||
34 | File | `/send_order.cgi?parameter=access_detect` | High
|
||||
35 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
36 | File | `/spip.php` | Medium
|
||||
37 | File | `/student/bookdetails.php` | High
|
||||
38 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
39 | File | `/text/pdf/PdfReader.java` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 349 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 344 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [NL](https://vuldb.com/?country.nl)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 30 more country items available. Please use our online service to access the data.
|
||||
|
|
@ -43,7 +43,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-24, CWE-36, CWE-37 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
|
@ -87,44 +87,43 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
27 | File | `/alerts/alertConfigField.php` | High
|
||||
28 | File | `/api/baskets/{name}` | High
|
||||
29 | File | `/api/user/upsert/<uuid>` | High
|
||||
30 | File | `/appliance/users?action=edit` | High
|
||||
31 | File | `/backup.pl` | Medium
|
||||
32 | File | `/belegungsplan/monatsuebersicht.inc.php` | High
|
||||
33 | File | `/blog` | Low
|
||||
34 | File | `/booking/show_bookings/` | High
|
||||
35 | File | `/bsms_ci/index.php` | High
|
||||
36 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
37 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
38 | File | `/classes/Master.php?f=save_sub_category` | High
|
||||
39 | File | `/classes/Users.php?f=save` | High
|
||||
40 | File | `/dashboard/settings` | High
|
||||
41 | File | `/dipam/athlete-profile.php` | High
|
||||
42 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
43 | File | `/edoc/doctor/patient.php` | High
|
||||
44 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
45 | File | `/etc/gsissh/sshd_config` | High
|
||||
46 | File | `/etc/ldap.conf` | High
|
||||
47 | File | `/etc/passwd` | Medium
|
||||
48 | File | `/etc/shadow` | Medium
|
||||
49 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
50 | File | `/foms/place-order.php` | High
|
||||
51 | File | `/forum/away.php` | High
|
||||
52 | File | `/function/login.php` | High
|
||||
53 | File | `/goform/wizard_end` | High
|
||||
54 | File | `/h/calendar` | Medium
|
||||
55 | File | `/h/compose` | Medium
|
||||
56 | File | `/h/search?action=voicemail&action=listen` | High
|
||||
57 | File | `/hrm/employeeview.php` | High
|
||||
58 | File | `/index.php` | Medium
|
||||
59 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
60 | File | `/kelasdosen/data` | High
|
||||
61 | File | `/listplace/user/coverPhotoUpdate` | High
|
||||
62 | File | `/maintenance/manage_department.php` | High
|
||||
63 | File | `/manager/index.php` | High
|
||||
64 | ... | ... | ...
|
||||
29 | File | `/api/sys/login` | High
|
||||
30 | File | `/api/user/upsert/<uuid>` | High
|
||||
31 | File | `/appliance/users?action=edit` | High
|
||||
32 | File | `/backup.pl` | Medium
|
||||
33 | File | `/belegungsplan/monatsuebersicht.inc.php` | High
|
||||
34 | File | `/blog` | Low
|
||||
35 | File | `/booking/show_bookings/` | High
|
||||
36 | File | `/bsms_ci/index.php` | High
|
||||
37 | File | `/building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini` | High
|
||||
38 | File | `/cgi-bin/luci;stok=/locale` | High
|
||||
39 | File | `/classes/Master.php?f=save_sub_category` | High
|
||||
40 | File | `/classes/Users.php?f=save` | High
|
||||
41 | File | `/collection/all` | High
|
||||
42 | File | `/dashboard/settings` | High
|
||||
43 | File | `/dipam/athlete-profile.php` | High
|
||||
44 | File | `/E-mobile/App/System/File/downfile.php` | High
|
||||
45 | File | `/edoc/doctor/patient.php` | High
|
||||
46 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
47 | File | `/etc/gsissh/sshd_config` | High
|
||||
48 | File | `/etc/ldap.conf` | High
|
||||
49 | File | `/etc/passwd` | Medium
|
||||
50 | File | `/etc/shadow` | Medium
|
||||
51 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
52 | File | `/foms/place-order.php` | High
|
||||
53 | File | `/forum/away.php` | High
|
||||
54 | File | `/function/login.php` | High
|
||||
55 | File | `/fusion/portal/action/Link` | High
|
||||
56 | File | `/gadgets/definitions/uptime.CapacityWhatIfGadget/getmetrics.php` | High
|
||||
57 | File | `/gadgets/definitions/uptime.CapacityWhatifGadget/getxenmetrics.php` | High
|
||||
58 | File | `/goform/wizard_end` | High
|
||||
59 | File | `/hrm/employeeview.php` | High
|
||||
60 | File | `/index.php` | Medium
|
||||
61 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
62 | File | `/kelasdosen/data` | High
|
||||
63 | ... | ... | ...
|
||||
|
||||
There are 558 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 554 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ ID | Type | Indicator | Confidence
|
|||
42 | File | `/usr/local/contego/scripts/mgrconfig.pl` | High
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 373 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -8,8 +8,8 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Amazon Web Services:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
|
|
@ -67,7 +67,7 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `admin/content/postcategory` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 66 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 67 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -71,51 +71,51 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `/admin/upload/upload` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/gen/clients/{language}` | High
|
||||
6 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
7 | File | `/classes/Users.php` | High
|
||||
8 | File | `/config/myfield/test.php` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/ecshop/admin/template.php` | High
|
||||
11 | File | `/file/upload/1` | High
|
||||
12 | File | `/forum/away.php` | High
|
||||
13 | File | `/forum/PostPrivateMessage` | High
|
||||
14 | File | `/goform/set_LimitClient_cfg` | High
|
||||
15 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
16 | File | `/hss/admin/?page=products/view_product` | High
|
||||
17 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
18 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
19 | File | `/net-banking/customer_transactions.php` | High
|
||||
20 | File | `/obs/book.php` | High
|
||||
21 | File | `/ossn/administrator/com_installer` | High
|
||||
22 | File | `/owa/auth/logon.aspx` | High
|
||||
23 | File | `/pms/update_user.php?user_id=1` | High
|
||||
24 | File | `/preview.php` | Medium
|
||||
25 | File | `/requests.php` | High
|
||||
26 | File | `/secure/ViewCollectors` | High
|
||||
27 | File | `/spip.php` | Medium
|
||||
28 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
29 | File | `/sre/params.php` | High
|
||||
30 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/user/upload/upload` | High
|
||||
33 | File | `/Users` | Low
|
||||
34 | File | `/vendor` | Low
|
||||
35 | File | `AccessibilityManagerService.java` | High
|
||||
36 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
37 | File | `adclick.php` | Medium
|
||||
38 | File | `add_contestant.php` | High
|
||||
39 | File | `admin.php` | Medium
|
||||
40 | File | `admin/edit_category.php` | High
|
||||
41 | File | `admin/index.php` | High
|
||||
42 | File | `admin/make_payments.php` | High
|
||||
43 | File | `admin/_cmdstat.jsp` | High
|
||||
44 | File | `af_netlink.c` | Medium
|
||||
45 | File | `album_portal.php` | High
|
||||
46 | File | `api/auth.go` | Medium
|
||||
47 | File | `api_jsonrpc.php` | High
|
||||
6 | File | `/bin/login` | Medium
|
||||
7 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
8 | File | `/classes/Users.php` | High
|
||||
9 | File | `/config/getuser` | High
|
||||
10 | File | `/config/myfield/test.php` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/ecshop/admin/template.php` | High
|
||||
13 | File | `/file/upload/1` | High
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/forum/PostPrivateMessage` | High
|
||||
16 | File | `/goform/set_LimitClient_cfg` | High
|
||||
17 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
18 | File | `/hss/admin/?page=products/view_product` | High
|
||||
19 | File | `/index.php?app=main&func=passport&action=login` | High
|
||||
20 | File | `/multi-vendor-shopping-script/product-list.php` | High
|
||||
21 | File | `/net-banking/customer_transactions.php` | High
|
||||
22 | File | `/obs/book.php` | High
|
||||
23 | File | `/ossn/administrator/com_installer` | High
|
||||
24 | File | `/owa/auth/logon.aspx` | High
|
||||
25 | File | `/pms/update_user.php?user_id=1` | High
|
||||
26 | File | `/preview.php` | Medium
|
||||
27 | File | `/requests.php` | High
|
||||
28 | File | `/secure/ViewCollectors` | High
|
||||
29 | File | `/spip.php` | Medium
|
||||
30 | File | `/sqlite3_aflpp/shell.c` | High
|
||||
31 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
32 | File | `/sre/params.php` | High
|
||||
33 | File | `/SVFE2/pages/feegroups/service_group.jsf` | High
|
||||
34 | File | `/sys/user/querySysUser?username=admin` | High
|
||||
35 | File | `/uncpath/` | Medium
|
||||
36 | File | `/user/upload/upload` | High
|
||||
37 | File | `/Users` | Low
|
||||
38 | File | `/vendor` | Low
|
||||
39 | File | `AccessibilityManagerService.java` | High
|
||||
40 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
41 | File | `adclick.php` | Medium
|
||||
42 | File | `add_contestant.php` | High
|
||||
43 | File | `admin.php` | Medium
|
||||
44 | File | `admin/edit_category.php` | High
|
||||
45 | File | `admin/index.php` | High
|
||||
46 | File | `admin/make_payments.php` | High
|
||||
47 | File | `admin/_cmdstat.jsp` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 412 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 413 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
|
|
@ -85,39 +85,39 @@ ID | Type | Indicator | Confidence
|
|||
9 | File | `/admin/maintenance/view_designation.php` | High
|
||||
10 | File | `/admin/robot/approval/list` | High
|
||||
11 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
12 | File | `/api/v2/labels/` | High
|
||||
13 | File | `/app/Http/Controllers/Admin/NEditorController.php` | High
|
||||
14 | File | `/apply.cgi` | Medium
|
||||
15 | File | `/cgi-bin/adm.cgi` | High
|
||||
16 | File | `/cgi-bin/go` | Medium
|
||||
17 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
18 | File | `/cgi-bin/wapopen` | High
|
||||
19 | File | `/debug/pprof` | Medium
|
||||
20 | File | `/dl/dl_print.php` | High
|
||||
21 | File | `/etc/gsissh/sshd_config` | High
|
||||
22 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
23 | File | `/forum/away.php` | High
|
||||
24 | File | `/forum/PostPrivateMessage` | High
|
||||
25 | File | `/getcfg.php` | Medium
|
||||
26 | File | `/home/masterConsole` | High
|
||||
27 | File | `/hrm/employeeadd.php` | High
|
||||
28 | File | `/hrm/employeeview.php` | High
|
||||
29 | File | `/info.xml` | Medium
|
||||
30 | File | `/librarian/bookdetails.php` | High
|
||||
31 | File | `/mgmt/tm/util/bash` | High
|
||||
32 | File | `/mics/j_spring_security_check` | High
|
||||
33 | File | `/nova/bin/sniffer` | High
|
||||
34 | File | `/ofcms/company-c-47` | High
|
||||
35 | File | `/opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def` | High
|
||||
36 | File | `/pms/update_user.php?user_id=1` | High
|
||||
37 | File | `/public/login.htm` | High
|
||||
38 | File | `/rom-0` | Low
|
||||
39 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
40 | File | `/secure/ViewCollectors` | High
|
||||
41 | File | `/Session` | Medium
|
||||
42 | File | `/spip.php` | Medium
|
||||
43 | File | `/staff_login.php` | High
|
||||
44 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
12 | File | `/apply.cgi` | Medium
|
||||
13 | File | `/cgi-bin/adm.cgi` | High
|
||||
14 | File | `/cgi-bin/go` | Medium
|
||||
15 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
16 | File | `/cgi-bin/wapopen` | High
|
||||
17 | File | `/debug/pprof` | Medium
|
||||
18 | File | `/dl/dl_print.php` | High
|
||||
19 | File | `/etc/gsissh/sshd_config` | High
|
||||
20 | File | `/face-recognition-php/facepay-master/camera.php` | High
|
||||
21 | File | `/forum/away.php` | High
|
||||
22 | File | `/forum/PostPrivateMessage` | High
|
||||
23 | File | `/getcfg.php` | Medium
|
||||
24 | File | `/home/masterConsole` | High
|
||||
25 | File | `/hrm/employeeadd.php` | High
|
||||
26 | File | `/hrm/employeeview.php` | High
|
||||
27 | File | `/info.xml` | Medium
|
||||
28 | File | `/librarian/bookdetails.php` | High
|
||||
29 | File | `/mgmt/tm/util/bash` | High
|
||||
30 | File | `/mics/j_spring_security_check` | High
|
||||
31 | File | `/ofcms/company-c-47` | High
|
||||
32 | File | `/opt/vyatta/share/vyatta-cfg/templates/system/static-host-mapping/host-name/node.def` | High
|
||||
33 | File | `/pms/update_user.php?user_id=1` | High
|
||||
34 | File | `/public/login.htm` | High
|
||||
35 | File | `/rom-0` | Low
|
||||
36 | File | `/scripts/unlock_tasks.php` | High
|
||||
37 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
38 | File | `/secure/ViewCollectors` | High
|
||||
39 | File | `/Session` | Medium
|
||||
40 | File | `/spip.php` | Medium
|
||||
41 | File | `/staff_login.php` | High
|
||||
42 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
43 | File | `/uncpath/` | Medium
|
||||
44 | File | `/usr/sbin/httpd` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 386 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
|
|
@ -111,7 +111,7 @@ ID | Type | Indicator | Confidence
|
|||
48 | File | `add_ons.php` | Medium
|
||||
49 | ... | ... | ...
|
||||
|
||||
There are 426 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 429 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -131,9 +131,10 @@ ID | Type | Indicator | Confidence
|
|||
58 | File | `App/Modules/Admin/Tpl/default/Public/dwz/uploadify/scripts/uploadify.swf` | High
|
||||
59 | File | `application.php` | High
|
||||
60 | File | `apply.cgi` | Medium
|
||||
61 | ... | ... | ...
|
||||
61 | File | `asp:.jpg` | Medium
|
||||
62 | ... | ... | ...
|
||||
|
||||
There are 536 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 539 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
|
|
@ -402,7 +402,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29, CWE-36 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-29 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
|
@ -417,66 +417,61 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/?r=recruit/resume/edit&op=status` | High
|
||||
2 | File | `/admin/?page=user/list` | High
|
||||
3 | File | `/admin/?page=user/manage_user&id=3` | High
|
||||
4 | File | `/admin/about-us.php` | High
|
||||
5 | File | `/admin/del_category.php` | High
|
||||
6 | File | `/admin/del_service.php` | High
|
||||
7 | File | `/admin/edit-accepted-appointment.php` | High
|
||||
8 | File | `/admin/edit-services.php` | High
|
||||
9 | File | `/admin/edit_category.php` | High
|
||||
10 | File | `/admin/forgot-password.php` | High
|
||||
11 | File | `/admin/index.php` | High
|
||||
12 | File | `/admin/search-appointment.php` | High
|
||||
13 | File | `/admin/students/view_details.php` | High
|
||||
14 | File | `/admin/sys_sql_query.php` | High
|
||||
15 | File | `/ajax.php?action=read_msg` | High
|
||||
16 | File | `/api/baskets/{name}` | High
|
||||
17 | File | `/api/sys/set_passwd` | High
|
||||
18 | File | `/api/upload.php` | High
|
||||
19 | File | `/api?path=profile` | High
|
||||
20 | File | `/blog` | Low
|
||||
21 | File | `/booking/show_bookings/` | High
|
||||
22 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
23 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
24 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
25 | File | `/ci_spms/admin/search/searching/` | High
|
||||
26 | File | `/classes/Master.php?f=save_brand` | High
|
||||
27 | File | `/common/info.cgi` | High
|
||||
28 | File | `/company/store` | High
|
||||
29 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
30 | File | `/debug/pprof` | Medium
|
||||
31 | File | `/emap/devicePoint_addImgIco?hasSubsystem=true` | High
|
||||
32 | File | `/env` | Low
|
||||
33 | File | `/etc/passwd` | Medium
|
||||
34 | File | `/etc/pki/pesign` | High
|
||||
35 | File | `/EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3` | High
|
||||
36 | File | `/forum/away.php` | High
|
||||
37 | File | `/goform/setportList` | High
|
||||
38 | File | `/goform/set_LimitClient_cfg` | High
|
||||
39 | File | `/graphql` | Medium
|
||||
40 | File | `/group1/uploa` | High
|
||||
41 | File | `/includes/db_connect.php` | High
|
||||
42 | File | `/includes/session.php` | High
|
||||
43 | File | `/index.php` | Medium
|
||||
44 | File | `/listplace/user/coverPhotoUpdate` | High
|
||||
45 | File | `/modules/projects/vw_files.php` | High
|
||||
46 | File | `/modules/public/calendar.php` | High
|
||||
47 | File | `/modules/public/date_format.php` | High
|
||||
48 | File | `/modules/tasks/gantt.php` | High
|
||||
49 | File | `/net/sched/cls_fw.c` | High
|
||||
50 | File | `/php-fusion/infusions/shoutbox_panel/shoutbox_archive.php` | High
|
||||
51 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
52 | File | `/preview.php` | Medium
|
||||
53 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
54 | File | `/resources//../` | High
|
||||
55 | File | `/search.php` | Medium
|
||||
56 | File | `/Service/ImageStationDataService.asmx` | High
|
||||
57 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
58 | ... | ... | ...
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin.php?c=upload&f=zip&_noCache=0.1683794968` | High
|
||||
3 | File | `/admin/?page=user/list` | High
|
||||
4 | File | `/admin/adclass.php` | High
|
||||
5 | File | `/admin/students/view_details.php` | High
|
||||
6 | File | `/ajax-files/followBoard.php` | High
|
||||
7 | File | `/ajax.php?action=read_msg` | High
|
||||
8 | File | `/api/baskets/{name}` | High
|
||||
9 | File | `/api/sys/set_passwd` | High
|
||||
10 | File | `/api/upload.php` | High
|
||||
11 | File | `/app/search/table` | High
|
||||
12 | File | `/auth/callback` | High
|
||||
13 | File | `/authenticationendpoint/login.do` | High
|
||||
14 | File | `/bsms_ci/index.php/user/edit_user/` | High
|
||||
15 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
16 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
17 | File | `/cgi.cgi` | Medium
|
||||
18 | File | `/ci_spms/admin/search/searching/` | High
|
||||
19 | File | `/collection/all` | High
|
||||
20 | File | `/common/info.cgi` | High
|
||||
21 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
22 | File | `/debug/pprof` | Medium
|
||||
23 | File | `/etc/pki/pesign` | High
|
||||
24 | File | `/file/upload/1` | High
|
||||
25 | File | `/forum/away.php` | High
|
||||
26 | File | `/getcfg.php` | Medium
|
||||
27 | File | `/goform/setportList` | High
|
||||
28 | File | `/goform/set_LimitClient_cfg` | High
|
||||
29 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
30 | File | `/group1/uploa` | High
|
||||
31 | File | `/h/autoSaveDraft` | High
|
||||
32 | File | `/includes/db_connect.php` | High
|
||||
33 | File | `/includes/session.php` | High
|
||||
34 | File | `/index.php?page=member` | High
|
||||
35 | File | `/modules/projects/vw_files.php` | High
|
||||
36 | File | `/modules/public/calendar.php` | High
|
||||
37 | File | `/modules/public/date_format.php` | High
|
||||
38 | File | `/modules/tasks/gantt.php` | High
|
||||
39 | File | `/net/sched/cls_fw.c` | High
|
||||
40 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
41 | File | `/preview.php` | Medium
|
||||
42 | File | `/QueryView.php` | High
|
||||
43 | File | `/romfile.cfg` | Medium
|
||||
44 | File | `/search.php` | Medium
|
||||
45 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
46 | File | `/staff/bookdetails.php` | High
|
||||
47 | File | `/staff/edit_book_details.php` | High
|
||||
48 | File | `/student/bookdetails.php` | High
|
||||
49 | File | `/trx_addons/v2/get/sc_layout` | High
|
||||
50 | File | `/uncpath/` | Medium
|
||||
51 | File | `/v1/hotlink/proxy` | High
|
||||
52 | File | `/var/log/rkhunter.log` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 503 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 461 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
|
|
@ -153,10 +153,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
5 | T1068 | CWE-264, CWE-266, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -164,47 +164,51 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `//proc/kcore` | Medium
|
||||
2 | File | `/admin/students/view_details.php` | High
|
||||
3 | File | `/ajax.php?action=read_msg` | High
|
||||
4 | File | `/api/baskets/{name}` | High
|
||||
5 | File | `/api/upload.php` | High
|
||||
6 | File | `/api?path=profile` | High
|
||||
7 | File | `/auth/callback` | High
|
||||
8 | File | `/booking/show_bookings/` | High
|
||||
9 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
10 | File | `/ci_spms/admin/search/searching/` | High
|
||||
11 | File | `/classes/Master.php?f=save_brand` | High
|
||||
12 | File | `/debug/pprof` | Medium
|
||||
13 | File | `/Duty/AjaxHandle/UploadHandler.ashx` | High
|
||||
14 | File | `/DXR.axd` | Medium
|
||||
15 | File | `/ecommerce/support_ticket` | High
|
||||
16 | File | `/etc/pki/pesign` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/FuguHub/cmsdocs/` | High
|
||||
1 | File | `/academy/home/courses` | High
|
||||
2 | File | `/admin/adclass.php` | High
|
||||
3 | File | `/admin/students/view_details.php` | High
|
||||
4 | File | `/ajax-files/followBoard.php` | High
|
||||
5 | File | `/ajax.php?action=read_msg` | High
|
||||
6 | File | `/api/baskets/{name}` | High
|
||||
7 | File | `/api/upload.php` | High
|
||||
8 | File | `/api?path=profile` | High
|
||||
9 | File | `/auth/callback` | High
|
||||
10 | File | `/authenticationendpoint/login.do` | High
|
||||
11 | File | `/cgi.cgi` | Medium
|
||||
12 | File | `/ci_spms/admin/search/searching/` | High
|
||||
13 | File | `/classes/Master.php?f=save_brand` | High
|
||||
14 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
15 | File | `/debug/pprof` | Medium
|
||||
16 | File | `/DXR.axd` | Medium
|
||||
17 | File | `/etc/pki/pesign` | High
|
||||
18 | File | `/forum/away.php` | High
|
||||
19 | File | `/goform/setportList` | High
|
||||
20 | File | `/goform/set_LimitClient_cfg` | High
|
||||
21 | File | `/graphql` | Medium
|
||||
22 | File | `/group1/uploa` | High
|
||||
23 | File | `/h/autoSaveDraft` | High
|
||||
24 | File | `/HNAP1` | Low
|
||||
25 | File | `/index.php` | Medium
|
||||
26 | File | `/modules/projects/vw_files.php` | High
|
||||
24 | File | `/index.php?page=member` | High
|
||||
25 | File | `/modules/projects/vw_files.php` | High
|
||||
26 | File | `/php-opos/index.php` | High
|
||||
27 | File | `/plugins/playbooks/api/v0/runs` | High
|
||||
28 | File | `/registration.php` | High
|
||||
28 | File | `/QueryView.php` | High
|
||||
29 | File | `/release-x64/otfccdump+0x61731f` | High
|
||||
30 | File | `/resources//../` | High
|
||||
31 | File | `/romfile.cfg` | Medium
|
||||
32 | File | `/search.php` | Medium
|
||||
33 | File | `/settings/account` | High
|
||||
34 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
35 | File | `/staff/edit_book_details.php` | High
|
||||
36 | File | `/student/bookdetails.php` | High
|
||||
37 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
38 | File | `/videotalk` | Medium
|
||||
39 | ... | ... | ...
|
||||
32 | File | `/scripts/unlock_tasks.php` | High
|
||||
33 | File | `/search` | Low
|
||||
34 | File | `/search.php` | Medium
|
||||
35 | File | `/sitecore/shell/Invoke.aspx` | High
|
||||
36 | File | `/squashfs-root/etc_ro/custom.conf` | High
|
||||
37 | File | `/staff/bookdetails.php` | High
|
||||
38 | File | `/staff/edit_book_details.php` | High
|
||||
39 | File | `/student/bookdetails.php` | High
|
||||
40 | File | `/system/user/modules/mod_users/controller.php` | High
|
||||
41 | File | `/uncpath/` | Medium
|
||||
42 | File | `/videotalk` | Medium
|
||||
43 | ... | ... | ...
|
||||
|
||||
There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 375 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -49,7 +49,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
5 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more TTP items available. Please use our online service to access the data.
|
||||
There are 20 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -80,7 +80,7 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | ... | ... | ...
|
||||
|
||||
There are 182 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 186 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
|
|
@ -48,7 +48,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
4 | T1059 | CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 16 more TTP items available. Please use our online service to access the data.
|
||||
There are 17 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
|
|||
|
|
@ -83,35 +83,37 @@ ID | Type | Indicator | Confidence
|
|||
29 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
30 | File | `/cha.php` | Medium
|
||||
31 | File | `/chaincity/user/ticket/create` | High
|
||||
32 | File | `/College/admin/teacher.php` | High
|
||||
33 | File | `/contactform/contactform.php` | High
|
||||
34 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
35 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
36 | File | `/drivers/block/floppy.c` | High
|
||||
37 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
38 | File | `/ecommerce/support_ticket` | High
|
||||
39 | File | `/etc/config/product.ini` | High
|
||||
40 | File | `/etc/crash` | Medium
|
||||
41 | File | `/etc/shadow` | Medium
|
||||
42 | File | `/fos/admin/ajax.php` | High
|
||||
43 | File | `/friends/ajax_invite` | High
|
||||
44 | File | `/goform/aspForm` | High
|
||||
45 | File | `/goform/WifiGuestSet` | High
|
||||
46 | File | `/home/filter_listings` | High
|
||||
47 | File | `/index.php` | Medium
|
||||
48 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
49 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
50 | File | `/instance/detail` | High
|
||||
51 | File | `/items/search` | High
|
||||
52 | File | `/kelasdosen/data` | High
|
||||
53 | File | `/knowage/restful-services/dossier/importTemplateFile` | High
|
||||
54 | File | `/languages/install.php` | High
|
||||
55 | File | `/login/index.php` | High
|
||||
56 | File | `/matchmakings/question` | High
|
||||
57 | File | `/medicines/profile.php` | High
|
||||
58 | ... | ... | ...
|
||||
32 | File | `/collection/all` | High
|
||||
33 | File | `/College/admin/teacher.php` | High
|
||||
34 | File | `/contactform/contactform.php` | High
|
||||
35 | File | `/Controller/Ajaxfileupload.ashx` | High
|
||||
36 | File | `/dayrui/Fcms/View/system_log.html` | High
|
||||
37 | File | `/drivers/block/floppy.c` | High
|
||||
38 | File | `/ecommerce/admin/category/controller.php` | High
|
||||
39 | File | `/ecommerce/support_ticket` | High
|
||||
40 | File | `/ecrire/exec/puce_statut.php` | High
|
||||
41 | File | `/etc/config/product.ini` | High
|
||||
42 | File | `/etc/shadow` | Medium
|
||||
43 | File | `/files/` | Low
|
||||
44 | File | `/fos/admin/ajax.php` | High
|
||||
45 | File | `/friends/ajax_invite` | High
|
||||
46 | File | `/goform/aspForm` | High
|
||||
47 | File | `/goform/WifiGuestSet` | High
|
||||
48 | File | `/home/filter_listings` | High
|
||||
49 | File | `/index.php` | Medium
|
||||
50 | File | `/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]` | High
|
||||
51 | File | `/index.php?s=/article/ApiAdminArticle/itemAdd` | High
|
||||
52 | File | `/instance/detail` | High
|
||||
53 | File | `/items/search` | High
|
||||
54 | File | `/kelasdosen/data` | High
|
||||
55 | File | `/knowage/restful-services/dossier/importTemplateFile` | High
|
||||
56 | File | `/languages/install.php` | High
|
||||
57 | File | `/log/decodmail.php` | High
|
||||
58 | File | `/matchmakings/question` | High
|
||||
59 | File | `/modules/projects/vw_files.php` | High
|
||||
60 | ... | ... | ...
|
||||
|
||||
There are 508 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 528 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -73,79 +73,75 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/admin/ajax.php?action=delete_window` | High
|
||||
8 | File | `/admin/ajax.php?action=save_area` | High
|
||||
9 | File | `/admin/contacts/organizations/edit/2` | High
|
||||
10 | File | `/admin/edit_admin_details.php?id=admin` | High
|
||||
11 | File | `/admin/edit_category.php` | High
|
||||
12 | File | `/admin/edit_subject.php` | High
|
||||
13 | File | `/admin/extended` | High
|
||||
14 | File | `/admin/index.php` | High
|
||||
15 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
16 | File | `/admin/lab.php` | High
|
||||
17 | File | `/Admin/login.php` | High
|
||||
18 | File | `/admin/modal_add_product.php` | High
|
||||
19 | File | `/admin/report/index.php` | High
|
||||
20 | File | `/admin/save_teacher.php` | High
|
||||
21 | File | `/admin/services/manage_service.php` | High
|
||||
22 | File | `/admin/settings.php` | High
|
||||
23 | File | `/admin/sign/out` | High
|
||||
24 | File | `/admin/upload.php` | High
|
||||
25 | File | `/admin/user/manage_user.php` | High
|
||||
26 | File | `/ajax.php?action=save_company` | High
|
||||
27 | File | `/api/` | Low
|
||||
28 | File | `/api/admin/store/product/list` | High
|
||||
29 | File | `/application/common.php#action_log` | High
|
||||
30 | File | `/backups/` | Medium
|
||||
31 | File | `/blog` | Low
|
||||
32 | File | `/bsms_ci/index.php/book` | High
|
||||
33 | File | `/cardo/api` | Medium
|
||||
34 | File | `/cas/logout` | Medium
|
||||
35 | File | `/category.php` | High
|
||||
36 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
37 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
38 | File | `/cgi-bin/adm.cgi` | High
|
||||
39 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
40 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
41 | File | `/cgi-bin/nightled.cgi` | High
|
||||
42 | File | `/cgi-bin/ping.cgi` | High
|
||||
43 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
44 | File | `/change-language/de_DE` | High
|
||||
45 | File | `/changeimage.php` | High
|
||||
46 | File | `/ci_hms/massage_room/edit/1` | High
|
||||
47 | File | `/ci_hms/search` | High
|
||||
48 | File | `/ci_spms/admin/category` | High
|
||||
49 | File | `/ci_spms/admin/search/searching/` | High
|
||||
50 | File | `/ci_ssms/index.php/orders/create` | High
|
||||
51 | File | `/classes/Master.php?f=delete_category` | High
|
||||
52 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
53 | File | `/classes/Master.php?f=delete_item` | High
|
||||
54 | File | `/classes/Master.php?f=save_item` | High
|
||||
55 | File | `/classes/Users.php` | High
|
||||
56 | File | `/cms/category/list` | High
|
||||
57 | File | `/common/download?filename=1.jsp&delete=false` | High
|
||||
58 | File | `/company/store` | High
|
||||
59 | File | `/config` | Low
|
||||
60 | File | `/crmeb/crmeb/services/UploadService.php` | High
|
||||
61 | File | `/data/remove` | Medium
|
||||
62 | File | `/debug/pprof` | Medium
|
||||
63 | File | `/dede/group_store.php` | High
|
||||
64 | File | `/dialog/select_media.php` | High
|
||||
65 | File | `/ebics-server/ebics.aspx` | High
|
||||
66 | File | `/editbrand.php` | High
|
||||
67 | File | `/edituser.php` | High
|
||||
68 | File | `/employeeview.php` | High
|
||||
69 | File | `/en/blog-comment-4` | High
|
||||
70 | File | `/files/list-file` | High
|
||||
71 | File | `/file_manager/admin/save_user.php` | High
|
||||
72 | File | `/forum/away.php` | High
|
||||
73 | File | `/fos/admin/index.php?page=menu` | High
|
||||
74 | File | `/friends` | Medium
|
||||
75 | File | `/goform/WifiBasicSet` | High
|
||||
76 | File | `/graphql` | Medium
|
||||
77 | File | `/home/courses` | High
|
||||
78 | File | `/index.asp` | Medium
|
||||
79 | File | `/index.php` | Medium
|
||||
80 | ... | ... | ...
|
||||
10 | File | `/admin/edit_category.php` | High
|
||||
11 | File | `/admin/edit_subject.php` | High
|
||||
12 | File | `/admin/extended` | High
|
||||
13 | File | `/admin/index.php` | High
|
||||
14 | File | `/admin/index/index.html#/admin/mall.goods/index.html` | High
|
||||
15 | File | `/admin/lab.php` | High
|
||||
16 | File | `/Admin/login.php` | High
|
||||
17 | File | `/admin/modal_add_product.php` | High
|
||||
18 | File | `/admin/report/index.php` | High
|
||||
19 | File | `/admin/save_teacher.php` | High
|
||||
20 | File | `/admin/services/manage_service.php` | High
|
||||
21 | File | `/admin/settings.php` | High
|
||||
22 | File | `/admin/sign/out` | High
|
||||
23 | File | `/admin/upload.php` | High
|
||||
24 | File | `/admin/user/manage_user.php` | High
|
||||
25 | File | `/ajax.php?action=save_company` | High
|
||||
26 | File | `/api/` | Low
|
||||
27 | File | `/api/admin/store/product/list` | High
|
||||
28 | File | `/application/common.php#action_log` | High
|
||||
29 | File | `/backups/` | Medium
|
||||
30 | File | `/blog` | Low
|
||||
31 | File | `/bsms_ci/index.php/book` | High
|
||||
32 | File | `/cardo/api` | Medium
|
||||
33 | File | `/cas/logout` | Medium
|
||||
34 | File | `/category.php` | High
|
||||
35 | File | `/category/list?limit=10&offset=0&order=desc` | High
|
||||
36 | File | `/CCMAdmin/serverlist.asp` | High
|
||||
37 | File | `/cgi-bin/adm.cgi` | High
|
||||
38 | File | `/cgi-bin/jumpto.php?class=user&page=config_save&isphp=1` | High
|
||||
39 | File | `/cgi-bin/mesh.cgi?page=upgrade` | High
|
||||
40 | File | `/cgi-bin/nightled.cgi` | High
|
||||
41 | File | `/cgi-bin/ping.cgi` | High
|
||||
42 | File | `/cgi-bin/touchlist_sync.cgi` | High
|
||||
43 | File | `/change-language/de_DE` | High
|
||||
44 | File | `/changeimage.php` | High
|
||||
45 | File | `/classes/Master.php?f=delete_category` | High
|
||||
46 | File | `/classes/Master.php?f=delete_inquiry` | High
|
||||
47 | File | `/classes/Master.php?f=delete_item` | High
|
||||
48 | File | `/classes/Master.php?f=save_item` | High
|
||||
49 | File | `/classes/Users.php` | High
|
||||
50 | File | `/cms/category/list` | High
|
||||
51 | File | `/collection/all` | High
|
||||
52 | File | `/common/download?filename=1.jsp&delete=false` | High
|
||||
53 | File | `/company/store` | High
|
||||
54 | File | `/config` | Low
|
||||
55 | File | `/crmeb/crmeb/services/UploadService.php` | High
|
||||
56 | File | `/data/remove` | Medium
|
||||
57 | File | `/debug/pprof` | Medium
|
||||
58 | File | `/dede/group_store.php` | High
|
||||
59 | File | `/dialog/select_media.php` | High
|
||||
60 | File | `/ebics-server/ebics.aspx` | High
|
||||
61 | File | `/editbrand.php` | High
|
||||
62 | File | `/edituser.php` | High
|
||||
63 | File | `/employeeview.php` | High
|
||||
64 | File | `/en/blog-comment-4` | High
|
||||
65 | File | `/files/list-file` | High
|
||||
66 | File | `/file_manager/admin/save_user.php` | High
|
||||
67 | File | `/forum/away.php` | High
|
||||
68 | File | `/fos/admin/index.php?page=menu` | High
|
||||
69 | File | `/friends` | Medium
|
||||
70 | File | `/goform/WifiBasicSet` | High
|
||||
71 | File | `/graphql` | Medium
|
||||
72 | File | `/home/courses` | High
|
||||
73 | File | `/index.asp` | Medium
|
||||
74 | File | `/index.php` | Medium
|
||||
75 | File | `/items/search` | High
|
||||
76 | ... | ... | ...
|
||||
|
||||
There are 705 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 668 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -82,7 +82,7 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
25 | ... | ... | ...
|
||||
|
||||
There are 210 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 211 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,118 @@
|
|||
# CVE-2023-22952 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the campaign known as _CVE-2023-22952_. The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor](https://vuldb.com/?actor)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CVE-2023-22952:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [GR](https://vuldb.com/?country.gr)
|
||||
* ...
|
||||
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
These _actors_ are associated with CVE-2023-22952 or other actors linked to the campaign.
|
||||
|
||||
ID | Actor | Confidence
|
||||
-- | ----- | ----------
|
||||
1 | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CVE-2023-22952.
|
||||
|
||||
ID | IP address | Hostname | Actor | Confidence
|
||||
-- | ---------- | -------- | ----- | ----------
|
||||
1 | [13.90.77.93](https://vuldb.com/?ip.13.90.77.93) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||
2 | [31.132.2.66](https://vuldb.com/?ip.31.132.2.66) | no.rdns.ukservers.com | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used within CVE-2023-22952. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22, CWE-23 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during CVE-2023-22952. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.procmailrc` | Medium
|
||||
2 | File | `/about.php` | Medium
|
||||
3 | File | `/admin-ajax.php?action=eps_redirect_save` | High
|
||||
4 | File | `/admin.php` | Medium
|
||||
5 | File | `/admin.php/accessory/filesdel.html` | High
|
||||
6 | File | `/admin/` | Low
|
||||
7 | File | `/Admin/add-student.php` | High
|
||||
8 | File | `/admin/api/theme-edit/` | High
|
||||
9 | File | `/admin/index3.php` | High
|
||||
10 | File | `/admin/photo.php` | High
|
||||
11 | File | `/adms/admin/?page=vehicles/view_transaction` | High
|
||||
12 | File | `/auth` | Low
|
||||
13 | File | `/catcompany.php` | High
|
||||
14 | File | `/cms/category/list` | High
|
||||
15 | File | `/dashboard/view-chair-list.php` | High
|
||||
16 | File | `/Default/Bd` | Medium
|
||||
17 | File | `/ebics-server/ebics.aspx` | High
|
||||
18 | File | `/egroupware/index.php` | High
|
||||
19 | File | `/etc/hosts` | Medium
|
||||
20 | File | `/forum/away.php` | High
|
||||
21 | File | `/GponForm/device_Form?script/` | High
|
||||
22 | File | `/GponForm/fsetup_Form` | High
|
||||
23 | File | `/GponForm/usb_restore_Form?script/` | High
|
||||
24 | File | `/hrm/employeeview.php` | High
|
||||
25 | File | `/includes/decorators/global-translations.jsp` | High
|
||||
26 | File | `/index.php` | Medium
|
||||
27 | File | `/loginsave.php` | High
|
||||
28 | File | `/param.file.tgz` | High
|
||||
29 | File | `/product_list.php` | High
|
||||
30 | File | `/public_html/users.php` | High
|
||||
31 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
32 | File | `/see_more_details.php` | High
|
||||
33 | File | `/server-status` | High
|
||||
34 | File | `/setSystemAdmin` | High
|
||||
35 | File | `/uncpath/` | Medium
|
||||
36 | File | `/user/s.php` | Medium
|
||||
37 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
38 | File | `/WEB-INF/web.xml` | High
|
||||
39 | File | `/wireless/guestnetwork.asp` | High
|
||||
40 | File | `?r=recruit/interview/export&interviews=x` | High
|
||||
41 | File | `adclick.php` | Medium
|
||||
42 | File | `add-locker-form.php` | High
|
||||
43 | File | `addentry.php` | Medium
|
||||
44 | File | `admin.php` | Medium
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 394 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
||||
|
||||
* https://unit42.paloaltonetworks.com/sugarcrm-cloud-incident-black-hat/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [KR](https://vuldb.com/?country.kr)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 5 more country items available. Please use our online service to access the data.
|
||||
There are 13 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
|
|
@ -32,18 +32,20 @@ ID | IP address | Hostname | Actor | Confidence
|
|||
-- | ---------- | -------- | ----- | ----------
|
||||
1 | [23.224.42.5](https://vuldb.com/?ip.23.224.42.5) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||
2 | [23.224.42.29](https://vuldb.com/?ip.23.224.42.29) | - | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
3 | [23.224.78.130](https://vuldb.com/?ip.23.224.78.130) | - | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
3 | [23.224.78.130](https://vuldb.com/?ip.23.224.78.130) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||
4 | [23.224.78.131](https://vuldb.com/?ip.23.224.78.131) | - | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
5 | [23.224.78.132](https://vuldb.com/?ip.23.224.78.132) | - | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
6 | [23.224.78.133](https://vuldb.com/?ip.23.224.78.133) | - | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
7 | [23.224.78.134](https://vuldb.com/?ip.23.224.78.134) | - | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
7 | [23.224.78.134](https://vuldb.com/?ip.23.224.78.134) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||
8 | [37.9.35.217](https://vuldb.com/?ip.37.9.35.217) | cdwk201570.example.com | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
9 | [38.54.1.82](https://vuldb.com/?ip.38.54.1.82) | - | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
10 | [38.54.113.205](https://vuldb.com/?ip.38.54.113.205) | - | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
11 | [38.60.254.165](https://vuldb.com/?ip.38.60.254.165) | - | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
12 | ... | ... | ... | ...
|
||||
12 | [45.63.76.67](https://vuldb.com/?ip.45.63.76.67) | 45.63.76.67.vultrusercontent.com | [UNC4841](https://vuldb.com/?actor.unc4841) | High
|
||||
13 | [45.148.16.42](https://vuldb.com/?ip.45.148.16.42) | - | [Unknown](https://vuldb.com/?actor.unknown) | High
|
||||
14 | ... | ... | ... | ...
|
||||
|
||||
There are 44 more IOC items available. Please use our online service to access the data.
|
||||
There are 50 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
|
@ -53,12 +55,12 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24 | Pathname Traversal | High
|
||||
2 | T1055 | CWE-74 | Injection | High
|
||||
3 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059 | CWE-88, CWE-94 | Cross Site Scripting | High
|
||||
4 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
5 | T1068 | CWE-250, CWE-264, CWE-269, CWE-284 | J2EE Misconfiguration: Weak Access Permissions for EJB Methods | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 18 more TTP items available. Please use our online service to access the data.
|
||||
There are 21 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
|
@ -70,46 +72,58 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/api/` | Low
|
||||
3 | File | `/api/RecordingList/DownloadRecord?file=` | High
|
||||
4 | File | `/api/sys/login` | High
|
||||
5 | File | `/app/options.py` | High
|
||||
6 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
7 | File | `/cgi/sshcheck.cgi` | High
|
||||
8 | File | `/classes/Users.php?f=save` | High
|
||||
9 | File | `/common/download?filename=1.jsp&delete=false` | High
|
||||
10 | File | `/crmeb/crmeb/services/UploadService.php` | High
|
||||
11 | File | `/debug/pprof` | Medium
|
||||
12 | File | `/etc/postfix/sender_login` | High
|
||||
13 | File | `/example/editor` | High
|
||||
14 | File | `/filemanager/php/connector.php` | High
|
||||
15 | File | `/filemanager/upload.php` | High
|
||||
16 | File | `/forgetpassword.php` | High
|
||||
17 | File | `/forum/away.php` | High
|
||||
18 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
19 | File | `/Items/*/RemoteImages/Download` | High
|
||||
20 | File | `/items/view_item.php` | High
|
||||
21 | File | `/librarian/bookdetails.php` | High
|
||||
22 | File | `/mail/index.html` | High
|
||||
23 | File | `/medical/inventories.php` | High
|
||||
24 | File | `/modules/profile/index.php` | High
|
||||
25 | File | `/out.php` | Medium
|
||||
26 | File | `/php-jms/updateTxtview.php` | High
|
||||
27 | File | `/proxy` | Low
|
||||
28 | File | `/question.php` | High
|
||||
29 | File | `/resources//../` | High
|
||||
30 | File | `/RestAPI` | Medium
|
||||
31 | File | `/start_apply.htm` | High
|
||||
32 | File | `/student/bookdetails.php` | High
|
||||
33 | File | `/templates/header.inc.php` | High
|
||||
34 | File | `/user/getuserprofile` | High
|
||||
35 | File | `/user/loader.php?api=1` | High
|
||||
36 | ... | ... | ...
|
||||
5 | File | `/api/trackedEntityInstances` | High
|
||||
6 | File | `/app/options.py` | High
|
||||
7 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
8 | File | `/cgi/sshcheck.cgi` | High
|
||||
9 | File | `/classes/Users.php?f=save` | High
|
||||
10 | File | `/common/download?filename=1.jsp&delete=false` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/crmeb/crmeb/services/UploadService.php` | High
|
||||
13 | File | `/debug/pprof` | Medium
|
||||
14 | File | `/etc/postfix/sender_login` | High
|
||||
15 | File | `/example/editor` | High
|
||||
16 | File | `/filemanager/php/connector.php` | High
|
||||
17 | File | `/filemanager/upload.php` | High
|
||||
18 | File | `/forgetpassword.php` | High
|
||||
19 | File | `/forum/away.php` | High
|
||||
20 | File | `/ghost/preview` | High
|
||||
21 | File | `/home/www/cgi-bin/login.cgi` | High
|
||||
22 | File | `/index.php` | Medium
|
||||
23 | File | `/Items/*/RemoteImages/Download` | High
|
||||
24 | File | `/items/view_item.php` | High
|
||||
25 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
26 | File | `/librarian/bookdetails.php` | High
|
||||
27 | File | `/mail/index.html` | High
|
||||
28 | File | `/medical/inventories.php` | High
|
||||
29 | File | `/members/view_member.php` | High
|
||||
30 | File | `/modules/profile/index.php` | High
|
||||
31 | File | `/out.php` | Medium
|
||||
32 | File | `/owa/auth/logon.aspx` | High
|
||||
33 | File | `/php-jms/updateTxtview.php` | High
|
||||
34 | File | `/proxy` | Low
|
||||
35 | File | `/question.php` | High
|
||||
36 | File | `/replication` | Medium
|
||||
37 | File | `/resources//../` | High
|
||||
38 | File | `/RestAPI` | Medium
|
||||
39 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
40 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
41 | File | `/start_apply.htm` | High
|
||||
42 | File | `/student/bookdetails.php` | High
|
||||
43 | File | `/templates/header.inc.php` | High
|
||||
44 | File | `/uncpath/` | Medium
|
||||
45 | File | `/user/getuserprofile` | High
|
||||
46 | File | `/user/loader.php?api=1` | High
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 307 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
||||
|
||||
* https://www.barracuda.com/company/legal/esg-vulnerability
|
||||
* https://www.cisa.gov/news-events/alerts/2023/08/29/cisa-releases-iocs-associated-malicious-barracuda-activity
|
||||
* https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally
|
||||
|
||||
## Literature
|
||||
|
|
|
|||
|
|
@ -8,6 +8,7 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CVE-2023-28771:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## Actors
|
||||
|
|
|
|||
|
|
@ -0,0 +1,80 @@
|
|||
# CVE-2023-32315 - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the campaign known as _CVE-2023-32315_. The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor](https://vuldb.com/?actor)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with CVE-2023-32315:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## Actors
|
||||
|
||||
These _actors_ are associated with CVE-2023-32315 or other actors linked to the campaign.
|
||||
|
||||
ID | Actor | Confidence
|
||||
-- | ----- | ----------
|
||||
1 | [Kinsing](https://vuldb.com/?actor.kinsing) | High
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of CVE-2023-32315.
|
||||
|
||||
ID | IP address | Hostname | Actor | Confidence
|
||||
-- | ---------- | -------- | ----- | ----------
|
||||
1 | [5.35.101.62](https://vuldb.com/?ip.5.35.101.62) | hosted-by.ruweb.net | [Kinsing](https://vuldb.com/?actor.kinsing) | High
|
||||
2 | [31.184.240.34](https://vuldb.com/?ip.31.184.240.34) | 106863.web.hosting-russia.ru | [Kinsing](https://vuldb.com/?actor.kinsing) | High
|
||||
3 | [51.222.154.100](https://vuldb.com/?ip.51.222.154.100) | ns577710.ip-51-222-154.net | [Kinsing](https://vuldb.com/?actor.kinsing) | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used within CVE-2023-32315. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-22 | Pathname Traversal | High
|
||||
2 | T1059 | CWE-94 | Cross Site Scripting | High
|
||||
3 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration during CVE-2023-32315. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `access.conf` | Medium
|
||||
2 | File | `burl.c` | Low
|
||||
3 | File | `drivers/net/usb/sr9700.c` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the campaign and the associated activities:
|
||||
|
||||
* https://blog.aquasec.com/kinsing-malware-exploits-novel-openfire-vulnerability
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2023](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
||||
|
|
@ -53,7 +53,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-28 | Pathname Traversal | High
|
||||
1 | T1006 | CWE-21, CWE-22, CWE-23, CWE-24, CWE-28 | Pathname Traversal | High
|
||||
2 | T1040 | CWE-294, CWE-319 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1055 | CWE-74 | Injection | High
|
||||
4 | T1059 | CWE-88, CWE-94, CWE-1321 | Cross Site Scripting | High
|
||||
|
|
@ -92,30 +92,31 @@ ID | Type | Indicator | Confidence
|
|||
22 | File | `/cgi-bin` | Medium
|
||||
23 | File | `/cgi-bin/luci/api/wireless` | High
|
||||
24 | File | `/cgi-bin/wlogin.cgi` | High
|
||||
25 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
26 | File | `/debug/pprof` | Medium
|
||||
27 | File | `/env` | Low
|
||||
28 | File | `/etc/hosts` | Medium
|
||||
29 | File | `/forum/away.php` | High
|
||||
30 | File | `/goform/setmac` | High
|
||||
31 | File | `/goform/wizard_end` | High
|
||||
32 | File | `/index.php` | Medium
|
||||
33 | File | `/librarian/bookdetails.php` | High
|
||||
34 | File | `/login/index.php` | High
|
||||
35 | File | `/manage-apartment.php` | High
|
||||
36 | File | `/medicines/profile.php` | High
|
||||
37 | File | `/mkshop/Men/profile.php` | High
|
||||
38 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
39 | File | `/pages/apply_vacancy.php` | High
|
||||
40 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
41 | File | `/proxy` | Low
|
||||
42 | File | `/reservation/add_message.php` | High
|
||||
43 | File | `/resources//../` | High
|
||||
44 | File | `/spip.php` | Medium
|
||||
45 | File | `/tmp` | Low
|
||||
46 | ... | ... | ...
|
||||
25 | File | `/Content/Template/root/reverse-shell.aspx` | High
|
||||
26 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
27 | File | `/debug/pprof` | Medium
|
||||
28 | File | `/env` | Low
|
||||
29 | File | `/etc/hosts` | Medium
|
||||
30 | File | `/forum/away.php` | High
|
||||
31 | File | `/goform/setmac` | High
|
||||
32 | File | `/goform/wizard_end` | High
|
||||
33 | File | `/group1/uploa` | High
|
||||
34 | File | `/index.php` | Medium
|
||||
35 | File | `/librarian/bookdetails.php` | High
|
||||
36 | File | `/login/index.php` | High
|
||||
37 | File | `/manage-apartment.php` | High
|
||||
38 | File | `/medicines/profile.php` | High
|
||||
39 | File | `/mkshop/Men/profile.php` | High
|
||||
40 | File | `/modules/caddyhttp/rewrite/rewrite.go` | High
|
||||
41 | File | `/pages/apply_vacancy.php` | High
|
||||
42 | File | `/php-sms/admin/?page=user/manage_user` | High
|
||||
43 | File | `/proxy` | Low
|
||||
44 | File | `/reservation/add_message.php` | High
|
||||
45 | File | `/resources//../` | High
|
||||
46 | File | `/spip.php` | Medium
|
||||
47 | ... | ... | ...
|
||||
|
||||
There are 403 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 407 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue