Update
This commit is contained in:
parent
d181d02f63
commit
4e0d577a2c
|
@ -0,0 +1,64 @@
|
|||
# 00519ead - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [00519ead](https://vuldb.com/?actor.00519ead). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.00519ead](https://vuldb.com/?actor.00519ead)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with 00519ead:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of 00519ead.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
2 | [34.226.238.42](https://vuldb.com/?ip.34.226.238.42) | ec2-34-226-238-42.compute-1.amazonaws.com | - | Medium
|
||||
3 | [104.16.13.194](https://vuldb.com/?ip.104.16.13.194) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _00519ead_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by 00519ead. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `comment_add.asp` | High
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `inc/config.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/02/threat-roundup-0201-0208.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,66 @@
|
|||
# 00536d - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [00536d](https://vuldb.com/?actor.00536d). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.00536d](https://vuldb.com/?actor.00536d)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with 00536d:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of 00536d.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [8.208.9.98](https://vuldb.com/?ip.8.208.9.98) | - | - | High
|
||||
2 | [54.39.74.124](https://vuldb.com/?ip.54.39.74.124) | - | - | High
|
||||
3 | [92.242.63.202](https://vuldb.com/?ip.92.242.63.202) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _00536d_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1555 | CWE-312 | Cleartext Storage of Sensitive Information | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by 00536d. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/data/nvram` | Medium
|
||||
2 | File | `categorie.php3` | High
|
||||
3 | File | `cgi-bin/` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 17 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/10/threat-roundup-1019-1026.html
|
||||
* https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -50,64 +50,64 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/assets/ctx` | Medium
|
||||
4 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
5 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
6 | File | `/config/getuser` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/ext/phar/phar_object.c` | High
|
||||
9 | File | `/filemanager/php/connector.php` | High
|
||||
10 | File | `/get_getnetworkconf.cgi` | High
|
||||
11 | File | `/HNAP1` | Low
|
||||
12 | File | `/include/chart_generator.php` | High
|
||||
13 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
14 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
15 | File | `/modx/manager/index.php` | High
|
||||
16 | File | `/osm/REGISTER.cmd` | High
|
||||
17 | File | `/product_list.php` | High
|
||||
18 | File | `/replication` | Medium
|
||||
19 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
20 | File | `/supervisor/procesa_carga.php` | High
|
||||
21 | File | `/type.php` | Medium
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/usr/bin/pkexec` | High
|
||||
24 | File | `/zm/index.php` | High
|
||||
25 | File | `4.2.0.CP09` | Medium
|
||||
26 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
27 | File | `802dot1xclientcert.cgi` | High
|
||||
28 | File | `add.exe` | Low
|
||||
29 | File | `addentry.php` | Medium
|
||||
30 | File | `admin-ajax.php` | High
|
||||
31 | File | `admin.color.php` | High
|
||||
32 | File | `admin.cropcanvas.php` | High
|
||||
33 | File | `admin.joomlaradiov5.php` | High
|
||||
34 | File | `admin.php` | Medium
|
||||
35 | File | `admin.php?m=Food&a=addsave` | High
|
||||
36 | File | `admin/conf_users_edit.php` | High
|
||||
37 | File | `admin/index.php` | High
|
||||
38 | File | `admin/user.php` | High
|
||||
39 | File | `admin/write-post.php` | High
|
||||
40 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
41 | File | `admin_events.php` | High
|
||||
42 | File | `ajax_new_account.php` | High
|
||||
43 | File | `akocomments.php` | High
|
||||
44 | File | `allopass-error.php` | High
|
||||
45 | File | `announcement.php` | High
|
||||
46 | File | `apply.cgi` | Medium
|
||||
47 | File | `archiver\index.php` | High
|
||||
48 | File | `artlinks.dispnew.php` | High
|
||||
49 | File | `auth.inc.php` | Medium
|
||||
50 | File | `authorization.do` | High
|
||||
51 | File | `awstats.pl` | Medium
|
||||
52 | File | `backoffice/login.asp` | High
|
||||
53 | File | `bb_usage_stats.php` | High
|
||||
54 | File | `binder.c` | Medium
|
||||
55 | File | `bl-kernel/ajax/upload-images.php` | High
|
||||
4 | File | `/bsms/?page=products` | High
|
||||
5 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
6 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
7 | File | `/config/getuser` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/ext/phar/phar_object.c` | High
|
||||
10 | File | `/filemanager/php/connector.php` | High
|
||||
11 | File | `/get_getnetworkconf.cgi` | High
|
||||
12 | File | `/HNAP1` | Low
|
||||
13 | File | `/include/chart_generator.php` | High
|
||||
14 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
15 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
16 | File | `/modx/manager/index.php` | High
|
||||
17 | File | `/osm/REGISTER.cmd` | High
|
||||
18 | File | `/product_list.php` | High
|
||||
19 | File | `/replication` | Medium
|
||||
20 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
21 | File | `/supervisor/procesa_carga.php` | High
|
||||
22 | File | `/type.php` | Medium
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/usr/bin/pkexec` | High
|
||||
25 | File | `/zm/index.php` | High
|
||||
26 | File | `4.2.0.CP09` | Medium
|
||||
27 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
28 | File | `802dot1xclientcert.cgi` | High
|
||||
29 | File | `add.exe` | Low
|
||||
30 | File | `addentry.php` | Medium
|
||||
31 | File | `admin-ajax.php` | High
|
||||
32 | File | `admin.color.php` | High
|
||||
33 | File | `admin.cropcanvas.php` | High
|
||||
34 | File | `admin.joomlaradiov5.php` | High
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin.php?m=Food&a=addsave` | High
|
||||
37 | File | `admin/conf_users_edit.php` | High
|
||||
38 | File | `admin/index.php` | High
|
||||
39 | File | `admin/user.php` | High
|
||||
40 | File | `admin/write-post.php` | High
|
||||
41 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
42 | File | `admin_events.php` | High
|
||||
43 | File | `ajax_new_account.php` | High
|
||||
44 | File | `akocomments.php` | High
|
||||
45 | File | `allopass-error.php` | High
|
||||
46 | File | `announcement.php` | High
|
||||
47 | File | `apply.cgi` | Medium
|
||||
48 | File | `archiver\index.php` | High
|
||||
49 | File | `artlinks.dispnew.php` | High
|
||||
50 | File | `auth.inc.php` | Medium
|
||||
51 | File | `authorization.do` | High
|
||||
52 | File | `awstats.pl` | Medium
|
||||
53 | File | `backoffice/login.asp` | High
|
||||
54 | File | `bb_usage_stats.php` | High
|
||||
55 | File | `binder.c` | Medium
|
||||
56 | File | `books.php` | Medium
|
||||
57 | File | `C:\Python27` | Medium
|
||||
58 | File | `C:\Windows\System32\config\SAM` | High
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 517 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 516 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -68,7 +68,7 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `adm/boardgroup_form_update.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 16 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 18 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -68,7 +68,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -84,11 +84,11 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/images/` | Medium
|
||||
7 | File | `/inc/parser/xhtml.php` | High
|
||||
8 | File | `/login` | Low
|
||||
9 | File | `/mgmt/shared/authz/users/` | High
|
||||
10 | File | `/modules/profile/index.php` | High
|
||||
11 | File | `/one_church/userregister.php` | High
|
||||
12 | File | `/out.php` | Medium
|
||||
13 | File | `/public/plugins/` | High
|
||||
9 | File | `/modules/profile/index.php` | High
|
||||
10 | File | `/one_church/userregister.php` | High
|
||||
11 | File | `/out.php` | Medium
|
||||
12 | File | `/public/plugins/` | High
|
||||
13 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
14 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
15 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
16 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
|
|
|
@ -105,37 +105,36 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/.env` | Low
|
||||
3 | File | `/admin.php` | Medium
|
||||
4 | File | `/category_view.php` | High
|
||||
5 | File | `/dev/kmem` | Medium
|
||||
6 | File | `/file?action=download&file` | High
|
||||
7 | File | `/filemanager/upload.php` | High
|
||||
8 | File | `/medical/inventories.php` | High
|
||||
9 | File | `/monitoring` | Medium
|
||||
10 | File | `/NAGErrors` | Medium
|
||||
11 | File | `/plugins/servlet/audit/resource` | High
|
||||
12 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
13 | File | `/REBOOTSYSTEM` | High
|
||||
14 | File | `/replication` | Medium
|
||||
15 | File | `/reports/rwservlet` | High
|
||||
16 | File | `/RestAPI` | Medium
|
||||
17 | File | `/tmp` | Low
|
||||
18 | File | `/tmp/speedtest_urls.xml` | High
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/var/log/nginx` | High
|
||||
21 | File | `/wp-admin/admin.php` | High
|
||||
22 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
23 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
24 | File | `admin/app/mediamanager` | High
|
||||
25 | File | `admin/index.php` | High
|
||||
26 | File | `admin\model\catalog\download.php` | High
|
||||
27 | File | `afr.php` | Low
|
||||
28 | File | `apcupsd.pid` | Medium
|
||||
29 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
|
||||
30 | File | `api/sms/send-sms` | High
|
||||
31 | File | `api/v1/alarms` | High
|
||||
32 | File | `application/controller/InstallerController.php` | High
|
||||
33 | ... | ... | ...
|
||||
5 | File | `/file?action=download&file` | High
|
||||
6 | File | `/filemanager/upload.php` | High
|
||||
7 | File | `/medical/inventories.php` | High
|
||||
8 | File | `/monitoring` | Medium
|
||||
9 | File | `/NAGErrors` | Medium
|
||||
10 | File | `/plugins/servlet/audit/resource` | High
|
||||
11 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
12 | File | `/REBOOTSYSTEM` | High
|
||||
13 | File | `/replication` | Medium
|
||||
14 | File | `/reports/rwservlet` | High
|
||||
15 | File | `/RestAPI` | Medium
|
||||
16 | File | `/tmp` | Low
|
||||
17 | File | `/tmp/speedtest_urls.xml` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/var/log/nginx` | High
|
||||
20 | File | `/wp-admin/admin.php` | High
|
||||
21 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
22 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
23 | File | `admin/app/mediamanager` | High
|
||||
24 | File | `admin\model\catalog\download.php` | High
|
||||
25 | File | `afr.php` | Low
|
||||
26 | File | `apcupsd.pid` | Medium
|
||||
27 | File | `api/it-recht-kanzlei/api-it-recht-kanzlei.php` | High
|
||||
28 | File | `api/sms/send-sms` | High
|
||||
29 | File | `api/v1/alarms` | High
|
||||
30 | File | `application/controller/InstallerController.php` | High
|
||||
31 | File | `arch/powerpc/kvm/book3s_rtas.c` | High
|
||||
32 | ... | ... | ...
|
||||
|
||||
There are 284 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -89,14 +89,14 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `/common/logViewer/logViewer.jsf` | High
|
||||
12 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
13 | File | `/crmeb/app/admin/controller/store/CopyTaobao.php` | High
|
||||
14 | File | `/dcim/sites/add/` | High
|
||||
15 | File | `/fudforum/adm/hlplist.php` | High
|
||||
16 | File | `/login` | Low
|
||||
17 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
18 | File | `/monitoring` | Medium
|
||||
19 | File | `/ms/cms/content/list.do` | High
|
||||
20 | File | `/new` | Low
|
||||
21 | File | `/orms/` | Low
|
||||
14 | File | `/fudforum/adm/hlplist.php` | High
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
17 | File | `/monitoring` | Medium
|
||||
18 | File | `/ms/cms/content/list.do` | High
|
||||
19 | File | `/new` | Low
|
||||
20 | File | `/orms/` | Low
|
||||
21 | File | `/plesk-site-preview/` | High
|
||||
22 | File | `/proc/<pid>/status` | High
|
||||
23 | File | `/public/plugins/` | High
|
||||
24 | File | `/rom` | Low
|
||||
|
@ -104,18 +104,18 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
27 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
28 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
29 | File | `/tmp` | Low
|
||||
30 | File | `/tmp/redis.ds` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/wp-admin` | Medium
|
||||
33 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
34 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
35 | File | `ABuffer.cpp` | Medium
|
||||
36 | File | `AccountManagerService.java` | High
|
||||
37 | File | `actions/CompanyDetailsSave.php` | High
|
||||
29 | File | `/student-grading-system/rms.php?page=grade` | High
|
||||
30 | File | `/tmp` | Low
|
||||
31 | File | `/tmp/redis.ds` | High
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/wp-admin` | Medium
|
||||
34 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
35 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
36 | File | `ABuffer.cpp` | Medium
|
||||
37 | File | `AccountManagerService.java` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 330 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 326 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -103,7 +103,7 @@ ID | Type | Indicator | Confidence
|
|||
47 | File | `admin/password_forgotten.php` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 414 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 417 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -87,7 +87,7 @@ ID | Type | Indicator | Confidence
|
|||
22 | File | `asm/float.c` | Medium
|
||||
23 | ... | ... | ...
|
||||
|
||||
There are 189 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 194 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -71,31 +71,31 @@ ID | Type | Indicator | Confidence
|
|||
2 | File | `/admin.add` | Medium
|
||||
3 | File | `/admin.php/admin/art/data.html` | High
|
||||
4 | File | `/admin/?page=user/manage_user` | High
|
||||
5 | File | `/admin/admin.php?module=admin_access_group_edit&aagID` | High
|
||||
6 | File | `/admin/customers.php?page=1&cID` | High
|
||||
7 | File | `/admin/edit_user.php` | High
|
||||
8 | File | `/admin/files` | Medium
|
||||
9 | File | `/admin/login.php` | High
|
||||
10 | File | `/administrator/components/menu/` | High
|
||||
11 | File | `/administrator/components/table_manager/` | High
|
||||
12 | File | `/api/appInternals/1.0/agent/configuration&` | High
|
||||
13 | File | `/api/appInternals/1.0/agent/diagnostic/logs` | High
|
||||
14 | File | `/api/fetch` | Medium
|
||||
15 | File | `/api/user/{ID}` | High
|
||||
16 | File | `/audit/log/log_management.php` | High
|
||||
17 | File | `/cloud_config/router_post/register` | High
|
||||
18 | File | `/config/list` | Medium
|
||||
19 | File | `/cwms/admin/?page=articles/view_article/` | High
|
||||
20 | File | `/Hospital-Management-System-master/contact.php` | High
|
||||
21 | File | `/Hospital-Management-System-master/func.php` | High
|
||||
22 | File | `/i/:data/ipa.plist` | High
|
||||
23 | File | `/jerry-core/jmem/jmem-heap.c` | High
|
||||
24 | File | `/ManageRoute/postRoute` | High
|
||||
25 | File | `/ms/cms/content/list.do` | High
|
||||
26 | File | `/orms/` | Low
|
||||
5 | File | `/admin/edit_user.php` | High
|
||||
6 | File | `/admin/files` | Medium
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/administrator/components/menu/` | High
|
||||
9 | File | `/administrator/components/table_manager/` | High
|
||||
10 | File | `/api/appInternals/1.0/agent/configuration&` | High
|
||||
11 | File | `/api/appInternals/1.0/agent/diagnostic/logs` | High
|
||||
12 | File | `/api/fetch` | Medium
|
||||
13 | File | `/api/user/{ID}` | High
|
||||
14 | File | `/audit/log/log_management.php` | High
|
||||
15 | File | `/cloud_config/router_post/register` | High
|
||||
16 | File | `/config/list` | Medium
|
||||
17 | File | `/cwms/admin/?page=articles/view_article/` | High
|
||||
18 | File | `/Hospital-Management-System-master/contact.php` | High
|
||||
19 | File | `/Hospital-Management-System-master/func.php` | High
|
||||
20 | File | `/i/:data/ipa.plist` | High
|
||||
21 | File | `/ManageRoute/postRoute` | High
|
||||
22 | File | `/ms/cms/content/list.do` | High
|
||||
23 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
24 | File | `/setting/NTPSyncWithHost` | High
|
||||
25 | File | `/system/tool/ping.php` | High
|
||||
26 | File | `/system/user/resetPwd` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 232 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 223 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 10 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -73,26 +73,24 @@ ID | Type | Indicator | Confidence
|
|||
13 | File | `/replication` | Medium
|
||||
14 | File | `/RestAPI` | Medium
|
||||
15 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
16 | File | `/tmp` | Low
|
||||
17 | File | `/tmp/speedtest_urls.xml` | High
|
||||
18 | File | `/uncpath/` | Medium
|
||||
19 | File | `/var/log/nginx` | High
|
||||
20 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
21 | File | `actions.hsp` | Medium
|
||||
22 | File | `addentry.php` | Medium
|
||||
23 | File | `add_edit_user.asp` | High
|
||||
24 | File | `add_to_cart.php` | High
|
||||
25 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
26 | File | `admin/config/confmgr.php` | High
|
||||
27 | File | `admin/system_manage/save.html` | High
|
||||
28 | File | `admin\model\catalog\download.php` | High
|
||||
29 | File | `ajax.php` | Medium
|
||||
30 | File | `apcupsd.pid` | Medium
|
||||
31 | File | `api/sms/send-sms` | High
|
||||
32 | File | `api/v1/alarms` | High
|
||||
33 | ... | ... | ...
|
||||
16 | File | `/tmp/speedtest_urls.xml` | High
|
||||
17 | File | `/uncpath/` | Medium
|
||||
18 | File | `/var/log/nginx` | High
|
||||
19 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
20 | File | `actions.hsp` | Medium
|
||||
21 | File | `addentry.php` | Medium
|
||||
22 | File | `add_edit_user.asp` | High
|
||||
23 | File | `add_to_cart.php` | High
|
||||
24 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
25 | File | `admin/config/confmgr.php` | High
|
||||
26 | File | `admin/system_manage/save.html` | High
|
||||
27 | File | `ajax.php` | Medium
|
||||
28 | File | `apcupsd.pid` | Medium
|
||||
29 | File | `api/sms/send-sms` | High
|
||||
30 | File | `api/v1/alarms` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 278 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -91,7 +91,7 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `comment_add.asp` | High
|
||||
27 | ... | ... | ...
|
||||
|
||||
There are 229 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 231 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
The following _campaigns_ are known and can be associated with APT41:
|
||||
|
||||
* ColunmTK
|
||||
* CVE-2019-19781
|
||||
* CVE-2021-44207
|
||||
* CVE-2021-44228
|
||||
* ...
|
||||
|
||||
There are 1 more campaign items available. Please use our online service to access the data.
|
||||
There are 2 more campaign items available. Please use our online service to access the data.
|
||||
|
||||
## Countries
|
||||
|
||||
|
@ -24,7 +24,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -44,16 +44,16 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
10 | [23.67.95.153](https://vuldb.com/?ip.23.67.95.153) | a23-67-95-153.deploy.static.akamaitechnologies.com | - | High
|
||||
11 | [34.139.13.46](https://vuldb.com/?ip.34.139.13.46) | 46.13.139.34.bc.googleusercontent.com | CVE-2021-44207 | Medium
|
||||
12 | [43.255.191.255](https://vuldb.com/?ip.43.255.191.255) | - | - | High
|
||||
13 | [45.76.6.149](https://vuldb.com/?ip.45.76.6.149) | 45.76.6.149.vultr.com | - | Medium
|
||||
14 | [45.76.75.219](https://vuldb.com/?ip.45.76.75.219) | 45.76.75.219.vultr.com | - | Medium
|
||||
15 | [45.84.1.181](https://vuldb.com/?ip.45.84.1.181) | vm372737.pq.hosting | CVE-2021-44207 | High
|
||||
16 | [45.128.132.6](https://vuldb.com/?ip.45.128.132.6) | - | MoonBounce | High
|
||||
17 | [45.128.135.15](https://vuldb.com/?ip.45.128.135.15) | - | MoonBounce | High
|
||||
18 | [45.138.157.78](https://vuldb.com/?ip.45.138.157.78) | srv1.fincantleri.co | - | High
|
||||
19 | [45.153.231.31](https://vuldb.com/?ip.45.153.231.31) | cheater.rehab | CVE-2021-44207 | High
|
||||
13 | [45.61.136.199](https://vuldb.com/?ip.45.61.136.199) | - | ColunmTK | High
|
||||
14 | [45.76.6.149](https://vuldb.com/?ip.45.76.6.149) | 45.76.6.149.vultr.com | - | Medium
|
||||
15 | [45.76.75.219](https://vuldb.com/?ip.45.76.75.219) | 45.76.75.219.vultr.com | - | Medium
|
||||
16 | [45.84.1.181](https://vuldb.com/?ip.45.84.1.181) | vm372737.pq.hosting | CVE-2021-44207 | High
|
||||
17 | [45.128.132.6](https://vuldb.com/?ip.45.128.132.6) | - | MoonBounce | High
|
||||
18 | [45.128.135.15](https://vuldb.com/?ip.45.128.135.15) | - | MoonBounce | High
|
||||
19 | [45.138.157.78](https://vuldb.com/?ip.45.138.157.78) | srv1.fincantleri.co | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
|
||||
There are 74 more IOC items available. Please use our online service to access the data.
|
||||
There are 78 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -83,39 +83,47 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/etc/config/rpcd` | High
|
||||
8 | File | `/forum/away.php` | High
|
||||
9 | File | `/get_getnetworkconf.cgi` | High
|
||||
10 | File | `/lists/admin/` | High
|
||||
11 | File | `/login.cgi?logout=1` | High
|
||||
12 | File | `/medical/inventories.php` | High
|
||||
13 | File | `/module/admin_logs` | High
|
||||
14 | File | `/public/login.htm` | High
|
||||
15 | File | `/public/plugins/` | High
|
||||
16 | File | `/replication` | Medium
|
||||
17 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
18 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
19 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
20 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
21 | File | `/start-stop` | Medium
|
||||
22 | File | `/tmp/app/.env` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/upload` | Low
|
||||
25 | File | `/usr/bin/pkexec` | High
|
||||
26 | File | `/WEB-INF/web.xml` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `/_next` | Low
|
||||
29 | File | `adclick.php` | Medium
|
||||
30 | File | `addentry.php` | Medium
|
||||
31 | File | `addrating.php` | High
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin.php/comments/batchdel/` | High
|
||||
34 | ... | ... | ...
|
||||
10 | File | `/include/make.php` | High
|
||||
11 | File | `/jeecg-boot/sys/common/upload` | High
|
||||
12 | File | `/lists/admin/` | High
|
||||
13 | File | `/login.cgi?logout=1` | High
|
||||
14 | File | `/medical/inventories.php` | High
|
||||
15 | File | `/module/admin_logs` | High
|
||||
16 | File | `/nova/bin/console` | High
|
||||
17 | File | `/public/login.htm` | High
|
||||
18 | File | `/public/plugins/` | High
|
||||
19 | File | `/replication` | Medium
|
||||
20 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
21 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
22 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
23 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
24 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
25 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
26 | File | `/start-stop` | Medium
|
||||
27 | File | `/thruk/#cgi-bin/extinfo.cgi?type=2` | High
|
||||
28 | File | `/tmp/app/.env` | High
|
||||
29 | File | `/uncpath/` | Medium
|
||||
30 | File | `/upload` | Low
|
||||
31 | File | `/usr/bin/pkexec` | High
|
||||
32 | File | `/WEB-INF/web.xml` | High
|
||||
33 | File | `/wp-admin/admin-ajax.php` | High
|
||||
34 | File | `/_next` | Low
|
||||
35 | File | `adclick.php` | Medium
|
||||
36 | File | `addentry.php` | Medium
|
||||
37 | File | `addrating.php` | High
|
||||
38 | File | `admin.php` | Medium
|
||||
39 | File | `admin.php/comments/batchdel/` | High
|
||||
40 | File | `admin/conf_users_edit.php` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 291 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 353 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://app.box.com/s/qtqlwejty7xz8wj8osz98webycgo5j9x
|
||||
* https://blog.group-ib.com/colunmtk_apt41
|
||||
* https://github.com/blackberry/threat-research-and-intelligence/blob/main/APT41.csv
|
||||
* https://github.com/eset/malware-ioc/tree/master/winnti_group
|
||||
* https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/20134508/winnti-more-than-just-a-game-130410.pdf
|
||||
|
|
|
@ -85,25 +85,25 @@ ID | Type | Indicator | Confidence
|
|||
21 | File | `/replication` | Medium
|
||||
22 | File | `/RestAPI` | Medium
|
||||
23 | File | `/TeleoptiWFM/Administration/GetOneTenant` | High
|
||||
24 | File | `/tmp` | Low
|
||||
25 | File | `/tmp/speedtest_urls.xml` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/usr/bin/at` | Medium
|
||||
28 | File | `/var/log/nginx` | High
|
||||
29 | File | `/_vti_pvt/access.cnf` | High
|
||||
30 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
31 | File | `admin/e_mesaj_yaz.asp` | High
|
||||
32 | File | `admin/mcart_xls_import.php` | High
|
||||
33 | File | `admin/profile.php` | High
|
||||
34 | File | `admin/salesadmin.php` | High
|
||||
35 | File | `admin/systemWebAdminConfig.do` | High
|
||||
36 | File | `admin11.cgi` | Medium
|
||||
37 | File | `admincp/auth/checklogin.php` | High
|
||||
38 | File | `agenda2.php3` | Medium
|
||||
39 | File | `ajax-actions.php` | High
|
||||
24 | File | `/tmp/speedtest_urls.xml` | High
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/usr/bin/at` | Medium
|
||||
27 | File | `/var/log/nginx` | High
|
||||
28 | File | `/_vti_pvt/access.cnf` | High
|
||||
29 | File | `admin-ajax.php?action=get_wdtable order[0][dir]` | High
|
||||
30 | File | `admin/e_mesaj_yaz.asp` | High
|
||||
31 | File | `admin/profile.php` | High
|
||||
32 | File | `admin/salesadmin.php` | High
|
||||
33 | File | `admin/systemWebAdminConfig.do` | High
|
||||
34 | File | `admin11.cgi` | Medium
|
||||
35 | File | `admincp/auth/checklogin.php` | High
|
||||
36 | File | `agenda2.php3` | Medium
|
||||
37 | File | `ajax-actions.php` | High
|
||||
38 | File | `ajax/deletePage.php` | High
|
||||
39 | File | `ajouter_tva.php` | High
|
||||
40 | ... | ... | ...
|
||||
|
||||
There are 347 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 343 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -29,10 +29,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [31.3.251.197](https://vuldb.com/?ip.31.3.251.197) | h31-3-251-197.host.redstation.co.uk | - | High
|
||||
2 | [69.174.99.181](https://vuldb.com/?ip.69.174.99.181) | unassigned.quadranet.com | Phishing Korea | High
|
||||
3 | [105.112.112.57](https://vuldb.com/?ip.105.112.112.57) | - | - | High
|
||||
3 | [103.147.185.68](https://vuldb.com/?ip.103.147.185.68) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 13 more IOC items available. Please use our online service to access the data.
|
||||
There are 14 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -108,6 +108,7 @@ There are 405 more IOA items available (file, library, argument, input value, pa
|
|||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blogs.blackberry.com/en/2020/04/threat-spotlight-secret-agent-tesla
|
||||
* https://github.com/netskopeoss/NetskopeThreatLabsIOCs/tree/main/AgentTesla/IOCs
|
||||
* https://services.global.ntt/en-us/insights/blog/discovering-a-new-agent-tesla-malware-sample
|
||||
* https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
|
||||
|
||||
|
|
|
@ -0,0 +1,120 @@
|
|||
# Agent - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Agent](https://vuldb.com/?actor.agent). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.agent](https://vuldb.com/?actor.agent)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Agent:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 27 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Agent.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.58.190.82](https://vuldb.com/?ip.45.58.190.82) | mta.boltoclose.com | - | High
|
||||
2 | [46.23.69.44](https://vuldb.com/?ip.46.23.69.44) | webdiversion.uk2.net | - | High
|
||||
3 | [64.32.22.101](https://vuldb.com/?ip.64.32.22.101) | - | - | High
|
||||
4 | [66.96.147.117](https://vuldb.com/?ip.66.96.147.117) | 117.147.96.66.static.eigbox.net | - | High
|
||||
5 | [68.65.121.51](https://vuldb.com/?ip.68.65.121.51) | strategic.com.ua | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 19 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Agent_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Agent. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/.ssh/authorized_keys` | High
|
||||
4 | File | `/accountancy/admin/accountmodel.php` | High
|
||||
5 | File | `/admin/default.asp` | High
|
||||
6 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
7 | File | `/assets/ctx` | Medium
|
||||
8 | File | `/cgi-bin/login_action.cgi` | High
|
||||
9 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
10 | File | `/checkLogin.cgi` | High
|
||||
11 | File | `/cms/print.php` | High
|
||||
12 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
13 | File | `/data/remove` | Medium
|
||||
14 | File | `/DbXmlInfo.xml` | High
|
||||
15 | File | `/download` | Medium
|
||||
16 | File | `/etc/passwd` | Medium
|
||||
17 | File | `/login` | Low
|
||||
18 | File | `/navigate/navigate_download.php` | High
|
||||
19 | File | `/out.php` | Medium
|
||||
20 | File | `/owa/auth/logon.aspx` | High
|
||||
21 | File | `/p` | Low
|
||||
22 | File | `/password.html` | High
|
||||
23 | File | `/proc/ioports` | High
|
||||
24 | File | `/property-list/property_view.php` | High
|
||||
25 | File | `/ptms/classes/Users.php` | High
|
||||
26 | File | `/rest` | Low
|
||||
27 | File | `/rest/api/2/search` | High
|
||||
28 | File | `/s/` | Low
|
||||
29 | File | `/scripts/cpan_config` | High
|
||||
30 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
31 | File | `/services/system/setup.json` | High
|
||||
32 | File | `/uncpath/` | Medium
|
||||
33 | File | `/webconsole/APIController` | High
|
||||
34 | File | `/websocket/exec` | High
|
||||
35 | File | `/wp-admin/admin-ajax.php` | High
|
||||
36 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
37 | File | `/_next` | Low
|
||||
38 | File | `4.edu.php\conn\function.php` | High
|
||||
39 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
40 | File | `adclick.php` | Medium
|
||||
41 | File | `addentry.php` | Medium
|
||||
42 | File | `add_comment.php` | High
|
||||
43 | File | `admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser` | High
|
||||
44 | File | `admin/category.inc.php` | High
|
||||
45 | File | `admin/conf_users_edit.php` | High
|
||||
46 | File | `admin/dl_sendmail.php` | High
|
||||
47 | File | `admin/google_search_console/class-gsc-table.php` | High
|
||||
48 | File | `admin/index.php` | High
|
||||
49 | File | `admin/password_forgotten.php` | High
|
||||
50 | ... | ... | ...
|
||||
|
||||
There are 436 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/01/threat-round-up-0105-0512.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -59,7 +59,7 @@ ID | Type | Indicator | Confidence
|
|||
10 | File | `admin.asp` | Medium
|
||||
11 | ... | ... | ...
|
||||
|
||||
There are 85 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 86 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
# Ainslot - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ainslot](https://vuldb.com/?actor.ainslot). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ainslot](https://vuldb.com/?actor.ainslot)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Ainslot:
|
||||
|
||||
* [PS](https://vuldb.com/?country.ps)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ainslot.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [94.73.22.65](https://vuldb.com/?ip.94.73.22.65) | ADSL-94.73.22.65.mada.ps | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/08/threat-roundup-0810-0817.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,100 @@
|
|||
# Angler Exploit Kit - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Angler Exploit Kit](https://vuldb.com/?actor.angler_exploit_kit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.angler_exploit_kit](https://vuldb.com/?actor.angler_exploit_kit)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Angler Exploit Kit:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [AR](https://vuldb.com/?country.ar)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Angler Exploit Kit.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [46.30.46.38](https://vuldb.com/?ip.46.30.46.38) | free.eurobyte.ru | - | High
|
||||
2 | [50.62.123.1](https://vuldb.com/?ip.50.62.123.1) | p3nlhg674c1674.shr.prod.phx3.secureserver.net | - | High
|
||||
3 | [62.221.204.114](https://vuldb.com/?ip.62.221.204.114) | v21009.2is.nl | - | High
|
||||
4 | [69.162.64.156](https://vuldb.com/?ip.69.162.64.156) | 156-64-162-69.static.reverse.lstn.net | - | High
|
||||
5 | [69.162.64.158](https://vuldb.com/?ip.69.162.64.158) | 158-64-162-69.static.reverse.lstn.net | - | High
|
||||
6 | [69.162.86.36](https://vuldb.com/?ip.69.162.86.36) | 36-86-162-69.static.reverse.lstn.net | - | High
|
||||
7 | [69.162.90.107](https://vuldb.com/?ip.69.162.90.107) | 107-90-162-69.static.reverse.lstn.net | - | High
|
||||
8 | [69.162.116.123](https://vuldb.com/?ip.69.162.116.123) | 123-116-162-69.static.reverse.lstn.net | - | High
|
||||
9 | [69.162.116.125](https://vuldb.com/?ip.69.162.116.125) | 125-116-162-69.static.reverse.lstn.net | - | High
|
||||
10 | [75.103.83.9](https://vuldb.com/?ip.75.103.83.9) | - | - | High
|
||||
11 | ... | ... | ... | ...
|
||||
|
||||
There are 39 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Angler Exploit Kit_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1211 | CWE-254, CWE-358 | 7PK Security Features | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Angler Exploit Kit. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin/index.php` | High
|
||||
2 | File | `/download` | Medium
|
||||
3 | File | `/find_v2/_click` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/horde/util/go.php` | High
|
||||
6 | File | `/modules/profile/index.php` | High
|
||||
7 | File | `/oauth/logout?redirect=url` | High
|
||||
8 | File | `/out.php` | Medium
|
||||
9 | File | `/redirect?url` | High
|
||||
10 | File | `/replication` | Medium
|
||||
11 | File | `/setup/finish` | High
|
||||
12 | File | `adclick.php` | Medium
|
||||
13 | File | `add2.php` | Medium
|
||||
14 | File | `admin.jcomments.php` | High
|
||||
15 | File | `admin/admin_users.php` | High
|
||||
16 | File | `admin/changedata.php` | High
|
||||
17 | File | `admin/conf_users_edit.php` | High
|
||||
18 | ... | ... | ...
|
||||
|
||||
There are 143 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2015/02/angler-exploit-kit-new-variants.html
|
||||
* https://blog.talosintelligence.com/2015/06/angler-ek-more-obfuscation-fake.html
|
||||
* https://blog.talosintelligence.com/2016/03/angler-slips-hook.html
|
||||
* https://blog.talosintelligence.com/2016/05/angler-phish.html
|
||||
* https://blog.talosintelligence.com/2016/05/spin-to-win-malware.html
|
||||
* https://blog.talosintelligence.com/2019/06/spelevo-exploit-kit.html
|
||||
* https://isc.sans.edu/forums/diary/Angler+exploit+kit+pushing+CryptoWall+30/19737/
|
||||
* https://isc.sans.edu/forums/diary/Anglers+best+friends/19959/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,49 @@
|
|||
# Aspxor - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Aspxor](https://vuldb.com/?actor.aspxor). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.aspxor](https://vuldb.com/?actor.aspxor)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Aspxor:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Aspxor.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [46.55.222.24](https://vuldb.com/?ip.46.55.222.24) | - | - | High
|
||||
2 | [82.116.211.16](https://vuldb.com/?ip.82.116.211.16) | is.ouc.ac.cy | - | High
|
||||
3 | [93.186.181.62](https://vuldb.com/?ip.93.186.181.62) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Aspxor. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `epan/dissectors/packet-umts_fp.c` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,47 @@
|
|||
# AsyncRAT - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [AsyncRAT](https://vuldb.com/?actor.asyncrat). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.asyncrat](https://vuldb.com/?actor.asyncrat)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with AsyncRAT:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of AsyncRAT.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [94.130.207.164](https://vuldb.com/?ip.94.130.207.164) | static.164.207.130.94.clients.your-server.de | - | High
|
||||
2 | [141.95.89.79](https://vuldb.com/?ip.141.95.89.79) | ip79.ip-141-95-89.eu | - | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by AsyncRAT. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `data/gbconfiguration.dat` | High
|
||||
2 | File | `redirect.php` | Medium
|
||||
3 | Argument | `goto` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,73 @@
|
|||
# Australia Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Australia Unknown](https://vuldb.com/?actor.australia_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.australia_unknown](https://vuldb.com/?actor.australia_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Australia Unknown:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Australia Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [78.46.201.36](https://vuldb.com/?ip.78.46.201.36) | static.36.201.46.78.clients.your-server.de | - | High
|
||||
2 | [88.99.170.84](https://vuldb.com/?ip.88.99.170.84) | therapis-hospitalserver.com | - | High
|
||||
3 | [88.99.174.200](https://vuldb.com/?ip.88.99.174.200) | static.200.174.99.88.clients.your-server.de | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Australia Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Australia Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/auth` | Low
|
||||
2 | File | `/etc/passwd` | Medium
|
||||
3 | File | `/net/mac80211/mac80211/sta_info.c` | High
|
||||
4 | File | `/sdm-ws-rest/preconfiguration` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/04/gustuff-targets-australia.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -27,9 +27,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
4 | [13.56.128.67](https://vuldb.com/?ip.13.56.128.67) | screenconnect.medsphere.com | - | High
|
||||
5 | [23.3.13.88](https://vuldb.com/?ip.23.3.13.88) | a23-3-13-88.deploy.static.akamaitechnologies.com | - | High
|
||||
6 | [23.3.13.154](https://vuldb.com/?ip.23.3.13.154) | a23-3-13-154.deploy.static.akamaitechnologies.com | - | High
|
||||
7 | ... | ... | ... | ...
|
||||
7 | [23.63.245.19](https://vuldb.com/?ip.23.63.245.19) | a23-63-245-19.deploy.static.akamaitechnologies.com | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 26 more IOC items available. Please use our online service to access the data.
|
||||
There are 28 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -73,6 +74,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0910-0917.html
|
||||
* https://blog.talosintelligence.com/2022/03/threat-roundup-0318-0325.html
|
||||
* https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,35 @@
|
|||
# Autoruner - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Autoruner](https://vuldb.com/?actor.autoruner). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.autoruner](https://vuldb.com/?actor.autoruner)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Autoruner.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [23.3.96.25](https://vuldb.com/?ip.23.3.96.25) | a23-3-96-25.deploy.static.akamaitechnologies.com | - | High
|
||||
2 | [23.79.219.185](https://vuldb.com/?ip.23.79.219.185) | a23-79-219-185.deploy.static.akamaitechnologies.com | - | High
|
||||
3 | [50.23.131.235](https://vuldb.com/?ip.50.23.131.235) | eb.83.1732.ip4.static.sl-reverse.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/11/threat-roundup-1102-1109.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with B1txor20:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [UA](https://vuldb.com/?country.ua)
|
||||
* [SC](https://vuldb.com/?country.sc)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -45,12 +45,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -58,37 +58,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/.htaccess` | Medium
|
||||
2 | File | `/admin.php/admin/art/data.html` | High
|
||||
3 | File | `/admin.php/admin/plog/index.html` | High
|
||||
4 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
5 | File | `/admin.php/admin/vod/data.html` | High
|
||||
6 | File | `/admin.php/admin/website/data.html` | High
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/admin/news/news_mod.php` | High
|
||||
9 | File | `/admin/news/news_ok.php` | High
|
||||
10 | File | `/admin/templates/template_manage.php` | High
|
||||
11 | File | `/api /v3/auth` | High
|
||||
12 | File | `/app/controller/Books.php` | High
|
||||
13 | File | `/cgi-bin/uploadAccessCodePic` | High
|
||||
14 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
15 | File | `/cloud_config/router_post/check_reset_pwd_verify_code` | High
|
||||
16 | File | `/cloud_config/router_post/upgrade_info` | High
|
||||
17 | File | `/common/info.cgi` | High
|
||||
18 | File | `/config/list` | Medium
|
||||
19 | File | `/controller/Index.php` | High
|
||||
20 | File | `/data/sqldata` | High
|
||||
21 | File | `/DataPackageTable` | High
|
||||
22 | File | `/download/` | Medium
|
||||
23 | File | `/factor/avx-ecm/vecarith52.c` | High
|
||||
24 | File | `/goform/delAd` | High
|
||||
25 | File | `/goform/exeCommand` | High
|
||||
26 | File | `/goform/form2Reboot.cgi` | High
|
||||
27 | File | `/goform/setAdInfoDetail` | High
|
||||
28 | File | `/goform/setFixTools` | High
|
||||
29 | ... | ... | ...
|
||||
1 | File | `/agenttrayicon` | High
|
||||
2 | File | `/aqpg/users/login.php` | High
|
||||
3 | File | `/blog/blog.php` | High
|
||||
4 | File | `/category.php` | High
|
||||
5 | File | `/cmd?cmd=connect` | High
|
||||
6 | File | `/cwms/admin/?page=articles/view_article/` | High
|
||||
7 | File | `/cwms/classes/Master.php?f=save_contact` | High
|
||||
8 | File | `/etc/puppetlabs/puppetserver/conf.d/ca.conf` | High
|
||||
9 | File | `/goform/login_process` | High
|
||||
10 | File | `/include/chart_generator.php` | High
|
||||
11 | File | `/include/make.php` | High
|
||||
12 | File | `/login` | Low
|
||||
13 | File | `/manager/files` | High
|
||||
14 | File | `/mims/app/addcustomerHandler.php` | High
|
||||
15 | File | `/mims/login.php` | High
|
||||
16 | File | `/nova/bin/detnet` | High
|
||||
17 | File | `/nova/bin/igmp-proxy` | High
|
||||
18 | File | `/one_church/churchprofile.php` | High
|
||||
19 | File | `/one_church/userregister.php` | High
|
||||
20 | File | `/preauth` | Medium
|
||||
21 | File | `/scas/admin/` | Medium
|
||||
22 | File | `/sql/sql_string.h` | High
|
||||
23 | File | `/src/njs_vmcode.c` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/var/log/demisto/` | High
|
||||
26 | File | `/wbg/core/_includes/authorization.inc.php` | High
|
||||
27 | File | `/_error` | Low
|
||||
28 | File | `a2billing/customer/iridium_threed.php` | High
|
||||
29 | File | `actions/beats_uploader.php` | High
|
||||
30 | File | `actions/vote_channel.php` | High
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin/index.php?module=send_ssh` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 249 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 24 more country items available. Please use our online service to access the data.
|
||||
There are 25 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -96,7 +96,7 @@ ID | Type | Indicator | Confidence
|
|||
47 | File | `admin/password_forgotten.php` | High
|
||||
48 | ... | ... | ...
|
||||
|
||||
There are 415 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 417 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -107,15 +107,16 @@ ID | Type | Indicator | Confidence
|
|||
44 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
45 | File | `adminquery.php` | High
|
||||
46 | File | `agent_links.pl` | High
|
||||
47 | File | `Ap4StssAtom.cpp` | High
|
||||
48 | File | `Ap4StszAtom.cpp` | High
|
||||
49 | File | `apetag.c` | Medium
|
||||
50 | File | `app/system/language/admin/language_general.class.php` | High
|
||||
51 | File | `apply_sec.cgi` | High
|
||||
52 | File | `app\contacts\contact_times.php` | High
|
||||
53 | File | `Archive.java` | Medium
|
||||
54 | File | `article.php` | Medium
|
||||
55 | ... | ... | ...
|
||||
47 | File | `ajax/render/widget_php` | High
|
||||
48 | File | `Ap4StssAtom.cpp` | High
|
||||
49 | File | `Ap4StszAtom.cpp` | High
|
||||
50 | File | `apetag.c` | Medium
|
||||
51 | File | `app/system/language/admin/language_general.class.php` | High
|
||||
52 | File | `apply_sec.cgi` | High
|
||||
53 | File | `app\contacts\contact_times.php` | High
|
||||
54 | File | `Archive.java` | Medium
|
||||
55 | File | `article.php` | Medium
|
||||
56 | ... | ... | ...
|
||||
|
||||
There are 484 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
|
|
|
@ -9,6 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlackCat:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -17,7 +22,11 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [20.46.245.56](https://vuldb.com/?ip.20.46.245.56) | - | - | High
|
||||
2 | [52.149.228.45](https://vuldb.com/?ip.52.149.228.45) | - | - | High
|
||||
2 | [23.106.223.97](https://vuldb.com/?ip.23.106.223.97) | - | - | High
|
||||
3 | [37.120.238.58](https://vuldb.com/?ip.37.120.238.58) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -25,7 +34,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 11 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -33,14 +47,46 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `nav.php3` | Medium
|
||||
2 | Argument | `page` | Low
|
||||
1 | File | `/admin.php/admin/art/data.html` | High
|
||||
2 | File | `/admin.php/admin/plog/index.html` | High
|
||||
3 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
4 | File | `/admin.php/admin/website/data.html` | High
|
||||
5 | File | `/admin.php?id=siteoptions&social=display&value=0&sid=2` | High
|
||||
6 | File | `/admin/inbox.php&action=read` | High
|
||||
7 | File | `/admin/posts.php` | High
|
||||
8 | File | `/admin/posts.php&action=delete` | High
|
||||
9 | File | `/admin/run_ajax.php` | High
|
||||
10 | File | `/administrator/components/menu/` | High
|
||||
11 | File | `/admin_page/all-files-update-ajax.php` | High
|
||||
12 | File | `/api/crontab` | Medium
|
||||
13 | File | `/blog/blog.php` | High
|
||||
14 | File | `/cdsms/classes/Master.php?f=delete_enrollment` | High
|
||||
15 | File | `/cgi-bin/kerbynet` | High
|
||||
16 | File | `/cloud_config/router_post/modify_account_pwd` | High
|
||||
17 | File | `/cloud_config/router_post/register` | High
|
||||
18 | File | `/config/list` | Medium
|
||||
19 | File | `/download/` | Medium
|
||||
20 | File | `/etc/ajenti/config.yml` | High
|
||||
21 | File | `/etc/cobbler` | Medium
|
||||
22 | File | `/etc/passwd` | Medium
|
||||
23 | File | `/export` | Low
|
||||
24 | File | `/goform/delAd` | High
|
||||
25 | File | `/goform/form2Reboot.cgi` | High
|
||||
26 | File | `/home.asp` | Medium
|
||||
27 | File | `/index.php?act=api&tag=8` | High
|
||||
28 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
|
||||
29 | File | `/languages/index.php` | High
|
||||
30 | File | `/members/view_member.php` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 268 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2022/03/from-blackmatter-to-blackcat-analyzing.html
|
||||
* https://www.ic3.gov/Media/News/2022/220420.pdf
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Blackshades - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Blackshades](https://vuldb.com/?actor.blackshades). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.blackshades](https://vuldb.com/?actor.blackshades)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Blackshades.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [212.117.50.228](https://vuldb.com/?ip.212.117.50.228) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/06/threat-roundup-0621-0628.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Bladabindi - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bladabindi](https://vuldb.com/?actor.bladabindi). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bladabindi](https://vuldb.com/?actor.bladabindi)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bladabindi.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [75.115.14.18](https://vuldb.com/?ip.75.115.14.18) | 075-115-014-018.inf.spectrum.com | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,67 @@
|
|||
# BlankSlate - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [BlankSlate](https://vuldb.com/?actor.blankslate). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.blankslate](https://vuldb.com/?actor.blankslate)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with BlankSlate:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of BlankSlate.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [19.48.17.0](https://vuldb.com/?ip.19.48.17.0) | - | - | High
|
||||
2 | [54.68.27.226](https://vuldb.com/?ip.54.68.27.226) | ec2-54-68-27-226.us-west-2.compute.amazonaws.com | - | Medium
|
||||
3 | [77.12.57.0](https://vuldb.com/?ip.77.12.57.0) | dynamic-077-012-057-000.77.12.pool.telefonica.de | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _BlankSlate_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by BlankSlate. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/login_action.cgi` | High
|
||||
2 | File | `123flashchat.php` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 21 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://isc.sans.edu/forums/diary/Blank+Slate+malspam+still+pushing+Cerber+ransomware/22215/
|
||||
* https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,7 +10,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
@ -72,7 +72,7 @@ ID | Type | Indicator | Confidence
|
|||
23 | File | `authent.php4` | Medium
|
||||
24 | ... | ... | ...
|
||||
|
||||
There are 201 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 202 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
# Bredolab - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bredolab](https://vuldb.com/?actor.bredolab). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bredolab](https://vuldb.com/?actor.bredolab)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bredolab.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
2 | [20.42.73.29](https://vuldb.com/?ip.20.42.73.29) | - | - | High
|
||||
3 | [20.189.173.20](https://vuldb.com/?ip.20.189.173.20) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,71 @@
|
|||
# Brushaloader - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Brushaloader](https://vuldb.com/?actor.brushaloader). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.brushaloader](https://vuldb.com/?actor.brushaloader)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Brushaloader:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Brushaloader.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [64.110.25.146](https://vuldb.com/?ip.64.110.25.146) | webmail.jqluvhost.net | - | High
|
||||
2 | [64.110.25.147](https://vuldb.com/?ip.64.110.25.147) | webmail.jqluvhost.net | - | High
|
||||
3 | [64.110.25.148](https://vuldb.com/?ip.64.110.25.148) | xaeoi7a.npermit.top | - | High
|
||||
4 | [64.110.25.150](https://vuldb.com/?ip.64.110.25.150) | webmail.jqluvhost.net | - | High
|
||||
5 | [64.110.25.151](https://vuldb.com/?ip.64.110.25.151) | moiu0ae.lplaced.top | - | High
|
||||
6 | [64.110.25.152](https://vuldb.com/?ip.64.110.25.152) | h2iuode.hairrestoredfast.top | - | High
|
||||
7 | [64.110.25.153](https://vuldb.com/?ip.64.110.25.153) | vaxoiu5.shadego.top | - | High
|
||||
8 | [64.110.25.154](https://vuldb.com/?ip.64.110.25.154) | nae2oiu.sidedgo.top | - | High
|
||||
9 | [107.173.193.242](https://vuldb.com/?ip.107.173.193.242) | 107-173-193-242-host.colocrossing.com | - | High
|
||||
10 | [107.173.193.243](https://vuldb.com/?ip.107.173.193.243) | 107-173-193-243-host.colocrossing.com | - | High
|
||||
11 | ... | ... | ... | ...
|
||||
|
||||
There are 39 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Brushaloader_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Brushaloader. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/forum/away.php` | High
|
||||
2 | File | `/horde/util/go.php` | High
|
||||
3 | File | `/modules/profile/index.php` | High
|
||||
4 | File | `admin/conf_users_edit.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 26 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/02/combing-through-brushaloader.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Bypassuac - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Bypassuac](https://vuldb.com/?actor.bypassuac). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.bypassuac](https://vuldb.com/?actor.bypassuac)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Bypassuac.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [104.200.23.95](https://vuldb.com/?ip.104.200.23.95) | nb-104-200-23-95.dallas.nodebalancer.linode.com | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -78,17 +78,18 @@ ID | Type | Indicator | Confidence
|
|||
26 | File | `/module/module_frame/index.php` | High
|
||||
27 | File | `/notice-edit.php` | High
|
||||
28 | File | `/nova/bin/sniffer` | High
|
||||
29 | File | `/proc/pid/syscall` | High
|
||||
30 | File | `/product_list.php` | High
|
||||
31 | File | `/rest/api/2/user/picker` | High
|
||||
32 | File | `/rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application` | High
|
||||
33 | File | `/services/details.asp` | High
|
||||
34 | File | `/src/core/controllers/cm.php` | High
|
||||
35 | File | `/storage/app/media/evil.svg` | High
|
||||
36 | File | `/transmission/web/` | High
|
||||
37 | ... | ... | ...
|
||||
29 | File | `/ofcms/company-c-47` | High
|
||||
30 | File | `/proc/*/cmdline"` | High
|
||||
31 | File | `/proc/pid/syscall` | High
|
||||
32 | File | `/product_list.php` | High
|
||||
33 | File | `/rest/api/2/user/picker` | High
|
||||
34 | File | `/rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application` | High
|
||||
35 | File | `/services/details.asp` | High
|
||||
36 | File | `/src/core/controllers/cm.php` | High
|
||||
37 | File | `/storage/app/media/evil.svg` | High
|
||||
38 | ... | ... | ...
|
||||
|
||||
There are 318 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 325 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -112,19 +112,19 @@ ID | Type | Indicator | Confidence
|
|||
24 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
25 | File | `/wp-admin/admin-ajax.php` | High
|
||||
26 | File | `/wp-content/plugins/updraftplus/admin.php` | High
|
||||
27 | File | `/zhndnsdisplay.cmd` | High
|
||||
28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
29 | File | `about.php` | Medium
|
||||
30 | File | `acl.c` | Low
|
||||
31 | File | `adclick.php` | Medium
|
||||
32 | File | `add_comment.php` | High
|
||||
33 | File | `add_vhost.php` | High
|
||||
34 | File | `admin.php` | Medium
|
||||
35 | File | `admin/conf_users_edit.php` | High
|
||||
36 | File | `admin/default.asp` | High
|
||||
27 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
28 | File | `/zhndnsdisplay.cmd` | High
|
||||
29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
30 | File | `about.php` | Medium
|
||||
31 | File | `acl.c` | Low
|
||||
32 | File | `adclick.php` | Medium
|
||||
33 | File | `add_comment.php` | High
|
||||
34 | File | `add_vhost.php` | High
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin/conf_users_edit.php` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 315 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 316 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -19,7 +19,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [IR](https://vuldb.com/?country.ir)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 19 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -62,7 +62,7 @@ ID | Type | Indicator | Confidence
|
|||
7 | File | `/uncpath/` | Medium
|
||||
8 | ... | ... | ...
|
||||
|
||||
There are 57 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 58 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [US](https://vuldb.com/?country.us)
|
||||
* ...
|
||||
|
||||
There are 22 more country items available. Please use our online service to access the data.
|
||||
There are 21 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -76,36 +76,34 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.travis.yml` | Medium
|
||||
2 | File | `/.env` | Low
|
||||
3 | File | `/?module=users§ion=cpanel&page=list` | High
|
||||
4 | File | `/admin/powerline` | High
|
||||
5 | File | `/admin/syslog` | High
|
||||
6 | File | `/api/upload` | Medium
|
||||
7 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
8 | File | `/file?action=download&file` | High
|
||||
9 | File | `/medical/inventories.php` | High
|
||||
10 | File | `/monitoring` | Medium
|
||||
11 | File | `/new` | Low
|
||||
12 | File | `/plugins/servlet/audit/resource` | High
|
||||
13 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
14 | File | `/proc/<pid>/status` | High
|
||||
15 | File | `/public/plugins/` | High
|
||||
16 | File | `/replication` | Medium
|
||||
17 | File | `/RestAPI` | Medium
|
||||
18 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
21 | File | `/tmp` | Low
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/var/log/nginx` | High
|
||||
24 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
25 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
26 | File | `AccountManagerService.java` | High
|
||||
27 | File | `actions/CompanyDetailsSave.php` | High
|
||||
28 | File | `ActiveServices.java` | High
|
||||
29 | File | `ActivityManagerService.java` | High
|
||||
30 | File | `admin.php` | Medium
|
||||
31 | ... | ... | ...
|
||||
4 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
5 | File | `/file?action=download&file` | High
|
||||
6 | File | `/medical/inventories.php` | High
|
||||
7 | File | `/monitoring` | Medium
|
||||
8 | File | `/new` | Low
|
||||
9 | File | `/plugins/servlet/audit/resource` | High
|
||||
10 | File | `/plugins/servlet/project-config/PROJECT/roles` | High
|
||||
11 | File | `/proc/<pid>/status` | High
|
||||
12 | File | `/public/plugins/` | High
|
||||
13 | File | `/replication` | Medium
|
||||
14 | File | `/RestAPI` | Medium
|
||||
15 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
16 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
17 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
18 | File | `/tmp` | Low
|
||||
19 | File | `/uncpath/` | Medium
|
||||
20 | File | `/var/log/nginx` | High
|
||||
21 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
22 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
23 | File | `AccountManagerService.java` | High
|
||||
24 | File | `actions/CompanyDetailsSave.php` | High
|
||||
25 | File | `ActiveServices.java` | High
|
||||
26 | File | `ActivityManagerService.java` | High
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
29 | ... | ... | ...
|
||||
|
||||
There are 261 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 247 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,65 @@
|
|||
# Chronos - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Chronos](https://vuldb.com/?actor.chronos). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.chronos](https://vuldb.com/?actor.chronos)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Chronos:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [TR](https://vuldb.com/?country.tr)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Chronos.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [24.253.16.214](https://vuldb.com/?ip.24.253.16.214) | ip24-253-16-214.lv.lv.cox.net | - | High
|
||||
2 | [68.203.247.140](https://vuldb.com/?ip.68.203.247.140) | cpe-68-203-247-140.stx.res.rr.com | - | High
|
||||
3 | [124.121.192.186](https://vuldb.com/?ip.124.121.192.186) | ppp-124-121-192-186.revip2.asianet.co.th | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Chronos_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Chronos. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `userRpm/RestoreDefaultCfgRpm.htm` | High
|
||||
3 | Argument | `-a` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Cloud - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cloud](https://vuldb.com/?actor.cloud). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cloud](https://vuldb.com/?actor.cloud)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Cloud.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [204.95.99.176](https://vuldb.com/?ip.204.95.99.176) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Cobalt Group:
|
||||
|
||||
* [SV](https://vuldb.com/?country.sv)
|
||||
* [IT](https://vuldb.com/?country.it)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -37,10 +37,10 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -48,34 +48,34 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/account/login` | High
|
||||
2 | File | `/admin.back` | Medium
|
||||
3 | File | `/admin/customers.php?page=1&cID` | High
|
||||
4 | File | `/admin/link/link_ok.php` | High
|
||||
5 | File | `/admin/show.php` | High
|
||||
6 | File | `/administrator/components/menu/` | High
|
||||
1 | File | `/admin.back` | Medium
|
||||
2 | File | `/admin/customers.php?page=1&cID` | High
|
||||
3 | File | `/admin/link/link_ok.php` | High
|
||||
4 | File | `/admin/show.php` | High
|
||||
5 | File | `/administrator/components/menu/` | High
|
||||
6 | File | `/app/register.php` | High
|
||||
7 | File | `/controller/CommentAdminController.java` | High
|
||||
8 | File | `/data/sqldata` | High
|
||||
9 | File | `/feedback/post/` | High
|
||||
10 | File | `/goform/change_password_process` | High
|
||||
11 | File | `/goform/edit_opt` | High
|
||||
12 | File | `/goform/SetPptpServerCfg` | High
|
||||
13 | File | `/hdf5/src/H5Fint.c` | High
|
||||
14 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
|
||||
15 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
16 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
|
||||
17 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
|
||||
18 | File | `/setting/NTPSyncWithHost` | High
|
||||
19 | File | `/src/njs_object.c` | High
|
||||
20 | File | `/template/unzip.do` | High
|
||||
21 | File | `/u8sl/WebHelp` | High
|
||||
22 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
23 | File | `AccountManagerService.java` | High
|
||||
24 | File | `account_sponsor_page.php` | High
|
||||
25 | File | `act.php` | Low
|
||||
10 | File | `/goform/SetPptpServerCfg` | High
|
||||
11 | File | `/hdf5/src/H5Fint.c` | High
|
||||
12 | File | `/index.php?page=reserve` | High
|
||||
13 | File | `/jeecg-boot/sys/user/queryUserByDepId` | High
|
||||
14 | File | `/jerry-core/ecma/base/ecma-literal-storage.c` | High
|
||||
15 | File | `/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c` | High
|
||||
16 | File | `/jerry-core/ecma/operations/ecma-objects.c` | High
|
||||
17 | File | `/public/launchNewWindow.jsp` | High
|
||||
18 | File | `/purchase_order/admin/?page=user` | High
|
||||
19 | File | `/reps/admin/?page=agents/manage_agent` | High
|
||||
20 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
21 | File | `/scas/classes/Users.php?f=save_user` | High
|
||||
22 | File | `/servlets/Jmx_dynamic` | High
|
||||
23 | File | `/setting/NTPSyncWithHost` | High
|
||||
24 | File | `/src/njs_object.c` | High
|
||||
25 | File | `/template/unzip.do` | High
|
||||
26 | ... | ... | ...
|
||||
|
||||
There are 216 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 214 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -107,7 +107,7 @@ ID | Type | Indicator | Confidence
|
|||
57 | File | `default.asp` | Medium
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 509 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 510 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -33,9 +33,10 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
10 | [49.12.80.38](https://vuldb.com/?ip.49.12.80.38) | static.38.80.12.49.clients.your-server.de | - | High
|
||||
11 | [49.12.80.40](https://vuldb.com/?ip.49.12.80.40) | static.40.80.12.49.clients.your-server.de | - | High
|
||||
12 | [50.19.96.218](https://vuldb.com/?ip.50.19.96.218) | ec2-50-19-96-218.compute-1.amazonaws.com | - | Medium
|
||||
13 | ... | ... | ... | ...
|
||||
13 | [50.19.252.36](https://vuldb.com/?ip.50.19.252.36) | ec2-50-19-252-36.compute-1.amazonaws.com | - | Medium
|
||||
14 | ... | ... | ... | ...
|
||||
|
||||
There are 48 more IOC items available. Please use our online service to access the data.
|
||||
There are 52 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -73,40 +74,42 @@ ID | Type | Indicator | Confidence
|
|||
15 | File | `123flashchat.php` | High
|
||||
16 | File | `action.php` | Medium
|
||||
17 | File | `Active Browser Profile` | High
|
||||
18 | File | `adb/adb_client.c` | High
|
||||
19 | File | `addons/mod_media/body.php` | High
|
||||
20 | File | `admin.php` | Medium
|
||||
21 | File | `admin/profile_settings_net.html` | High
|
||||
22 | File | `af.cgi/alienform.cgi` | High
|
||||
23 | File | `af_netlink.c` | Medium
|
||||
24 | File | `aide.php3` | Medium
|
||||
25 | File | `aim/icq` | Low
|
||||
26 | File | `ajax.php` | Medium
|
||||
27 | File | `akocomment.php` | High
|
||||
28 | File | `album.php` | Medium
|
||||
29 | File | `allmanageup.pl` | High
|
||||
30 | File | `apache2/modsecurity.c` | High
|
||||
31 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
32 | File | `attachment_send.php` | High
|
||||
33 | File | `b2edit.showposts.php` | High
|
||||
34 | File | `bar.phtml` | Medium
|
||||
35 | File | `bitmap/bdfread.c` | High
|
||||
36 | File | `cadastro_usuario.php` | High
|
||||
37 | File | `cartman.php` | Medium
|
||||
38 | File | `cdf.c` | Low
|
||||
39 | File | `cgi-bin/module/sysmanager/admin/SYSAdminUserDialog` | High
|
||||
40 | File | `cgi/actions.py` | High
|
||||
41 | File | `cgiproc` | Low
|
||||
42 | File | `classifieds.cgi` | High
|
||||
43 | File | `cmd.php` | Low
|
||||
44 | ... | ... | ...
|
||||
18 | File | `addons/mod_media/body.php` | High
|
||||
19 | File | `admin.php` | Medium
|
||||
20 | File | `admin/profile_settings_net.html` | High
|
||||
21 | File | `af.cgi/alienform.cgi` | High
|
||||
22 | File | `af_netlink.c` | Medium
|
||||
23 | File | `aide.php3` | Medium
|
||||
24 | File | `aim/icq` | Low
|
||||
25 | File | `ajax.php` | Medium
|
||||
26 | File | `akocomment.php` | High
|
||||
27 | File | `album.php` | Medium
|
||||
28 | File | `allmanageup.pl` | High
|
||||
29 | File | `apache2/modsecurity.c` | High
|
||||
30 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
31 | File | `attachment_send.php` | High
|
||||
32 | File | `b2edit.showposts.php` | High
|
||||
33 | File | `bar.phtml` | Medium
|
||||
34 | File | `bitmap/bdfread.c` | High
|
||||
35 | File | `cadastro_usuario.php` | High
|
||||
36 | File | `cartman.php` | Medium
|
||||
37 | File | `cdf.c` | Low
|
||||
38 | File | `cgi-bin/module/sysmanager/admin/SYSAdminUserDialog` | High
|
||||
39 | File | `cgi/actions.py` | High
|
||||
40 | File | `cgiproc` | Low
|
||||
41 | File | `classifieds.cgi` | High
|
||||
42 | File | `cmd.php` | Low
|
||||
43 | File | `colors.py` | Medium
|
||||
44 | File | `com.evernote_preferences.xml` | High
|
||||
45 | ... | ... | ...
|
||||
|
||||
There are 385 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 388 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0914-0921.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html
|
||||
* https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.html
|
||||
|
@ -116,6 +119,8 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0611-0617.html
|
||||
* https://blog.talosintelligence.com/2021/06/threat-roundup-0617-0624.html
|
||||
* https://isc.sans.edu/forums/diary/CoinMiners+searching+for+hosts/24364/
|
||||
* https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/ https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
|
||||
* https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
|
@ -61,63 +61,63 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/assets/ctx` | Medium
|
||||
4 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
5 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
6 | File | `/config/getuser` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/ext/phar/phar_object.c` | High
|
||||
9 | File | `/filemanager/php/connector.php` | High
|
||||
10 | File | `/get_getnetworkconf.cgi` | High
|
||||
11 | File | `/HNAP1` | Low
|
||||
12 | File | `/include/chart_generator.php` | High
|
||||
13 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
14 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
15 | File | `/modx/manager/index.php` | High
|
||||
16 | File | `/osm/REGISTER.cmd` | High
|
||||
17 | File | `/product_list.php` | High
|
||||
18 | File | `/replication` | Medium
|
||||
19 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
20 | File | `/supervisor/procesa_carga.php` | High
|
||||
21 | File | `/type.php` | Medium
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/usr/bin/pkexec` | High
|
||||
24 | File | `/zm/index.php` | High
|
||||
25 | File | `4.2.0.CP09` | Medium
|
||||
26 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
27 | File | `802dot1xclientcert.cgi` | High
|
||||
28 | File | `add.exe` | Low
|
||||
29 | File | `addentry.php` | Medium
|
||||
30 | File | `admin-ajax.php` | High
|
||||
31 | File | `admin.color.php` | High
|
||||
32 | File | `admin.cropcanvas.php` | High
|
||||
33 | File | `admin.joomlaradiov5.php` | High
|
||||
34 | File | `admin.php` | Medium
|
||||
35 | File | `admin.php?m=Food&a=addsave` | High
|
||||
36 | File | `admin/conf_users_edit.php` | High
|
||||
37 | File | `admin/index.php` | High
|
||||
38 | File | `admin/user.php` | High
|
||||
39 | File | `admin/write-post.php` | High
|
||||
40 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
41 | File | `admin_events.php` | High
|
||||
42 | File | `ajax_new_account.php` | High
|
||||
43 | File | `akocomments.php` | High
|
||||
44 | File | `allopass-error.php` | High
|
||||
45 | File | `announcement.php` | High
|
||||
46 | File | `app.php` | Low
|
||||
47 | File | `apply.cgi` | Medium
|
||||
48 | File | `archiver\index.php` | High
|
||||
49 | File | `artlinks.dispnew.php` | High
|
||||
50 | File | `auth.inc.php` | Medium
|
||||
51 | File | `authorization.do` | High
|
||||
52 | File | `awstats.pl` | Medium
|
||||
53 | File | `backoffice/login.asp` | High
|
||||
54 | File | `bb_usage_stats.php` | High
|
||||
55 | File | `binder.c` | Medium
|
||||
56 | File | `books.php` | Medium
|
||||
57 | File | `C:\Python27` | Medium
|
||||
4 | File | `/bsms/?page=products` | High
|
||||
5 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
6 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
7 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
8 | File | `/config/getuser` | High
|
||||
9 | File | `/debug/pprof` | Medium
|
||||
10 | File | `/ext/phar/phar_object.c` | High
|
||||
11 | File | `/filemanager/php/connector.php` | High
|
||||
12 | File | `/get_getnetworkconf.cgi` | High
|
||||
13 | File | `/HNAP1` | Low
|
||||
14 | File | `/include/chart_generator.php` | High
|
||||
15 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
16 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
17 | File | `/modx/manager/index.php` | High
|
||||
18 | File | `/osm/REGISTER.cmd` | High
|
||||
19 | File | `/product_list.php` | High
|
||||
20 | File | `/replication` | Medium
|
||||
21 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
22 | File | `/supervisor/procesa_carga.php` | High
|
||||
23 | File | `/type.php` | Medium
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/bin/pkexec` | High
|
||||
26 | File | `/zm/index.php` | High
|
||||
27 | File | `4.2.0.CP09` | Medium
|
||||
28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
29 | File | `802dot1xclientcert.cgi` | High
|
||||
30 | File | `add.exe` | Low
|
||||
31 | File | `admin-ajax.php` | High
|
||||
32 | File | `admin.color.php` | High
|
||||
33 | File | `admin.cropcanvas.php` | High
|
||||
34 | File | `admin.joomlaradiov5.php` | High
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin.php?m=Food&a=addsave` | High
|
||||
37 | File | `admin/conf_users_edit.php` | High
|
||||
38 | File | `admin/index.php` | High
|
||||
39 | File | `admin/user.php` | High
|
||||
40 | File | `admin/write-post.php` | High
|
||||
41 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
42 | File | `admin_events.php` | High
|
||||
43 | File | `ajax_new_account.php` | High
|
||||
44 | File | `akocomments.php` | High
|
||||
45 | File | `allopass-error.php` | High
|
||||
46 | File | `announcement.php` | High
|
||||
47 | File | `app.php` | Low
|
||||
48 | File | `apply.cgi` | Medium
|
||||
49 | File | `archiver\index.php` | High
|
||||
50 | File | `artlinks.dispnew.php` | High
|
||||
51 | File | `auth.inc.php` | Medium
|
||||
52 | File | `authorization.do` | High
|
||||
53 | File | `bb_usage_stats.php` | High
|
||||
54 | File | `binder.c` | Medium
|
||||
55 | File | `books.php` | Medium
|
||||
56 | File | `C:\Python27` | Medium
|
||||
57 | File | `C:\Windows\System32\config\SAM` | High
|
||||
58 | ... | ... | ...
|
||||
|
||||
There are 511 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 502 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -16,10 +16,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* ...
|
||||
|
||||
There are 31 more country items available. Please use our online service to access the data.
|
||||
There are 33 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -79,7 +79,7 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
50 | [45.153.240.191](https://vuldb.com/?ip.45.153.240.191) | - | - | High
|
||||
51 | ... | ... | ... | ...
|
||||
|
||||
There are 200 more IOC items available. Please use our online service to access the data.
|
||||
There are 202 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -102,48 +102,47 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\Razer\Synapse3\Service\bin` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/../../conf/template/uhttpd.json` | High
|
||||
3 | File | `/admin/contenttemp` | High
|
||||
4 | File | `/admin/modules/system/custom_field.php` | High
|
||||
5 | File | `/bin/boa` | Medium
|
||||
6 | File | `/cgi-bin/wapopen` | High
|
||||
7 | File | `/cgi-mod/lookup.cgi` | High
|
||||
8 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
9 | File | `/etc/sudoers` | Medium
|
||||
10 | File | `/export` | Low
|
||||
11 | File | `/iissamples` | Medium
|
||||
12 | File | `/login` | Low
|
||||
13 | File | `/modules/profile/index.php` | High
|
||||
14 | File | `/monitoring` | Medium
|
||||
15 | File | `/new` | Low
|
||||
16 | File | `/proc/<pid>/status` | High
|
||||
17 | File | `/public/plugins/` | High
|
||||
18 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/show_news.php` | High
|
||||
21 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/usr/bin/pkexec` | High
|
||||
25 | File | `/usr/sbin/suexec` | High
|
||||
26 | File | `/WEB-INF/web.xml` | High
|
||||
27 | File | `/wp-admin/admin-ajax.php` | High
|
||||
28 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
29 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
30 | File | `AccountManagerService.java` | High
|
||||
31 | File | `actions/CompanyDetailsSave.php` | High
|
||||
32 | File | `ActivityManagerService.java` | High
|
||||
33 | File | `adclick.php` | Medium
|
||||
34 | File | `admin.php` | Medium
|
||||
35 | File | `admin.php?page=languages` | High
|
||||
36 | File | `admin/add-glossary.php` | High
|
||||
37 | File | `admin/admin.php` | High
|
||||
38 | File | `admin/conf_users_edit.php` | High
|
||||
39 | File | `admin/edit-comments.php` | High
|
||||
40 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
41 | File | `admin\db\DoSql.php` | High
|
||||
42 | ... | ... | ...
|
||||
5 | File | `/api/crontab` | Medium
|
||||
6 | File | `/bin/boa` | Medium
|
||||
7 | File | `/cgi-bin/wapopen` | High
|
||||
8 | File | `/cgi-mod/lookup.cgi` | High
|
||||
9 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
10 | File | `/etc/sudoers` | Medium
|
||||
11 | File | `/export` | Low
|
||||
12 | File | `/iissamples` | Medium
|
||||
13 | File | `/login` | Low
|
||||
14 | File | `/modules/profile/index.php` | High
|
||||
15 | File | `/monitoring` | Medium
|
||||
16 | File | `/new` | Low
|
||||
17 | File | `/nova/bin/console` | High
|
||||
18 | File | `/proc/<pid>/status` | High
|
||||
19 | File | `/public/plugins/` | High
|
||||
20 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
21 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
22 | File | `/show_news.php` | High
|
||||
23 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
24 | File | `/tmp` | Low
|
||||
25 | File | `/uncpath/` | Medium
|
||||
26 | File | `/usr/bin/pkexec` | High
|
||||
27 | File | `/usr/sbin/suexec` | High
|
||||
28 | File | `/WEB-INF/web.xml` | High
|
||||
29 | File | `/wp-admin/admin-ajax.php` | High
|
||||
30 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `AccountManagerService.java` | High
|
||||
33 | File | `actions/CompanyDetailsSave.php` | High
|
||||
34 | File | `ActivityManagerService.java` | High
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin.php?page=languages` | High
|
||||
37 | File | `admin/add-glossary.php` | High
|
||||
38 | File | `admin/admin.php` | High
|
||||
39 | File | `admin/conf_users_edit.php` | High
|
||||
40 | File | `admin/edit-comments.php` | High
|
||||
41 | ... | ... | ...
|
||||
|
||||
There are 363 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 357 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -152,6 +151,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://ddanchev.blogspot.com/2022/02/exposing-conti-ransomware-gang-osint_28.html
|
||||
* https://github.com/sophoslabs/IoCs/blob/master/Ransomware-Conti.csv
|
||||
* https://therecord.media/disgruntled-ransomware-affiliate-leaks-the-conti-gangs-technical-manuals/
|
||||
* https://twitter.com/cherryblond83/status/1498133186316062724
|
||||
* https://twitter.com/vxunderground/status/1414809517993435139
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -44,13 +44,13 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/cgi-bin/supervisor/PwdGrp.cgi` | High
|
||||
2 | File | `/Items/*/RemoteImages/Download` | High
|
||||
3 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
|
||||
4 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
5 | File | `adclick.php` | Medium
|
||||
2 | File | `/filemanager/ajax_calls.php` | High
|
||||
3 | File | `/Items/*/RemoteImages/Download` | High
|
||||
4 | File | `/restapi/v1/certificates/FFM-SSLInspect` | High
|
||||
5 | File | `/usr/local/WowzaStreamingEngine/bin/` | High
|
||||
6 | ... | ... | ...
|
||||
|
||||
There are 36 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 37 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
# Cwsp - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cwsp](https://vuldb.com/?actor.cwsp). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cwsp](https://vuldb.com/?actor.cwsp)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Cwsp.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [208.91.197.13](https://vuldb.com/?ip.208.91.197.13) | - | - | High
|
||||
2 | [212.58.244.48](https://vuldb.com/?ip.212.58.244.48) | bbc-vip189.telhc.bbc.co.uk | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/11/threat-roundup-1019-1102.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,31 @@
|
|||
# Cybergate - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Cybergate](https://vuldb.com/?actor.cybergate). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.cybergate](https://vuldb.com/?actor.cybergate)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Cybergate.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [52.8.126.80](https://vuldb.com/?ip.52.8.126.80) | ec2-52-8-126-80.us-west-1.compute.amazonaws.com | - | Medium
|
||||
2 | [187.58.232.18](https://vuldb.com/?ip.187.58.232.18) | 187.58.232.18.static.host.gvt.net.br | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -50,15 +50,16 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/etc/passwd` | Medium
|
||||
2 | File | `AbstractController.php` | High
|
||||
3 | File | `ActBar.ocx` | Medium
|
||||
4 | File | `admin.comms.php` | High
|
||||
5 | File | `admin.php` | Medium
|
||||
6 | File | `admincp.php?app=user&do=save` | High
|
||||
7 | File | `ajax.php?type=../admin-panel/autoload&page=manage-users` | High
|
||||
8 | ... | ... | ...
|
||||
2 | File | `/tmp` | Low
|
||||
3 | File | `AbstractController.php` | High
|
||||
4 | File | `ActBar.ocx` | Medium
|
||||
5 | File | `admin.comms.php` | High
|
||||
6 | File | `admin.php` | Medium
|
||||
7 | File | `admincp.php?app=user&do=save` | High
|
||||
8 | File | `ajax.php?type=../admin-panel/autoload&page=manage-users` | High
|
||||
9 | ... | ... | ...
|
||||
|
||||
There are 60 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 62 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -50,13 +50,13 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `admin/conf_users_edit.php` | High
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `flow.php` | Medium
|
||||
4 | File | `goform/setUsbUnload` | High
|
||||
1 | File | `/language/lang` | High
|
||||
2 | File | `admin/conf_users_edit.php` | High
|
||||
3 | File | `data/gbconfiguration.dat` | High
|
||||
4 | File | `flow.php` | Medium
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 31 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,49 @@
|
|||
# DNSLock - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [DNSLock](https://vuldb.com/?actor.dnslock). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dnslock](https://vuldb.com/?actor.dnslock)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with DNSLock:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of DNSLock.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [18.220.249.233](https://vuldb.com/?ip.18.220.249.233) | ec2-18-220-249-233.us-east-2.compute.amazonaws.com | - | Medium
|
||||
2 | [52.77.199.193](https://vuldb.com/?ip.52.77.199.193) | ec2-52-77-199-193.ap-southeast-1.compute.amazonaws.com | - | Medium
|
||||
3 | [52.206.149.50](https://vuldb.com/?ip.52.206.149.50) | ec2-52-206-149-50.compute-1.amazonaws.com | - | Medium
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _DNSLock_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/02/threat-round-up-0209-0216.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -81,41 +81,40 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/09/business/upgrade/upcfgAction.php?download=true` | High
|
||||
3 | File | `/admin-panel1.php` | High
|
||||
4 | File | `/ad_js.php` | Medium
|
||||
5 | File | `/alerts/alertConfigField.php` | High
|
||||
6 | File | `/api/email_accounts` | High
|
||||
7 | File | `/API/system/admins/session` | High
|
||||
8 | File | `/cgi-bin/ExportALLSettings.sh` | High
|
||||
9 | File | `/config/config.php` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/customers/index.php` | High
|
||||
12 | File | `/DataHandler/AM/AM_Handler.ashx` | High
|
||||
13 | File | `/DataHandler/HandlerAlarmGroup.ashx` | High
|
||||
14 | File | `/DataHandler/HandlerEnergyType.ashx` | High
|
||||
15 | File | `/DataHandler/Handler_CFG.ashx` | High
|
||||
16 | File | `/ECT_Provider/` | High
|
||||
17 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
18 | File | `/fuel/index.php/fuel/pages/items` | High
|
||||
19 | File | `/goform/openSchedWifi` | High
|
||||
20 | File | `/goform/SetNetControlList` | High
|
||||
21 | File | `/image_zoom.php` | High
|
||||
22 | File | `/include/config.cache.php` | High
|
||||
23 | File | `/json/profile/removeStarAjax.do` | High
|
||||
24 | File | `/oauth/token/request` | High
|
||||
25 | File | `/plugin/ajax.php` | High
|
||||
26 | File | `/plugins/servlet/branchreview` | High
|
||||
27 | File | `/proc/ioports` | High
|
||||
28 | File | `/proc/self/exe` | High
|
||||
29 | File | `/public/plugins/` | High
|
||||
30 | File | `/rest/api/2/search` | High
|
||||
31 | File | `/rest/api/latest/groupuserpicker` | High
|
||||
32 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
33 | File | `/rom-0` | Low
|
||||
34 | File | `/tmp` | Low
|
||||
35 | File | `/tmp/connlicj.bin` | High
|
||||
36 | ... | ... | ...
|
||||
4 | File | `/admin/academic/studenview_left.php` | High
|
||||
5 | File | `/ad_js.php` | Medium
|
||||
6 | File | `/alerts/alertConfigField.php` | High
|
||||
7 | File | `/api/email_accounts` | High
|
||||
8 | File | `/API/system/admins/session` | High
|
||||
9 | File | `/cgi-bin/ExportALLSettings.sh` | High
|
||||
10 | File | `/config/config.php` | High
|
||||
11 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
12 | File | `/customers/index.php` | High
|
||||
13 | File | `/DataHandler/AM/AM_Handler.ashx` | High
|
||||
14 | File | `/DataHandler/HandlerAlarmGroup.ashx` | High
|
||||
15 | File | `/DataHandler/HandlerEnergyType.ashx` | High
|
||||
16 | File | `/DataHandler/Handler_CFG.ashx` | High
|
||||
17 | File | `/ECT_Provider/` | High
|
||||
18 | File | `/fuel/index.php/fuel/logs/items` | High
|
||||
19 | File | `/fuel/index.php/fuel/pages/items` | High
|
||||
20 | File | `/goform/openSchedWifi` | High
|
||||
21 | File | `/goform/SetNetControlList` | High
|
||||
22 | File | `/image_zoom.php` | High
|
||||
23 | File | `/include/config.cache.php` | High
|
||||
24 | File | `/json/profile/removeStarAjax.do` | High
|
||||
25 | File | `/oauth/token/request` | High
|
||||
26 | File | `/plugin/ajax.php` | High
|
||||
27 | File | `/plugins/servlet/branchreview` | High
|
||||
28 | File | `/proc/ioports` | High
|
||||
29 | File | `/proc/self/exe` | High
|
||||
30 | File | `/public/plugins/` | High
|
||||
31 | File | `/rest/api/2/search` | High
|
||||
32 | File | `/rest/api/latest/groupuserpicker` | High
|
||||
33 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
34 | File | `/rom-0` | Low
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 306 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 304 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -59,16 +59,16 @@ ID | Type | Indicator | Confidence
|
|||
6 | File | `/GetSimpleCMS-3.3.15/admin/log.php` | High
|
||||
7 | File | `/lms/admin.php` | High
|
||||
8 | File | `/redpass.cgi` | Medium
|
||||
9 | File | `/uncpath/` | Medium
|
||||
10 | File | `add-category.php` | High
|
||||
11 | File | `add_comment.php` | High
|
||||
12 | File | `admin.php` | Medium
|
||||
13 | File | `admin/admin.shtml` | High
|
||||
14 | File | `admin/content.php` | High
|
||||
15 | File | `admin/user.php?form=update_f&user_name` | High
|
||||
9 | File | `/secure/admin/ImporterFinishedPage.jspa` | High
|
||||
10 | File | `/uncpath/` | Medium
|
||||
11 | File | `add-category.php` | High
|
||||
12 | File | `add_comment.php` | High
|
||||
13 | File | `admin.php` | Medium
|
||||
14 | File | `admin/admin.shtml` | High
|
||||
15 | File | `admin/content.php` | High
|
||||
16 | ... | ... | ...
|
||||
|
||||
There are 130 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 131 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -52,9 +52,10 @@ ID | Type | Indicator | Confidence
|
|||
3 | File | `application/modules/admin/views/ecommerce/products.php` | High
|
||||
4 | File | `apply.cgi` | Medium
|
||||
5 | File | `base/ErrorHandler.php` | High
|
||||
6 | ... | ... | ...
|
||||
6 | File | `blog.php` | Medium
|
||||
7 | ... | ... | ...
|
||||
|
||||
There are 42 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 44 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -4,18 +4,64 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.darkkomet](https://vuldb.com/?actor.darkkomet)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Darkkomet:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Darkkomet.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [209.99.40.222](https://vuldb.com/?ip.209.99.40.222) | 209-99-40-222.fwd.datafoundry.com | - | High
|
||||
1 | [12.167.151.119](https://vuldb.com/?ip.12.167.151.119) | - | - | High
|
||||
2 | [41.58.102.142](https://vuldb.com/?ip.41.58.102.142) | - | - | High
|
||||
3 | [41.58.104.23](https://vuldb.com/?ip.41.58.104.23) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Darkkomet_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Darkkomet. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/SCRIPTPATH/index.php` | High
|
||||
2 | File | `auth-gss2.c` | Medium
|
||||
3 | File | `category.cfm` | Medium
|
||||
4 | File | `cgi-bin/MANGA/admin.cgi` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2015/07/ding-your-rat-has-been-delivered.html
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
|
||||
* https://blog.talosintelligence.com/2019/05/threat-roundup-0503-0510.html
|
||||
* https://blog.talosintelligence.com/2021/12/threat-roundup-1126-1203.html
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Daws - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Daws](https://vuldb.com/?actor.daws). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.daws](https://vuldb.com/?actor.daws)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Daws.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [157.122.62.205](https://vuldb.com/?ip.157.122.62.205) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/07/threat-roundup-0706-0713.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Dbel - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dbel](https://vuldb.com/?actor.dbel). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dbel](https://vuldb.com/?actor.dbel)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dbel.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [13.32.81.92](https://vuldb.com/?ip.13.32.81.92) | server-13-32-81-92.mia3.r.cloudfront.net | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/07/threat-roundup-0706-0713.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -4,12 +4,19 @@ These _indicators_ were reported, collected, and generated during the [VulDB CTI
|
|||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.deep_panda](https://vuldb.com/?actor.deep_panda)
|
||||
|
||||
## Campaigns
|
||||
|
||||
The following _campaigns_ are known and can be associated with Deep Panda:
|
||||
|
||||
* Log4Shell
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Deep Panda:
|
||||
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [DZ](https://vuldb.com/?country.dz)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -18,11 +25,11 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [1.9.5.38](https://vuldb.com/?ip.1.9.5.38) | - | - | High
|
||||
2 | [142.91.76.134](https://vuldb.com/?ip.142.91.76.134) | mx3.29v.info | - | High
|
||||
3 | [184.71.210.4](https://vuldb.com/?ip.184.71.210.4) | - | - | High
|
||||
2 | [104.223.34.198](https://vuldb.com/?ip.104.223.34.198) | 104.223.34.198.static.quadranet.com | Log4Shell | High
|
||||
3 | [142.91.76.134](https://vuldb.com/?ip.142.91.76.134) | mx3.29v.info | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more IOC items available. Please use our online service to access the data.
|
||||
There are 5 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -30,8 +37,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1222 | CWE-275 | Permission Issues | High
|
||||
1 | T1059.007 | CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1222 | CWE-275 | Permission Issues | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -39,18 +50,19 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `fs/aio.c` | Medium
|
||||
2 | File | `index.php?mod=main&opt=personal` | High
|
||||
3 | File | `pkg/tool/path.go` | High
|
||||
1 | File | `/etc/sudoers` | Medium
|
||||
2 | File | `data/gbconfiguration.dat` | High
|
||||
3 | File | `fs/aio.c` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 15 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://threatconnect.com/blog/the-anthem-hack-all-roads-lead-to-china/
|
||||
* https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits
|
||||
* https://www.rsa.com/content/dam/en/white-paper/rsa-incident-response-emerging-threat-profile-shell-crew.pdf
|
||||
* https://www.threatminer.org/report.php?q=AdversaryIntelligenceReport_DeepPanda_01.pdf&y=2014
|
||||
* https://www.threatminer.org/report.php?q=DEEP_PANDA_Sakula.pdf&y=2014
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# Delf - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Delf](https://vuldb.com/?actor.delf). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.delf](https://vuldb.com/?actor.delf)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Delf:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Delf.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [50.63.202.36](https://vuldb.com/?ip.50.63.202.36) | ip-50-63-202-36.ip.secureserver.net | - | High
|
||||
2 | [52.5.103.164](https://vuldb.com/?ip.52.5.103.164) | ec2-52-5-103-164.compute-1.amazonaws.com | - | Medium
|
||||
3 | [54.80.160.147](https://vuldb.com/?ip.54.80.160.147) | ec2-54-80-160-147.compute-1.amazonaws.com | - | Medium
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Delf_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Delf. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `admin.php` | Medium
|
||||
2 | File | `api_poller.php` | High
|
||||
3 | Argument | `Business Name/Tax Code/First Name/Address/Town/Phone/Mobile/Place of Birth/Web Site/VAT Number/Last Name/Fax/Email/Skype` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 4 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/06/threat-roundup-0622-0629.html
|
||||
* https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Demp - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Demp](https://vuldb.com/?actor.demp). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.demp](https://vuldb.com/?actor.demp)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Demp.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [203.78.107.112](https://vuldb.com/?ip.203.78.107.112) | netway31.netway.co.th | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/10/threat-roundup-1005-1012.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,61 @@
|
|||
# Denonia - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Denonia](https://vuldb.com/?actor.denonia). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.denonia](https://vuldb.com/?actor.denonia)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Denonia:
|
||||
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Denonia.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [116.203.4.0](https://vuldb.com/?ip.116.203.4.0) | static.0.4.203.116.clients.your-server.de | - | High
|
||||
2 | [148.251.77.55](https://vuldb.com/?ip.148.251.77.55) | node1.mlgw.ifup.sh | - | High
|
||||
3 | [162.55.241.99](https://vuldb.com/?ip.162.55.241.99) | 1.gw.denonia.xyz | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Denonia_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1552 | CWE-522 | Unprotected Storage of Credentials | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Denonia. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `admin/add_user/UID` | High
|
||||
2 | File | `admin/list_user` | High
|
||||
3 | File | `adminuseredit.php?usertoedit=XSS` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 10 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,62 @@
|
|||
# Dfni - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dfni](https://vuldb.com/?actor.dfni). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dfni](https://vuldb.com/?actor.dfni)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dfni:
|
||||
|
||||
* [UA](https://vuldb.com/?country.ua)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dfni.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.149.248.134](https://vuldb.com/?ip.5.149.248.134) | - | - | High
|
||||
2 | [195.201.249.16](https://vuldb.com/?ip.195.201.249.16) | static.16.249.201.195.clients.your-server.de | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dfni_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1552 | CWE-522 | Unprotected Storage of Credentials | High
|
||||
3 | T1600 | CWE-310 | Cryptographic Issues | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dfni. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `FlexCell.ocx` | Medium
|
||||
2 | File | `photo-gallery.php` | High
|
||||
3 | File | `wp-admin/profile.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 5 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/10/threat-roundup-1012-1019.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,46 @@
|
|||
# Dgbv - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dgbv](https://vuldb.com/?actor.dgbv). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dgbv](https://vuldb.com/?actor.dgbv)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dgbv:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dgbv.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.122.138.6](https://vuldb.com/?ip.45.122.138.6) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dgbv_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1068 | CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1211 | CWE-254 | 7PK Security Features | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/10/threat-roundup-1005-1012.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,46 @@
|
|||
# Dijo - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dijo](https://vuldb.com/?actor.dijo). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dijo](https://vuldb.com/?actor.dijo)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dijo:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dijo.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [95.181.198.115](https://vuldb.com/?ip.95.181.198.115) | - | - | High
|
||||
2 | [192.162.244.171](https://vuldb.com/?ip.192.162.244.171) | free.datacheap.ru | - | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dijo. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `data/gbconfiguration.dat` | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/11/threat-roundup-1109-1116.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,66 @@
|
|||
# Dkvn - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dkvn](https://vuldb.com/?actor.dkvn). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dkvn](https://vuldb.com/?actor.dkvn)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dkvn:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [AU](https://vuldb.com/?country.au)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dkvn.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [45.40.183.1](https://vuldb.com/?ip.45.40.183.1) | ip-45-40-183-1.ip.secureserver.net | - | High
|
||||
2 | [66.198.240.4](https://vuldb.com/?ip.66.198.240.4) | ssr14.supercp.com | - | High
|
||||
3 | [103.18.109.178](https://vuldb.com/?ip.103.18.109.178) | s7.cpcloud.com.au | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 2 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dkvn_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Dkvn. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
|
||||
2 | File | `/etc/master.passwd` | High
|
||||
3 | File | `/etc/passwd` | Medium
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 27 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/12/threat-roundup-1207-1214.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -81,23 +81,23 @@ ID | Type | Indicator | Confidence
|
|||
18 | File | `/var/www/xms/cleanzip.sh` | High
|
||||
19 | File | `/web/jquery/uploader/multi_uploadify.php` | High
|
||||
20 | File | `/wp-admin/admin-ajax.php` | High
|
||||
21 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
22 | File | `about.php` | Medium
|
||||
23 | File | `adclick.php` | Medium
|
||||
24 | File | `addentry.php` | Medium
|
||||
25 | File | `add_vhost.php` | High
|
||||
26 | File | `admin/conf_users_edit.php` | High
|
||||
27 | File | `admin/default.asp` | High
|
||||
28 | File | `admin/media/rename.php` | High
|
||||
29 | File | `admin/user.php` | High
|
||||
30 | File | `advanced_component_system/index.php` | High
|
||||
31 | File | `agent.cfg` | Medium
|
||||
32 | File | `ajax/render/widget_php` | High
|
||||
33 | File | `ampie.swf` | Medium
|
||||
34 | File | `announcements.php` | High
|
||||
21 | File | `/wp-content/plugins/woocommerce/templates/emails/plain/` | High
|
||||
22 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
23 | File | `about.php` | Medium
|
||||
24 | File | `adclick.php` | Medium
|
||||
25 | File | `addentry.php` | Medium
|
||||
26 | File | `add_vhost.php` | High
|
||||
27 | File | `admin/conf_users_edit.php` | High
|
||||
28 | File | `admin/default.asp` | High
|
||||
29 | File | `admin/media/rename.php` | High
|
||||
30 | File | `admin/user.php` | High
|
||||
31 | File | `advanced_component_system/index.php` | High
|
||||
32 | File | `agent.cfg` | Medium
|
||||
33 | File | `ajax/render/widget_php` | High
|
||||
34 | File | `ampie.swf` | Medium
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 298 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 301 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,46 @@
|
|||
# Dotdo - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dotdo](https://vuldb.com/?actor.dotdo). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dotdo](https://vuldb.com/?actor.dotdo)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Dotdo:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dotdo.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [34.202.10.177](https://vuldb.com/?ip.34.202.10.177) | ec2-34-202-10-177.compute-1.amazonaws.com | - | Medium
|
||||
2 | [52.205.106.49](https://vuldb.com/?ip.52.205.106.49) | ec2-52-205-106-49.compute-1.amazonaws.com | - | Medium
|
||||
3 | [198.54.117.200](https://vuldb.com/?ip.198.54.117.200) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Dotdo_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -66,50 +66,54 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
43 | [23.254.217.168](https://vuldb.com/?ip.23.254.217.168) | client-23-254-217-168.hostwindsdns.com | - | High
|
||||
44 | [23.254.247.5](https://vuldb.com/?ip.23.254.247.5) | hwsrv-936430.hostwindsdns.com | - | High
|
||||
45 | [23.254.247.55](https://vuldb.com/?ip.23.254.247.55) | client-23-254-247-55.hostwindsdns.com | - | High
|
||||
46 | [27.60.164.164](https://vuldb.com/?ip.27.60.164.164) | - | - | High
|
||||
47 | [31.14.41.212](https://vuldb.com/?ip.31.14.41.212) | a856-motor.variouloco.com | - | High
|
||||
48 | [31.14.41.213](https://vuldb.com/?ip.31.14.41.213) | gain-compress.variouloco.com | - | High
|
||||
49 | [31.14.41.214](https://vuldb.com/?ip.31.14.41.214) | a277-exist.variouloco.com | - | High
|
||||
50 | [31.14.41.215](https://vuldb.com/?ip.31.14.41.215) | dubaibuildings.com | - | High
|
||||
51 | [31.24.30.65](https://vuldb.com/?ip.31.24.30.65) | - | - | High
|
||||
52 | [31.42.177.51](https://vuldb.com/?ip.31.42.177.51) | antiques.managerpray.uk | - | High
|
||||
53 | [31.42.177.52](https://vuldb.com/?ip.31.42.177.52) | touch.managerpray.uk | - | High
|
||||
54 | [37.1.208.21](https://vuldb.com/?ip.37.1.208.21) | - | - | High
|
||||
55 | [37.1.215.144](https://vuldb.com/?ip.37.1.215.144) | - | - | High
|
||||
56 | [37.34.58.210](https://vuldb.com/?ip.37.34.58.210) | 37-34-58-210.colo.transip.net | - | High
|
||||
57 | [37.49.230.49](https://vuldb.com/?ip.37.49.230.49) | - | - | High
|
||||
58 | [37.59.52.64](https://vuldb.com/?ip.37.59.52.64) | ns3265174.ip-37-59-52.eu | - | High
|
||||
59 | [37.120.222.56](https://vuldb.com/?ip.37.120.222.56) | - | - | High
|
||||
60 | [37.120.239.185](https://vuldb.com/?ip.37.120.239.185) | - | - | High
|
||||
61 | [37.187.115.122](https://vuldb.com/?ip.37.187.115.122) | ns328855.ip-37-187-115.eu | - | High
|
||||
62 | [37.247.35.130](https://vuldb.com/?ip.37.247.35.130) | earthquake.kenic.nl | - | High
|
||||
63 | [40.122.160.14](https://vuldb.com/?ip.40.122.160.14) | - | - | High
|
||||
64 | [43.229.206.212](https://vuldb.com/?ip.43.229.206.212) | 212.subnet43-229-206.static.inet.net.id | - | High
|
||||
65 | [43.229.206.244](https://vuldb.com/?ip.43.229.206.244) | 244.subnet43-229-206.static.inet.net.id | - | High
|
||||
66 | [45.33.94.33](https://vuldb.com/?ip.45.33.94.33) | 45-33-94-33.ip.linodeusercontent.com | - | High
|
||||
67 | [45.55.134.126](https://vuldb.com/?ip.45.55.134.126) | - | - | High
|
||||
68 | [45.55.154.235](https://vuldb.com/?ip.45.55.154.235) | - | - | High
|
||||
69 | [45.58.56.12](https://vuldb.com/?ip.45.58.56.12) | - | - | High
|
||||
70 | [45.79.8.25](https://vuldb.com/?ip.45.79.8.25) | li1107-25.members.linode.com | - | High
|
||||
71 | [45.79.33.48](https://vuldb.com/?ip.45.79.33.48) | li1132-48.members.linode.com | - | High
|
||||
72 | [45.123.40.54](https://vuldb.com/?ip.45.123.40.54) | - | - | High
|
||||
73 | [45.153.241.113](https://vuldb.com/?ip.45.153.241.113) | - | - | High
|
||||
74 | [45.177.120.36](https://vuldb.com/?ip.45.177.120.36) | mail.netlimit.net.br | - | High
|
||||
75 | [46.4.232.200](https://vuldb.com/?ip.46.4.232.200) | static.200.232.4.46.clients.your-server.de | - | High
|
||||
76 | [46.36.217.227](https://vuldb.com/?ip.46.36.217.227) | - | - | High
|
||||
77 | [46.55.222.10](https://vuldb.com/?ip.46.55.222.10) | - | - | High
|
||||
78 | [46.101.90.205](https://vuldb.com/?ip.46.101.90.205) | - | - | High
|
||||
79 | [50.28.35.36](https://vuldb.com/?ip.50.28.35.36) | lprod03.ilsols.com | - | High
|
||||
80 | [51.38.124.206](https://vuldb.com/?ip.51.38.124.206) | 206.ip-51-38-124.eu | - | High
|
||||
81 | [51.77.82.110](https://vuldb.com/?ip.51.77.82.110) | web001.xwebsrv.de | - | High
|
||||
82 | [51.81.254.89](https://vuldb.com/?ip.51.81.254.89) | - | - | High
|
||||
83 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
84 | [51.91.156.39](https://vuldb.com/?ip.51.91.156.39) | 39.ip-51-91-156.eu | - | High
|
||||
85 | [51.178.161.32](https://vuldb.com/?ip.51.178.161.32) | srv-web.ffconsulting.com | - | High
|
||||
86 | [52.73.70.149](https://vuldb.com/?ip.52.73.70.149) | ec2-52-73-70-149.compute-1.amazonaws.com | - | Medium
|
||||
87 | ... | ... | ... | ...
|
||||
46 | [24.40.243.66](https://vuldb.com/?ip.24.40.243.66) | 24-40-243-66.fidnet.com | - | High
|
||||
47 | [27.60.164.164](https://vuldb.com/?ip.27.60.164.164) | - | - | High
|
||||
48 | [31.14.41.212](https://vuldb.com/?ip.31.14.41.212) | a856-motor.variouloco.com | - | High
|
||||
49 | [31.14.41.213](https://vuldb.com/?ip.31.14.41.213) | gain-compress.variouloco.com | - | High
|
||||
50 | [31.14.41.214](https://vuldb.com/?ip.31.14.41.214) | a277-exist.variouloco.com | - | High
|
||||
51 | [31.14.41.215](https://vuldb.com/?ip.31.14.41.215) | dubaibuildings.com | - | High
|
||||
52 | [31.24.30.65](https://vuldb.com/?ip.31.24.30.65) | - | - | High
|
||||
53 | [31.41.45.197](https://vuldb.com/?ip.31.41.45.197) | andrewhrenov.example.com | - | High
|
||||
54 | [31.42.177.51](https://vuldb.com/?ip.31.42.177.51) | antiques.managerpray.uk | - | High
|
||||
55 | [31.42.177.52](https://vuldb.com/?ip.31.42.177.52) | touch.managerpray.uk | - | High
|
||||
56 | [37.1.208.21](https://vuldb.com/?ip.37.1.208.21) | - | - | High
|
||||
57 | [37.1.215.144](https://vuldb.com/?ip.37.1.215.144) | - | - | High
|
||||
58 | [37.34.58.210](https://vuldb.com/?ip.37.34.58.210) | 37-34-58-210.colo.transip.net | - | High
|
||||
59 | [37.49.230.49](https://vuldb.com/?ip.37.49.230.49) | - | - | High
|
||||
60 | [37.59.52.64](https://vuldb.com/?ip.37.59.52.64) | ns3265174.ip-37-59-52.eu | - | High
|
||||
61 | [37.120.222.56](https://vuldb.com/?ip.37.120.222.56) | - | - | High
|
||||
62 | [37.120.239.185](https://vuldb.com/?ip.37.120.239.185) | - | - | High
|
||||
63 | [37.187.115.122](https://vuldb.com/?ip.37.187.115.122) | ns328855.ip-37-187-115.eu | - | High
|
||||
64 | [37.247.35.130](https://vuldb.com/?ip.37.247.35.130) | earthquake.kenic.nl | - | High
|
||||
65 | [40.122.160.14](https://vuldb.com/?ip.40.122.160.14) | - | - | High
|
||||
66 | [43.229.206.212](https://vuldb.com/?ip.43.229.206.212) | 212.subnet43-229-206.static.inet.net.id | - | High
|
||||
67 | [43.229.206.244](https://vuldb.com/?ip.43.229.206.244) | 244.subnet43-229-206.static.inet.net.id | - | High
|
||||
68 | [45.33.94.33](https://vuldb.com/?ip.45.33.94.33) | 45-33-94-33.ip.linodeusercontent.com | - | High
|
||||
69 | [45.55.134.126](https://vuldb.com/?ip.45.55.134.126) | - | - | High
|
||||
70 | [45.55.154.235](https://vuldb.com/?ip.45.55.154.235) | - | - | High
|
||||
71 | [45.58.56.12](https://vuldb.com/?ip.45.58.56.12) | - | - | High
|
||||
72 | [45.79.8.25](https://vuldb.com/?ip.45.79.8.25) | li1107-25.members.linode.com | - | High
|
||||
73 | [45.79.33.48](https://vuldb.com/?ip.45.79.33.48) | li1132-48.members.linode.com | - | High
|
||||
74 | [45.123.40.54](https://vuldb.com/?ip.45.123.40.54) | - | - | High
|
||||
75 | [45.153.241.113](https://vuldb.com/?ip.45.153.241.113) | - | - | High
|
||||
76 | [45.177.120.36](https://vuldb.com/?ip.45.177.120.36) | mail.netlimit.net.br | - | High
|
||||
77 | [46.4.232.200](https://vuldb.com/?ip.46.4.232.200) | static.200.232.4.46.clients.your-server.de | - | High
|
||||
78 | [46.36.217.227](https://vuldb.com/?ip.46.36.217.227) | - | - | High
|
||||
79 | [46.55.222.10](https://vuldb.com/?ip.46.55.222.10) | - | - | High
|
||||
80 | [46.101.90.205](https://vuldb.com/?ip.46.101.90.205) | - | - | High
|
||||
81 | [50.28.35.36](https://vuldb.com/?ip.50.28.35.36) | lprod03.ilsols.com | - | High
|
||||
82 | [51.38.124.206](https://vuldb.com/?ip.51.38.124.206) | 206.ip-51-38-124.eu | - | High
|
||||
83 | [51.77.82.110](https://vuldb.com/?ip.51.77.82.110) | web001.xwebsrv.de | - | High
|
||||
84 | [51.81.254.89](https://vuldb.com/?ip.51.81.254.89) | - | - | High
|
||||
85 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
86 | [51.91.156.39](https://vuldb.com/?ip.51.91.156.39) | 39.ip-51-91-156.eu | - | High
|
||||
87 | [51.178.161.32](https://vuldb.com/?ip.51.178.161.32) | srv-web.ffconsulting.com | - | High
|
||||
88 | [52.73.70.149](https://vuldb.com/?ip.52.73.70.149) | ec2-52-73-70-149.compute-1.amazonaws.com | - | Medium
|
||||
89 | [52.114.132.73](https://vuldb.com/?ip.52.114.132.73) | - | - | High
|
||||
90 | [54.38.143.246](https://vuldb.com/?ip.54.38.143.246) | ip246.ip-54-38-143.eu | - | High
|
||||
91 | ... | ... | ... | ...
|
||||
|
||||
There are 345 more IOC items available. Please use our online service to access the data.
|
||||
There are 362 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -168,12 +172,14 @@ ID | Type | Indicator | Confidence
|
|||
36 | File | `addlink.php` | Medium
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 320 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 319 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2015/04/threat-spotlight-spam-served-with-side.html
|
||||
* https://blog.talosintelligence.com/2019/06/threat-roundup-0614-0621.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0219-0226.html
|
||||
* https://blog.talosintelligence.com/2021/03/threat-roundup-0305-0312.html
|
||||
|
@ -196,9 +202,11 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://gist.githubusercontent.com/BBcan177/bf29d47ea04391cb3eb0/raw/
|
||||
* https://github.com/blackberry/threat-research-and-intelligence/blob/main/TA575-Dridex.csv
|
||||
* https://github.com/fl0x2208/IOCs-in-CSV-format/blob/6297513d672bd69f1bf488018035892e599e7a9c/Dridex_banking_trojan.xlsx
|
||||
* https://isc.sans.edu/forums/diary/Dridex+malspam+seen+on+Monday+20170410/22280/
|
||||
* https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/
|
||||
* https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+docs+pushing+Dridex/25042/
|
||||
* https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/
|
||||
* https://pastebin.com/0XNMhLP2
|
||||
* https://us-cert.cisa.gov/ncas/alerts/aa19-339a
|
||||
* https://vxug.fakedoma.in/archive/APTs/2021/2021.01.04(2)/Dridex.pdf
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Dvee - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Dvee](https://vuldb.com/?actor.dvee). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.dvee](https://vuldb.com/?actor.dvee)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Dvee.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [216.218.206.69](https://vuldb.com/?ip.216.218.206.69) | scan-08.shadowserver.org | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/04/threat-roundup-0412-0419.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,59 @@
|
|||
# East Asia Unknown - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [East Asia Unknown](https://vuldb.com/?actor.east_asia_unknown). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.east_asia_unknown](https://vuldb.com/?actor.east_asia_unknown)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with East Asia Unknown:
|
||||
|
||||
* [KR](https://vuldb.com/?country.kr)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of East Asia Unknown.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [52.84.186.239](https://vuldb.com/?ip.52.84.186.239) | server-52-84-186-239.cdg50.r.cloudfront.net | - | High
|
||||
2 | [61.106.60.47](https://vuldb.com/?ip.61.106.60.47) | - | - | High
|
||||
3 | [110.45.203.133](https://vuldb.com/?ip.110.45.203.133) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 4 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _East Asia Unknown_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by East Asia Unknown. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `single_blog.php` | High
|
||||
3 | Argument | `id` | Low
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/10/tracking-tick-through-recent-campaigns.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Ekstak - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ekstak](https://vuldb.com/?actor.ekstak). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ekstak](https://vuldb.com/?actor.ekstak)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ekstak.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [216.218.206.69](https://vuldb.com/?ip.216.218.206.69) | scan-08.shadowserver.org | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/03/threat-roundup-for-feb-22-to-march-1.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -10,10 +10,10 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [AM](https://vuldb.com/?country.am)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
There are 4 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -67,174 +67,182 @@ ID | IP address | Hostname | Campaign | Confidence
|
|||
44 | [24.40.239.62](https://vuldb.com/?ip.24.40.239.62) | 24-40-239-62.fidnet.com | - | High
|
||||
45 | [24.43.99.75](https://vuldb.com/?ip.24.43.99.75) | rrcs-24-43-99-75.west.biz.rr.com | - | High
|
||||
46 | [24.101.229.82](https://vuldb.com/?ip.24.101.229.82) | dynamic-acs-24-101-229-82.zoominternet.net | - | High
|
||||
47 | [24.119.116.230](https://vuldb.com/?ip.24.119.116.230) | 24-119-116-230.cpe.sparklight.net | - | High
|
||||
48 | [24.121.176.48](https://vuldb.com/?ip.24.121.176.48) | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | - | High
|
||||
49 | [24.137.76.62](https://vuldb.com/?ip.24.137.76.62) | host-24-137-76-62.public.eastlink.ca | - | High
|
||||
50 | [24.178.90.49](https://vuldb.com/?ip.24.178.90.49) | 024-178-090-049.res.spectrum.com | - | High
|
||||
51 | [24.179.13.119](https://vuldb.com/?ip.24.179.13.119) | 024-179-013-119.res.spectrum.com | - | High
|
||||
52 | [24.201.79.34](https://vuldb.com/?ip.24.201.79.34) | modemcable034.79-201-24.mc.videotron.ca | - | High
|
||||
53 | [24.217.117.217](https://vuldb.com/?ip.24.217.117.217) | 024-217-117-217.res.spectrum.com | - | High
|
||||
54 | [24.232.228.233](https://vuldb.com/?ip.24.232.228.233) | OL233-228.fibertel.com.ar | - | High
|
||||
55 | [24.244.177.40](https://vuldb.com/?ip.24.244.177.40) | - | - | High
|
||||
56 | [27.50.89.209](https://vuldb.com/?ip.27.50.89.209) | 27-50-89-209.as45671.net | - | High
|
||||
57 | [27.78.27.110](https://vuldb.com/?ip.27.78.27.110) | localhost | - | High
|
||||
58 | [27.82.13.10](https://vuldb.com/?ip.27.82.13.10) | KD027082013010.ppp-bb.dion.ne.jp | - | High
|
||||
59 | [27.109.24.214](https://vuldb.com/?ip.27.109.24.214) | - | - | High
|
||||
60 | [27.114.9.93](https://vuldb.com/?ip.27.114.9.93) | i27-114-9-93.s41.a011.ap.plala.or.jp | - | High
|
||||
61 | [31.24.158.56](https://vuldb.com/?ip.31.24.158.56) | bm.servidoresdedicados.com | - | High
|
||||
62 | [31.167.248.50](https://vuldb.com/?ip.31.167.248.50) | - | - | High
|
||||
63 | [35.190.87.116](https://vuldb.com/?ip.35.190.87.116) | 116.87.190.35.bc.googleusercontent.com | - | Medium
|
||||
64 | [36.91.44.183](https://vuldb.com/?ip.36.91.44.183) | - | - | High
|
||||
65 | [37.46.129.215](https://vuldb.com/?ip.37.46.129.215) | we-too.ru | - | High
|
||||
66 | [37.97.135.82](https://vuldb.com/?ip.37.97.135.82) | 37-97-135-82.colo.transip.net | - | High
|
||||
67 | [37.120.175.15](https://vuldb.com/?ip.37.120.175.15) | v220220112692175454.nicesrv.de | - | High
|
||||
68 | [37.139.21.175](https://vuldb.com/?ip.37.139.21.175) | 37.139.21.175-e2-8080-keep-up | - | High
|
||||
69 | [37.179.204.33](https://vuldb.com/?ip.37.179.204.33) | - | - | High
|
||||
70 | [37.187.4.178](https://vuldb.com/?ip.37.187.4.178) | ks2.kku.io | - | High
|
||||
71 | [37.187.57.57](https://vuldb.com/?ip.37.187.57.57) | ns3357940.ovh.net | - | High
|
||||
72 | [37.187.72.193](https://vuldb.com/?ip.37.187.72.193) | ns3362285.ip-37-187-72.eu | - | High
|
||||
73 | [37.187.161.206](https://vuldb.com/?ip.37.187.161.206) | toolbox.alabs.io | - | High
|
||||
74 | [37.205.9.252](https://vuldb.com/?ip.37.205.9.252) | s1.ithelp24.eu | - | High
|
||||
75 | [37.221.70.250](https://vuldb.com/?ip.37.221.70.250) | b2b-customer.inftele.net | - | High
|
||||
76 | [41.76.108.46](https://vuldb.com/?ip.41.76.108.46) | - | - | High
|
||||
77 | [41.169.36.237](https://vuldb.com/?ip.41.169.36.237) | - | - | High
|
||||
78 | [41.185.28.84](https://vuldb.com/?ip.41.185.28.84) | brf01-nix01.wadns.net | - | High
|
||||
79 | [41.185.29.128](https://vuldb.com/?ip.41.185.29.128) | abp79-nix01.wadns.net | - | High
|
||||
80 | [41.231.225.139](https://vuldb.com/?ip.41.231.225.139) | - | - | High
|
||||
81 | [42.62.40.103](https://vuldb.com/?ip.42.62.40.103) | - | - | High
|
||||
82 | [45.16.226.117](https://vuldb.com/?ip.45.16.226.117) | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | - | High
|
||||
83 | [45.33.77.42](https://vuldb.com/?ip.45.33.77.42) | li1023-42.members.linode.com | - | High
|
||||
84 | [45.46.37.97](https://vuldb.com/?ip.45.46.37.97) | cpe-45-46-37-97.maine.res.rr.com | - | High
|
||||
85 | [45.55.36.51](https://vuldb.com/?ip.45.55.36.51) | - | - | High
|
||||
86 | [45.55.219.163](https://vuldb.com/?ip.45.55.219.163) | - | - | High
|
||||
87 | [45.79.95.107](https://vuldb.com/?ip.45.79.95.107) | li1194-107.members.linode.com | - | High
|
||||
88 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
|
||||
89 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
|
||||
90 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
|
||||
91 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
|
||||
92 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
|
||||
93 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
|
||||
94 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
|
||||
95 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
|
||||
96 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
|
||||
97 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
|
||||
98 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
|
||||
99 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
|
||||
100 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
|
||||
101 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
|
||||
102 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
|
||||
103 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
|
||||
104 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
|
||||
105 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
|
||||
106 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
|
||||
107 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
|
||||
108 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
|
||||
109 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
|
||||
110 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
|
||||
111 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
|
||||
112 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
|
||||
113 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
|
||||
114 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
|
||||
115 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
|
||||
116 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
|
||||
117 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
|
||||
118 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
|
||||
119 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
|
||||
120 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
|
||||
121 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
|
||||
122 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
|
||||
123 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
|
||||
124 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
|
||||
125 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
|
||||
126 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
|
||||
127 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
|
||||
128 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
|
||||
129 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
|
||||
130 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
|
||||
131 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
|
||||
132 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
|
||||
133 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
|
||||
134 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
|
||||
135 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
|
||||
136 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
|
||||
137 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
|
||||
138 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
|
||||
139 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
|
||||
140 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
|
||||
141 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
|
||||
142 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
|
||||
143 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
|
||||
144 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
|
||||
145 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
146 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
|
||||
147 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
|
||||
148 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
|
||||
149 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
|
||||
150 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
151 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
|
||||
152 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
|
||||
153 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
|
||||
154 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
|
||||
155 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
|
||||
156 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
|
||||
157 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
|
||||
158 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
|
||||
159 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
|
||||
160 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
|
||||
161 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
|
||||
162 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
|
||||
163 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
|
||||
164 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
|
||||
165 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
|
||||
166 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
|
||||
167 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
|
||||
168 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
|
||||
169 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
|
||||
170 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
|
||||
171 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
|
||||
172 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
|
||||
173 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
|
||||
174 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
|
||||
175 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
|
||||
176 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
|
||||
177 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
|
||||
178 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
|
||||
179 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
|
||||
180 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
|
||||
181 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
|
||||
182 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
|
||||
183 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
|
||||
184 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
|
||||
185 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
|
||||
186 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
|
||||
187 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
|
||||
188 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
|
||||
189 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
|
||||
190 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
|
||||
191 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
|
||||
192 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
|
||||
193 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
|
||||
194 | [70.32.92.133](https://vuldb.com/?ip.70.32.92.133) | popdesigngroup.com | - | High
|
||||
195 | [70.32.115.157](https://vuldb.com/?ip.70.32.115.157) | harpotripofalifetime.com | - | High
|
||||
196 | [70.36.102.35](https://vuldb.com/?ip.70.36.102.35) | - | - | High
|
||||
197 | [70.45.30.28](https://vuldb.com/?ip.70.45.30.28) | dynamic.libertypr.net | - | High
|
||||
198 | [70.168.7.6](https://vuldb.com/?ip.70.168.7.6) | wsip-70-168-7-6.ri.ri.cox.net | - | High
|
||||
199 | [70.182.77.184](https://vuldb.com/?ip.70.182.77.184) | wsip-70-182-77-184.ok.ok.cox.net | - | High
|
||||
200 | [70.183.113.54](https://vuldb.com/?ip.70.183.113.54) | wsip-70-183-113-54.no.no.cox.net | - | High
|
||||
201 | [70.184.125.132](https://vuldb.com/?ip.70.184.125.132) | wsip-70-184-125-132.ph.ph.cox.net | - | High
|
||||
202 | [71.8.1.188](https://vuldb.com/?ip.71.8.1.188) | 071-008-001-188.res.spectrum.com | - | High
|
||||
203 | [71.15.245.148](https://vuldb.com/?ip.71.15.245.148) | 071-015-245-148.res.spectrum.com | - | High
|
||||
204 | [71.40.213.82](https://vuldb.com/?ip.71.40.213.82) | rrcs-71-40-213-82.sw.biz.rr.com | - | High
|
||||
205 | [71.58.165.119](https://vuldb.com/?ip.71.58.165.119) | c-71-58-165-119.hsd1.pa.comcast.net | - | High
|
||||
206 | [71.71.3.84](https://vuldb.com/?ip.71.71.3.84) | - | - | High
|
||||
207 | [71.163.171.106](https://vuldb.com/?ip.71.163.171.106) | static-71-163-171-106.washdc.fios.verizon.net | - | High
|
||||
208 | [71.165.252.144](https://vuldb.com/?ip.71.165.252.144) | static-71-165-252-144.lsanca.fios.frontiernet.net | - | High
|
||||
209 | [71.177.184.128](https://vuldb.com/?ip.71.177.184.128) | static-71-177-184-128.lsanca.fios.frontiernet.net | - | High
|
||||
210 | [71.197.211.156](https://vuldb.com/?ip.71.197.211.156) | c-71-197-211-156.hsd1.wa.comcast.net | - | High
|
||||
211 | [71.214.17.130](https://vuldb.com/?ip.71.214.17.130) | 71-214-17-130.orlf.qwest.net | - | High
|
||||
212 | ... | ... | ... | ...
|
||||
47 | [24.116.40.208](https://vuldb.com/?ip.24.116.40.208) | 24-116-40-208.cpe.sparklight.net | - | High
|
||||
48 | [24.119.116.230](https://vuldb.com/?ip.24.119.116.230) | 24-119-116-230.cpe.sparklight.net | - | High
|
||||
49 | [24.121.176.48](https://vuldb.com/?ip.24.121.176.48) | 24-121-176-48.prkrcmtc01.com.sta.suddenlink.net | - | High
|
||||
50 | [24.137.76.62](https://vuldb.com/?ip.24.137.76.62) | host-24-137-76-62.public.eastlink.ca | - | High
|
||||
51 | [24.178.90.49](https://vuldb.com/?ip.24.178.90.49) | 024-178-090-049.res.spectrum.com | - | High
|
||||
52 | [24.179.13.119](https://vuldb.com/?ip.24.179.13.119) | 024-179-013-119.res.spectrum.com | - | High
|
||||
53 | [24.201.79.34](https://vuldb.com/?ip.24.201.79.34) | modemcable034.79-201-24.mc.videotron.ca | - | High
|
||||
54 | [24.203.4.40](https://vuldb.com/?ip.24.203.4.40) | modemcable040.4-203-24.mc.videotron.ca | - | High
|
||||
55 | [24.217.117.217](https://vuldb.com/?ip.24.217.117.217) | 024-217-117-217.res.spectrum.com | - | High
|
||||
56 | [24.232.228.233](https://vuldb.com/?ip.24.232.228.233) | OL233-228.fibertel.com.ar | - | High
|
||||
57 | [24.244.177.40](https://vuldb.com/?ip.24.244.177.40) | - | - | High
|
||||
58 | [27.50.89.209](https://vuldb.com/?ip.27.50.89.209) | 27-50-89-209.as45671.net | - | High
|
||||
59 | [27.78.27.110](https://vuldb.com/?ip.27.78.27.110) | localhost | - | High
|
||||
60 | [27.82.13.10](https://vuldb.com/?ip.27.82.13.10) | KD027082013010.ppp-bb.dion.ne.jp | - | High
|
||||
61 | [27.109.24.214](https://vuldb.com/?ip.27.109.24.214) | - | - | High
|
||||
62 | [27.114.9.93](https://vuldb.com/?ip.27.114.9.93) | i27-114-9-93.s41.a011.ap.plala.or.jp | - | High
|
||||
63 | [31.24.158.56](https://vuldb.com/?ip.31.24.158.56) | bm.servidoresdedicados.com | - | High
|
||||
64 | [31.167.248.50](https://vuldb.com/?ip.31.167.248.50) | - | - | High
|
||||
65 | [35.190.87.116](https://vuldb.com/?ip.35.190.87.116) | 116.87.190.35.bc.googleusercontent.com | - | Medium
|
||||
66 | [36.91.44.183](https://vuldb.com/?ip.36.91.44.183) | - | - | High
|
||||
67 | [37.46.129.215](https://vuldb.com/?ip.37.46.129.215) | we-too.ru | - | High
|
||||
68 | [37.97.135.82](https://vuldb.com/?ip.37.97.135.82) | 37-97-135-82.colo.transip.net | - | High
|
||||
69 | [37.120.175.15](https://vuldb.com/?ip.37.120.175.15) | v220220112692175454.nicesrv.de | - | High
|
||||
70 | [37.139.21.175](https://vuldb.com/?ip.37.139.21.175) | 37.139.21.175-e2-8080-keep-up | - | High
|
||||
71 | [37.179.204.33](https://vuldb.com/?ip.37.179.204.33) | - | - | High
|
||||
72 | [37.187.4.178](https://vuldb.com/?ip.37.187.4.178) | ks2.kku.io | - | High
|
||||
73 | [37.187.57.57](https://vuldb.com/?ip.37.187.57.57) | ns3357940.ovh.net | - | High
|
||||
74 | [37.187.72.193](https://vuldb.com/?ip.37.187.72.193) | ns3362285.ip-37-187-72.eu | - | High
|
||||
75 | [37.187.161.206](https://vuldb.com/?ip.37.187.161.206) | toolbox.alabs.io | - | High
|
||||
76 | [37.205.9.252](https://vuldb.com/?ip.37.205.9.252) | s1.ithelp24.eu | - | High
|
||||
77 | [37.221.70.250](https://vuldb.com/?ip.37.221.70.250) | b2b-customer.inftele.net | - | High
|
||||
78 | [41.76.108.46](https://vuldb.com/?ip.41.76.108.46) | - | - | High
|
||||
79 | [41.169.36.237](https://vuldb.com/?ip.41.169.36.237) | - | - | High
|
||||
80 | [41.185.28.84](https://vuldb.com/?ip.41.185.28.84) | brf01-nix01.wadns.net | - | High
|
||||
81 | [41.185.29.128](https://vuldb.com/?ip.41.185.29.128) | abp79-nix01.wadns.net | - | High
|
||||
82 | [41.204.202.41](https://vuldb.com/?ip.41.204.202.41) | www41.cpt2.host-h.net | - | High
|
||||
83 | [41.231.225.139](https://vuldb.com/?ip.41.231.225.139) | - | - | High
|
||||
84 | [42.62.40.103](https://vuldb.com/?ip.42.62.40.103) | - | - | High
|
||||
85 | [45.16.226.117](https://vuldb.com/?ip.45.16.226.117) | 45-16-226-117.lightspeed.sndgca.sbcglobal.net | - | High
|
||||
86 | [45.33.77.42](https://vuldb.com/?ip.45.33.77.42) | li1023-42.members.linode.com | - | High
|
||||
87 | [45.46.37.97](https://vuldb.com/?ip.45.46.37.97) | cpe-45-46-37-97.maine.res.rr.com | - | High
|
||||
88 | [45.55.36.51](https://vuldb.com/?ip.45.55.36.51) | - | - | High
|
||||
89 | [45.55.219.163](https://vuldb.com/?ip.45.55.219.163) | - | - | High
|
||||
90 | [45.79.95.107](https://vuldb.com/?ip.45.79.95.107) | li1194-107.members.linode.com | - | High
|
||||
91 | [45.80.148.200](https://vuldb.com/?ip.45.80.148.200) | - | - | High
|
||||
92 | [45.118.115.99](https://vuldb.com/?ip.45.118.115.99) | - | - | High
|
||||
93 | [45.118.135.203](https://vuldb.com/?ip.45.118.135.203) | 45-118-135-203.ip.linodeusercontent.com | - | High
|
||||
94 | [45.142.114.231](https://vuldb.com/?ip.45.142.114.231) | mail.dounutmail.de | - | High
|
||||
95 | [45.176.232.124](https://vuldb.com/?ip.45.176.232.124) | - | - | High
|
||||
96 | [45.230.45.171](https://vuldb.com/?ip.45.230.45.171) | - | - | High
|
||||
97 | [46.4.100.178](https://vuldb.com/?ip.46.4.100.178) | support.wizard-shopservice.de | - | High
|
||||
98 | [46.4.192.185](https://vuldb.com/?ip.46.4.192.185) | static.185.192.4.46.clients.your-server.de | - | High
|
||||
99 | [46.28.111.142](https://vuldb.com/?ip.46.28.111.142) | enkindu.jsuchy.net | - | High
|
||||
100 | [46.32.229.152](https://vuldb.com/?ip.46.32.229.152) | 094882.vps-10.com | - | High
|
||||
101 | [46.32.233.226](https://vuldb.com/?ip.46.32.233.226) | yetitoolusa.com | - | High
|
||||
102 | [46.38.238.8](https://vuldb.com/?ip.46.38.238.8) | v2202109122001163131.happysrv.de | - | High
|
||||
103 | [46.43.2.95](https://vuldb.com/?ip.46.43.2.95) | chris.default.cjenkinson.uk0.bigv.io | - | High
|
||||
104 | [46.55.222.11](https://vuldb.com/?ip.46.55.222.11) | - | - | High
|
||||
105 | [46.101.58.37](https://vuldb.com/?ip.46.101.58.37) | 46.101.58.37-e1-8080 | - | High
|
||||
106 | [46.105.81.76](https://vuldb.com/?ip.46.105.81.76) | myu0.cylipo.sbs | - | High
|
||||
107 | [46.105.114.137](https://vuldb.com/?ip.46.105.114.137) | ns3188253.ip-46-105-114.eu | - | High
|
||||
108 | [46.105.131.68](https://vuldb.com/?ip.46.105.131.68) | http.adven.fr | - | High
|
||||
109 | [46.105.131.69](https://vuldb.com/?ip.46.105.131.69) | epouventaille.adven.fr | - | High
|
||||
110 | [46.105.131.79](https://vuldb.com/?ip.46.105.131.79) | relay.adven.fr | - | High
|
||||
111 | [46.105.131.87](https://vuldb.com/?ip.46.105.131.87) | pop.adven.fr | - | High
|
||||
112 | [46.105.236.18](https://vuldb.com/?ip.46.105.236.18) | - | - | High
|
||||
113 | [46.165.212.76](https://vuldb.com/?ip.46.165.212.76) | - | - | High
|
||||
114 | [46.165.254.206](https://vuldb.com/?ip.46.165.254.206) | - | - | High
|
||||
115 | [46.214.107.142](https://vuldb.com/?ip.46.214.107.142) | 46-214-107-142.next-gen.ro | - | High
|
||||
116 | [47.36.140.164](https://vuldb.com/?ip.47.36.140.164) | 047-036-140-164.res.spectrum.com | - | High
|
||||
117 | [47.146.39.147](https://vuldb.com/?ip.47.146.39.147) | - | - | High
|
||||
118 | [47.150.11.161](https://vuldb.com/?ip.47.150.11.161) | - | - | High
|
||||
119 | [47.188.131.94](https://vuldb.com/?ip.47.188.131.94) | - | - | High
|
||||
120 | [47.201.208.154](https://vuldb.com/?ip.47.201.208.154) | - | - | High
|
||||
121 | [47.246.24.225](https://vuldb.com/?ip.47.246.24.225) | - | - | High
|
||||
122 | [47.246.24.226](https://vuldb.com/?ip.47.246.24.226) | - | - | High
|
||||
123 | [47.246.24.230](https://vuldb.com/?ip.47.246.24.230) | - | - | High
|
||||
124 | [47.246.24.232](https://vuldb.com/?ip.47.246.24.232) | - | - | High
|
||||
125 | [49.12.121.47](https://vuldb.com/?ip.49.12.121.47) | filezilla-project.org | - | High
|
||||
126 | [49.50.209.131](https://vuldb.com/?ip.49.50.209.131) | 131.host-49-50-209.euba.megatel.co.nz | - | High
|
||||
127 | [49.212.135.76](https://vuldb.com/?ip.49.212.135.76) | os3-321-50322.vs.sakura.ne.jp | - | High
|
||||
128 | [49.212.155.94](https://vuldb.com/?ip.49.212.155.94) | os3-325-52340.vs.sakura.ne.jp | - | High
|
||||
129 | [50.28.51.143](https://vuldb.com/?ip.50.28.51.143) | - | - | High
|
||||
130 | [50.30.40.196](https://vuldb.com/?ip.50.30.40.196) | usve255301.serverprofi24.com | - | High
|
||||
131 | [50.31.146.101](https://vuldb.com/?ip.50.31.146.101) | mail.brillinjurylaw.com | - | High
|
||||
132 | [50.56.135.44](https://vuldb.com/?ip.50.56.135.44) | - | - | High
|
||||
133 | [50.62.194.30](https://vuldb.com/?ip.50.62.194.30) | ip-50-62-194-30.ip.secureserver.net | - | High
|
||||
134 | [50.78.167.65](https://vuldb.com/?ip.50.78.167.65) | millcreek.cc | - | High
|
||||
135 | [50.91.114.38](https://vuldb.com/?ip.50.91.114.38) | 050-091-114-038.res.spectrum.com | - | High
|
||||
136 | [50.92.101.60](https://vuldb.com/?ip.50.92.101.60) | d50-92-101-60.bchsia.telus.net | - | High
|
||||
137 | [50.116.54.215](https://vuldb.com/?ip.50.116.54.215) | li440-215.members.linode.com | - | High
|
||||
138 | [50.116.78.109](https://vuldb.com/?ip.50.116.78.109) | intersearchmedia.com | - | High
|
||||
139 | [50.245.107.73](https://vuldb.com/?ip.50.245.107.73) | 50-245-107-73-static.hfc.comcastbusiness.net | - | High
|
||||
140 | [51.15.4.22](https://vuldb.com/?ip.51.15.4.22) | 51-15-4-22.rev.poneytelecom.eu | - | High
|
||||
141 | [51.15.7.145](https://vuldb.com/?ip.51.15.7.145) | 51-15-7-145.rev.poneytelecom.eu | - | High
|
||||
142 | [51.38.201.19](https://vuldb.com/?ip.51.38.201.19) | ip19.ip-51-38-201.eu | - | High
|
||||
143 | [51.75.33.120](https://vuldb.com/?ip.51.75.33.120) | ip120.ip-51-75-33.eu | - | High
|
||||
144 | [51.75.33.127](https://vuldb.com/?ip.51.75.33.127) | ip127.ip-51-75-33.eu | - | High
|
||||
145 | [51.89.36.180](https://vuldb.com/?ip.51.89.36.180) | ip180.ip-51-89-36.eu | - | High
|
||||
146 | [51.89.199.141](https://vuldb.com/?ip.51.89.199.141) | ip141.ip-51-89-199.eu | - | High
|
||||
147 | [51.91.7.5](https://vuldb.com/?ip.51.91.7.5) | ns3147667.ip-51-91-7.eu | - | High
|
||||
148 | [51.91.76.89](https://vuldb.com/?ip.51.91.76.89) | 89.ip-51-91-76.eu | - | High
|
||||
149 | [51.159.23.217](https://vuldb.com/?ip.51.159.23.217) | jambold.co.uk | - | High
|
||||
150 | [51.159.35.157](https://vuldb.com/?ip.51.159.35.157) | 51-159-35-157.rev.poneytelecom.eu | - | High
|
||||
151 | [51.254.140.238](https://vuldb.com/?ip.51.254.140.238) | 238.ip-51-254-140.eu | - | High
|
||||
152 | [51.255.50.164](https://vuldb.com/?ip.51.255.50.164) | vps-b6cfe010.vps.ovh.net | - | High
|
||||
153 | [51.255.165.160](https://vuldb.com/?ip.51.255.165.160) | 160.ip-51-255-165.eu | - | High
|
||||
154 | [52.66.202.63](https://vuldb.com/?ip.52.66.202.63) | ec2-52-66-202-63.ap-south-1.compute.amazonaws.com | - | Medium
|
||||
155 | [54.38.143.245](https://vuldb.com/?ip.54.38.143.245) | tools.inovato.me | - | High
|
||||
156 | [58.27.215.3](https://vuldb.com/?ip.58.27.215.3) | 58-27-215-3.wateen.net | - | High
|
||||
157 | [58.94.58.13](https://vuldb.com/?ip.58.94.58.13) | i58-94-58-13.s41.a014.ap.plala.or.jp | - | High
|
||||
158 | [58.216.16.130](https://vuldb.com/?ip.58.216.16.130) | - | - | High
|
||||
159 | [58.227.42.236](https://vuldb.com/?ip.58.227.42.236) | - | - | High
|
||||
160 | [59.148.253.194](https://vuldb.com/?ip.59.148.253.194) | 059148253194.ctinets.com | - | High
|
||||
161 | [59.152.93.46](https://vuldb.com/?ip.59.152.93.46) | 46.93.152.59.zipnetltd.com | - | High
|
||||
162 | [60.93.23.51](https://vuldb.com/?ip.60.93.23.51) | softbank060093023051.bbtec.net | - | High
|
||||
163 | [60.108.128.186](https://vuldb.com/?ip.60.108.128.186) | softbank060108128186.bbtec.net | - | High
|
||||
164 | [60.125.114.64](https://vuldb.com/?ip.60.125.114.64) | softbank060125114064.bbtec.net | - | High
|
||||
165 | [60.249.78.226](https://vuldb.com/?ip.60.249.78.226) | 60-249-78-226.hinet-ip.hinet.net | - | High
|
||||
166 | [61.19.246.238](https://vuldb.com/?ip.61.19.246.238) | - | - | High
|
||||
167 | [62.30.7.67](https://vuldb.com/?ip.62.30.7.67) | 67.7-30-62.static.virginmediabusiness.co.uk | - | High
|
||||
168 | [62.75.141.82](https://vuldb.com/?ip.62.75.141.82) | static-ip-62-75-141-82.inaddr.ip-pool.com | - | High
|
||||
169 | [62.84.75.50](https://vuldb.com/?ip.62.84.75.50) | mail.saadegrp.com.lb | - | High
|
||||
170 | [62.171.142.179](https://vuldb.com/?ip.62.171.142.179) | vmi499457.contaboserver.net | - | High
|
||||
171 | [62.212.34.102](https://vuldb.com/?ip.62.212.34.102) | - | - | High
|
||||
172 | [64.60.82.82](https://vuldb.com/?ip.64.60.82.82) | 64-60-82-82.static-ip.telepacific.net | - | High
|
||||
173 | [64.71.36.11](https://vuldb.com/?ip.64.71.36.11) | - | - | High
|
||||
174 | [64.190.63.136](https://vuldb.com/?ip.64.190.63.136) | - | - | High
|
||||
175 | [64.207.182.168](https://vuldb.com/?ip.64.207.182.168) | - | - | High
|
||||
176 | [66.23.200.58](https://vuldb.com/?ip.66.23.200.58) | - | - | High
|
||||
177 | [66.50.57.73](https://vuldb.com/?ip.66.50.57.73) | 66-50-57-73.prtc.net | - | High
|
||||
178 | [66.54.51.172](https://vuldb.com/?ip.66.54.51.172) | - | - | High
|
||||
179 | [66.76.26.33](https://vuldb.com/?ip.66.76.26.33) | 66-76-26-33.hdsncmta01.com.sta.suddenlink.net | - | High
|
||||
180 | [66.209.69.165](https://vuldb.com/?ip.66.209.69.165) | - | - | High
|
||||
181 | [66.228.32.31](https://vuldb.com/?ip.66.228.32.31) | li282-31.members.linode.com | - | High
|
||||
182 | [66.228.61.248](https://vuldb.com/?ip.66.228.61.248) | li318-248.members.linode.com | - | High
|
||||
183 | [67.19.105.107](https://vuldb.com/?ip.67.19.105.107) | ns2.datatrust.com.br | - | High
|
||||
184 | [67.68.235.25](https://vuldb.com/?ip.67.68.235.25) | bas10-montrealak-67-68-235-25.dsl.bell.ca | - | High
|
||||
185 | [67.170.250.203](https://vuldb.com/?ip.67.170.250.203) | c-67-170-250-203.hsd1.ca.comcast.net | - | High
|
||||
186 | [67.225.218.50](https://vuldb.com/?ip.67.225.218.50) | lb01.parklogic.com | - | High
|
||||
187 | [68.2.97.91](https://vuldb.com/?ip.68.2.97.91) | ip68-2-97-91.ph.ph.cox.net | - | High
|
||||
188 | [68.183.170.114](https://vuldb.com/?ip.68.183.170.114) | 68.183.170.114-e1-8080-keep-up | - | High
|
||||
189 | [68.183.190.199](https://vuldb.com/?ip.68.183.190.199) | 68.183.190.199-e1-8080-keep-up | - | High
|
||||
190 | [69.17.170.58](https://vuldb.com/?ip.69.17.170.58) | unallocated-static.rogers.com | - | High
|
||||
191 | [69.43.168.200](https://vuldb.com/?ip.69.43.168.200) | ns0.imunplugged.com | - | High
|
||||
192 | [69.43.168.232](https://vuldb.com/?ip.69.43.168.232) | - | - | High
|
||||
193 | [69.45.19.251](https://vuldb.com/?ip.69.45.19.251) | coastinet.com | - | High
|
||||
194 | [69.163.33.82](https://vuldb.com/?ip.69.163.33.82) | - | - | High
|
||||
195 | [69.167.152.111](https://vuldb.com/?ip.69.167.152.111) | - | - | High
|
||||
196 | [69.198.17.20](https://vuldb.com/?ip.69.198.17.20) | 69-198-17-20.customerip.birch.net | - | High
|
||||
197 | [69.198.17.49](https://vuldb.com/?ip.69.198.17.49) | 69-198-17-49.customerip.birch.net | - | High
|
||||
198 | [70.32.84.74](https://vuldb.com/?ip.70.32.84.74) | - | - | High
|
||||
199 | [70.32.89.105](https://vuldb.com/?ip.70.32.89.105) | parties-at-sea.com | - | High
|
||||
200 | [70.32.92.133](https://vuldb.com/?ip.70.32.92.133) | popdesigngroup.com | - | High
|
||||
201 | [70.32.115.157](https://vuldb.com/?ip.70.32.115.157) | harpotripofalifetime.com | - | High
|
||||
202 | [70.36.102.35](https://vuldb.com/?ip.70.36.102.35) | - | - | High
|
||||
203 | [70.45.30.28](https://vuldb.com/?ip.70.45.30.28) | dynamic.libertypr.net | - | High
|
||||
204 | [70.168.7.6](https://vuldb.com/?ip.70.168.7.6) | wsip-70-168-7-6.ri.ri.cox.net | - | High
|
||||
205 | [70.182.77.184](https://vuldb.com/?ip.70.182.77.184) | wsip-70-182-77-184.ok.ok.cox.net | - | High
|
||||
206 | [70.183.113.54](https://vuldb.com/?ip.70.183.113.54) | wsip-70-183-113-54.no.no.cox.net | - | High
|
||||
207 | [70.184.125.132](https://vuldb.com/?ip.70.184.125.132) | wsip-70-184-125-132.ph.ph.cox.net | - | High
|
||||
208 | [71.8.1.188](https://vuldb.com/?ip.71.8.1.188) | 071-008-001-188.res.spectrum.com | - | High
|
||||
209 | [71.15.245.148](https://vuldb.com/?ip.71.15.245.148) | 071-015-245-148.res.spectrum.com | - | High
|
||||
210 | [71.40.213.82](https://vuldb.com/?ip.71.40.213.82) | rrcs-71-40-213-82.sw.biz.rr.com | - | High
|
||||
211 | [71.58.165.119](https://vuldb.com/?ip.71.58.165.119) | c-71-58-165-119.hsd1.pa.comcast.net | - | High
|
||||
212 | [71.71.3.84](https://vuldb.com/?ip.71.71.3.84) | - | - | High
|
||||
213 | [71.163.171.106](https://vuldb.com/?ip.71.163.171.106) | static-71-163-171-106.washdc.fios.verizon.net | - | High
|
||||
214 | [71.165.252.144](https://vuldb.com/?ip.71.165.252.144) | static-71-165-252-144.lsanca.fios.frontiernet.net | - | High
|
||||
215 | [71.177.184.128](https://vuldb.com/?ip.71.177.184.128) | static-71-177-184-128.lsanca.fios.frontiernet.net | - | High
|
||||
216 | [71.197.211.156](https://vuldb.com/?ip.71.197.211.156) | c-71-197-211-156.hsd1.wa.comcast.net | - | High
|
||||
217 | [71.214.17.130](https://vuldb.com/?ip.71.214.17.130) | 71-214-17-130.orlf.qwest.net | - | High
|
||||
218 | [71.244.60.231](https://vuldb.com/?ip.71.244.60.231) | static-71-244-60-231.dllstx.fios.frontiernet.net | - | High
|
||||
219 | [72.10.49.117](https://vuldb.com/?ip.72.10.49.117) | rtw7-rfpn.accessdomain.com | - | High
|
||||
220 | ... | ... | ... | ...
|
||||
|
||||
There are 843 more IOC items available. Please use our online service to access the data.
|
||||
There are 877 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -242,12 +250,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1008 | CWE-757 | Algorithm Downgrade | High
|
||||
2 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
3 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -255,36 +263,36 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/admin.php/admin/plog/index.html` | High
|
||||
2 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
3 | File | `/admin.php/admin/vod/data.html` | High
|
||||
4 | File | `/admin.php/admin/website/data.html` | High
|
||||
5 | File | `/admin/login.php` | High
|
||||
6 | File | `/admin/show.php` | High
|
||||
7 | File | `/api/fetch` | Medium
|
||||
8 | File | `/cgi-bin/uploadAccessCodePic` | High
|
||||
9 | File | `/cgi-bin/uploadWeiXinPic` | High
|
||||
10 | File | `/config/list` | Medium
|
||||
11 | File | `/data/sqldata` | High
|
||||
12 | File | `/goform/delAd` | High
|
||||
13 | File | `/goform/exeCommand` | High
|
||||
14 | File | `/goform/setAdInfoDetail` | High
|
||||
15 | File | `/goform/setFixTools` | High
|
||||
16 | File | `/goform/SetInternetLanInfo` | High
|
||||
17 | File | `/goform/SetLanInfo` | High
|
||||
18 | File | `/goform/setPicListItem` | High
|
||||
19 | File | `/goform/setWorkmode` | High
|
||||
20 | File | `/goform/WriteFacMac` | High
|
||||
21 | File | `/index.php?act=api&tag=8` | High
|
||||
22 | ... | ... | ...
|
||||
1 | File | `/admin/index.php?slides` | High
|
||||
2 | File | `/AvalancheWeb/image` | High
|
||||
3 | File | `/cgi-bin/adm.cgi` | High
|
||||
4 | File | `/classes/Comment` | High
|
||||
5 | File | `/cms/content/list` | High
|
||||
6 | File | `/customer_register.php` | High
|
||||
7 | File | `/etc/master.passwd` | High
|
||||
8 | File | `/example/editor` | High
|
||||
9 | File | `/goform/login_process` | High
|
||||
10 | File | `/goform/rlmswitchr_process` | High
|
||||
11 | File | `/goforms/rlminfo` | High
|
||||
12 | File | `/include/chart_generator.php` | High
|
||||
13 | File | `/index.php?page=home` | High
|
||||
14 | File | `/index.php?page=reserve` | High
|
||||
15 | File | `/public_html/animals` | High
|
||||
16 | File | `/public_html/apply_vacancy` | High
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 186 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 142 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/01/threat-round-up-0105-0512.html
|
||||
* https://blog.talosintelligence.com/2018/07/threat-roundup-0720-0727.html
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
|
||||
* https://blog.talosintelligence.com/2018/10/threat-roundup-1005-1012.html
|
||||
* https://blog.talosintelligence.com/2019/09/emotet-is-back-after-summer-break.html
|
||||
* https://blog.talosintelligence.com/2020/06/threat-roundup-0605-0612.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
|
||||
* https://blog.talosintelligence.com/2021/04/threat-roundup-0409-0416.html
|
||||
|
@ -309,9 +317,12 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
|
||||
* https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
|
||||
* https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/
|
||||
* https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
|
||||
* https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
|
||||
* https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
|
||||
* https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
|
||||
* https://lawiet47.github.io/malware_writeups/Emotet/
|
||||
* https://pastebin.com/gT80R12S
|
||||
* https://pastebin.com/uPn1zM6b
|
||||
* https://unit42.paloaltonetworks.com/emotet-command-and-control/
|
||||
* https://www.cert.pl/en/posts/2017/05/analysis-of-emotet-v4/
|
||||
|
|
|
@ -14,8 +14,8 @@ The following _campaigns_ are known and can be associated with Equation:
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Equation:
|
||||
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
|
@ -57,11 +57,11 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/exec/` | Low
|
||||
2 | File | `/wlanAccess.asp` | High
|
||||
3 | File | `GetRules.asp` | Medium
|
||||
2 | File | `/mics/j_spring_security_check` | High
|
||||
3 | File | `/wlanAccess.asp` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 9 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 12 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
# Explorerhijack - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Explorerhijack](https://vuldb.com/?actor.explorerhijack). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.explorerhijack](https://vuldb.com/?actor.explorerhijack)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Explorerhijack.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [103.235.47.123](https://vuldb.com/?ip.103.235.47.123) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/11/threat-roundup-1019-1102.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,44 @@
|
|||
# Eyooun - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Eyooun](https://vuldb.com/?actor.eyooun). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.eyooun](https://vuldb.com/?actor.eyooun)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Eyooun:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Eyooun.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [18.218.183.21](https://vuldb.com/?ip.18.218.183.21) | ec2-18-218-183-21.us-east-2.compute.amazonaws.com | - | Medium
|
||||
2 | [18.223.92.145](https://vuldb.com/?ip.18.223.92.145) | ec2-18-223-92-145.us-east-2.compute.amazonaws.com | - | Medium
|
||||
3 | [42.62.4.62](https://vuldb.com/?ip.42.62.4.62) | - | - | High
|
||||
4 | [47.92.249.152](https://vuldb.com/?ip.47.92.249.152) | - | - | High
|
||||
5 | [47.107.83.212](https://vuldb.com/?ip.47.107.83.212) | - | - | High
|
||||
6 | ... | ... | ... | ...
|
||||
|
||||
There are 20 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/04/threat-roundup-0405-0412.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -62,7 +62,7 @@ ID | Type | Indicator | Confidence
|
|||
16 | File | `ajax/profile-picture-upload.php` | High
|
||||
17 | ... | ... | ...
|
||||
|
||||
There are 133 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 135 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -83,7 +83,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
@ -95,60 +95,60 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
3 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
4 | File | `/debug/pprof` | Medium
|
||||
5 | File | `/ext/phar/phar_object.c` | High
|
||||
6 | File | `/filemanager/php/connector.php` | High
|
||||
7 | File | `/get_getnetworkconf.cgi` | High
|
||||
8 | File | `/HNAP1` | Low
|
||||
9 | File | `/include/chart_generator.php` | High
|
||||
10 | File | `/modx/manager/index.php` | High
|
||||
11 | File | `/monitoring` | Medium
|
||||
12 | File | `/new` | Low
|
||||
13 | File | `/proc/<pid>/status` | High
|
||||
14 | File | `/public/login.htm` | High
|
||||
15 | File | `/public/plugins/` | High
|
||||
16 | File | `/replication` | Medium
|
||||
17 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
18 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
19 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
20 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
21 | File | `/tmp` | Low
|
||||
22 | File | `/type.php` | Medium
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/usr/bin/pkexec` | High
|
||||
25 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
26 | File | `4.2.0.CP09` | Medium
|
||||
27 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
28 | File | `802dot1xclientcert.cgi` | High
|
||||
29 | File | `AccountManagerService.java` | High
|
||||
30 | File | `actions/CompanyDetailsSave.php` | High
|
||||
31 | File | `ActivityManagerService.java` | High
|
||||
32 | File | `add.exe` | Low
|
||||
33 | File | `admin.color.php` | High
|
||||
34 | File | `admin.cropcanvas.php` | High
|
||||
35 | File | `admin.joomlaradiov5.php` | High
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin.php?m=Food&a=addsave` | High
|
||||
38 | File | `admin/add-glossary.php` | High
|
||||
39 | File | `admin/conf_users_edit.php` | High
|
||||
40 | File | `admin/edit-comments.php` | High
|
||||
41 | File | `admin/index.php` | High
|
||||
42 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
43 | File | `admin/write-post.php` | High
|
||||
44 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
45 | File | `admin_events.php` | High
|
||||
46 | File | `aidl_const_expressions.cpp` | High
|
||||
47 | File | `ajax/include.php` | High
|
||||
48 | File | `AjaxApplication.java` | High
|
||||
49 | File | `akocomments.php` | High
|
||||
50 | File | `allopass-error.php` | High
|
||||
51 | File | `AllowBindAppWidgetActivity.java` | High
|
||||
52 | File | `android/webkit/SearchBoxImpl.java` | High
|
||||
2 | File | `/bsms/?page=products` | High
|
||||
3 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
4 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
5 | File | `/debug/pprof` | Medium
|
||||
6 | File | `/ext/phar/phar_object.c` | High
|
||||
7 | File | `/filemanager/php/connector.php` | High
|
||||
8 | File | `/get_getnetworkconf.cgi` | High
|
||||
9 | File | `/HNAP1` | Low
|
||||
10 | File | `/include/chart_generator.php` | High
|
||||
11 | File | `/modx/manager/index.php` | High
|
||||
12 | File | `/monitoring` | Medium
|
||||
13 | File | `/new` | Low
|
||||
14 | File | `/proc/<pid>/status` | High
|
||||
15 | File | `/public/login.htm` | High
|
||||
16 | File | `/public/plugins/` | High
|
||||
17 | File | `/replication` | Medium
|
||||
18 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
21 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/type.php` | Medium
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/usr/bin/pkexec` | High
|
||||
26 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
27 | File | `4.2.0.CP09` | Medium
|
||||
28 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
29 | File | `802dot1xclientcert.cgi` | High
|
||||
30 | File | `AccountManagerService.java` | High
|
||||
31 | File | `actions/CompanyDetailsSave.php` | High
|
||||
32 | File | `ActivityManagerService.java` | High
|
||||
33 | File | `add.exe` | Low
|
||||
34 | File | `admin.color.php` | High
|
||||
35 | File | `admin.cropcanvas.php` | High
|
||||
36 | File | `admin.joomlaradiov5.php` | High
|
||||
37 | File | `admin.php` | Medium
|
||||
38 | File | `admin.php?m=Food&a=addsave` | High
|
||||
39 | File | `admin/add-glossary.php` | High
|
||||
40 | File | `admin/conf_users_edit.php` | High
|
||||
41 | File | `admin/edit-comments.php` | High
|
||||
42 | File | `admin/index.php` | High
|
||||
43 | File | `admin/src/containers/InputModalStepperProvider/index.js` | High
|
||||
44 | File | `admin/write-post.php` | High
|
||||
45 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
46 | File | `admin_events.php` | High
|
||||
47 | File | `aidl_const_expressions.cpp` | High
|
||||
48 | File | `ajax/include.php` | High
|
||||
49 | File | `AjaxApplication.java` | High
|
||||
50 | File | `akocomments.php` | High
|
||||
51 | File | `allopass-error.php` | High
|
||||
52 | File | `AllowBindAppWidgetActivity.java` | High
|
||||
53 | ... | ... | ...
|
||||
|
||||
There are 464 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 460 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -41,11 +41,11 @@ ID | Type | Indicator | Confidence
|
|||
-- | ---- | --------- | ----------
|
||||
1 | File | `/login.html` | Medium
|
||||
2 | File | `/new` | Low
|
||||
3 | File | `/system?action=ServiceAdmin` | High
|
||||
4 | File | `/var/log/nginx` | High
|
||||
3 | File | `/service/upload` | High
|
||||
4 | File | `/system?action=ServiceAdmin` | High
|
||||
5 | ... | ... | ...
|
||||
|
||||
There are 28 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 29 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,38 @@
|
|||
# Fiesta Exploit Kit - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Fiesta Exploit Kit](https://vuldb.com/?actor.fiesta_exploit_kit). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fiesta_exploit_kit](https://vuldb.com/?actor.fiesta_exploit_kit)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Fiesta Exploit Kit:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Fiesta Exploit Kit.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [94.242.216.69](https://vuldb.com/?ip.94.242.216.69) | ip-static-94-242-216-69.server.lu | - | High
|
||||
2 | [136.243.227.9](https://vuldb.com/?ip.136.243.227.9) | static.9.227.243.136.clients.your-server.de | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://isc.sans.edu/forums/diary/Actor+using+Fiesta+exploit+kit/19631/
|
||||
* https://isc.sans.edu/forums/diary/Gate+to+Fiesta+exploit+kit+on+9424221669/19117/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,60 @@
|
|||
# Fodcha - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Fodcha](https://vuldb.com/?actor.fodcha). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fodcha](https://vuldb.com/?actor.fodcha)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Fodcha:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [IR](https://vuldb.com/?country.ir)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Fodcha.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [31.214.245.253](https://vuldb.com/?ip.31.214.245.253) | vps-zap883671-1.zap-srv.com | - | High
|
||||
2 | [139.177.195.192](https://vuldb.com/?ip.139.177.195.192) | 139-177-195-192.ip.linodeusercontent.com | - | High
|
||||
3 | [162.33.179.171](https://vuldb.com/?ip.162.33.179.171) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Fodcha_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Fodcha. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/Site/Troubleshooting/DiagnosticReport.asp` | High
|
||||
2 | File | `editcgi.cgi` | Medium
|
||||
3 | Argument | `paramFile` | Medium
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.netlab.360.com/men-sheng-fa-da-cai-fodchajiang-shi-wang-luo/
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with FritzFrog:
|
||||
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* ...
|
||||
|
||||
There are 16 more country items available. Please use our online service to access the data.
|
||||
There are 12 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -331,12 +331,12 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -344,47 +344,41 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/#/CampaignManager/users` | High
|
||||
4 | File | `/../conf/config.properties` | High
|
||||
5 | File | `//` | Low
|
||||
6 | File | `/admin.php?action=themeinstall` | High
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/api/crontab` | Medium
|
||||
9 | File | `/apply_noauth.cgi` | High
|
||||
10 | File | `/as/authorization.oauth2` | High
|
||||
11 | File | `/audit/log/log_management.php` | High
|
||||
12 | File | `/bin/login` | Medium
|
||||
13 | File | `/cgi-bin/delete_CA` | High
|
||||
14 | File | `/cgi-bin/login` | High
|
||||
15 | File | `/classes/profile.class.php` | High
|
||||
16 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
17 | File | `/dev/tty` | Medium
|
||||
18 | File | `/downloads/` | Medium
|
||||
19 | File | `/etc/passwd` | Medium
|
||||
20 | File | `/export` | Low
|
||||
21 | File | `/include/chart_generator.php` | High
|
||||
22 | File | `/member/index/login.html` | High
|
||||
23 | File | `/modules/certinfo/index.php` | High
|
||||
24 | File | `/ptms/classes/Users.php` | High
|
||||
25 | File | `/ScadaBR/login.htm` | High
|
||||
26 | File | `/system/tool/ping.php` | High
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/uploads/dede` | High
|
||||
29 | File | `/usr/bin/at` | Medium
|
||||
30 | File | `/usr/bin/pkexec` | High
|
||||
31 | File | `/wp-admin/admin-ajax.php` | High
|
||||
32 | File | `/_matrix/client/r0/auth/m.login.recaptcha` | High
|
||||
33 | File | `?location=search` | High
|
||||
34 | File | `accountrecoveryendpoint/recoverpassword.do` | High
|
||||
35 | File | `acrord32.exe` | Medium
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
38 | File | `admin/conf_users_edit.php` | High
|
||||
39 | ... | ... | ...
|
||||
1 | File | `/#/CampaignManager/users` | High
|
||||
2 | File | `/admin/admin_login.php` | High
|
||||
3 | File | `/admin/index.php?slides` | High
|
||||
4 | File | `/admin/login.php` | High
|
||||
5 | File | `/apply.cgi` | Medium
|
||||
6 | File | `/bin/sh` | Low
|
||||
7 | File | `/bsms/?page=products` | High
|
||||
8 | File | `/cgi-bin/portal` | High
|
||||
9 | File | `/cgi-bin/system_mgr.cgi` | High
|
||||
10 | File | `/doorgets/app/requests/user/modulecategoryRequest.php` | High
|
||||
11 | File | `/etc/groups` | Medium
|
||||
12 | File | `/form/index.php?module=getjson` | High
|
||||
13 | File | `/ghost/preview` | High
|
||||
14 | File | `/include/chart_generator.php` | High
|
||||
15 | File | `/login` | Low
|
||||
16 | File | `/login.html` | Medium
|
||||
17 | File | `/magnoliaPublic/travel/members/login.html` | High
|
||||
18 | File | `/member/index/login.html` | High
|
||||
19 | File | `/nova/bin/detnet` | High
|
||||
20 | File | `/op/op.LockDocument.php` | High
|
||||
21 | File | `/public/plugins/` | High
|
||||
22 | File | `/rest/api/2/search` | High
|
||||
23 | File | `/rest/api/latest/projectvalidate/key` | High
|
||||
24 | File | `/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf` | High
|
||||
25 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
26 | File | `/sm/api/v1/firewall/zone/services` | High
|
||||
27 | File | `/src/njs_vmcode.c` | High
|
||||
28 | File | `/system/tool/ping.php` | High
|
||||
29 | File | `/system/user/resetPwd` | High
|
||||
30 | File | `/tmp/app/.env` | High
|
||||
31 | File | `/uncpath/` | Medium
|
||||
32 | File | `/wp-admin/admin-ajax.php` | High
|
||||
33 | ... | ... | ...
|
||||
|
||||
There are 340 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 281 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -0,0 +1,31 @@
|
|||
# Fuerboos - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Fuerboos](https://vuldb.com/?actor.fuerboos). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.fuerboos](https://vuldb.com/?actor.fuerboos)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Fuerboos.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [51.68.239.251](https://vuldb.com/?ip.51.68.239.251) | 51-68-239-251.s1111.myfasthosting.com | - | High
|
||||
2 | [54.39.175.170](https://vuldb.com/?ip.54.39.175.170) | ns2.azulhost.com.br | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/10/threat-roundup-1005-1012.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -60,7 +60,7 @@ ID | Type | Indicator | Confidence
|
|||
11 | File | `content.php` | Medium
|
||||
12 | ... | ... | ...
|
||||
|
||||
There are 89 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 92 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -13,7 +13,7 @@ These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. acce
|
|||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 9 more country items available. Please use our online service to access the data.
|
||||
There are 11 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -22,17 +22,21 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [5.154.191.57](https://vuldb.com/?ip.5.154.191.57) | - | - | High
|
||||
2 | [37.187.0.40](https://vuldb.com/?ip.37.187.0.40) | ns3108067.ip-37-187-0.eu | - | High
|
||||
3 | [45.8.124.25](https://vuldb.com/?ip.45.8.124.25) | free.gbnhost.com | - | High
|
||||
4 | [45.128.204.36](https://vuldb.com/?ip.45.128.204.36) | - | - | High
|
||||
5 | [45.128.207.237](https://vuldb.com/?ip.45.128.207.237) | - | - | High
|
||||
6 | [46.45.169.106](https://vuldb.com/?ip.46.45.169.106) | 46-45-169-106.turkrdns.com | - | High
|
||||
7 | [46.254.21.69](https://vuldb.com/?ip.46.254.21.69) | h13.ihc.ru | - | High
|
||||
8 | [50.116.23.211](https://vuldb.com/?ip.50.116.23.211) | www.eqnic.net | - | High
|
||||
9 | [51.195.53.221](https://vuldb.com/?ip.51.195.53.221) | ip221.ip-51-195-53.eu | - | High
|
||||
10 | ... | ... | ... | ...
|
||||
2 | [20.186.50.83](https://vuldb.com/?ip.20.186.50.83) | - | - | High
|
||||
3 | [37.187.0.40](https://vuldb.com/?ip.37.187.0.40) | ns3108067.ip-37-187-0.eu | - | High
|
||||
4 | [40.81.11.194](https://vuldb.com/?ip.40.81.11.194) | - | - | High
|
||||
5 | [40.91.94.203](https://vuldb.com/?ip.40.91.94.203) | - | - | High
|
||||
6 | [45.8.124.25](https://vuldb.com/?ip.45.8.124.25) | free.gbnhost.com | - | High
|
||||
7 | [45.122.138.6](https://vuldb.com/?ip.45.122.138.6) | - | - | High
|
||||
8 | [45.128.204.36](https://vuldb.com/?ip.45.128.204.36) | - | - | High
|
||||
9 | [45.128.207.237](https://vuldb.com/?ip.45.128.207.237) | - | - | High
|
||||
10 | [46.45.169.106](https://vuldb.com/?ip.46.45.169.106) | 46-45-169-106.turkrdns.com | - | High
|
||||
11 | [46.249.38.155](https://vuldb.com/?ip.46.249.38.155) | - | - | High
|
||||
12 | [46.254.21.69](https://vuldb.com/?ip.46.254.21.69) | h13.ihc.ru | - | High
|
||||
13 | [50.116.23.211](https://vuldb.com/?ip.50.116.23.211) | www.eqnic.net | - | High
|
||||
14 | ... | ... | ... | ...
|
||||
|
||||
There are 35 more IOC items available. Please use our online service to access the data.
|
||||
There are 51 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -63,41 +67,45 @@ ID | Type | Indicator | Confidence
|
|||
8 | File | `/advanced/adv_dns.xgi` | High
|
||||
9 | File | `/folder/list` | Medium
|
||||
10 | File | `/forms/nslookupHandler` | High
|
||||
11 | File | `/goform/GetNewDir` | High
|
||||
12 | File | `/goform/right_now_d` | High
|
||||
13 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
14 | File | `/group/comment` | High
|
||||
15 | File | `/home/home_parent.xgi` | High
|
||||
16 | File | `/lookin/info` | Medium
|
||||
17 | File | `/plugins/servlet/jira-blockers/` | High
|
||||
18 | File | `/status/status_log.sys` | High
|
||||
19 | File | `/themes/<php_file_name>` | High
|
||||
20 | File | `/tmp` | Low
|
||||
21 | File | `/uncpath/` | Medium
|
||||
22 | File | `/upload` | Low
|
||||
23 | File | `/usr/bin/shutter` | High
|
||||
24 | File | `/zm/index.php` | High
|
||||
25 | File | `adclick.php` | Medium
|
||||
26 | File | `admin-ajax.php` | High
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
29 | File | `admin/controller/pages/localisation/language.php` | High
|
||||
30 | File | `admin/fm/` | Medium
|
||||
31 | File | `admin/pages/*/edit` | High
|
||||
32 | File | `admincp/attachment.php&do=rebuild&type` | High
|
||||
33 | File | `administrator/index.php?option=com_pago&view=comments` | High
|
||||
34 | File | `ajax.php` | Medium
|
||||
35 | File | `ajax_mod_security.php` | High
|
||||
36 | File | `api.php` | Low
|
||||
37 | File | `appconfig.php` | High
|
||||
38 | ... | ... | ...
|
||||
11 | File | `/getcfg.php` | Medium
|
||||
12 | File | `/goform/GetNewDir` | High
|
||||
13 | File | `/goform/right_now_d` | High
|
||||
14 | File | `/gracemedia-media-player/templates/files/ajax_controller.php` | High
|
||||
15 | File | `/group/comment` | High
|
||||
16 | File | `/home/home_parent.xgi` | High
|
||||
17 | File | `/lookin/info` | Medium
|
||||
18 | File | `/plugins/servlet/jira-blockers/` | High
|
||||
19 | File | `/status/status_log.sys` | High
|
||||
20 | File | `/themes/<php_file_name>` | High
|
||||
21 | File | `/tmp` | Low
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/upload` | Low
|
||||
24 | File | `/usr/bin/shutter` | High
|
||||
25 | File | `/zm/index.php` | High
|
||||
26 | File | `adclick.php` | Medium
|
||||
27 | File | `admin-ajax.php` | High
|
||||
28 | File | `admin.php` | Medium
|
||||
29 | File | `admin/?n=tags&c=index&a=doSaveTags` | High
|
||||
30 | File | `admin/controller/pages/localisation/language.php` | High
|
||||
31 | File | `admin/fm/` | Medium
|
||||
32 | File | `admin/pages/*/edit` | High
|
||||
33 | File | `admincp/attachment.php&do=rebuild&type` | High
|
||||
34 | File | `administrator/index.php?option=com_pago&view=comments` | High
|
||||
35 | File | `ajax.php` | Medium
|
||||
36 | File | `ajax_mod_security.php` | High
|
||||
37 | File | `api.php` | Low
|
||||
38 | File | `appconfig.php` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 329 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 339 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
|
||||
* https://blog.talosintelligence.com/2019/06/threat-roundup-0621-0628.html
|
||||
* https://blog.talosintelligence.com/2019/07/threat-roundup-0628-0705.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
|
||||
* https://blog.talosintelligence.com/2021/04/threat-roundup-0326-0402.html
|
||||
* https://blog.talosintelligence.com/2021/09/threat-roundup-0827-0903.html
|
||||
|
|
|
@ -1,103 +1,128 @@
|
|||
# Gandcrab - Cyber Threat Intelligence
|
||||
# GandCrab - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Gandcrab](https://vuldb.com/?actor.gandcrab). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GandCrab](https://vuldb.com/?actor.gandcrab). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.gandcrab](https://vuldb.com/?actor.gandcrab)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gandcrab:
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GandCrab:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* [FR](https://vuldb.com/?country.fr)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 7 more country items available. Please use our online service to access the data.
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Gandcrab.
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GandCrab.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [3.64.163.50](https://vuldb.com/?ip.3.64.163.50) | ec2-3-64-163-50.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
2 | [5.39.221.60](https://vuldb.com/?ip.5.39.221.60) | - | - | High
|
||||
3 | [5.135.183.146](https://vuldb.com/?ip.5.135.183.146) | freya.stelas.de | - | High
|
||||
4 | [13.76.158.123](https://vuldb.com/?ip.13.76.158.123) | - | - | High
|
||||
5 | [20.50.64.11](https://vuldb.com/?ip.20.50.64.11) | - | - | High
|
||||
6 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
7 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
8 | [39.107.34.197](https://vuldb.com/?ip.39.107.34.197) | - | - | High
|
||||
9 | [45.118.145.96](https://vuldb.com/?ip.45.118.145.96) | - | - | High
|
||||
10 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
|
||||
11 | ... | ... | ... | ...
|
||||
4 | [5.144.168.210](https://vuldb.com/?ip.5.144.168.210) | mail.xdeers.com | - | High
|
||||
5 | [13.76.158.123](https://vuldb.com/?ip.13.76.158.123) | - | - | High
|
||||
6 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
7 | [20.50.64.11](https://vuldb.com/?ip.20.50.64.11) | - | - | High
|
||||
8 | [23.100.15.180](https://vuldb.com/?ip.23.100.15.180) | - | - | High
|
||||
9 | [23.236.62.147](https://vuldb.com/?ip.23.236.62.147) | 147.62.236.23.bc.googleusercontent.com | - | Medium
|
||||
10 | [34.102.136.180](https://vuldb.com/?ip.34.102.136.180) | 180.136.102.34.bc.googleusercontent.com | - | Medium
|
||||
11 | [35.205.61.67](https://vuldb.com/?ip.35.205.61.67) | 67.61.205.35.bc.googleusercontent.com | - | Medium
|
||||
12 | [39.107.34.197](https://vuldb.com/?ip.39.107.34.197) | - | - | High
|
||||
13 | [45.33.91.79](https://vuldb.com/?ip.45.33.91.79) | li1037-79.members.linode.com | - | High
|
||||
14 | [45.118.145.96](https://vuldb.com/?ip.45.118.145.96) | - | - | High
|
||||
15 | [46.32.228.22](https://vuldb.com/?ip.46.32.228.22) | 720808.vps-10.com | - | High
|
||||
16 | [47.75.206.148](https://vuldb.com/?ip.47.75.206.148) | - | - | High
|
||||
17 | [50.63.202.89](https://vuldb.com/?ip.50.63.202.89) | ip-50-63-202-89.ip.secureserver.net | - | High
|
||||
18 | [50.87.58.165](https://vuldb.com/?ip.50.87.58.165) | 50-87-58-165.unifiedlayer.com | - | High
|
||||
19 | [51.68.50.168](https://vuldb.com/?ip.51.68.50.168) | ip168.ip-51-68-50.eu | - | High
|
||||
20 | [51.254.25.115](https://vuldb.com/?ip.51.254.25.115) | ip115.ip-51-254-25.eu | - | High
|
||||
21 | [51.255.48.78](https://vuldb.com/?ip.51.255.48.78) | vps-ede152ed.vps.ovh.net | - | High
|
||||
22 | [52.17.9.185](https://vuldb.com/?ip.52.17.9.185) | ec2-52-17-9-185.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
23 | [52.29.192.136](https://vuldb.com/?ip.52.29.192.136) | ec2-52-29-192-136.eu-central-1.compute.amazonaws.com | - | Medium
|
||||
24 | [52.116.175.70](https://vuldb.com/?ip.52.116.175.70) | hs20.name.tools | - | High
|
||||
25 | [54.36.194.90](https://vuldb.com/?ip.54.36.194.90) | ip90.ip-54-36-194.eu | - | High
|
||||
26 | [62.210.24.116](https://vuldb.com/?ip.62.210.24.116) | 62-210-24-116.rev.poneytelecom.eu | - | High
|
||||
27 | [66.96.147.67](https://vuldb.com/?ip.66.96.147.67) | 67.147.96.66.static.eigbox.net | - | High
|
||||
28 | [66.96.147.103](https://vuldb.com/?ip.66.96.147.103) | 103.147.96.66.static.eigbox.net | - | High
|
||||
29 | [66.171.248.178](https://vuldb.com/?ip.66.171.248.178) | api1.whatismyipaddress.com | - | High
|
||||
30 | [67.227.236.96](https://vuldb.com/?ip.67.227.236.96) | servidor2247.el.controladordns.com | - | High
|
||||
31 | ... | ... | ... | ...
|
||||
|
||||
There are 40 more IOC items available. Please use our online service to access the data.
|
||||
There are 122 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Gandcrab_. This data is unique as it uses our predictive model for actor profiling.
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GandCrab_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1040 | CWE-294 | Authentication Bypass by Capture-replay | High
|
||||
2 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
3 | T1068 | CWE-250, CWE-264, CWE-266, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 9 more TTP items available. Please use our online service to access the data.
|
||||
There are 4 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Gandcrab. This data is unique as it uses our predictive model for actor profiling.
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GandCrab. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
|
||||
2 | File | `/admin/comment.php` | High
|
||||
3 | File | `/admin/doctors/manage_doctor.php` | High
|
||||
4 | File | `/admin/news/sort_ok.php` | High
|
||||
5 | File | `/api/version` | Medium
|
||||
6 | File | `/app1/admin#foo` | High
|
||||
7 | File | `/appsuite` | Medium
|
||||
8 | File | `/article/add` | Medium
|
||||
9 | File | `/config/service/host.go` | High
|
||||
10 | File | `/Controller/ChinaCityController.class.php` | High
|
||||
11 | File | `/coreframe/app/guestbook/myissue.php` | High
|
||||
12 | File | `/cwms/classes/Master.php?f=save_contact` | High
|
||||
13 | File | `/goform/setAdInfoDetail` | High
|
||||
14 | File | `/goform/SetPptpServerCfg` | High
|
||||
15 | File | `/hub/api/user` | High
|
||||
16 | File | `/ics?tool=search` | High
|
||||
17 | File | `/info.xml` | Medium
|
||||
18 | File | `/it-IT/splunkd/__raw/services/get_snapshot` | High
|
||||
19 | File | `/js/js-parser.c` | High
|
||||
20 | File | `/knowage/restful-services/documentnotes/saveNote` | High
|
||||
21 | File | `/netact/sct` | Medium
|
||||
22 | File | `/nova/bin/bfd` | High
|
||||
23 | File | `/php/passport/index.php` | High
|
||||
24 | File | `/run/courier/authdaemon` | High
|
||||
25 | File | `/run/spice-vdagentd/spice-vdagent-sock` | High
|
||||
26 | File | `/settings/profile` | High
|
||||
27 | File | `/thruk/#cgi-bin/status.cgi?style=combined` | High
|
||||
28 | File | `/usr/local/bin/mjs` | High
|
||||
29 | File | `Access/DownloadFeed_Mnt/FileUpload_Upd.cfm` | High
|
||||
30 | File | `action.setdefaulttemplate.php` | High
|
||||
31 | File | `ActiveServices.java` | High
|
||||
32 | File | `Addons/file/mod.file.php` | High
|
||||
33 | ... | ... | ...
|
||||
1 | File | `.htpasswd` | Medium
|
||||
2 | File | `/../conf/config.properties` | High
|
||||
3 | File | `/drivers/infiniband/core/cm.c` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/horde/util/go.php` | High
|
||||
6 | File | `/images/` | Medium
|
||||
7 | File | `/inc/parser/xhtml.php` | High
|
||||
8 | File | `/login` | Low
|
||||
9 | File | `/mgmt/shared/authz/users/` | High
|
||||
10 | File | `/modules/profile/index.php` | High
|
||||
11 | File | `/one_church/userregister.php` | High
|
||||
12 | File | `/out.php` | Medium
|
||||
13 | File | `/public/plugins/` | High
|
||||
14 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
15 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
16 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
17 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
18 | File | `/system/proxy` | High
|
||||
19 | File | `/tmp/phpglibccheck` | High
|
||||
20 | File | `adclick.php` | Medium
|
||||
21 | File | `add.php` | Low
|
||||
22 | File | `addentry.php` | Medium
|
||||
23 | File | `addressbookprovider.php` | High
|
||||
24 | File | `admin.jcomments.php` | High
|
||||
25 | File | `admin/pageUploadCSV.php` | High
|
||||
26 | File | `ajax_udf.php` | Medium
|
||||
27 | File | `AppCompatCache.exe` | High
|
||||
28 | File | `application.js.php` | High
|
||||
29 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
30 | File | `authenticate.c` | High
|
||||
31 | ... | ... | ...
|
||||
|
||||
There are 277 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 263 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/02/threat-round-up-0209-0216.html
|
||||
* https://blog.talosintelligence.com/2018/06/threat-roundup-0601-0615.html
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0921-0928.html
|
||||
* https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html
|
||||
* https://blog.talosintelligence.com/2019/05/threat-roundup-0524-0531.html
|
||||
* https://blog.talosintelligence.com/2019/07/threat-roundup-for-0705-0712.html
|
||||
* https://blog.talosintelligence.com/2020/09/threat-roundup-0904-0911.html
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1001-1008.html
|
||||
* https://blog.talosintelligence.com/2021/10/threat-roundup-1015-1022.html
|
||||
* https://community.blueliv.com/#!/s/5afd59bd82df413e376682f2
|
||||
* https://isc.sans.edu/forums/diary/GandCrab+Ransomware+Now+Coming+From+Malspam/23321/
|
||||
* https://precisionsec.com/threat-intelligence-feeds/gandcrab/
|
||||
|
||||
## Literature
|
||||
|
|
|
@ -0,0 +1,70 @@
|
|||
# GenInjector - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [GenInjector](https://vuldb.com/?actor.geninjector). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.geninjector](https://vuldb.com/?actor.geninjector)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with GenInjector:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [ES](https://vuldb.com/?country.es)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of GenInjector.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [31.31.196.236](https://vuldb.com/?ip.31.31.196.236) | scp64.hosting.reg.ru | - | High
|
||||
2 | [37.187.116.23](https://vuldb.com/?ip.37.187.116.23) | ns329149.ip-37-187-116.eu | - | High
|
||||
3 | [66.171.248.178](https://vuldb.com/?ip.66.171.248.178) | api1.whatismyipaddress.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 5 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _GenInjector_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1600 | CWE-310 | Cryptographic Issues | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by GenInjector. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `CrystalReports12.CrystalPrintControl.1` | High
|
||||
2 | File | `DevInfo.txt` | Medium
|
||||
3 | File | `goto.php` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 13 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/02/threat-round-up-0202-0209.html
|
||||
* https://blog.talosintelligence.com/2018/02/threat-round-up-0216-0223.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,79 @@
|
|||
# Generic - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Generic](https://vuldb.com/?actor.generic). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.generic](https://vuldb.com/?actor.generic)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Generic:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [PL](https://vuldb.com/?country.pl)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 3 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Generic.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [52.15.72.79](https://vuldb.com/?ip.52.15.72.79) | ec2-52-15-72-79.us-east-2.compute.amazonaws.com | - | Medium
|
||||
2 | [52.15.194.28](https://vuldb.com/?ip.52.15.194.28) | ec2-52-15-194-28.us-east-2.compute.amazonaws.com | - | Medium
|
||||
3 | [52.72.89.116](https://vuldb.com/?ip.52.72.89.116) | ec2-52-72-89-116.compute-1.amazonaws.com | - | Medium
|
||||
4 | [52.204.47.183](https://vuldb.com/?ip.52.204.47.183) | ec2-52-204-47-183.compute-1.amazonaws.com | - | Medium
|
||||
5 | [64.98.145.30](https://vuldb.com/?ip.64.98.145.30) | url.hover.com | - | High
|
||||
6 | [67.228.43.214](https://vuldb.com/?ip.67.228.43.214) | d6.2b.e443.ip4.static.sl-reverse.com | - | High
|
||||
7 | [68.65.121.51](https://vuldb.com/?ip.68.65.121.51) | strategic.com.ua | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
|
||||
There are 27 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Generic_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1587.003 | CWE-295 | Improper Certificate Validation | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Generic. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/accountancy/admin/accountmodel.php` | High
|
||||
2 | File | `/apply_noauth.cgi` | High
|
||||
3 | File | `/dev/mapper/control` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 16 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/01/threat-round-up-0105-0512.html
|
||||
* https://blog.talosintelligence.com/2018/01/threat-round-up-1229-0105.html
|
||||
* https://blog.talosintelligence.com/2018/02/threat-round-up-0209-0216.html
|
||||
* https://blog.talosintelligence.com/2018/02/threat-round-up-0216-0223.html
|
||||
* https://blog.talosintelligence.com/2018/04/threat-round-up-0406-0413.html
|
||||
* https://blog.talosintelligence.com/2018/06/threat-roundup-0616-0622.html
|
||||
* https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html
|
||||
* https://blog.talosintelligence.com/2018/08/threat-roundup-0824-0831.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,69 @@
|
|||
# Generickdz - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Generickdz](https://vuldb.com/?actor.generickdz). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.generickdz](https://vuldb.com/?actor.generickdz)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Generickdz:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [HU](https://vuldb.com/?country.hu)
|
||||
* ...
|
||||
|
||||
There are 2 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Generickdz.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [43.230.143.219](https://vuldb.com/?ip.43.230.143.219) | - | - | High
|
||||
2 | [52.5.251.20](https://vuldb.com/?ip.52.5.251.20) | ec2-52-5-251-20.compute-1.amazonaws.com | - | Medium
|
||||
3 | [77.104.144.25](https://vuldb.com/?ip.77.104.144.25) | ip-77-104-144-25.siteground.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 12 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Generickdz_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Generickdz. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `announcement.php` | High
|
||||
2 | File | `fciv.exe` | Medium
|
||||
3 | File | `login.cgi` | Medium
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 9 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0831-0907.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,30 @@
|
|||
# Genkryptik - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Genkryptik](https://vuldb.com/?actor.genkryptik). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.genkryptik](https://vuldb.com/?actor.genkryptik)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Genkryptik.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [13.107.21.200](https://vuldb.com/?ip.13.107.21.200) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/10/threat-roundup-0928-1005.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -8,12 +8,12 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Gh0stRAT:
|
||||
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [VN](https://vuldb.com/?country.vn)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,33 +21,50 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [13.249.38.69](https://vuldb.com/?ip.13.249.38.69) | server-13-249-38-69.iad89.r.cloudfront.net | - | High
|
||||
2 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
3 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
|
||||
4 | [36.43.74.215](https://vuldb.com/?ip.36.43.74.215) | - | - | High
|
||||
5 | [36.46.114.54](https://vuldb.com/?ip.36.46.114.54) | - | - | High
|
||||
6 | [39.109.1.246](https://vuldb.com/?ip.39.109.1.246) | - | - | High
|
||||
7 | [42.51.192.3](https://vuldb.com/?ip.42.51.192.3) | - | - | High
|
||||
8 | [43.226.152.12](https://vuldb.com/?ip.43.226.152.12) | - | - | High
|
||||
9 | [43.226.159.201](https://vuldb.com/?ip.43.226.159.201) | - | - | High
|
||||
10 | [45.119.125.223](https://vuldb.com/?ip.45.119.125.223) | - | - | High
|
||||
11 | [45.195.203.97](https://vuldb.com/?ip.45.195.203.97) | - | - | High
|
||||
12 | [45.253.67.78](https://vuldb.com/?ip.45.253.67.78) | - | - | High
|
||||
13 | [47.93.52.188](https://vuldb.com/?ip.47.93.52.188) | - | - | High
|
||||
14 | [47.93.245.163](https://vuldb.com/?ip.47.93.245.163) | - | - | High
|
||||
15 | [47.95.233.18](https://vuldb.com/?ip.47.95.233.18) | - | - | High
|
||||
16 | [47.111.82.157](https://vuldb.com/?ip.47.111.82.157) | - | - | High
|
||||
17 | [47.112.30.91](https://vuldb.com/?ip.47.112.30.91) | - | - | High
|
||||
18 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
|
||||
19 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
|
||||
20 | [58.218.66.21](https://vuldb.com/?ip.58.218.66.21) | - | - | High
|
||||
21 | [58.218.67.245](https://vuldb.com/?ip.58.218.67.245) | - | - | High
|
||||
22 | [58.218.199.225](https://vuldb.com/?ip.58.218.199.225) | - | - | High
|
||||
23 | [58.221.47.41](https://vuldb.com/?ip.58.221.47.41) | - | - | High
|
||||
24 | [58.221.47.47](https://vuldb.com/?ip.58.221.47.47) | - | - | High
|
||||
25 | ... | ... | ... | ...
|
||||
1 | [13.115.40.251](https://vuldb.com/?ip.13.115.40.251) | ec2-13-115-40-251.ap-northeast-1.compute.amazonaws.com | - | Medium
|
||||
2 | [13.249.38.69](https://vuldb.com/?ip.13.249.38.69) | server-13-249-38-69.iad89.r.cloudfront.net | - | High
|
||||
3 | [20.42.65.92](https://vuldb.com/?ip.20.42.65.92) | - | - | High
|
||||
4 | [20.189.173.22](https://vuldb.com/?ip.20.189.173.22) | - | - | High
|
||||
5 | [23.94.244.17](https://vuldb.com/?ip.23.94.244.17) | 23-94-244-17-host.colocrossing.com | - | High
|
||||
6 | [23.94.244.18](https://vuldb.com/?ip.23.94.244.18) | 23-94-244-18-host.colocrossing.com | - | High
|
||||
7 | [23.95.28.181](https://vuldb.com/?ip.23.95.28.181) | 23-95-28-181-host.colocrossing.com | - | High
|
||||
8 | [23.225.194.93](https://vuldb.com/?ip.23.225.194.93) | - | - | High
|
||||
9 | [23.245.118.14](https://vuldb.com/?ip.23.245.118.14) | - | - | High
|
||||
10 | [27.9.199.217](https://vuldb.com/?ip.27.9.199.217) | - | - | High
|
||||
11 | [27.50.162.226](https://vuldb.com/?ip.27.50.162.226) | - | - | High
|
||||
12 | [27.54.252.252](https://vuldb.com/?ip.27.54.252.252) | - | - | High
|
||||
13 | [27.202.226.109](https://vuldb.com/?ip.27.202.226.109) | - | - | High
|
||||
14 | [36.43.74.215](https://vuldb.com/?ip.36.43.74.215) | - | - | High
|
||||
15 | [36.46.114.54](https://vuldb.com/?ip.36.46.114.54) | - | - | High
|
||||
16 | [39.109.1.246](https://vuldb.com/?ip.39.109.1.246) | - | - | High
|
||||
17 | [39.109.5.112](https://vuldb.com/?ip.39.109.5.112) | - | - | High
|
||||
18 | [42.51.192.3](https://vuldb.com/?ip.42.51.192.3) | - | - | High
|
||||
19 | [42.236.77.185](https://vuldb.com/?ip.42.236.77.185) | hn.kd.ny.adsl | - | High
|
||||
20 | [43.226.152.12](https://vuldb.com/?ip.43.226.152.12) | - | - | High
|
||||
21 | [43.226.159.201](https://vuldb.com/?ip.43.226.159.201) | - | - | High
|
||||
22 | [43.248.201.209](https://vuldb.com/?ip.43.248.201.209) | - | - | High
|
||||
23 | [45.119.125.223](https://vuldb.com/?ip.45.119.125.223) | - | - | High
|
||||
24 | [45.195.203.97](https://vuldb.com/?ip.45.195.203.97) | - | - | High
|
||||
25 | [45.253.67.78](https://vuldb.com/?ip.45.253.67.78) | - | - | High
|
||||
26 | [47.93.52.188](https://vuldb.com/?ip.47.93.52.188) | - | - | High
|
||||
27 | [47.93.245.163](https://vuldb.com/?ip.47.93.245.163) | - | - | High
|
||||
28 | [47.94.138.49](https://vuldb.com/?ip.47.94.138.49) | - | - | High
|
||||
29 | [47.95.233.18](https://vuldb.com/?ip.47.95.233.18) | - | - | High
|
||||
30 | [47.98.248.205](https://vuldb.com/?ip.47.98.248.205) | - | - | High
|
||||
31 | [47.111.82.157](https://vuldb.com/?ip.47.111.82.157) | - | - | High
|
||||
32 | [47.112.30.91](https://vuldb.com/?ip.47.112.30.91) | - | - | High
|
||||
33 | [49.2.123.56](https://vuldb.com/?ip.49.2.123.56) | - | - | High
|
||||
34 | [52.168.117.173](https://vuldb.com/?ip.52.168.117.173) | - | - | High
|
||||
35 | [52.182.143.212](https://vuldb.com/?ip.52.182.143.212) | - | - | High
|
||||
36 | [54.76.135.1](https://vuldb.com/?ip.54.76.135.1) | ec2-54-76-135-1.eu-west-1.compute.amazonaws.com | - | Medium
|
||||
37 | [58.55.149.231](https://vuldb.com/?ip.58.55.149.231) | - | - | High
|
||||
38 | [58.55.154.119](https://vuldb.com/?ip.58.55.154.119) | - | - | High
|
||||
39 | [58.218.66.21](https://vuldb.com/?ip.58.218.66.21) | - | - | High
|
||||
40 | [58.218.67.245](https://vuldb.com/?ip.58.218.67.245) | - | - | High
|
||||
41 | [58.218.199.225](https://vuldb.com/?ip.58.218.199.225) | - | - | High
|
||||
42 | ... | ... | ... | ...
|
||||
|
||||
There are 97 more IOC items available. Please use our online service to access the data.
|
||||
There are 165 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -56,11 +73,11 @@ _Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK
|
|||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-250, CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-307, CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
There are 7 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -68,49 +85,56 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/+CSCOE+/logon.html` | High
|
||||
2 | File | `/.ssh/authorized_keys` | High
|
||||
3 | File | `/admin.php?&m=Public&a=login` | High
|
||||
4 | File | `/ajax/networking/get_netcfg.php` | High
|
||||
5 | File | `/car.php` | Medium
|
||||
6 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
7 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
8 | File | `/core/admin/categories.php` | High
|
||||
9 | File | `/dashboards/#` | High
|
||||
10 | File | `/data/remove` | Medium
|
||||
11 | File | `/etc/controller-agent/agent.conf` | High
|
||||
12 | File | `/etc/sudoers` | Medium
|
||||
13 | File | `/filemanager/php/connector.php` | High
|
||||
14 | File | `/forum/away.php` | High
|
||||
15 | File | `/fudforum/adm/hlplist.php` | High
|
||||
16 | File | `/GponForm/fsetup_Form` | High
|
||||
17 | File | `/log_download.cgi` | High
|
||||
18 | File | `/modules/profile/index.php` | High
|
||||
19 | File | `/MTFWU` | Low
|
||||
20 | File | `/navigate/navigate_download.php` | High
|
||||
21 | File | `/out.php` | Medium
|
||||
22 | File | `/password.html` | High
|
||||
23 | File | `/property-list/property_view.php` | High
|
||||
24 | File | `/ptms/classes/Users.php` | High
|
||||
25 | File | `/public/plugins/` | High
|
||||
26 | File | `/rest/api/2/search` | High
|
||||
27 | File | `/s/` | Low
|
||||
28 | File | `/scripts/cpan_config` | High
|
||||
29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
30 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
31 | File | `/server-info` | Medium
|
||||
32 | File | `/tmp` | Low
|
||||
33 | File | `/tmp/kamailio_ctl` | High
|
||||
34 | File | `/tmp/kamailio_fifo` | High
|
||||
35 | File | `/ucms/index.php?do=list_edit` | High
|
||||
36 | ... | ... | ...
|
||||
1 | File | `%PROGRAMDATA%\checkmk\agent\local` | High
|
||||
2 | File | `.htaccess` | Medium
|
||||
3 | File | `/#/CampaignManager/users` | High
|
||||
4 | File | `//` | Low
|
||||
5 | File | `/admin.php?action=themeinstall` | High
|
||||
6 | File | `/admin/?setting-base.htm` | High
|
||||
7 | File | `/admin/login.php` | High
|
||||
8 | File | `/apply_noauth.cgi` | High
|
||||
9 | File | `/audit/log/log_management.php` | High
|
||||
10 | File | `/bin/login` | Medium
|
||||
11 | File | `/bin/sh` | Low
|
||||
12 | File | `/cgi-bin/login` | High
|
||||
13 | File | `/classes/profile.class.php` | High
|
||||
14 | File | `/CMD_ACCOUNT_ADMIN` | High
|
||||
15 | File | `/core/admin/categories.php` | High
|
||||
16 | File | `/dev/tty` | Medium
|
||||
17 | File | `/downloads/` | Medium
|
||||
18 | File | `/index.php` | Medium
|
||||
19 | File | `/member/index/login.html` | High
|
||||
20 | File | `/modules/certinfo/index.php` | High
|
||||
21 | File | `/MTFWU` | Low
|
||||
22 | File | `/ptms/classes/Users.php` | High
|
||||
23 | File | `/ScadaBR/login.htm` | High
|
||||
24 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
25 | File | `/system/tool/ping.php` | High
|
||||
26 | File | `/uncpath/` | Medium
|
||||
27 | File | `/updown/upload.cgi` | High
|
||||
28 | File | `/upload` | Low
|
||||
29 | File | `/usr/bin/pkexec` | High
|
||||
30 | File | `/wp-json` | Medium
|
||||
31 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
32 | File | `?location=search` | High
|
||||
33 | File | `account/login.php` | High
|
||||
34 | File | `add.php` | Low
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin.php?m=backup&c=backup&a=doback` | High
|
||||
37 | ... | ... | ...
|
||||
|
||||
There are 309 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 322 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2019/06/threat-roundup-0607-0614.html
|
||||
* https://blog.talosintelligence.com/2019/06/threat-roundup-0621-0628.html
|
||||
* https://blog.talosintelligence.com/2019/07/threat-roundup-0628-0705.html
|
||||
* https://blog.talosintelligence.com/2019/07/threat-roundup-0712-0719.html
|
||||
* https://blog.talosintelligence.com/2019/07/threat-roundup-0719-0726.html
|
||||
* https://blog.talosintelligence.com/2019/08/threat-roundup-0809-0816.html
|
||||
* https://blog.talosintelligence.com/2021/01/threat-roundup-0122.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0205-0212.html
|
||||
* https://blog.talosintelligence.com/2021/02/threat-roundup-0212-0219.html
|
||||
|
@ -130,6 +154,7 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0204-0211.html
|
||||
* https://blog.talosintelligence.com/2022/02/threat-roundup-0218-0225.html
|
||||
* https://blog.talosintelligence.com/2022/03/threat-roundup-0225-0304.html
|
||||
* https://blog.talosintelligence.com/2022/04/threat-roundup-0325-0401.html
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
# Godju - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Godju](https://vuldb.com/?actor.godju). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.godju](https://vuldb.com/?actor.godju)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Godju:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Godju.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.100.85.150](https://vuldb.com/?ip.185.100.85.150) | - | - | High
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Godju_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79, CWE-80 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264, CWE-284 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 6 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Godju. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htaccess` | Medium
|
||||
2 | File | `/config/list` | Medium
|
||||
3 | File | `/coreframe/app/guestbook/myissue.php` | High
|
||||
4 | File | `/include/make.php` | High
|
||||
5 | File | `/login` | Low
|
||||
6 | File | `/src/njs_object.c` | High
|
||||
7 | File | `/TMS/admin/setting/mail/createorupdate` | High
|
||||
8 | File | `/usr/local/vesta/bin` | High
|
||||
9 | File | `abook_database.php` | High
|
||||
10 | ... | ... | ...
|
||||
|
||||
There are 72 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/02/threat-round-up-0209-0216.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -50,64 +50,64 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `$SPLUNK_HOME/etc/splunk-launch.conf` | High
|
||||
2 | File | `/+CSCOE+/logon.html` | High
|
||||
3 | File | `/assets/ctx` | Medium
|
||||
4 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
5 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
6 | File | `/config/getuser` | High
|
||||
7 | File | `/debug/pprof` | Medium
|
||||
8 | File | `/ext/phar/phar_object.c` | High
|
||||
9 | File | `/filemanager/php/connector.php` | High
|
||||
10 | File | `/get_getnetworkconf.cgi` | High
|
||||
11 | File | `/HNAP1` | Low
|
||||
12 | File | `/include/chart_generator.php` | High
|
||||
13 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
14 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
15 | File | `/modx/manager/index.php` | High
|
||||
16 | File | `/osm/REGISTER.cmd` | High
|
||||
17 | File | `/product_list.php` | High
|
||||
18 | File | `/replication` | Medium
|
||||
19 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
20 | File | `/supervisor/procesa_carga.php` | High
|
||||
21 | File | `/type.php` | Medium
|
||||
22 | File | `/uncpath/` | Medium
|
||||
23 | File | `/usr/bin/pkexec` | High
|
||||
24 | File | `/zm/index.php` | High
|
||||
25 | File | `4.2.0.CP09` | Medium
|
||||
26 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
27 | File | `802dot1xclientcert.cgi` | High
|
||||
28 | File | `add.exe` | Low
|
||||
29 | File | `addentry.php` | Medium
|
||||
30 | File | `admin-ajax.php` | High
|
||||
31 | File | `admin.color.php` | High
|
||||
32 | File | `admin.cropcanvas.php` | High
|
||||
33 | File | `admin.joomlaradiov5.php` | High
|
||||
34 | File | `admin.php` | Medium
|
||||
35 | File | `admin.php?m=Food&a=addsave` | High
|
||||
36 | File | `admin/conf_users_edit.php` | High
|
||||
37 | File | `admin/index.php` | High
|
||||
38 | File | `admin/user.php` | High
|
||||
39 | File | `admin/write-post.php` | High
|
||||
40 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
41 | File | `admin_events.php` | High
|
||||
42 | File | `ajax_new_account.php` | High
|
||||
43 | File | `akocomments.php` | High
|
||||
44 | File | `allopass-error.php` | High
|
||||
45 | File | `announcement.php` | High
|
||||
46 | File | `apply.cgi` | Medium
|
||||
47 | File | `archiver\index.php` | High
|
||||
48 | File | `artlinks.dispnew.php` | High
|
||||
49 | File | `auth-gss2.c` | Medium
|
||||
50 | File | `auth.inc.php` | Medium
|
||||
51 | File | `authorization.do` | High
|
||||
52 | File | `awstats.pl` | Medium
|
||||
53 | File | `backoffice/login.asp` | High
|
||||
54 | File | `bb_usage_stats.php` | High
|
||||
55 | File | `binder.c` | Medium
|
||||
56 | File | `books.php` | Medium
|
||||
57 | File | `C:\Python27` | Medium
|
||||
58 | File | `C:\Windows\System32\config\SAM` | High
|
||||
4 | File | `/bsms/?page=products` | High
|
||||
5 | File | `/cloud_config/router_post/check_reg_verify_code` | High
|
||||
6 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
7 | File | `/config/getuser` | High
|
||||
8 | File | `/debug/pprof` | Medium
|
||||
9 | File | `/ext/phar/phar_object.c` | High
|
||||
10 | File | `/filemanager/php/connector.php` | High
|
||||
11 | File | `/get_getnetworkconf.cgi` | High
|
||||
12 | File | `/HNAP1` | Low
|
||||
13 | File | `/include/chart_generator.php` | High
|
||||
14 | File | `/index.php?controller=calendar&format=raw&cat[0]=SQLi&task=events` | High
|
||||
15 | File | `/Main_Login.asp?flag=1&productname=RT-AC88U&url=/downloadmaster/task.asp` | High
|
||||
16 | File | `/modx/manager/index.php` | High
|
||||
17 | File | `/osm/REGISTER.cmd` | High
|
||||
18 | File | `/product_list.php` | High
|
||||
19 | File | `/replication` | Medium
|
||||
20 | File | `/siteminderagent/pwcgi/smpwservicescgi.exe` | High
|
||||
21 | File | `/supervisor/procesa_carga.php` | High
|
||||
22 | File | `/type.php` | Medium
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/usr/bin/pkexec` | High
|
||||
25 | File | `/zm/index.php` | High
|
||||
26 | File | `4.2.0.CP09` | Medium
|
||||
27 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
28 | File | `802dot1xclientcert.cgi` | High
|
||||
29 | File | `add.exe` | Low
|
||||
30 | File | `addentry.php` | Medium
|
||||
31 | File | `admin-ajax.php` | High
|
||||
32 | File | `admin.color.php` | High
|
||||
33 | File | `admin.cropcanvas.php` | High
|
||||
34 | File | `admin.joomlaradiov5.php` | High
|
||||
35 | File | `admin.php` | Medium
|
||||
36 | File | `admin.php?m=Food&a=addsave` | High
|
||||
37 | File | `admin/conf_users_edit.php` | High
|
||||
38 | File | `admin/index.php` | High
|
||||
39 | File | `admin/user.php` | High
|
||||
40 | File | `admin/write-post.php` | High
|
||||
41 | File | `administrator/components/com_media/helpers/media.php` | High
|
||||
42 | File | `admin_events.php` | High
|
||||
43 | File | `ajax_new_account.php` | High
|
||||
44 | File | `akocomments.php` | High
|
||||
45 | File | `allopass-error.php` | High
|
||||
46 | File | `announcement.php` | High
|
||||
47 | File | `apply.cgi` | Medium
|
||||
48 | File | `archiver\index.php` | High
|
||||
49 | File | `artlinks.dispnew.php` | High
|
||||
50 | File | `auth-gss2.c` | Medium
|
||||
51 | File | `auth.inc.php` | Medium
|
||||
52 | File | `authorization.do` | High
|
||||
53 | File | `awstats.pl` | Medium
|
||||
54 | File | `backoffice/login.asp` | High
|
||||
55 | File | `bb_usage_stats.php` | High
|
||||
56 | File | `binder.c` | Medium
|
||||
57 | File | `books.php` | Medium
|
||||
58 | File | `C:\Python27` | Medium
|
||||
59 | ... | ... | ...
|
||||
|
||||
There are 516 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 519 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -65,29 +65,28 @@ ID | Type | Indicator | Confidence
|
|||
14 | File | `/proc/<pid>/status` | High
|
||||
15 | File | `/public/plugins/` | High
|
||||
16 | File | `/REBOOTSYSTEM` | High
|
||||
17 | File | `/rom` | Low
|
||||
18 | File | `/scripts/killpvhost` | High
|
||||
19 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
20 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
21 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
22 | File | `/tmp` | Low
|
||||
23 | File | `/tmp/redis.ds` | High
|
||||
24 | File | `/uncpath/` | Medium
|
||||
25 | File | `/wp-admin` | Medium
|
||||
26 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
27 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
28 | File | `AccountManagerService.java` | High
|
||||
29 | File | `actions/CompanyDetailsSave.php` | High
|
||||
30 | File | `ActiveServices.java` | High
|
||||
31 | File | `ActivityManagerService.java` | High
|
||||
32 | File | `admin.php` | Medium
|
||||
33 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
34 | File | `admin/add-glossary.php` | High
|
||||
35 | File | `admin/conf_users_edit.php` | High
|
||||
36 | File | `admin/edit-comments.php` | High
|
||||
37 | ... | ... | ...
|
||||
17 | File | `/scripts/killpvhost` | High
|
||||
18 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
19 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
20 | File | `/src/main/java/com/dotmarketing/filters/CMSFilter.java` | High
|
||||
21 | File | `/tmp` | Low
|
||||
22 | File | `/tmp/redis.ds` | High
|
||||
23 | File | `/uncpath/` | Medium
|
||||
24 | File | `/wp-admin` | Medium
|
||||
25 | File | `/wp-json/wc/v3/webhooks` | High
|
||||
26 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
27 | File | `AccountManagerService.java` | High
|
||||
28 | File | `actions/CompanyDetailsSave.php` | High
|
||||
29 | File | `ActiveServices.java` | High
|
||||
30 | File | `ActivityManagerService.java` | High
|
||||
31 | File | `admin.php` | Medium
|
||||
32 | File | `admin/?n=user&c=admin_user&a=doGetUserInfo` | High
|
||||
33 | File | `admin/add-glossary.php` | High
|
||||
34 | File | `admin/conf_users_edit.php` | High
|
||||
35 | File | `admin/edit-comments.php` | High
|
||||
36 | ... | ... | ...
|
||||
|
||||
There are 314 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 312 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Grizzly Steppe:
|
||||
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [GB](https://vuldb.com/?country.gb)
|
||||
* ...
|
||||
|
||||
There are 18 more country items available. Please use our online service to access the data.
|
||||
There are 15 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -171,39 +171,40 @@ ID | Type | Indicator | Confidence
|
|||
1 | File | `/.env` | Low
|
||||
2 | File | `//` | Low
|
||||
3 | File | `/admin-panel1.php` | High
|
||||
4 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
5 | File | `/admin/configure.php` | High
|
||||
6 | File | `/admin/doctors/view_doctor.php` | High
|
||||
7 | File | `/admin/index.php?lfj=mysql&action=del` | High
|
||||
8 | File | `/cgi-bin/uploadAccessCodePic` | High
|
||||
9 | File | `/cms/ajax.php` | High
|
||||
10 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
11 | File | `/dev/dri/card1` | High
|
||||
12 | File | `/download` | Medium
|
||||
13 | File | `/export` | Low
|
||||
14 | File | `/file?action=download&file` | High
|
||||
15 | File | `/goform/setIPv6Status` | High
|
||||
16 | File | `/images` | Low
|
||||
17 | File | `/include/chart_generator.php` | High
|
||||
18 | File | `/InternalPages/ExecuteTask.aspx` | High
|
||||
19 | File | `/music/ajax.php` | High
|
||||
20 | File | `/nova/bin/sniffer` | High
|
||||
21 | File | `/pandora_console/ajax.php` | High
|
||||
22 | File | `/principals` | Medium
|
||||
23 | File | `/public/plugins/` | High
|
||||
24 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
25 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
26 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
27 | File | `/system/bin/osi_bin` | High
|
||||
28 | File | `/tmp` | Low
|
||||
29 | File | `/TMS/admin/setting/mail/createorupdate` | High
|
||||
30 | File | `/uncpath/` | Medium
|
||||
31 | File | `/var/log/nginx` | High
|
||||
32 | File | `/web/MCmsAction.java` | High
|
||||
33 | File | `14all.cgi/14all-1.1.cgi/traffic.cgi/mrtg.cgi` | High
|
||||
34 | ... | ... | ...
|
||||
4 | File | `/admin.php` | Medium
|
||||
5 | File | `/admin.php/admin/ulog/index.html` | High
|
||||
6 | File | `/admin/configure.php` | High
|
||||
7 | File | `/admin/doctors/view_doctor.php` | High
|
||||
8 | File | `/api/crontab` | Medium
|
||||
9 | File | `/api/trackedEntityInstances` | High
|
||||
10 | File | `/AvalancheWeb/image` | High
|
||||
11 | File | `/category.php` | High
|
||||
12 | File | `/cgi-bin/uploadAccessCodePic` | High
|
||||
13 | File | `/cms/ajax.php` | High
|
||||
14 | File | `/context/%2e/WEB-INF/web.xml` | High
|
||||
15 | File | `/dev/dri/card1` | High
|
||||
16 | File | `/export` | Low
|
||||
17 | File | `/file?action=download&file` | High
|
||||
18 | File | `/goform/setIPv6Status` | High
|
||||
19 | File | `/images` | Low
|
||||
20 | File | `/include/chart_generator.php` | High
|
||||
21 | File | `/include/make.php` | High
|
||||
22 | File | `/InternalPages/ExecuteTask.aspx` | High
|
||||
23 | File | `/music/ajax.php` | High
|
||||
24 | File | `/nova/bin/sniffer` | High
|
||||
25 | File | `/pandora_console/ajax.php` | High
|
||||
26 | File | `/principals` | Medium
|
||||
27 | File | `/public/plugins/` | High
|
||||
28 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
29 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
30 | File | `/system/bin/osi_bin` | High
|
||||
31 | File | `/tmp` | Low
|
||||
32 | File | `/TMS/admin/setting/mail/createorupdate` | High
|
||||
33 | File | `/uncpath/` | Medium
|
||||
34 | File | `/web/MCmsAction.java` | High
|
||||
35 | ... | ... | ...
|
||||
|
||||
There are 288 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 301 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
|
|
@ -9,11 +9,11 @@ _Live data_ and more _analysis capabilities_ are available at [https://vuldb.com
|
|||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hancitor:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* [CA](https://vuldb.com/?country.ca)
|
||||
* [CN](https://vuldb.com/?country.cn)
|
||||
* ...
|
||||
|
||||
There are 8 more country items available. Please use our online service to access the data.
|
||||
There are 14 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
|
@ -21,16 +21,28 @@ These _indicators of compromise_ (IOC) indicate associated network resources whi
|
|||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [8.208.9.98](https://vuldb.com/?ip.8.208.9.98) | - | - | High
|
||||
2 | [8.208.77.171](https://vuldb.com/?ip.8.208.77.171) | - | - | High
|
||||
3 | [8.209.119.208](https://vuldb.com/?ip.8.209.119.208) | - | - | High
|
||||
4 | [8.211.241.0](https://vuldb.com/?ip.8.211.241.0) | - | - | High
|
||||
5 | [23.236.75.32](https://vuldb.com/?ip.23.236.75.32) | - | - | High
|
||||
6 | [31.44.184.36](https://vuldb.com/?ip.31.44.184.36) | - | - | High
|
||||
7 | [45.40.182.1](https://vuldb.com/?ip.45.40.182.1) | ip-45-40-182-1.ip.secureserver.net | - | High
|
||||
8 | ... | ... | ... | ...
|
||||
1 | [5.196.129.108](https://vuldb.com/?ip.5.196.129.108) | - | - | High
|
||||
2 | [8.208.9.98](https://vuldb.com/?ip.8.208.9.98) | - | - | High
|
||||
3 | [8.208.77.171](https://vuldb.com/?ip.8.208.77.171) | - | - | High
|
||||
4 | [8.209.119.208](https://vuldb.com/?ip.8.209.119.208) | - | - | High
|
||||
5 | [8.211.241.0](https://vuldb.com/?ip.8.211.241.0) | - | - | High
|
||||
6 | [10.0.2.2](https://vuldb.com/?ip.10.0.2.2) | - | - | High
|
||||
7 | [23.228.100.130](https://vuldb.com/?ip.23.228.100.130) | gewrig.cerned.com | - | High
|
||||
8 | [23.236.75.32](https://vuldb.com/?ip.23.236.75.32) | - | - | High
|
||||
9 | [24.172.35.186](https://vuldb.com/?ip.24.172.35.186) | rrcs-24-172-35-186.midsouth.biz.rr.com | - | High
|
||||
10 | [24.209.225.196](https://vuldb.com/?ip.24.209.225.196) | cpe-24-209-225-196.cinci.res.rr.com | - | High
|
||||
11 | [24.229.13.112](https://vuldb.com/?ip.24.229.13.112) | cpe-static-raysautorepair-rtr.cmts.mlf.ptd.net | - | High
|
||||
12 | [24.240.249.177](https://vuldb.com/?ip.24.240.249.177) | 024-240-249-177.biz.spectrum.com | - | High
|
||||
13 | [27.121.64.185](https://vuldb.com/?ip.27.121.64.185) | cp185.ezyreg.com | - | High
|
||||
14 | [27.124.124.97](https://vuldb.com/?ip.27.124.124.97) | server-2p-r17.ipv4.per01.ds.network | - | High
|
||||
15 | [31.44.184.36](https://vuldb.com/?ip.31.44.184.36) | - | - | High
|
||||
16 | [31.44.184.62](https://vuldb.com/?ip.31.44.184.62) | - | - | High
|
||||
17 | [34.213.214.65](https://vuldb.com/?ip.34.213.214.65) | ec2-34-213-214-65.us-west-2.compute.amazonaws.com | - | Medium
|
||||
18 | [45.40.182.1](https://vuldb.com/?ip.45.40.182.1) | ip-45-40-182-1.ip.secureserver.net | - | High
|
||||
19 | [45.49.169.80](https://vuldb.com/?ip.45.49.169.80) | cpe-45-49-169-80.socal.res.rr.com | - | High
|
||||
20 | ... | ... | ... | ...
|
||||
|
||||
There are 26 more IOC items available. Please use our online service to access the data.
|
||||
There are 75 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
|
@ -43,7 +55,7 @@ ID | Technique | Weakness | Description | Confidence
|
|||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 3 more TTP items available. Please use our online service to access the data.
|
||||
There are 8 more TTP items available. Please use our online service to access the data.
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
|
@ -51,42 +63,47 @@ These _indicators of attack_ (IOA) list the potential fragments used for technic
|
|||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `.htpasswd` | Medium
|
||||
2 | File | `/../conf/config.properties` | High
|
||||
3 | File | `/drivers/infiniband/core/cm.c` | High
|
||||
4 | File | `/forum/away.php` | High
|
||||
5 | File | `/horde/util/go.php` | High
|
||||
6 | File | `/images/` | Medium
|
||||
7 | File | `/inc/parser/xhtml.php` | High
|
||||
8 | File | `/login` | Low
|
||||
9 | File | `/modules/profile/index.php` | High
|
||||
10 | File | `/objects/getImageMP4.php` | High
|
||||
11 | File | `/one_church/userregister.php` | High
|
||||
12 | File | `/out.php` | Medium
|
||||
13 | File | `/public/plugins/` | High
|
||||
14 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
15 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
16 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
17 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
18 | File | `/system/proxy` | High
|
||||
19 | File | `/tmp/phpglibccheck` | High
|
||||
20 | File | `/uncpath/` | Medium
|
||||
21 | File | `adclick.php` | Medium
|
||||
22 | File | `add.php` | Low
|
||||
23 | File | `addentry.php` | Medium
|
||||
24 | File | `addressbookprovider.php` | High
|
||||
25 | File | `admin.cropcanvas.php` | High
|
||||
26 | File | `admin.jcomments.php` | High
|
||||
27 | File | `admin.php` | Medium
|
||||
28 | File | `admin/dashboard.php` | High
|
||||
29 | File | `admin/pageUploadCSV.php` | High
|
||||
30 | File | `ajax_udf.php` | Medium
|
||||
31 | File | `AppCompatCache.exe` | High
|
||||
32 | File | `application.js.php` | High
|
||||
33 | File | `arm/lithium-codegen-arm.cc` | High
|
||||
34 | ... | ... | ...
|
||||
1 | File | `/../conf/config.properties` | High
|
||||
2 | File | `/auth/session` | High
|
||||
3 | File | `/concat?/%2557EB-INF/web.xml` | High
|
||||
4 | File | `/download` | Medium
|
||||
5 | File | `/drivers/infiniband/core/cm.c` | High
|
||||
6 | File | `/forum/away.php` | High
|
||||
7 | File | `/horde/util/go.php` | High
|
||||
8 | File | `/images/` | Medium
|
||||
9 | File | `/inc/extensions.php` | High
|
||||
10 | File | `/inc/parser/xhtml.php` | High
|
||||
11 | File | `/login` | Low
|
||||
12 | File | `/modules/profile/index.php` | High
|
||||
13 | File | `/objects/getImageMP4.php` | High
|
||||
14 | File | `/one_church/userregister.php` | High
|
||||
15 | File | `/out.php` | Medium
|
||||
16 | File | `/public/plugins/` | High
|
||||
17 | File | `/replication` | Medium
|
||||
18 | File | `/req_password_user.php` | High
|
||||
19 | File | `/SAP_Information_System/controllers/add_admin.php` | High
|
||||
20 | File | `/SASWebReportStudio/logonAndRender.do` | High
|
||||
21 | File | `/secure/admin/InsightDefaultCustomFieldConfig.jspa` | High
|
||||
22 | File | `/secure/admin/ViewInstrumentation.jspa` | High
|
||||
23 | File | `/secure/QueryComponent!Default.jspa` | High
|
||||
24 | File | `/SSOPOST/metaAlias/%realm%/idpv2` | High
|
||||
25 | File | `/tmp` | Low
|
||||
26 | File | `/tmp/phpglibccheck` | High
|
||||
27 | File | `/uncpath/` | Medium
|
||||
28 | File | `/usr/syno/etc/mount.conf` | High
|
||||
29 | File | `/WEB-INF/web.xml` | High
|
||||
30 | File | `/web/entry/en/address/adrsSetUserWizard.cgi` | High
|
||||
31 | File | `/wp-json/oembed/1.0/embed?url` | High
|
||||
32 | File | `adclick.php` | Medium
|
||||
33 | File | `addentry.php` | Medium
|
||||
34 | File | `admin.cropcanvas.php` | High
|
||||
35 | File | `admin.jcomments.php` | High
|
||||
36 | File | `admin.php` | Medium
|
||||
37 | File | `admin/conf_users_edit.php` | High
|
||||
38 | File | `admin/create-package.php` | High
|
||||
39 | ... | ... | ...
|
||||
|
||||
There are 292 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
There are 339 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
|
@ -96,8 +113,13 @@ The following list contains _external sources_ which discuss the actor and the a
|
|||
* https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/
|
||||
* https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/
|
||||
* https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
|
||||
* https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/
|
||||
* https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/
|
||||
* https://isc.sans.edu/forums/diary/HancitorPony+malspam/22053/
|
||||
* https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/
|
||||
* https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/
|
||||
* https://isc.sans.edu/forums/diary/Malspam+pushing+Word+documents+with+Hancitor+malware/22858/
|
||||
* https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/
|
||||
|
||||
## Literature
|
||||
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
# Hive - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hive](https://vuldb.com/?actor.hive). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hive](https://vuldb.com/?actor.hive)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hive:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hive.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [91.208.52.149](https://vuldb.com/?ip.91.208.52.149) | nl1.encryptedconnection.info | - | High
|
||||
2 | [139.60.161.56](https://vuldb.com/?ip.139.60.161.56) | - | - | High
|
||||
3 | [139.60.161.228](https://vuldb.com/?ip.139.60.161.228) | - | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 1 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Hive_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Hive. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `/uncpath/` | Medium
|
||||
2 | File | `ajax_admin_apis.php` | High
|
||||
3 | File | `ajax_php_pecl.php` | High
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 6 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://www.varonis.com/blog/hive-ransomware-analysis
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,69 @@
|
|||
# Hploki - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Hploki](https://vuldb.com/?actor.hploki). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.hploki](https://vuldb.com/?actor.hploki)
|
||||
|
||||
## Countries
|
||||
|
||||
These _countries_ are directly (e.g. origin of attacks) or indirectly (e.g. access by proxy) associated with Hploki:
|
||||
|
||||
* [US](https://vuldb.com/?country.us)
|
||||
* [RU](https://vuldb.com/?country.ru)
|
||||
* [DE](https://vuldb.com/?country.de)
|
||||
* ...
|
||||
|
||||
There are 1 more country items available. Please use our online service to access the data.
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Hploki.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [31.31.196.52](https://vuldb.com/?ip.31.31.196.52) | ns1.hosting.reg.ru | - | High
|
||||
2 | [52.7.6.73](https://vuldb.com/?ip.52.7.6.73) | ec2-52-7-6-73.compute-1.amazonaws.com | - | Medium
|
||||
3 | [64.98.145.30](https://vuldb.com/?ip.64.98.145.30) | url.hover.com | - | High
|
||||
4 | ... | ... | ... | ...
|
||||
|
||||
There are 8 more IOC items available. Please use our online service to access the data.
|
||||
|
||||
## TTP - Tactics, Techniques, Procedures
|
||||
|
||||
_Tactics, techniques, and procedures_ (TTP) summarize the suspected MITRE ATT&CK techniques used by _Hploki_. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Technique | Weakness | Description | Confidence
|
||||
-- | --------- | -------- | ----------- | ----------
|
||||
1 | T1059.007 | CWE-79 | Cross Site Scripting | High
|
||||
2 | T1068 | CWE-264 | Execution with Unnecessary Privileges | High
|
||||
3 | T1110.001 | CWE-798 | Improper Restriction of Excessive Authentication Attempts | High
|
||||
|
||||
## IOA - Indicator of Attack
|
||||
|
||||
These _indicators of attack_ (IOA) list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration by Hploki. This data is unique as it uses our predictive model for actor profiling.
|
||||
|
||||
ID | Type | Indicator | Confidence
|
||||
-- | ---- | --------- | ----------
|
||||
1 | File | `admin/google_search_console/class-gsc-table.php` | High
|
||||
2 | File | `DevInfo.txt` | Medium
|
||||
3 | File | `elf.c` | Low
|
||||
4 | ... | ... | ...
|
||||
|
||||
There are 16 more IOA items available (file, library, argument, input value, pattern, network port). Please use our online service to access the data.
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/09/threat-roundup-0907-0914.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
|
@ -0,0 +1,31 @@
|
|||
# Ibryte - Cyber Threat Intelligence
|
||||
|
||||
These _indicators_ were reported, collected, and generated during the [VulDB CTI analysis](https://vuldb.com/?kb.cti) of the actor known as [Ibryte](https://vuldb.com/?actor.ibryte). The _activity monitoring_ correlates data from social media, forums, chat rooms, and darknet markets. It helps to determine associated actors, specific activities, expected intentions, emerging research, and ongoing attacks. Our unique _predictive model_ uses _big data_ to forecast activities and their characteristics.
|
||||
|
||||
_Live data_ and more _analysis capabilities_ are available at [https://vuldb.com/?actor.ibryte](https://vuldb.com/?actor.ibryte)
|
||||
|
||||
## IOC - Indicator of Compromise
|
||||
|
||||
These _indicators of compromise_ (IOC) indicate associated network resources which are known to be part of research and attack activities of Ibryte.
|
||||
|
||||
ID | IP address | Hostname | Campaign | Confidence
|
||||
-- | ---------- | -------- | -------- | ----------
|
||||
1 | [185.53.179.7](https://vuldb.com/?ip.185.53.179.7) | - | - | High
|
||||
2 | [204.11.56.48](https://vuldb.com/?ip.204.11.56.48) | - | - | High
|
||||
|
||||
## References
|
||||
|
||||
The following list contains _external sources_ which discuss the actor and the associated activities:
|
||||
|
||||
* https://blog.talosintelligence.com/2018/08/threat-roundup-0817-0824.html
|
||||
|
||||
## Literature
|
||||
|
||||
The following _articles_ explain our unique predictive cyber threat intelligence:
|
||||
|
||||
* [VulDB Cyber Threat Intelligence Documentation](https://vuldb.com/?kb.cti)
|
||||
* [Cyber Threat Intelligence - Early Anticipation of Attacks](https://www.scip.ch/en/?labs.20201022)
|
||||
|
||||
## License
|
||||
|
||||
(c) [1997-2022](https://vuldb.com/?kb.changelog) by [vuldb.com](https://vuldb.com/?kb.about). All data on this page is shared under the license [CC BY-NC-SA 4.0](https://creativecommons.org/licenses/by-nc-sa/4.0/). Questions? Check the [FAQ](https://vuldb.com/?kb.faq), read the [documentation](https://vuldb.com/?kb) or [contact us](https://vuldb.com/?contact)!
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue